by Michael Smith (Veshengro)
I have now owned – yes, I bought this one and it is not a review sample of any kind – an ASUS Eee PC 900 Netbook with Linux operating system for about six months and I must say that I am rather in love with this little computer.
The Eee PC 900 Netbook of mine has one idiosyncrasy in its Linux operating system (OS) though and that is that it will overwrite an old file if a new one created has the same name without, as do other operating systems, warning the user that this is about to happen. So, users beware!
Furthermore I have two serious complaints, if I may call it thus:
The first one is that the battery just does not live up to the claim of three hours life or such. If one can get an hour and a half out of it then that could be considered good, I would say.
The second problem is that SD memory cards are not recognized when inserted into the SD card slot provided.
Otherwise, however, you will have to prise this netbook out of my cold, dead hand before I would give it up.
I find that the Eee PC 900 Netbook of mine is the notebook kind of computer that I use most. My bigger Fujitsu Siemens Amilo laptop rarely comes out of the desk drawer where it lives. My definite first choice of computer on which to do my writing is the Eee PC 900 or the my Ubuntu PC that I have for the writing use.
The above mentioned Fujitsu Siemens laptop, on the other hand, is about to become the replacement for my rather aging and ailing, methinks, Compaq Evo Desktop with Windows XP.
My Eee PC is an ASUS Eee PC 900 with a 16GB SSD hard drive and 1GB of RAM.
Probably because of the fact that it runs ASUS' own version of Linus it opens fast and is a pleasure to use.
I do need my reading glasses, though, for the 8.5inch screen but that would be the case also with a 10inch screen.
In fact, I do believe that the Eee PC 900 Netbook is just the right size for a Netbook and there is naught wrong with the size of the screen or the keyboard either. I can type faster on the ASUS Eee PC 900 keyboard than that of the Fujitsu Siemens laptop of mine and about the same as – if not better also even – on the keyboard of a desktop PC. So where people seem to get the problem from as regards the 900's keyboard size beats me. Yes, it needs a little getting used to but that is by-the-by.
How do I rate it, you, the reader will want to know now, I guess.
Overall: good
Design: Great
Battery life: Oh dear!
Weight: Light
Linux Operating System: Very good bar the little problem with the file overwrite without warning.
Summary: 7 out of 10 and that because of the battery life and the non-working SD card slot, plus the file overwrite problem.
If that could be remedied then this would be the absolute best, I think, netbook about.
I have seen – though not (as yet) – tested the newest versions of the Eee PC netbooks with the 10inch screen and the new keyboard but I think the 900 will take a lot of beating were it not for the above problems.
© 2009
<>
Impressions of an ASUS Eee PC 900
Touch the Light Fantastic
ASUS Launch U Series with Light-in-Motion Technology and Intel® CULV Processor
On May 27, 2009, ASUS have announced the launch of their new thin and light range of notebooks which combine Intel’s latest notebook processor technology with a stylish and light-inspired design.
Encompassing more than 10 years of ASUS notebook innovation, the U Series combines their most elegant design yet with the most advanced notebook technology for the thin and light platform, setting new benchmarks for overall performance, functionality and design.
Key Features: model dependent, please see specifications
* LED Backlit displays from 12.1” to 15.6” (frameless HD on UX)
* Range of processors inc Intel® CULV (Consumer Ultra Low Voltage)
* Light-in-motion: ambient light sensors auto-adjust screen brightness
* Illuminated MosaicGlow chiclet keyboard
* HDMI Output, Altec Lansing stereo speakers & SRS Surround Sound
* High performance graphics options
* 4GB RAM memory and Up to 500GB HDD
* Wi-Fi (802.11 a/b/g/n), Gigabit Ethernet and Bluetooth 2.1
* Express Gate V2
* Genuine Windows Vista® Home Premium & support for Windows 7®
* Global 2-year Collect & Return warranty
* From £799 and £999 SRP
POWER
Key power-saving features offer a greener and more cost effective computing solution for users, without compromising performance:
Processor: The U20 and UX50 models integrate the latest and innovative Intel® CULV (Consumer Ultra Low Voltage) processor, designed specifically for high performance within a slim-casing whilst retaining power efficiency.
LED: The backlit LED display not only offers 50% less power consumption compared with traditional LCD panels, but are free from mercury and eco-friendly.
Battery: Combined with the above features the robust Li–Ion Battery pack provides users up to 12 hours of continuous operation*.
COMFORT
Users can enjoy greater levels of comfort and ease of working in different environments with innovative light sensor features:
Ambient screen: The Light-in-Motion technology automatically adjusts the screen brightness according to the ambient light. In brighter environments the screen brightness will increase to improve visibility whilst in lower light conditions (such as whilst travelling by plane) the screen will dim in order to reduce the glare on the users eyes to provide excellent usability and safety.
Backlit Keyboard: The MosaicGlow chiclet keyboard features a discreet backlight function where keys are subtly highlighted in low light environments, making it easy for users to see what they are typing without having to strain and adding a stylish ‘glow’ to the notebook whilst working.
PERFORMANCE
At home or on-the-move, users can enjoy immersive and top performance multimedia whatever the need - for movies, gaming or music:
Top performance graphics: The U50 and UX50 deliver NVIDIA® GeForce® G105M graphics, offering full HD 1080p playback, with 5x the performance of mainstream graphics and 8 powerful CUDA™ cores to accelerate performance.
Versatile graphics options: In addition the UX50 allows users to switch between discreet and onboard graphics without rebooting, offering higher control and performance across tasks.
HD playback: All U and UX series notebooks feature HMDI outputs allowing High Definition playback for a superb visual image.
Surround sound : Each notebook integrates Altec Lansing speakers with SRS surround sound to deliver crystal clear, high quality audio.
SPEED
Seamless quick connectivity keeps users productive anywhere they go:
Multiple connectivity options: Whilst delivering high performance and style, the U and UX series is still equipped with a host of features to enable users to stay connected and productive though day to day tasks, including Wi-Fi (802.11 a/b/g/n) and Bluetooth 2.1.
Fast connection: Express Gate V2 offers boot up in around 8 seconds (depending on system usage) in order for users to speedily access commonly used applications such as the Internet, Instant Messenger, Skype and Music.
DESIGN
A unique, slim and innovative design ensures users can feel stylish and reassured they are using a robust and reliable device:
The U and UX series notebooks are truly chic in appearance with a thin exterior blended with a high gloss ‘piano finish’.
The ASUS innovative design and manufacturing processes ensure the U and UX series notebooks are not just pretty on the outside, but are also well-thought out in their planning for a robust and efficient result. Despite the incredibly slim size they are able to dissipate heat efficiently and extremely quietly, ensuring users are not disrupted by noise.
Consumers experience a computing solution that is high quality, stylish, fast, power-saving and packed with great features yet still affordable:
PRICING & AVAILABILITY
Prices for the U/UX series will start from £799 for the U20 and £999 for the U50/UX50. All three models will be available from early July 2009.
Pricing and availability for the U80 to be confirmed.
Source: Tru-PR/ASUS
<>
Survey Reveals Workaholics now working 2-6 hours a week in bed
Survey uncovers a staggering number of obsessed workers are taking their laptops to bed, much to their partners annoyance
London, May 2009 - Over a quarter of UK employees are so work obsessed they can’t resist using a mobile device such as a laptop in bed before they go to sleep according to a survey released today by CREDANT Technologies – the endpoint data protection specialists. The survey discovered that of those people who do work in bed, 57% do so for between 2 and 6 hours every week, little wonder that the survey also found that the majority of their bed companions found their partners’ obsession with their mobiles “a very annoying habit”. A staggering 8% of people admitted that they spend more time on their mobile devices during the evening than talking to their partners!
The survey into “Laptop use in bed and the security implications” was conducted amongst 300 city workers who were interviewed to determine whether the UK has become a nation of work obsessed, laptop dependent, key tappers and to highlight the security implications of unsecured mobile devices. Almost half the respondents (44%) admitted they are holding important work documents on their mobile devices of which 54% were not adequately secured with encryption. This will sound alarm bells for the many in-house IT departments who are tasked with trying to secure an ever increasing mobile workforce who are using data on the move and consequently losing more unsecured data than ever before.
Additionally snooping neighbours or even malicious infiltrators could hack into the devices that are being used in bed, as a fifth of people are not using a secure wireless network as they busily tap away under their duvets.
Michael Callahan, Vice President at Credant Technologies explains “This survey confirms that there is a growing population that is no longer restricted by working hours or confined to the office building itself. People are mobile and will work anywhere – even in bed. Therefore, when sensitive and valuable data is being held on these devices and they get lost, it can have pretty detrimental and far-reaching consequences to both the worker and their employer.”
“With increasing pressures on companies to comply with regulations, such as the Data Protection Act, we all have to respect our customers and employers by protecting the data held on our mobile devices, where ever we may be.”
The most favoured way to connect to the Internet, and subsequently back to the office, whilst lying in bed is via a wireless network (87%). Disturbingly, almost a fifth of people spoken to are using a wireless network that they know is insecure, with 56% down/uploading company information.
When staying in hotels, people are happy to connect to the hotel’s wireless network, expecting the hotel to ensure it’s secure. 47% admit that they do so without even considering the security implications.
When asked “What is the last thing you do before going to sleep” it is reassuring to learn that, for 96% of the people questioned, it is kiss their partners goodnight. For the other 4%, (71% of which are male), who confess to completing work and checking their emails it would be advisable for them to take a long hard look at their gadget obsessed lives.
Five Tips When Engaging In Electronic Pillow Talk
Credant recommends the following simple hints and tips to ensure data remains secure, especially when working in your pyjamas :
Tip One : If your laptop or mobile device contains important / sensitive data relating to your employer, especially clients’ information, then the data protection act requires it be adequately protected. Ask your IT department to encrypt the mobile device.
Tip Two : Always use a strong password - combining numbers, letters and symbols, to access your device or network. Don’t make exposure easy.
Tip Three : Be aware of all the points of connection and access so you don’t risk disclosure.
Tip Four : Don't leave your mobile device open to access (e.g. leaving Bluetooth or WiFi turned on) somewhere visible and unsecured.
Tip Five : Finally, use your bedroom for what it’s designed for. And, if you’re not feeling sleepy, your laptop is the last thing you should be turning to!
The survey referred to was conducted in the City of London, amongst 300 city workers during April 2009 for Credant Technologies.
CREDANT Technologies is the market leader in endpoint data protection solutions.
CREDANT’s data security solutions mitigate risk, preserve customer brand, and reduce the cost of compliance, enabling business to “protect what matters.”
CREDANT Mobile Guardian is the only centrally managed endpoint data protection solution providing strong authentication, intelligent encryption, usage controls, and key management for data recovery. By aligning security to the type of user, device, and location, CREDANT permits the audit and enforcement of security policies across all computing endpoints. Strategic partners and customers include leaders in finance, government, healthcare, manufacturing, retail, technology, and services.
CREDANT has been recognized by Inc. magazine as the #1 fastest growing security software company in 2008 and 2007; was selected by Red Herring as one of the top 100 privately held companies and top 100 Innovators; and was named Ernst & Young Entrepreneur of the Year 2005. Austin Ventures, Menlo Ventures, Crescendo Ventures, Intel Capital (NASDAQ:INTC), and Cisco Systems (NASDAQ:CSCO) are investors in CREDANT Technologies. For more information, visit www.credant.com.
Source: Eskenzi PR
<>
Tufin survey reveals the truth about fudging audits, IT cost cutting and buying equipment online
Ramat Gan, Israel – May 27, 2009 – Tufin Technologies today announced the results of its “Reality Bytes” security survey. The survey participants -- mainly IT security managers and technical staff, held no punches when it came to being honest, with 20% admitting that they or a colleague have cheated so that they get their audits passed. In fact the survey discovered that 63% of companies only check and audit their firewalls from anything between 3 months to a year, with a staggering 9% never bothering to check their firewalls at all. 51% admitted that their firewall rules are “a mess.”
The survey, which was conducted at the InfoSecurity Europe 2009 Conference in April, sampled 151 IT security professionals, many of whom come from multinational organizations and government departments employing 1000 to 5000+ employees. The survey was designed to understand the larger social, economic and cultural context in which Tufin’s customers and potential customers operate.
Survey Says….. Firewall Audits: Bad, Shopping on eBay: Good
The survey also found that 22% of firewall audits take anything from a few weeks to a few months, with 70% saying that their audits take a few days. However, from a security perspective with audits not being undertaken frequently and with many taking time to conduct, it can mean that many companies have firewalls that at best are running under par, and at worst, contain shadowed or obsolete rules that introduce unnecessary risk to the organization.
On the lighter side, Tufin Technologies asked interviewees if they had to choose between fixing an IT problem and watching the last 5 minutes of the FA (Football Association) cup final, 39% would watch the game instead! On the flip side that does leave an incredible loyal 61% who would put their companies IT problems first.
Buying IT equipment over eBay proving to be more popular than ever
Tufin also found that more companies than ever before are buying IT hardware off eBay, a trend Tufin was aware of anecdotally via its customers. The Tufin survey found that almost a quarter of companies (24%) would buy from eBay if it meant that they would save money.
Is the cup half empty or half full?
In the current climate cost savings are of a huge priority to most companies, however in the area of IT security and compliance, 52% of companies have revealed that their organisations have not made them focus on cost cuttings at the cost of security and compliance, which are still priorities that money will be spent on. 48% report cost cuts have impacted their compliance efforts.
“With more than 315 customers, we have somewhat of a read on the state of firewall management, so while we did ask some requisite questions, we were really looking to get a more subtle read on peoples attitudes and behaviors,” said Ruvi Kitov , CEO, Tufin Technologies. “Having a clear sense of what’s going on in the trenches is an important indicator of what and where to innovate, and we are more committed than ever to making security operations less painful.”
Tufin Technologies is the leading provider of Security Lifecycle Management solutions that enable large organizations to enhance security, ensure business continuity and increase operational efficiency. Tufin's products SecureTrack and SecureChange Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin now serves more than 315 customers around the world, including leading financial, telecom, transportation, energy and pharmaceutical companies. For more information visit http://www.tufin.com or follow Tufin on Twitter at http://www.twitter.com/TufinTech.
<>
UK SMEs drastically underestimate IT security danger posed by their own employees
External threats remain the focus of attention for over three quarters of SMEs, according to new research undertaken this year by GFI Software, with over half of SMEs not being in a position to track if employees are copying, distributing or deleting sensitive information.
Research highlights:
Despite the higher rates of redundancies and staff dissatisfaction that has been proven to increase employee-led information theft, only 22% of respondents believe that of all the security threats, internal ones are of more cause for concern. Indeed, as many as 50% were ‘not that concerned’ about the threat of data theft by leaving employees.
This indifference towards the danger of deliberate data leakage is reflected by only 45% having security applications in place to automatically screen or prevent network access via portable USB drives and even fewer (35%) screen network access via PDAs – making it far too easy for employees to edit, copy, delete or distribute sensitive data.
Data appears further at risk from dissatisfied or careless staff as 60% of organisations have either no policy at all to regulate access to the network by portable devices or only informal guidelines.
Furthermore, 21% of respondents have absolutely no ability to track where business-critical data is being stored at any one point in time, 33% cannot track what portable devices have been connected to the network and 41% have no visibility of what data has been downloaded to these devices, making tracing the data leakage back to the source almost impossible.
Also 45% of respondents believe that as a result of a prolonged recession, the type of threats will change as cybercriminals become more creative, sophisticated and malicious.
Email and security software provider, GFI Software, today announces the results of The GFI Software SME Security Report, a survey conducted in February 2009 across IT decision-makers in UK SMEs.
The research, undertaken by Redshift Research on behalf of GFI, has shown that whilst the basics of IT security have been implemented widely (96% have installed anti-virus, 85% possess anti-spam measures and 92% assign user passwords), only a worryingly low 45% of respondents have any form of portable storage device network access management measures in place.
Walter Scott, CEO of GFI Software, comments, “Too much emphasis has historically been placed upon the need for anti-virus and anti-spam applications – external threats – and this has led to the common belief that with these, your network is secure enough. A secure network depends on many other factors and, unfortunately, the internal threat is far too often being ignored. There is a pervasive indifference towards monitoring the whereabouts of data and its ability to accessed or copied.”
Scott continues, “Endpoint security is absolutely critical even in the best financial times, but with the economy prompting more and more redundancies, there are more disgruntled employees who pose a potential risk to an organisation’s data. Network administrators must pay more attention to access rights holders’ ability to copy, edit, delete or distribute data – this need is long overdue and is only more essential in current times.”
While financial, contact, R&D and contract information is typically held on the network, 21% of respondents are unable to track where on the network any of this data is available from. This business-critical data is further at risk as written security policies to govern the use of mobile storage devices are held by only 40% of UK SMEs and of these, employees in only 25% of organisations are required to sign them to confirm adherence.
Scott concludes, “Security risks should not be their only concern. We must not forget the cost in terms of loss of productivity. Many companies do not realise how much time is lost when employees are connecting personal devices to the network, browsing the internet for non work-related material, checking their email, downloading files, and so on. If companies were to have the tools to help them understand the economics and financial costs of unmonitored internet and portable device use, I am certain that they would look at security and data in a totally different way.”
For a copy of the survey results visit: http://www.gfi.com/documents/articles/SME_UK_survey_results.pdf
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
Source: itpr
<>
Experts says trashed hard drive fiasco at Pfizer could have been avoided with Encryption
Credant says trashed hard drive at Pfizer would not have happened if data had been encrypted
Credant Technologies says that a security gaffe resulting from an employee at health service company Pfizer throwing an apparently surplus hard drive into the trash would not have happened if the data were encrypted.
Michael Callahan, the military grade encryption specialist's senior vice president, said that the fact that the company has had to write to the people affected - whose names and social security numbers were apparently listed on the hard drive - and offer them credit and ID theft monitoring is both expensive and embarrassing for the company.
"If the health services company had adopted an encryption policy on its sensitive data - whether the data is in transit or at rest – then the accidental disposal of the drive by the New Hampshire staffer wouldn't have been the headline news for the company," he said.
"What makes the case interesting from a policy enforcement approach is that the employee threw the drive into the trash at his home, which means that office security protection systems wouldn't have stopped this from happening," he added.
According to Callahan, this is where an encryption policy on sensitive data can act as a safety net to prevent embarrassing situations like this from hitting the headlines.
The important take-out from this incident, he explained, is that it proves the need for a multi-layered set of IT security defences in a typical organisation.
Obviously, he said, office security policies would have spotted the unauthorised disposal of the hard drive in the company trash and the drive would have been intercepted by the site security staff.
At home, he added, the employee was effectively outside of the control of the office security systems and, as such, the contents of their hard drive was at much greater risk then normal.
And this, he noted, is where a company-wide encryption of sensitive data policy would have stepped in to prevent employee stupidity from costing the company money and avoiding red faces in the boardroom.
"It's worth noting that this isn't the first time that Pfizer has been hit by data breaches. During 2007 and 2008 the company hit the headlines several times. It is to be hoped that this latest data security incident triggers a review of the firm's encryption policies and procedures," he said.
For more on Pfizer's trashed disk drive problems: http://preview.tinyurl.com/pqvtaf
For more on Credant Technologies: http://www.credant.com
Source: Eskenzi PR
<>
New In-Line product doubles network throughput
NEW NAPATECH 10 Gbps IN-LINE PRODUCT FAMILY DOUBLES NETWORK THROUGHPUT
ANDOVER, Massachusetts, May 2009 – Napatech has launched a new product line addressing In-line network analysis applications with the release of the NT20E In-line Adapter. The NT20E In-line Adapter is the first PCI Express Network Adapter to provide genuine 10 Gbps line-rate processing, analysis and transmission of network traffic with zero packet loss for any packet size.
The NT20E In-line Adapter is ideal for OEM network appliance vendors in the network performance monitoring, network test, network security, financial trading and policy enforcement markets, especially those, which require full 10 Gbps throughput and application acceleration. While standard network adapters provide 10 Gbps ports, the effective amount of data sent or received through the port is actually less than 5 Gbps in typical operation. With the NT20E In-line Adapter, this limitation is now removed with full 10 Gbps throughput on all ports. This is important for many network analysis applications which are now facing challenges in handling 10 Gbps traffic.
“Networks are migrating to 10 Gbps to cope with the increased user demand for bandwidth from voice, video and Internet hosted applications. The ability to monitor 10Gbps traffic in-line at full line rate provides a number of advantages. It enables network monitoring and security functions to be centralized in the core of the network for ease of management as a complement or replacement for multiple monitoring points at the edge of the network. It also makes these types of solutions more affordable for enterprises that could not justify a large number of edge monitoring points. This is important as accurate traffic analysis, network forensics and network security are fast becoming mandatory requirements for all enterprises”, said John Barr, Research Director, Financial Markets, The 451 Group.
“Napatech was the first company to provide full line rate capture and real-time analysis at 10 Gbps with zero packet loss. With the NT20E In-line Adapter we are now extending this capability and our rich feature set to In-line applications, which require both full line-rate reception and transmission at 10 Gbps. This is important for many network appliance applications, which are having difficulty operating at full line rate without losing packets. With our In-line adapters, full line rate is possible enabling our OEM customers to continue to support the transition from 1 Gbps to 10 Gbps networks and the growing need for higher performance”, said Erik Norup, President, Napatech Inc.
Napatech adapters provide more than just full throughput; they also include a number of intelligent features designed to off-load data traffic processing from server CPUs, such as packet classification, packet tagging and filtering and intelligent distribution of traffic processing on multiple CPU cores. Other functions include efficient capture with nanosecond precision time-stamping. An extensive software suite is provided for ease of integration supporting Linux, FreeBSD and Windows.
Napatech is a leading OEM supplier of multi-port 10 GbE and multi-port 1 GbE intelligent real-time network analysis adapters. The core idea is to off-load real-time/streaming protocol, payload analysis and control applications traditionally implemented in software or proprietary hardware. Napatech expects a huge growth in the demand for intelligent real-time analysis adapters as Ethernet speeds increase. Napatech has sales, marketing and R&D offices in Mountain View, California, Andover, Massachusetts, and Copenhagen, Denmark.
Interop ® drives the adoption of technology, providing knowledge and insight to help IT and corporate decision-makers achieve business success. Part of TechWeb's family of global brands, Interop is the leading business technology event series. Through in-depth educational programs, workshops, real-world demonstrations and live technology implementations in its unique Interop Net program, Interop provides the forum for the most powerful innovations and solutions the industry has to offer. For more information about these events visit www.interop.com
For more information visit : www.napatech.com
Source: Eskenzi PR
<>
Beware fake security software
Hackers make fortune selling fake software
by Michael Smith (Veshengro)
Cybercriminals frightening computer uses into downloading malware
Criminals can make a fortune by fooling people into buying fake security software.
To get people to the site hosting the rogue software, the cybercriminals use search engine optimisation techniques. They add misspelled keywords such as "liscnese" or "obbama" into pages on compromised websites. Search engines index these pages and display them as top search results. Once the victim has been lured to a compromised site, they are redirected to the site offering the bogus software.
Of the 1.8 million visitors who were redirected in one recent attack, around 1.79 per cent paid the £34 fee, making over a million pounds for the criminals.
A hacker can make more than £7,400 a day by redirecting people to rogue security software sites and getting them to pay for the malware.
Some IPs, however, are making efforts to redirect any misspelled and miss-typed web-addresses to their own sites, thus protecting the user. While this is at times rather annoying when this happens one should look at it as a protection though.
The company’s research, published in its Cybercrime Intelligence report for 2009, showed that not only were the criminals professionally organized and operating profitable affiliate networks, but the operations could easily be run by one or two people who had relatively little technical knowledge and skill.
Yuval Ben-Itzhak, Finjan chief technology officer, said: "Everything is being done automatically. They're using automatic tools to compromise the website and it isn't hard to find keywords. You don't need to have a PhD to set this up, and that is why it is so successful."
Finjan monitored a single operation for 16 consecutive days and estimated that during this time, the sales generated a haul of around $191,000 (£131,000) from 1.8 million unique users who were misdirected to the rogue anti-virus software.
To get people to the site hosting the rogue software, the cybercriminals were using search engine optimization techniques. They injected misspelled keywords such as "liscnese" or "obbama" into web pages on compromised websites. Search engines indexed these pages and displayed them as top search results. Once the victim had been lured to a compromised site, they were redirected to the site offering the bogus software.
Of the 1.8 million visitors who were redirected, between seven and 12 per cent downloaded and installed the software, and roughly 1.79 per cent paid the £34 fee. Members of the affiliate network were paid 9.6 cents for each successful redirection, which totalled $10,800 or £7,452 per day.
Security firm Finjan said the criminals are compromising web pages on legitimate sites in order to direct traffic to their malware and, by using scare tactics, are making people download and buy the bogus software.
The more we hear and see of this the more some people are wondering, I know, whether the Internet is, in fact, a safe place.
Those that may thus wonder let me say that the Internet is safe as long as you handle it with care and do not click on links that could be suspect and that the user has the best anti-virus and other protection software, which is updated daily. You protection is only as good as your latest update.
Having said this, some vulnerabilities can hit before industry is aware of the existence of the malware or vulnerabilities, and therefore we must beware of where we go and how and – check your spelling when typing.
© 2009
<>
TDK bid to use solid state technology will not fly
Origin Storage says TDK bid to replace laptop hard drives with solid state technology will not fly
Basingstoke, May 2009 - TDK’s announcement that it plans to oust magnetic hard drives with its new range of solid state drives (SSDs) is interesting, but the plan is doomed to failure, says Origin Storage, the storage systems integration specialist.
"SSDs definitely have their place in the storage hierarchy, but their applications - in rugged and other specialist situations - cannot hope to replace the flexibility and longevity that a magnetic drive offers most laptop users," said Andy Cordial, Origin Storage's managing director.
"Much is being made of TDK's SSD range supporting on-the-fly encryption, but this technology only supports 128-bit AES, whereas 256-bit AES magnetic drives offer far better encryption protection," he added.
According to Cordial, the fact that external 2.5 inch form factor drives are also available in a rugged casing, means they can more than give SSDs a run for their money in terms of durability.
There is also a question over SSD lifetimes as, he explained, even the multi-level cell (MLC) technology used on the latest SSDs is subject to a lifetime of between 50,000 and 100,000 write operations before the drive starts to fail.
And, he says, given that most netbooks - where SSDs are usually installed in place of magnetic hard drives - have limited memory; the number of drive write transactions can be quite high, especially under the Windows operating system.
Added to the fact that SSDs typically only go up to 64 gigabytes in size, and magnetic drives are available in much large formats - even in a 2.5 inch form factor - the advantages of magnetic drives are quite clear.
The bottom line in the SSD vs magnetic hard drive debate, he says, is that the price and durability advantages of SSD are now starting to be eroded to the point where magnetic drives have the edge in most situations, especially when it comes to secure storage applications.
"The only real advantage that SSD continues to offer over magnetic drive storage is speed of read/write access, but given that we are dealing in milliseconds, the big question is whether consumers will pay for a faster, but significantly smaller drive," he said.
For more on TDK's campaign with SSD: http://www.reghardware.co.uk/2009/05/14/tdk_readies_netbook_ssds/
For more on Origin Storage: http://www.originstorage.com
Source: Eskenzi PR for Origin Storage
<>
Fortify says online credit card security lapse may be due to poor software code auditing
Fortify, the application vulnerability specialist, says an incident in which an Atlanta-based firm reportedly allowed an Aspire Visa card user online access to around 120 other card holder statements, was almost certainly the result of poor code auditing at the software development stages.
"Security faux pas like this - with an Indiana-based woman being able to view the statements of more than a 100 of her fellow cardholders - was probably due to a combination of factors that came together to create a rare, but repeatable, situation," said Richard Kirk, Fortify's European director.
"Good code auditing at the program development stage would have helped to prevent this situation occurring and embarrassing the company that administers the card accounts for Aspire," he added.
According to Kirk, the only piece of good news in connection with this incident is that the cardholder was apparently only able to view her fellow Visa users' accounts and not able to do much else.
This was, he explained, a view-only security situation but, he says, a coding error like this could also have allowed a customer access to other facilities that might - under certain circumstances – have allowed a fraud to perpetrated.
In this incident, he says, after the cardholder was given the cold shoulder after complaining - something that Kirk says also blots the card company's copy-book - she contacted the media, and the firm correctly suspended online access to customer accounts.
"It's good that they've done this. This will give the software development team time to review why this has happened and hopefully prevent it happening again," he said.
"Of course, if they had conducted more thorough auditing and soak testing of the code update that apparently caused this incident in the first place, they wouldn't be in the embarrassing situation they are in now," he added.
For more on the Visa multi-account privacy breakdown: http://preview.tinyurl.com/pc5oc2
For more on Fortify Software: http://www.fortify.com
Source: Eskenzi PR
<>
The KBC Group Taps Tufin Technologies to Streamline Firewall Operations and Policy Management
Security Lifecycle Management Leader Automates Change Tracking, Risk Analysis, Compliance Checks and Optimization of KBC’s Juniper Networks Firewalls
Tufin Technologies, the leading provider of Security Lifecycle Management solutions, announced on May 11, 2009 that the KBC Group, a Belgium based financial institution, has selected Tufin’s flagship product, SecureTrack, to manage policies for its Juniper Networks high-performance firewalls. SecureTrack will enable KBC to increase network security and automate day-to-day tasks through its powerful change tracking, rule-base optimization and risk analysis capabilities. Interoperating seamlessly with the Juniper Networks firewalls, SecureTrack enables KBC to dramatically simplify its firewall policy management, resulting in more efficient, cost effective and manageable firewall operations.
"Tufin’s SecureTrack provides us with a complete picture of our Juniper firewall solutions, which ensures correct change implementation and helps us identify obsolete or conflicting policies,” said Aresh Ghannad, System Engineer for the KBC Group, a Belgium-based financial services institution. “With real-time e-mail notifications and detailed reporting on all policy changes, SecureTrack significantly reduces time required to perform audits and consequently, improves KBC’s overall network security.”
The KBC Group manages network firewalls across many locations in several countries. Each firewall has its own rule base - a complex set of rules defining access privileges and restrictions for specific users and services. SecureTrack provides the KBC Group with a unified, top-down view of all firewall policies and a powerful auditing tool that allows it to proactively manage configuration changes, which simplifies firewall operations while maintaining compliance with corporate and regulatory policies.
SecureTrack provides KBC Group with detailed notifications of firewall changes as soon as they are made. The system maintains a complete and accurate account of each incremental configuration change and can attribute each action to the firewall administrator who performed it. This gives administrators unprecedented, real-time visibility into who made what change and when, analyzing the effect of each change on the network while incorporating accountability and proper governance into security operations.
Tufin Secure Track Firewall Policy Management
SecureTrack provides comprehensive auditing features to support corporate change management procedures and compliance with international regulatory standards such as PCI-DSS and Sarbanes-Oxley. Available as a hardened security appliance or Linux-based software, SecureTrack can be installed and integrated in the enterprise network with minimum effort. Key features include:
· Change Management: Monitors firewall policy changes, reports them in real time and maintains a comprehensive, accurate audit trail for full accountability.
· Security Policy Optimization and Cleanup: Analysis and clean-up of complex rule bases and objects to eliminate potential security breaches and improve performance.
· Risk Analysis and Business Continuity: Powerful simulation and risk analysis to identify potential security risks, ensure compliance with organizational security standards, and prevent service interruptions.
· Cross-Platform Visual Monitoring: Intuitive, graphical views of firewall policies, rule bases and configuration changes for routers and switches.
· Auditing and Regulatory Compliance: Thorough auditing of firewall policy changes by an objective third party supports industry regulations including PCI-DSS, SOX, HIPAA, ISO 17799 and Basel II
“Manual change tracking and auditing is just not feasible in large organizations with numerous firewalls across multiple data centers and different time zones”, said Shaul Efraim , vice president of Products, Marketing and Business Development for Tufin Technologies. “SecureTrack offers administrators a single interface for management of all Juniper firewall operations, with automated reports and change alerts, eliminating much of the management burden associated with daily operations.”
In addition, Tufin announced today that it has joined the Juniper Networks J-Partner Program as a Solutions Alliance partner. More information about the joint Firewall Operations Management solution can be found at http://www.juniper.net/solutions/literature/solutionbriefs/351401.pdf (PDF file)
Tufin SecureTrack™ is the market-leading Security Operations Management solution. SecureTrack enables organizations to enhance security, reduce service interruptions and automate day-to-day tasks through powerful firewall management capabilities and reporting. SecureTrack helps security operations teams to control and manage policy changes, analyze risks, and ensure business continuity and allows managers to easily understand the big picture and align operations with corporate and government security standards.
Tufin Technologies is the leading provider of Security Lifecycle Management solutions that enable large organizations to enhance security, ensure business continuity and increase operational efficiency. Tufin's products SecureTrack and SecureChange Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2003 by leading firewall and business systems experts, Tufin now serves 300 customers around the world, including leading financial, telecom, transportation, energy and pharmaceutical companies. For more information visit on the web at http://www.tufin.com or on Twitter at http://www.twitter.com/TufinTech
Source: Tuffin
<>
MPAA/RIAA Web site security flaw ironic, but unsurprising
Fortify Software, the application vulnerability specialist, says that the cross-site scripting (XSS) security flaw reported on the Web sites of the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) comes as no surprise.
"The fact that a cracker known as Vektor - a member of the Team Elite group of Web exploit publicists - was able to insert details of the well-known file-sharing site, The Pirate Bay, into the MPAA's recommended list of sites is ironic, given the MPAA's stance on illegal file-sharing," said Richard Kirk, Fortify's director.
"But the issue that such sites are open to XSS-driven incursions and alterations comes as no surprise, given the fact that so many sites are poorly programmed and therefore open to such attacks," he added.
According to Kirk, the list of XSS-attacked sites is now quite long and includes eBay, Intel, Eset, Kaspersky, McAfee, Symantec to mention but a few.
The sad reality of the world of poorly code audited and programmed site hosting, he says, is that this list is going to get longer.
As companies are pressured by the economic recession, IT security safeguards such as program code auditing and soak testing are either curtailed or axed from the development process. The result is that program code - like the hosting software seen on the above sites - goes live without being fully tested, he explained.
"Until such time as organisations get wise to the fact that they simply cannot afford to remove back-room security such as code auditing and soak testing from their portfolio of IT security defences, these types of attacks will continue," he said.
"The MPAA is lucky that Vektor's attack was a proof-of-concept one, and intended as something of a joke. The next time they - and other organisations whose sites are vulnerable to XSS-driven attacks, may not be so lucky," he added.
For more on Vektor's attack on the MPAA site: http://preview.tinyurl.com/d7utwg
For more on Fortify Software: http://www.fortify.com
Yvonne Eskenzi, Eskenzi PR
<>
Mio launches new Navman range
by Michael Smith (Veshengro)
London, UK: Tuesday, May 12, 2009 saw the launch of the new Navman Spirit Range, now under the Mio Brand, at one of London's prestigious venues, No. 5 Cavendish Square, W1. The Venue is great, the food and drink excellent as was the company. But we are not here to discuss the venue, I know, although it would be worth discussing too.
This new range, the first one launched following Mio’s merger with Navman, offers ground-breaking sat nav functionality and fantastic content from Google and wCities to enable drivers to explore more on the road.
The Navman Spirit range takes a fresh, exciting approach to navigation, with three models across two design options - the palm-sized 3.5-inch screen to the sharp, bright 4.7-inch widescreen and a stunning 4.7-inch super flat widescreen. Ergonomically designed with soft-curve edges and a stylish, compact exterior, the Navman Spirit range represents some of the slimmest, most lightweight sat nav devices ever seen.
The Navman name is a well-known one in Britain with regards to personal navigation devices and will now, under the Mio Brand and owned by Mio Technology, get a wider airing, so to speak, in other parts of the world. Mio Technology is a company out of Taiwan and owns the Mio brand name.
Consolidated now, as it is, under the Mio umbrella Navman is number three of personal navigation devices (PNDs) worldwide.
The ‘Spirit’ part of the name refers to the new software that powers the range. Redesigned from the ground up, Spirit uses a simple and colourful menu system that takes users to all of the features within a couple of ‘taps’. The new slidetouch™ screen brings up windows that glide on and off to help find what you are looking for quickly and easily, without needing to go back to the main menu unless you want to.
The range is rather impressive and the devises are very well designed indeed.
Testing performance and such is, alas, not something that is easily done at such launch events and I do hope, therefore, that maybe I may be able to get a unit for further tests and trials in oder to do a thorough review of the Navman Spirit range.
Mio also promises some more interesting new products for later this year, to hit the marked sometime in Summer 2009.
Amongst those will be a somewhat larger navigation device with built-in freeview digital TV. This will come in 4.7inch and 7inch screen size. Those are definitely something to behold and should find great interest among the public, I should think.
The Navman Spirit range of PNDs is aimed mostly now at the “replacement” buyer who has used either Navman or other such devices and is looking for something that can do more and that has more to offer.
Users have asked for nice clear maps without clutter and also to pedestrian/walking mode and this new range offer this and much more. Amongst others there is the “realistic junction views” function, the facility to calculate the most economic route, saving money in fuel and carbon emissions, and an “Explore Mode” that give points of interest but also many others such as pharmacies, restaurants, hotels, etc.
In the pedestrian mode parks, outlines of building and such all are shown and should make for a great user experience.
The Navman Spirit range is available in UK stores in May. For more information please visit www.mio.com.
© 2009
<>
ASUS Eee PC Seashell Netbook launched in UK
ASUS leads where others follow in the Netbook field
by Michael Smith (Veshengro)
London, UK: On Friday, May 15, 2009 ASUS finally launched the Eee PC Seashell 1008HA in Britain. The launch happened on three locations in London's busy Tottenham Court Road, where members of the ASUS marketing team were busy promoting this new Netbook.
Members of the media who attended ASUS' post CeBit event in London a couple of months back got a sneak preview of this new ASUS Netbook though the models then were not as yet for the UK market and indeed all bar one, I believe, were but mock-ups at that time.
Now the time has finally come that the Seashell is going to be available in the UK though the only reservation that I have is the price attached to it of over £350.
I hope, though, to be able to, as the first samples are about now, to be able to get a-hold of one for review in the not too distant future.
The ASUS Seashell 1008HA is extremely thin and light – lighter, I would think than even the ASUS Eee PC 900 – but has a 10-inch screen as compared to the 900's 8.5-inch one.
The operating system currently is XP Home only. The keyboard has much larger keys than the 900, for example; something that people have been asking for, so I understand (it was not me, though), though I personally am happy enough with the keyboard on the 900 as it is as I find that it enables me to type faster than on my full-sized Laptop, for instance.
On the other hand the keyboard on the new Eee PC Seashell is not too big either and it should still be a good size really.
When it comes to the operating system I would rather have Linux on it in the form, ideally, of Ubuntu from Dapper Drake upwards, than any version of Microsoft Windows.
It is said that the battery life of this shiny new Seashell Eee PC is up to 6 hours due to the ASUS exclusive Super Hybrid Engine which optimizes power use.
While I have to pour water on any flames in this issue I would fist have to test out the battery seeing that the one in my Eee PC 900 is not even giving an hour and a half and not the three that it is claimed that it has.
The battery on my Eee PC 900 when fully charged prior to restarting it with only the battery will drop immediately to 80% or even less. I am still awaiting someone telling me what might be the reason for this. It will work a lot better when using the suggestion that a fellow journalist who uses a Netbook from a competitor to start the computer plugged in at the mains and then close the lid and put the machine into hibernations/standby and use it that way.
Having tried this I must say it does work a lot better but, I am sure the battery, in itself should hold a better charge.
Therefore, I am afraid to say, I take claims of battery life with a rather large pinch of salt.
© 2009
<>
US missile launch data on eBay hard drive signifies serious lapse in security
US missile launch data on eBay hard drive signifies serious lapse in encryption and security procedures says Credant Technologies
May 2009 - Credant Technologies, the end-point encryption specialist, says that revelations about a hard drive purchased on eBay – which reportedly contained the launch procedures for a US military air defence system - is extremely worrying.
"This is obviously a serious lapse of security procedures for the agency concerned, but the worrying aspect about the incident is that it may not be a one-off. US government agencies - and, indeed, all government agencies worldwide - should have a policy of crushing hard drives once they have been removed from office PCs," said Michael Callahan, Credant's senior vice president.
"But this isn't a one-off situation - if we go back to April 2006, there was the well-publicised incident of a flash drive with US spy data being sold in an Afghan bazaar for just $40. The ensuing investigation into that incident revealed the fact that the data had been downloaded from an unencrypted hard drive," he added.
And the lack of encryption - rather than a lack of enforced policies on disposal of old drives - is the root cause of this latest security incident, he says.
If the data on the PC used in Afghanistan in 2006 had been encrypted, as had the data on the drive reportedly sold on eBay, then the ensuing press embarrassment for the US military would not have happened.
It is, Callahan explained, all very well having a security policy in place for the disposal of unwanted hard drives and other PC components in government agencies, but enforcing such policies is a difficult task.
Difficult, not impossible. And, says Callahan, if government agencies also encrypt all critical and private data on their networks - whether in transit or at rest, as is the case with hard drive storage systems - then this acts as a fail-safe backup for security policy failures.
"I suspect that the investigation by BT's security research centre and a number of international universities will reveal other serious security failures with hard drives," he said.
"The bottom line, as this incident - and the Afghan $40 bazaar sale - clearly proves, is that government IT security procedures, policies and enforcement systems need to be multi-layered and multi-faceted, with encryption forming the mainstay of such protection," he added.
For more on the eBay missile data saga: http://preview.tinyurl.com/d5zn3y
For more on Credant Technologies: http://www.credant.com
Yvonne Eskenzi, Eskenzi PR
<>
Is Your Firewall A Fire Hazard?
by Calum Macleod, Regional Director at Tufin Technologies
With the economy taking quite a bashing and the housing market looking pretty miserable the question might be: Where is the silver lining? And I think I made have found it for those poor souls who have just seen their plans of moving to a new house dashed – you don’t have to tidy up!
Let’s face it if you lived more than a couple of years in the same place you really don’t want to start packing. After all how much of the “junk” do you get rid off and if you’re living with someone who saves everything from empty shoe boxes (because you never know when they might be useful) to Christmas cards from the last 10 years (because you just may want to check who sent you cards in the 20th century) then you’ve already lost. Cupboards are loaded with stuff you never really needed or no longer use. Old Nintendo games are gathering dust along with those never to be played again cassettes, unless of course the recession results in CD players disappearing and we end up back to the good old days of Amstrad stereos with double cassette decks – how many of you still have two cassette copies of every cassette they bought just in case the original that was never used got damaged!!Enough!
Just like the firewalls in most companies. Ask a firewall administrator to tidy up a rule base and get rid of every unused rule and object; or if you really want to make someone’s life miserable set them the task of finding all shadowed or overlapping rules or objects across your infrastructure and I guarantee that after a few hours they’ll either resign or they’ll be carried away in a straight jacket. However the problem is that the longer you do not “tidy up” your firewall there is a major risk that it catches “fire” and causes untold damage to your organization.
Firewalls are not, as some might suspect, something you install once and set it up and then leave it alone. In most organizations the firewall configurations are changing on a daily basis with continuous requests for services to be added, removed, and modified. And this is not only a complex procedure but also very risky for an organization.
No matter how well qualified your firewall administrator is, or how experienced, it is impossible for anyone to be really on top of every rule in every firewall. For example how many of your staff totally understand your policies related to what services are allowed and who might use them. This is something that even the most dedicated administrator would find impossible to keep track of. Add to this that not all firewall administrators are created equal and you will find that very often the addition of a new service results in major disasters because a change was made without first understanding the implications to other services. The bottom line for many companies is that they are not in control of their firewalls.
So what are some of the things that you should be addressing?
- Tidy up your rule base – Firewalls are very often managed like in trays. Every few days something new gets added on top of the existing configuration with the result that rule bases increase to an unmanageable size. Very often rules are overlapping and nobody takes the time to check this, or more likely simply do not where to start. As more and more rules are added, the performance of the firewall decreases because the firewall has to process through possibly hundreds of rules to find a match. Very often companies purchase new firewalls because there’s just no room in the “old house”. It’s kind of like running out of disk space on your notebook so you buy a new notebook with a bigger hard disk and copy everything from the old one to the new one. Cleaning the rule base can very often result in a reduction of up to 50% of rules because they are either partial shadowed (overlapping) with other rules or they are simply never used. The bottom line is effective management of your rule base can extend the lifespan of a firewall by many years – in other words there’s no need to buy a new one. Bottom line no unnecessary expenditures!
- Monitoring any changes – Ask any security officer if they can be sure that firewall administrators adhere to corporate policies when changing firewall configurations and you’ll see tears in their eyes. Faced with increased scrutiny from auditors, many security departments need to provide monthly or quarterly reports on firewall changes. Many have absolutely no mechanism in place to get access to the information. In fact they would not even be able to pinpoint who actually made the changes. At a time when organizations are reducing IT departments, and in many cases getting rid of contract staff, it is very often the case that contract staff are used to carry out roles such as firewall administration. Additionally enforcing policies can simply not be done manually. Having a policy that a service such as Kazaa is not allowed, and being able to enforce it is a very different proposition. It is essential that policies are enforced and monitored
- Downtime – How does your organization translate a business service request to an actual change on the firewall? Would your staff fully understand what exactly needs to be changed and where. How much time is lost and money spent trying to figure out why not only the new service is not working but in fact half the network is off the air! Offline simulation of changes should be standard practice. In fact a workflow that provides an audit trail from service request through to implementation should really be standard practice. It is one thing to approve a change and design and another to ensure that the change has been implemented as designed!
Of course there are many other issues to be considered but at least if you start with these three steps an use tools that are readily available, you’ll discover that things will be a lot tidier and you won’t just be shifting things from one “house” to another. By the way just found some LPs. Anyone interested in “Terry Jacks – Seasons in the Sun”.
www.tufin.com
<>
Throwing Sheep in the Boardroom – Book Review
Review by Michael Smith (Veshengro)
Throwing Sheep in the Boardroom
by Matthew Fraser & Soumitra Dutta
Wiley Publishing
Hardback
ISBN: 978-0-470-74014-9
GBP 15.99 / USD 29.95 / CND 32.95
Sheep in the boardroom could be a rather messy affair and throwing such might require all manner of risk assessments to be undertaken.
However, the book by the above title is one that anyone remotely interested in the phenomenon of online social media should read and also and especially those that reject such social site such as Facebook, Twitter, etc. in a business setting. Many companies and agencies indeed use such services nowadays.
MySpace. Facebook. YouTube. Wikipedia. Twitter. Social networking sites are a global phenomenon boasting hundreds of millions of members. “Throwing Sheep in the Boardroom” is the first book written for a wide audience about the powerful tread that is reshaping our lives: the Web 2.0 social networking revolution.
Twitter and Facebook presences for businesses and governments will become, I think, a must have in the not too distant future, if not already now, and the “leaders” better get prepared. “Throwing Sheep in the Boardroom” is going to be a tool in this preparation endeavor.
“Throwing Sheep in the Boardroom” is a definite “must read” for anyone, not just businesses, using online social media or thinking about doing so, for it also touches specifically on some of the privacy issues of online profiles and especially the fact that those are, more or less, for life. The wrong kind of information on it, therefore, can haunt the “owner” for ever and can cause lots of grief and heartache.
Properly created and maintained, however, online social networking can be beneficial for everyone. It is just very important what and especially what not to put into one's online profile on whichever platform.
An important point to remember when using the Internet and online social networking of whatever kind is the active management of one's profile, one's branding and this is something that the authors of this book reiterate again and again.
Even and particularly young people must be made to realize this fact, that is to say that your online profile follows you for life, and all you do on those social sites, for many prospective employers will now “Google” the applicant before and interview and then something from the past may cause one to not to be considered for this or that job.
When it comes to Blogging there too lies the danger as to what one writes, if one uses a Blog as a sort of diary, for the “wrong” diary entries online can kick one right up the butt when one has thought that all to be well in the past and again and again the authors of the book clearly spell this out.
Social networks or one kind or another, or more than one even, I think, will become part of everyone's life sooner rather than later and the management of the contents if very important, not to say crucial and critical, as not to cause us grief.
The book is refreshingly original, often unexpected and always insightful and I have greatly enjoyed this book as it is not only very informative but also very well written indeed and I can recommend it to everyone.
The authors examine the powerful forces behind the social 'e'-revolution, detailing often absurd an powerful reactions, as well as making predictions about the long-term consequences of all those things that are going on in the field of social networking at the moment and also what could be the future.
A book worth considering as a good read for anyone, from the youth who is very much into this all, to corporations and government bureaucracies, and everyone in between. Online social networking is here to stay and something that we all soon will be doing if we are not doing so already.
“Throwing Sheep in the Boardroom” is a great read and should be read by all.
© 2009
<>
IT experts say MI6 drug information loss in Columbia highlights need for encryption policies
by Michael Smith (Veshengro)
Credant says MI6 drug information loss in Columbia highlights need for portable device encryption policies
The case of an MI6 agent - who apparently left an unencrypted USB stick containing several years worth of drug trafficking intelligence on an airport bus in Columbia - highlights the need to use encryption when dealing with sensitive information, says Credant Technologies, the military grade cryptography specialist.
"Newswire reports suggest that, in leaving her handbag containing the USB stick on a transit bus at Bogota airport, the agent has compromised the work of several of her fellow agents," said Michael Callahan, Credant's senior vice president.
"Reports also suggest that the loss of the USB stick has forced drug enforcement officials to relocate several of their agents and informants. If the data had been encrypted, however, this reaction would not have been necessary," he added.
According to Callahan, that the loss of a single USB stick should have compromised the activities of so many agents and their informants illustrates what a happen as a result of a single data loss incident.
It also, he explained, highlights what can happen when a single lapse in IT security policy occurs and the potential for the lapse to cause problems at multiple levels.
Callahan went on to say that Colombia may well be problematic when it comes to law enforcement, but implementing an effective IT security policy that requires data held on portable devices to be encrypted is far from being a high technology issue.
"This really comes down to common sense security. It's a great shame to see the UK Security Service embarrassed by a single data leak incident, but it is a security policy failure, nonetheless," he added.
For more on the Columbian USB stick loss fall-out: http://preview.tinyurl.com/ck6am5
For more on Credant Technologies: http://www.credant.com
I hate to ask this but are the British government and its agencies intending to get into the Guinness Book of Records as the most incompetent ones as far as data security is concerned.
The life of field agents is now being at risk and months if not years of hard and dangerous work because someone left an unencrypted USB stick with sensitive – extremely sensitive data – on an airport bus. How stupid can they actually get?
Proves yet again why intelligence officers are looking for intelligence, you sure know the joke; because they haven't got any. Same seems to apply for the entire government.
All it would have taken would have been a little AES 256 USB drive, the cheapest of which are now available in the form of the Crypto AES 256 bit from Integral or the Blockmaster Safestick. There simply is no need to have sensitive data unencrypted on a USB drive.
Another thing this reminds one of is the “for the lack of a nail a shoe was lost, etc.” and this sure as heck is just the way it would appear to run.
Businesses in the UK (and elsewhere) appear to be, in the main, better in safeguarding sensitive and extremely sensitive data than are the governments and their agencies.
This is criminal negligence in the extreme and it does not appear to get any better. The way it looks the British government and its agencies do not seem to learn from all those data breaches they incur. Breaches and losses that so easily could be prevented. All it is is a matter of cost, often only little cost. On top of this it is a matter of education but all of this seems to be sadly lacking in government circles, as does common sense.
© 2009
<>
IT Security Solution helps keep Swine Flu under control
Cyber-Ark's security helps keep Swine Flu under control
London 7th May 2009 Whilst the media has been making much of the soaring numbers of Swine Flu cases around the world, little has been reported about the behind- the-scenes technology being used to track and assist health professionals in handling the outbreak.
Cyber-Ark, an international IT security vendor, has been instrumental in supplying its leading edge technology to a number of governments, notably health agencies in Israel and the UK, to ensure that all relevant agency staff are kept up to date on this potentially major health issue.
"The secure and rapid dissemination of information has been - and will continue to be - a central plan to health agencies' IT strategies in dealing with the Swine Flu outbreak," said Roy Adar, VP Product Management at Cyber-Ark.
"We have been working with a number of agencies in supplying and installing our Inter-Business Vault® and Governed File Transfer technology both of which allow a wide variety of professionals, including those in the medical profession, the ability to communicate effectively and securely, about the Swine Flue outbreak," he added.
According to Adar, security is of paramount importance when dealing with all types of medical issues, and not just high profile issues such as the Swine Flu outbreak.
Medical professionals, he explained, are understandably wary of using any form of technology that allows patient details to flow outside of their direct control to third parties.
Using Cyber-Ark's high security technology, government and medical officials both in the UK and Israel have been able to communicate efficiently with other professionals and third parties without any security worries or hassles they would experience using conventional email systems.
In the UK, he said, the company has supplied the relevant health agencies with its Inter-Business Vault technology, which allows professionals to share medical information with hospitals, doctors and clinics about the Swine Flu outbreak.
According to Adar, as more information is collected about the disease, making sure this knowledge is quickly shared with the relevant medical audience, saves critical time and results in a better ability to control the disease.
Over in Israel, meanwhile, Adar says that the Israeli Ministry of Health has been using the same technology for several years to help control and allow early identification of diseases.
All Israeli hospitals are connected via the Inter-Business Vault system to the Ministry of Health, and blood test results – together with a variety of other relevant information - are securely and quickly exchanged/shared amongst the country's medical communities.
"It's interesting to note that, as details of the Swine Flu started to reach the newswires, Israel was able to quickly supply reliable and accurate details as opposed to rumours of its outbreaks to the relevant world agencies - and the media - in a timely and efficient manner," said Adar.
"The fact that Israel was able to supply this information in a timely manner, and so help to allay the fears of the public, shows the value of early detection and rapid information flows," he added.
Cyber-Ark® Software is a global information security company that specializes in protecting highly-sensitive enterprise data, restricted user accounts and passwords to improve compliance, productivity and protect organizations against insider threats. With its award-winning Privileged Identity Management (PIM) and Highly-Sensitive Information Management software, systems and network administrators can more effectively manage and govern application access while demonstrating returns on security investments to the C-suite. Cyber-Ark works with 500 global customers, including more than 35 percent of the Fortune 50. Headquartered in Newton, Mass., Cyber-Ark has offices and authorized partners in North America, Europe and Asia Pacific. For more information, visit www.cyber-ark.com.
Yvonne Eskenzi Eskenzi PR
<>
Tufin Technologies supports Rt Hon David Blunkett's security observations
Tufin Technologies voices support for Rt Hon David Blunkett's security observations at Infosecurity Europe
Infosecurity Europe 2009 - Tufin Technologies voices support for Rt Hon David Blunkett MP's security observations at Infosecurity Europe.
Tufin Technologies, the leading provider of Security Lifecycle Management solutions, has voiced its support for the comments of the Right Honourable David Blunkett, MP, the former Home Secretary, at the Infosecurity Europe show this week.
"Mr Blunkett's observations that there is woeful lack of awareness of cybercrime issues amongst companies and the population at large mirrors our own experiences," said Reuven Harrison, Tufin's chief technology officer.
"His additional observations that, whilst a raft of legislation to tackle electronic crime exists, many companies are unaware of the legislation's existence," also rings true," he added.
According to Harrison, despite considerable moves by the Government to educate companies and individuals on the subject of e-crime, UK industry's understanding of the risks involved still has a long way to go before companies can be said to understand the issues involved.
It's for this reason, he explained, that Tufin is supporting Mr Blunkett in his call for a more coherent and joined-up approach by the public and private sector in tackling the cybercrime education issue.
There is also, he said, a need for companies involved in the development of, and customisation of, applications software, to undertake a fundamental review of the way they approach code development from an audit and compliance perspective.
Mr Blunkett's observations that the existence of e-crime legislation has passed many companies by, he added, is reflected in the fact that many firms fail to include IT security - as an audit concept - in the software development and ongoing lifecycle side of their business.
"The fact that cybercriminals are becoming more sophisticated is, as Mr Blunkett says, a danger for the economic, commercial and political life of the UK," he said.
"More education, rather than more legislation, therefore needs to be carried out if the UK PLC is to weather this threat which becomes ever more powerful as the technology that drives it continues to mature," he added.
For more on Tufin Technologies: http://www.tufin.com
Tufin Technologies is the leading provider of Security Lifecycle Management solutions that enable large organizations to enhance security, ensure business continuity and increase operational efficiency. Tufin's products SecureTrack™ and SecureChange™ Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin now serves 300 customers around the world, including leading financial institutions, telecom service providers, transportation, energy and pharmaceutical companies. For more information visit www.tufin.com or follow Tufin on Twitter at TufinTech http://twitter.com/TufinTech.
Yvonne Eskenzi, Eskenzi PR
<>
Tufin Open Platform launched providing platform for managing security policies
Tufin Technologies Launches the Tufin Open Platform (TOP), adding integrated solutions with network security and application security and delivery leaders F5, Blue Coat and Fortinet into its Security Lifecycle Management Eco-system
Open APIs and strong partnerships enable Tufin to provide a single, unified platform for managing security and network policies
Tufin Technologies, the leading provider of Security Lifecycle Management solutions, today announced the launch of the Tufin Open Platform (TOP) alliance. TOP is both an industry-wide alliance of leading security and networking vendors and an open, multi-vendor Security Lifecycle Management platform purpose-built to enable streamlined, policy-driven network and security management.
Already providing deep integration with leading firewall vendors such as Check Point, Juniper, Cisco and Fortinet, Tufin has launched TOP with new partners F5 and Blue Coat to extend its policy management and auditing to application security and delivery network systems and devices to enable joint customers to better manage day-to-day operations of today’s complex, intertwined, dynamic networks.
“With TOP, Tufin has demonstrated it understands how its policy and change management automation fits into the bigger picture,” said Richard Steinnon, principal analyst, IT Harvest. “A strong eco-system of best-of-breed partners provides a host of practical, measurable benefits such as faster deployment and increased service levels that can make or break a customer relationship. Knowing that in IT, the devil is always in the details, partnerships that can smoothly deliver operational improvements without creating new setbacks will be strongly rewarded by the marketplace.”
“F5 customers rely on our ability to solve their most pressing application delivery and security problems,” said Mark Vondemkamp, Director of Product Marketing, Security and Acceleration Products, F5 Networks. “The one thing that’s constant in their business is change – new people, new applications, or events that require network, application and security operations teams to respond. F5 welcomes Tufin into our Technology Alliance Program and looks forward to a strong and fruitful partnership with Tufin. Tufin’s strong automation and policy-driven approach to managing IT and security operations will enable our joint customers to fully leverage the flexibility, agility, and reliability they have come to expect from F5.”
“Because Fortinet excels in securing high performance, high throughput and highly dynamic network environments, we understand what a daunting task managing complex network environments can be – even for the savviest administrators,” said Anthony James, vice president of Products, Fortinet. “The integration of Fortinet's FortiManager appliance and Tufin’s automated policy management capabilities presents a powerful combination for for helping customers of FortiGate multi-threat security appliances manage their complex multi-vendor environments. This will give customers a competitive edge to maintain a strong defense against a constantly changing threat landscape and confidently manage their security operations.”
Eliminating the complexity and potential errors stemming from managing multiple administration interfaces, Tufin Open Platform (TOP) is designed to deliver centralized policy change analysis and tracking, configuration change and compliance monitoring, performance optimization and auditing across a wide variety of security and networking devices.
Tufin has released the TOP Software Development Kit (SDK) that enables technology partners to easily integrate a wide range of network devices with its SecureTrack and SecureChange Workflow solutions. The TOP SDK provides all of the information needed to develop plug-ins quickly and easily. All plug-ins that are part of the Tufin environment are non-intrusive for the security device and automatically implement the configuration retrieval logic for TOP partner devices.
The TOP Alliance Program provides technology partners and third party professionals with the Tufin SDK, plug-in development, participation in TOP forums, events and roadmap development. F5 and Blue Coat plug-ins are available immediately from Tufin at http://www.tufin.com/TOP.
“No single solution, no matter how wonderful, innovative, and disruptive it is, exists in a vacuum,” said Ruvi Kitov, CEO, Tufin Technologies. “TOP is a major milestone for Tufin because it heralds our expansion from a product to a platform. As a best-of-breed solutions provider, we understand what a winning proposition a healthy eco-system can be for participants. Launching with such well respected, like-minded partners that share our commitment to provide secure, reliable, policy-driven security and network solutions is a privilege, and we look forward to deepening our existing relationships and expanding to the eco-system.”
TOP (Tufin Open Platform) is an open, multi-vendor Security Lifecycle Management platform purpose-built to manage today’s policy-driven networks. TOP enables any company with best-of-breed applications, devices and systems to leverage Tufin’s unmatched change management, policy optimization and reporting capabilities to automate manual, error prone processes, enhance security and improve business continuity. For complete TOP Alliance program information, visit http://www.tufin.com/TOP
Tufin Technologies is the leading provider of Security Lifecycle Management solutions that enable large organizations to enhance security, ensure business continuity and increase operational efficiency. Tufin's products SecureTrack™ and SecureChange™ Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin now serves 300 customers around the world, including leading financial institutions, telecom service providers, transportation, energy and pharmaceutical companies. For more information visit www.tufin.com or follow Tufin on Twitter at TufinTech http://twitter.com/TufinTech.
Yvonne Eskenzi, Eskenzi PR
<>