Cool Stand – Product Review

Review by Michael Smith (Veshengro)

The Cool Stand strikes me as a very innovative design especially in its simplicity and which I find works fine but... and here come my caveats:

  1. As not all Laptops and Netbooks have a flat surface at near the very edge of the back, the place, however, where the Cool Stand must be affixed so as not to overbalance the computer.

  1. While the hook and loop fastener used for affixing the Cool Stand works fine but if the Cool Stand is being removed frequently, as will be the case if and when the computer does lots of travelling, it will wear out. Also the fastener surfaces could become clogged with dust and other materials, especially if the Cool Stand is removed and carried in a bag, as, as said, will be the case if the computer goes on travels.

Having said that, however, if it does wear out such strips as have been used can be bought at hardware stores, haberdashery stores and some supermarkets, at least in the UK. The only difference being that those available are predominately white in color.

I received this device as per my request from the makers and although my laptop (a Fujitsu-Siemens Amilo) is not the ideal candidate for it due to the way the stand affixes to the bottom of the laptop on the back, as said above, and considering the fact that the connectors for head phone and microphone – important in my job – are in the front, it nevertheless worked out by using an wrist rest intended for a keyboard under the front of the laptop as can be seen from the photo.

CoolStand_web

Read the rest here

Google Chrome claims to be fastest web browser

by Michael Smith (Veshengro)

Google Chrome claims to be fastest web browser but this claim does not hold water, as far as my tests are concerned. The fastest browser that I have found is Opera and NOT Google Chrome. Chrome takes 10x longer to load than Firefox and also IE, and I found it to be very unstable and unreliable.

Firefox also tends to freeze, especially some of the recent builds, while, so far, Opera has remained stable. I do prefer Firefox, however, because of the many add-ons and the way it organizes the bookmarks.

While you find many Downloaders recommending Google Chrome, over Firefox even recently, and definitely over Opera, both of which are free in the same way as Chrome, Chrome really, at least not as far as I have found in use, does not stand up to their claims.

Chrome is also, and we must remember that, and thus it makes it no better, on Mozilla Firefox and, as is Opera.

There are people that I have encountered who claim that Google Chrome works great and is very fast (in comparison to what? Internet Explorer?) in my experience that has not been borne out and not just one one operating system and machine.

Firefox and Opera beats Chrome hands down in speed and reliability with Opera being faster to start and connect than even Mozilla Firefox.

Google Chrome now also claims aside from being the fastest web browser the safest and I would be very suspicious there with the latter as the former, as we have just discussed, does certainly not live up to findings.

I have never experienced as may false starts and issues with any other browser as I have with Google Chrome. From taking ages to start up, insisting to load the home page. Blank page is not an option, it would seem.

Whatever one may try loading pages on Google Chrome, as far as my systems are concerned, takes up to a minute to two – if it does not crash – and that with a high-speed broadband connection. Even Internet Explorer works better and faster than does Google Chrome.

As in so many fields, whether in the green one or the IT one, not every claim is true and lives up to its promises.

© 2011

Hackers infect websites to dupe Internet users

By Michael Smith (Veshengro)

The computer security firm Websense has issued a warning that hackers have infected a large number of websites with malicious code designed in such a way as to dupe Internet users.

Hundreds of thousands of legitimate websites have been booby trapped to redirect visitors to "lizamoon" addresses where they are greeted with bogus warnings that their computers have been compromised, so says Websense.

The ruse is designed to frighten people into downloading and installing fake anti-virus software, referred to as "scare-ware," portrayed as a Windows Security Center.

People who fall for the ploy, perhaps even paying for downloads, are actually installing malicious software that hackers can use to their advantage.

We have been here already a couple of years back and we are here, once again. People do not seem to learn.

The moral of the story: When a website tells you that your computer has been compromised by viruses, etc. do not believe the message. There is no website that does do that unless it is a security software site where you, actually, physically, have initialized a scan.

No website, let me reiterate that, has the facility to scan your computer for viruses, etc., and thus is not able to know whether or not your computer is comprised, and therefore any such message is a fake and should be ignored and you should leave that site pronto.

No anti-virus software is as good as a suspicious mind and I would advise that you treat each and every message that pops up on a website as suspicious and as a potential threat.

I further suggest that you (a) get yourself a safe browser – Firefox is a good one – and all add-ons that can make browsing safer. Firefox does have sensors on board that will tell you when it suspects a site to be unsafe, displaying behavior that may indicate that something is amiss and also places that have unsafe security certificates.

Let's be careful out there...

© 2011

Origin Storage says Canadian health data theft highlights case for multi-layered drive security

Basingstoke, 18th March 2011 - Reports from Canada about the theft of a hospital hard drive containing photos and videos of patients shows how easy it is for data drives to go missing in public areas, says Origin Storage.

And, says Andy Cordial, the MD of the storage systems specialist, the drive theft incident at Misercordia Hospital in Edmonton, Alberta, shows that - no matter what security policies an organisation has in place surrounding data security - hard-pressed staff will often take the easy option and ignore procedure.

"So what is the solution? Clearly security policies surrounding the security of patient data were in place at this hospital, but they just weren't followed, so the answer  has be to introduce multiple layers of security, which staff simply cannot circumvent, even if they want to," he said.

"Our own DataLocker range of PIN-protected portable hard drives (http://bit.ly/2vb6y9) is a good example of a multi-layered security system. Users can still have the benefit of AES encryption on the drive for security, but as an added measure, users must also know the passphrase of the security unit, without which they cannot access the data," he added.

According to Cordial, had the Edmonton hospital used such a device even if the thief walked off with the drive, the unit would have locked automatically, meaning that access to the data would have been prevented.

Using this approach to data security, says the Origin Storage MD, is an ideal way of bolstering the existing data security defences in an organisation, in situations where existing IT security policies cannot be fully applied.

Origin's observations amongst its many customers, he says, is that data needs protecting whether it is at rest or in transit and, whilst encryption offers an excellent form of protection, adding extra layers of security in portable or back-up situations makes a lot of sense.

"Had this incident happened in the UK, the Information Commissioners Office would have been on to the health body concerned very quickly indeed, and at the very least, publicly secured a written guarantee from managers that a change of security procedures – to prevent a recurrence  - would take place,” he said.

“That means that management heads will roll if an infringement of the Data Protection Act occurred again. This sort of incident - and the consequential publicity plus investigations that result - has a curious habit of significantly grabbing managerial attention," he added.

"Using multi-layered technology can not only avoid a data loss for whatever reason, it can also avoid dragging your organisation's reputation through the mud, as has clearly happened with this hospital."

For more on Origin Storage: www.originstorage.com

For more on Edmonton hospital patient data disk theft: http://bit.ly/fNb5IX

This press release is presented without editing for your information only.

Full Disclosure Statement: The ICT REVIEW received no compensation for any component of this article.

Venafi survey reveals enterprises plagued by epidemic of stolen and lost digital certificates

78% of organisations have experienced downtime due to mismanaged encryption this year

LondonMarch 16, 2011Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced the shocking findings of its 2011 Venafi Encryption Key and Digital Certificate Management Report. The report reveals that organisations are deploying increasing numbers of digital certificates and encryption technologies, but that these security assets are also becoming lost, stolen and unaccounted for in epidemic proportions. Ironically, digital certificates and encryption keys are critical components of all information security programs, but they become dangerous liabilities when they go missing and find their way into the wrong hands.

Jeff Hudson, CEO of Vanafi said: “It is well documented that digital certificates played a key role in the Stuxnet attack that destroyed multiple centrifuges in an Iranian nuclear facility, and it is widely accepted that lost encryption keys can provide malicious insiders access to valuable corporate information revealed on high–profile whistle–blower sites such as WikiLeaks. Venafi compiled results from market and analyst report research, from a 471–respondent survey that included managers up to C–level executives from enterprise–class organizations within multiple industries, and from prior market surveys. The findings are shocking.”

Respondents surveyed reported the following:

  • 51 percent stated they had experienced either stolen or unaccounted-for digital certificates, or that they were uncertain if their organisations had lost, stolen or unaccounted–for digital certificates in general.
  • 54 percent stated they had experienced either stolen or unaccounted for encryption keys, or that they were uncertain if their organisations had lost, stolen or unaccounted for encryption keys in general.

Exacerbating the problem is the volume and diversity of encryption technologies and certificate authorities (CAs) organisations must deal with on a daily basis. The number of encryption assets in their inventories grows regularly, and scattered individuals and teams frequently manage them. According to the survey findings:

  • 46 percent of organisations are managing at least 1,000 digital encryption certificates; 20 percent are managing more than 10,000.
  • 83 percent of organisations are managing technologies from at least two different CAs; 18 percent are dealing with more than five.
  • 88 percent of organisations have multiple administrators managing encryption keys; 22 percent have more than 10.
  • 42 percent of organisations manage encryption technologies from at least four vendors; 8 percent are dealing with more than 10.

Fifty–nine percent of the respondents surveyed worked in organisations with more than 5,000 employees. Respondents' organisations spanned a wide range of industries, including high tech, telecommunications, banking/financial services, energy/oil and gas, government, aerospace, manufacturing and retail. Among the respondents was one of the world's largest food distributors and consumer retailers. To access the complete report, visit: www.venafi.com/market-data.

Learn More about Venafi and Customers at Infosecurity 2011

This announcement comes on the heels of the recently announced Venafi Encryption Director 6 product release. Director 6 is recognised by customers and analysts as the only security platform that can fully automate EKCM processes that allow organisations to automate discovery, monitoring, validation, management and security of the most commonly used encryption assets. During Infosecurity 2011, 19th to the 21st April 2011 in London, Venafi will be providing on–demand demonstrations of Director 6 in its booth (# AA52) during exhibition hours.

About Venafi

Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the desktop to the datacenter—built specifically for encryption management interoperability across heterogeneous environments.

Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

There are no zombies in Denver, Colorado says SecurEnvoy

16/3/2011 , London - An amusing incident involving a Denver, Colorado digital road sign that was hacked to display `Zombies Ahead' has been highlighted by SecurEnvoy as a classic demonstration of the need for transparent authentication.

"The Denver incident at the weekend - amusing though it was - centered on the fact that someone opened an unlocked control panel and reprogrammed the warning road sign," said Andrew Kemshall, technical director with SecurEnvoy, the pioneers of tokenless authentication.

"The $64,000 question, once the laughter has died down, is why the highways authority didn't use some form of security, and the answer is that conventional security with its tokens, often just gets in the way of people doing their job," he added.

But, says Kemshall, what if the highway staff were able to authenticate themselves to the road sign - and all manner of emergency highway equipment - using their smartphone?

Let's face it, he adds, almost everyone carries a mobile with them these days, and highway workers in the US are no exception, as they probably use them to communicate with their colleagues and, of course, their base.

But the director of technology with SecurEnvoy went on to say, what if that same mobile could act as an authenticator to many other electronic systems, and not just digital road signs?

It could, for example, allow managers on the highway to enter staff worksheets online, via the regular Internet, but authenticating themselves without the need for passwords and tokens. Just type in your ID to the Web site, and a mobile phone, key in the returned electronic token number, and away you go - securely.

Just as smartphones have revolutionised the security of lone worker employees - a legal requirement in many organisations - so the smartphone can also be used to securely authenticate users without the need for an easily-lost two-factor authentication (2FA) token.

"As we've seen amongst the banks, who are now moving to 2FA devices to enhance online banking security, IDs and passwords are no longer enough to secure online systems - unless you happen to be the memory man and can remember a 12 digit alphanumeric with upper and lower case digits," said Doe.

"This is what makes the Denver, Colorado Zombies road sign incident such a key example of what can happen when security fails because it is too cumbersome and if it’s happened in the US, how long before it happens here. If the workers had been able to use their mobiles to authenticate themselves, this saga wouldn't have occurred," he added.

"This incident may be funny, but it could have been quite nasty if the hacker hadn't been so humorous. All sorts of traffic panic situations could have occurred, and that really is not good."

For more on SecurEnvoy: www.securenvoy.com

For more on Zombie road signs in Denver, Colorado: http://bit.ly/elUaSz

Idappcom blames hacktivists for SpyEye DDoS enhancements

14th March 2011 - The blame for a DDoS - distributed denial of service - enhancement being added on the infamous SpyEye ebanking malware has been laid at the feet of the WikiLeaks hacktivists by Idappcom.

According to the data traffic analysis and security specialist, it was almost certainly the development - and propagation - of the LOIC DDoS utility by supporters of the Anonymous hacktivist group)

http://bit.ly/aPn34c) that spurred cybercriminals into adding the `feature' to SpyEye.

"What we have been witnessing in the black hat hackersphere these last few months is a mirror image of evolutions in the so-called white hat security arena," said Anthony Haywood, Idappcom's chief technology officer.

"The development of the Low Orbit Ion Cannon DDoS utility showed that it is possible for a few concerted Internet users to stage a powerful DDoS attack on major sites such as MasterCard (http://bit.ly/fP0oJr) and this, in turn, made the cybercriminals behind SpyEye realise its potential and add the `feature' the online banking trojan," he added.

The Idappcom CTO went on to say that, had the Anonymous/WikiLeaks DDoS utility not been developed, then the world - on both sides of the white/black hat hacker divide - would have remained largely ignorant of what a powerful weapon a DDoS utility is.

SpyEye, he explained, is a form-grabbing trojan horse malware that operates in a similar manner to Zeus but has been marketed by cybercriminals as a lower-cost alternative darkware application that heists banking credentials from infected users' PCs.

The irony of the DDoS enhancement to SpyEye, Haywood says, is that it will push the price of SpyEye rentals to cybercriminals, and so increase the revenue stream for the developers of the trojan.

"Idappcom's in-depth research into darkware-driven side of Internet traffic, makes us realise what a breakthrough the DDoS enhancement to SpyEye really is. We already know that the development team behind the Zeus trojan has also been working on SpyEye since last October (http://bit.ly/h4IW6l) so it can only a matter of time before Zeus gets this enhancement as well," he said.

"This development really is bad news for those users of the Internet who access their banking system online, as it breathes new life into SpyEye, and prolongs the agony of online banking cybercrime," he added.

"It's to be hoped that the citizen evangelists realise the immense mistake they made in developing such a powerful cybercrime weapon as the LOIC utility, and that the genie really is now well and truly out of the bottle."

For more on the SpyEye DDoS enhancements: http://bit.ly/gly9nV

For more on Idappcom: www.idappcom.com