Fortify Software to Collaborate with HP on Application Lifecycle Security Solutions to Reduce Business Risk

London – June 2009 (Eskenzi PR): Fortify Software, the market leading provider of Software Security Assurance solutions, announced today a collaboration with HP to help customers reduce their business risk by identifying, prioritizing and fixing critical security vulnerabilities across the application life cycle.

Fortify 360’s Static Application Security Testing (SAST) technology will be integrated with HP Application Security Center and HP Quality Center software solutions to give enterprise users increased visibility into application security across development, quality assurance and security operations.

“The combination of these technologies brings together development’s security efforts with software quality and dynamic application security testing,” said John M. Jack, CEO of Fortify Software. “Not only will customers benefit from increased visibility into the security of their software throughout its lifecycle, but they will be even better equipped to assess and manage the overall risk to their business while cutting the costs it takes to perform these tasks.”

Recent studies show that data breaches and cyber attacks on the application layer continue to rise at an alarming rate, and the National Institute of Standards & Technology (NIST) notes that 92% of exploitable vulnerabilities are found in the software. As businesses strive to mitigate the risks posed by vulnerable software, mandates from organizations such as the Payment Card Industry (PCI) Security Standard Council make it imperative to address security through all phases of the software life cycle.

“Enterprise businesses can reduce security risks inherent in their software by bringing together their development, quality assurance and security operations groups,” said Jonathan Rende, vice president and general manager, Business Technology Optimization Applications, Software and Solutions, HP. “Combining Fortify's leading static application security testing technology together with HP’s market-leading quality and web application security solutions delivers unparalleled visibility across the application lifecycle.”

Fortify and HP will first focus on integrating Fortify 360 static application security testing results into HP Assessment Management Platform (AMP) to give customers a real-time dashboard view of application security scanning efforts enterprise-wide. The collaboration also includes integration of Fortify 360 source code security results with HP Quality Center’s defect management system. This will enable customers to seamlessly submit security issues detected by Fortify 360 source code analysis into HP Quality Center's defect management system so they can be managed like other software defects.

According to Joseph Feiman, VP and Gartner Fellow, "Conceptually, static tools test applications from the ‘inside out,’ whereas dynamic tools test applications from the ‘outside in.’ These techniques are complementary, and we believe that vendors have greater vision if they integrate static and dynamic testing to increase the breadth of application lifecycle coverage and the accuracy of vulnerability detection."

Fortify®'s Software Security Assurance products and services protect companies from the threats posed by security vulnerabilities in business–critical software applications. Its software security suite – Fortify 360 – drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e–commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world–class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog.

<>

Say Hello to Vid: Logitech Introduces Simpler, Streamlined Video Calling

Logitech Vid Software Designed Exclusively for Video Calls, Sets Up With Webcam Installation

London, June 2009 (Brands2Life): Video calls have always offered the promise of strengthening the connection between you and your distant friends and family. But for many, getting the software and hardware to work has been a challenge. If you’ve been waiting for a simpler way to make a video call, Logitech® Vid™ is the answer – the free, fast and easy way to make true-to-life video calls with your Logitech webcam on a PC or Mac® computer.

A pioneer in the development of webcams and video calling, Logitech (SIX: LOGN) (NASDAQ: LOGI) dramatically simplifies video calling with Vid by offering a streamlined setup and a simple, intuitive interface dedicated to video calling. In fact, you can set up Vid in fewer than half the steps required by the major instant-messaging programs. Vid is available for download at www.logitech.com/Vid.

Vid can also make it easy to see your loved ones in lifelike colours. From the sparkle in your daughter’s engagement ring to the smile on your grandson’s face, Vid optimizes the speed and resolution of your video call, so you’re always getting the best-possible frame rate and resolution for your webcam.

“Video calling has been around for more than a decade, but Vid truly has the potential to make video calling one of the primary ways that people stay in touch with their loved ones,” said Gina Clark, general manager and vice president of Logitech’s Internet Communications business unit. “Vid gives you the best of both worlds – eliminating the biggest obstacles to making video calls, while still providing the exceptional-quality audio and video that you expect from Logitech. Above all, you don’t need to be tech-savvy to use Vid.”

Logitech research revealed that the overwhelming reason why many people do not make video calls is that they are frustrated by complex software. Unlike video calling through IM or VoIP programs, Vid was designed exclusively for video calling. Powered by the Logitech® SightSpeed® Network, Vid is a reliable source for high-quality video calling.

Sets Up With Webcam
Vid is set up automatically when you plug in your Logitech webcam. A few clicks and you’re ready to go. There are no screen names. And there’s no third-party software to download. When you’re ready to make a video call, Vid uses your friend or family member’s e-mail address to connect. Your friend simply accepts your e-mail invitation to participate in a video call on Vid, and you’re both connected and ready to chat.

Simple, Intuitive Interface
Unlike other free software that offers video calling as another hard-to-find feature in a long list of features, Vid presents a simple, intuitive interface in which every element is designed to help you make a video call. You can make a call in just a few simple steps. Each one of your contacts is represented by a thumbnail picture. You simply click the picture of the person you want to contact, and Vid starts your video call.

Vid is free with your Logitech webcam – and for anyone you’re calling. There are no added charges. If you don’t have a Logitech webcam, you can still use Vid if a friend or family member invites you. (If you’re invited by a friend or family member that has installed Vid, but doesn’t have a Logitech webcam, you’ll get Vid free for 30 days. At the end of the 30-day period, you can use Vid with the purchase of a Logitech webcam.)

Vid is compatible with PC and Mac® computers, as well as stand-alone and embedded webcams.

Pricing and Availability
Logitech Vid is available for download at www.logitech.com/Vid and is free for anyone with a Logitech webcam or anyone who is invited by a Logitech webcam owner.

Logitech is a world leader in personal peripherals, driving innovation in PC navigation, Internet communications, digital music, home-entertainment control, gaming and wireless devices. Founded in 1981, Logitech International is a Swiss public company listed on the SWX Swiss Exchange (LOGN) and on the Nasdaq Global Select Market (LOGI).

<>

Bull equips several French Ministries with globull™, its mobile security platform

The French Defense Ministry's Inter-Forces Infrastructure, Networks and Information Systems Department (the DIRISI) signs a four-year framework agreement with Bull to supply several government ministries and other public sector bodies

(Highland Marketing) At the end of 2008, the DIRISI signed a four-year framework agreement that will enable several Government entities (including the Ministry of Defense, Ministry of Foreign and European Affairs, Ministry of Culture and Communication, Ministry of Justice, Ministry of the Interior, Overseas Territories and Local Authorities, the various departments reporting to the Prime Minister, and the French atomic energy authority or CEA) to acquire individual globull™, Trustway USB and RCI devices. globull has already been widely adopted by a number of ministries under this agreement.

A new approach to ultra-mobile computing
Bull is meeting today’s growing demand for mobile computing and ultra-secure storage from the public sector, with a solution that offers all the standard functionality of the mobile desktop along with a digital strong-box, with everything geared to providing the highest possible levels of security through defense-standard technologies.

The globull devices will be personalised for individual use and will feature the requisite storage capacity (60GB) and the appropriate operating system software to provide secure storage and cryptographic services (encryption, electronic signature...) for users’ applications, as well as a complete local ‘trust’ environment through direct booting.

So every new user will receive a globull device, featuring his or her own cryptographic environment and a personalised software environment configured according to the user’s rights relating to their job role. Each device is fully traceable and customisation processes are automated using a special customisation workstation, also implemented by Bull.

"Guaranteeing the security of sensitive and classified government information is one of the fundamental roles of the DIRISI (the French Defense Ministry's Inter-Forces Infrastructure, Networks and Information Systems Department)," explains Jean-François Montuelle, head of Information System Security purchasing at the DIRISI. “When it comes to mobile computing, one of the objectives set for us by the Commander-in-Chief of the armed forces was to find a way to protect the information carried around on mobile devices by military personnel. Bull’s solution – globull – is absolutely in line with the Ministry of Defense’s security policy, so it has enabled us to meet this challenge, which is crucially important for all government Ministries.”

Implementing personalised mobile computing… on a massive scale
Bull is supporting the DIRISI and French government ministries as part of a comprehensive approach to delivering a complete and integrated solution, which provides:

  • Storage of sensitive data, with the main aim of guaranteeing the confidentiality of all stored data
  • Widespread, automated implementation using specially designed ‘customisation stations’
  • Development and provision of an enhanced version designed to meet the requirements of personnel with the highest security clearances
  • Provision of a virtualisation environment (globull Virtual Desk) enabling the operating system to be run from a secure globull USB module
  • Support and training.
“globull combines Bull’s expertise in technological innovation with its unique cryptographic processor, along with a highly original design,” explains Alain Filée, Director of Security Products at Bull. “In addition, thanks to our technological expertise, we can offer our customers bespoke variants that meet their precise requirements.”

Bull, Architect of an Open World, the is an Information Technology company, dedicated to helping Corporations and Public Sector organisations optimise the architecture, operations and the financial return of their Information Systems and their mission-critical related businesses.

Bull focuses on open and secure systems, and as such is the only European-based company offering expertise in all the key elements of the IT value chain.
For more information visit: http://www.bull.com or http://www.myglobull.com/

<>

Survey reveals 20% of IT Cheat on Audits to get them passed

Plus Recession sees more companies buying equipment from online auction sites

London – June 2009 (Eskenzi PR) – A survey of IT security managers and technical staff has revealed that 20% admit to cheating on an audit to get it passed. The survey by Security Lifecycle Management company Tufin Technologies, was conducted amongst 151 IT security professionals, many of whom were from multinational organisations and government departments, employing 1000 to 5000+ employees as part of their annual “Reality Bytes” security survey.

Survey Says….. Firewall Audits: Bad, Shopping on ebay: Good

In fact, the survey discovered that 63% of companies only check and audit their firewalls from anything between 3 months to a year, with a staggering 9% never bothering to check their firewalls at all. 51% admitted that their firewall rules are “a mess.”

The survey also found that 22% of firewall audits take anything from a few weeks to a few months, with 70% saying that their audits take a few days. However, from a security perspective with audits not being undertaken frequently and with many taking time to conduct, it can mean that many companies have firewalls that, at best, are running under par and, at worst, contain shadowed or obsolete rules that introduce unnecessary risk to the organization.

Buying IT equipment over ebay proving to be more popular than ever Tufin also found that more companies than ever before are buying IT hardware from ebay, a trend Tufin was aware of anecdotally via its customers. The Tufin survey found that almost a quarter of companies (24%) would buy from eBay if it meant that they would save money.

Is the cup half empty or half full?

In the current climate cost savings are a huge priority to most companies, however in the area of IT security and compliance, 52% of companies have revealed that their organisations have not made them focus on cost cuttings at the cost of security and compliance, which are still priorities that money will be spent on. 48% report cost cuts have impacted their compliance efforts.

“With more than 315 customers we have a something of a read on the state of firewall management, so while we did ask some requisite questions, but we were really looking to get a more subtle, read on peoples attitudes and behaviours, said Ruvi Kitov, CEO, Tufin Technologies. “Having a clear sense of what’s going on in the trenches is an important indicator of what and where to innovate, and we are more committed than ever to making security operations less painful.”

Tufin Technologies is the leading provider of Security Lifecycle Management solutions that enable large organizations to enhance security, ensure business continuity and increase operational efficiency. Tufin's products SecureTrack and SecureChange Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin now serves more than 315 customers around the world, including leading financial, telecom, transportation, energy and pharmaceutical companies. For more information visit http://www.tufin.com or follow Tufin on Twitter at http://www.twitter.com/TufinTech.

<>

Finjan’s Research Unveils Botnet Trading Platform for hacked PCs

Compromised PCs of individuals and corporations are turned into digital assets that cybercriminals potentially trade online. Traded data also includes about 100,000 stolen FTP accounts

Farnborough, United Kingdom, June 2009 (Eskenzi PR) – Finjan Inc., a leader in secure web gateway products and the provider of a unified web security solution for the enterprise market, today announced that its Malicious Code Research Center (MCRC) managed to research a trading network and botnet, where compromised PCs are bought and sold for profit. In the second issue of its “Cybercrime Intelligence Report” of 2009, Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the cybercrime evolution.

By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.

The cybercrime intelligence report covers the following:

  • On the buyer side of the trading platform, batches of 1,000 malware-infected PCs can be purchased for $5 up to $100; depending on territory
  • Partners are paid for successfully distributing the bot and collecting FTP-credentials of legitimated websites through the infected PCs
  • On the seller side of the trading platform, cybercriminals sell batches of 1,000 malware-infected PCs for $25 up to $500
  • Compromised malware infected PCs may be infected with additional malware each time they are purchased by a new “owner”
  • For attacks and exploitations, an exploit toolkit with obfuscated code and the Trojan Zalupko attack toolkit are provided
“As reported by Finjan before, cybercriminals keep on looking for improved methods to generate profit. In addition to stealing data and selling them on, they now also trade compromised PCs to as many buyers, sellers and partners as possible. Looking at the list of compromised PCs we found, it is clear that no individual, corporate or governmental PC is safe,” said Yuval Ben-Itzhak, CTO of Finjan.

In the report released today, Finjan also indicates how organizations can detect and deal with infections, and how they can prevent their corporate PCs from being compromised and turned into bots.

To download the report, please visit www.finjan.com/Cybercrime_Report

Technical analysis is provided on Finjan’s MCRC blog post at www.finjan.com/MCRCblog

Finjan’s MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.

Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules. Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan’s comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

<>

ASUS Post-Computex 2009 Press Event & Product Launch

Nice new products – shame about the price tags and the abandonment of Linux

by Michael Smith (Veshengro)

On Thursday, June 25, 2009 the members of the press and other media were treated to the post-Computex press event and the launch of some new products by ASUS, which will soon be available in the UK, at the Lamborghini Showrooms opposite South Kensington Underground Station.

While the new products are very nice indeed – some of the really something to drool over – the price tags attached to them are, unfortunately, also are very steep.

Also, it is a great shame to see that the Netbooks, for which ASUS became known primarily in the UK and ASUS became synonymous with Netbook initially and others but followed, the true Netbooks and the usage of Linux, a far more superior OS for mobile computing, is basically being abandoned.

Everything is now just loaded with Microsoft Windows XP and Vista. Why? This is not progress. This is going backwards.

The reply to this question from members of the ASUS team that it is what people, that is to say, users want does not wash at all and it is a sign of bad marketing of Linux over MS Windows.

While there are indeed a few problems with Linux the Linux operating system in general is superior in most if not indeed all ways to Microsoft Windows and this not just in regards to security in that it is basically immune to viruses and such like.

I hate to suggest that there may be more behind the more or less total dumping odf Linux in the Eee PC Netbooks by ASUS than meets the eye but I am beginning to worry and wonder.

We sure know that the folks at Redmond would and indeed will do anything to ensure that Microsoft and Windows is the primary operating system in the world for personal computing and that Microsoft retains the monopoly here with the aim being to have only one viable operating system really.

The latest Eee PC, of which we have spoken before, the Seashell, though still a small enough size for a Netbook though, in my opinion, being the absolute maximum in size with a ten inch screen. However, this Eee PC comes with Windows XP and no Linux versions are available. This makes that Eee PC no longer viable and of interest for me as a user.

Yes, it is indeed possible for anyone to install any Linux distribution onto it, by means of an external CD/DVD drive (you'd have to have your own, as the Seashell, in the same as other Eee PCs, has no optical drives) but that is not what I would be looking for.

It is indeed as another journalist said at the event: It is a failure of the marketing section to not continue to “push” Linux. The version that is installed on the Eee PC in general, like my Eee PC 900, is a very nice and easy system that is extremely intuitive and easy for any new computer user.

Admittedly, mobile broadband dongles do not work on that Linux version – and only few work on Linux anyway. This is, however, not the problem of the developers; it is the fault of those that provide the mobile broadband services who seem to think that there is only Windows as an operating system for computers and hence do not make the dongles work with Linux. That is where the problem lies and mot with the operating system, regardless of whatever version of Linux.

While ASUS makes great products it is a shame to see them abandoning their own version of Linux that was the hallmark of the Eee PCs and which is that makes the Eee PC such a green machine too. Without Linux, in my opinion, it will lose that point; a point that seems to be lost at the company though.

© 2009
<>

Finjan’s Research Unveils Botnet Trading Platform for hacked PCs

Compromised PCs of individuals and corporations are turned into digital assets that cybercriminals potentially trade online. Traded data also includes about 100,000 stolen FTP accounts

Farnborough, United Kingdom, June 2009 (Eskenzi PR) – Finjan Inc., a leader in secure web gateway products and the provider of a unified web security solution for the enterprise market, today announced that its Malicious Code Research Center (MCRC) managed to research a trading network and botnet, where compromised PCs are bought and sold for profit. In the second issue of its “Cybercrime Intelligence Report” of 2009, Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the cybercrime evolution.

By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.

The cybercrime intelligence report covers the following:

  • On the buyer side of the trading platform, batches of 1,000 malware-infected PCs can be purchased for $5 up to $100; depending on territory
  • Partners are paid for successfully distributing the bot and collecting FTP-credentials of legitimated websites through the infected PCs
  • On the seller side of the trading platform, cybercriminals sell batches of 1,000 malware-infected PCs for $25 up to $500
  • Compromised malware infected PCs may be infected with additional malware each time they are purchased by a new “owner”
  • For attacks and exploitations, an exploit toolkit with obfuscated code and the Trojan Zalupko attack toolkit are provided
“As reported by Finjan before, cybercriminals keep on looking for improved methods to generate profit. In addition to stealing data and selling them on, they now also trade compromised PCs to as many buyers, sellers and partners as possible. Looking at the list of compromised PCs we found, it is clear that no individual, corporate or governmental PC is safe,” said Yuval Ben-Itzhak, CTO of Finjan.

In the report released today, Finjan also indicates how organizations can detect and deal with infections, and how they can prevent their corporate PCs from being compromised and turned into bots.

To download the report, please visit www.finjan.com/Cybercrime_Report

Technical analysis is provided on Finjan’s MCRC blog post at www.finjan.com/MCRCblog

Finjan’s MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.

Secure Gateway provides organizations with a unified web security solution combining productivity, liability and bandwidth control via URL categorization, content caching and applications control technologies. Crimeware, malware and data leakage are proactively prevented via patented active real-time content inspection technologies and optional anti-virus modules. Powerful central management enables intuitive task-based policy management, excellent drill-down reporting capabilities and easy directory integration for all network implementation options. By integrating several security engines in a single dedicated appliance, Finjan’s comprehensive and integrated web security solution enables quick deployment, simplified management and reduction of costs. Business benefits include real-time web security (no patches or updates needed), lower total cost of ownership (TCO), cost savings in administration efforts, lower maintenance costs, and reduction in loss of productivity. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, eWEEK, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

<>

ISACA Commends EC Plans for Tougher Cybercrime Legislation

London, UK June 2009 (Eskenzi PR) - ISACA (formerly known as the Information Systems Audit and Control Association) a not-for-profit organisation that seeks to encourage best practice in the IT security industry has applauded plans for the European Commission to increase the penalties against people committing cybercrime.

Under the new EC proposals, according to reports, prison sentences could be increased to five years or more for serious cybercrimes up from one to three years at present.

"It's likely that the potential rewards from cybercrime are such that current penalties are not going to act as a deterrent,” says Rolf von Roessing, member of the ISACA's Security Management Committee. “The rewards of criminal exploits can stretch into the millions."

The reality, says von Roessing, is that there is no such thing as a victimless crime, as a large number of people are still paying for criminal acts that generate revenue for the perpetrators.
"Spam, botnets and out-and-out theft of electronic data are modern-day scourges. Cybercrime needs to be dealt with strongly and the EC’s actions are a step in the right direction for Internet users everywhere," von Roessing added.

For more on the EC cybercrime plans: http://preview.tinyurl.com/lacu63

For more on ISACA: http://www.isaca.org

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.

ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

<>

Terrorists' latest way of information sharing

by Michael Smith (Veshengro)

The latest nigh on intercept proof way of information sharing that terrorists have come up with could have been invented by a grade school kid. They now use draft folders of web mail services rather than actually sending emails.

Instead of sending emails – even encrypted ones – to communicate with one another, which can and will be intercepted and stored, terrorists have now begun using web mail draft folders for the exchange of communications.

The system is so simple and easy that it could have been thought up by a fourth grader. The chance is it may just have been one.

Each member of a particular cell has the username and password for the particular web mail account in question and log on at a time when none of the other will be logged into the account and then read the message(s) in the draft folder and add reply.

Note: This is also a cute way of document co-authoring without having to use an in-the-cloud service

As no email is sen d or received no intercept of this communication is possible – at least not at present.

This method could be referred to as a Cyberspace Dead Letter Drop.

The interesting part here is though that no one will or can – with the exception that the IPs will be different and the locations – realize that more than one person uses that particular email account online.

To all intents and purposes any access to the account will always appear to be b y the user though from different IPs and global locations even.

But, unless the account could come under investigation nothing would throw a marker up to this effect and flag that behavior, as it is something rather common with web mail, as strange, for instance.

In so-called free and democratic countries it just would way too much be an infringement of personal liberties – which indeed it would be – and also an infringement of business secrecy, to, in fact, monitor email accounts for just such activities and to read the messages in the draft email folders, or documents in any other folder stored on the web mail account.

I also doubt that any of our governments would want to be seen to be that intrusive and I think that most people would not go along with permitting our governments to become that intrusive a “Big Brother”, , though we already have a nigh on total surveillance state in the UK, for instance.

The implications of this practice of communicating and information sharing, however, are rather serious as it will make having prior knowledge a lot harder.

Then again the same is true also in this regard with the terrestrial old style dear letter drops.

Dead letter drops of the old kind did sometimes come to notice and could then be observed and such. This is somewhat more difficult, obviously, with such dead letter drops being in the cloud, in cyberspace, in web mail accounts, as monitoring of accounts, as said, could be a real infringement of so many things and not just civil liberties.

Then again, what would one be watching for? The owner/user of the account logging on; then off and then on again?

Having something stored in the draft folder also is no proof of any terrorist or other illegal activities.

What this proves, however, is that there is always a way around intercepts and surveillance and someone does come up with such things and some of those things are so simple that it is amazing that no one has used them for much longer already. This system is so simple that is beggars belief, really. We can but wonder as to “what next?”.

© 2009
<>

IRONKEY Hardware encrypted USB Device – Product Review

Review by Michael Smith (Veshengro)

The Ironkey Device on test for review was a “Personal” version and, inadvertently I must have clicked on the update for it took around thirty minutes before the key was set up and ready to roll.

Something users need to be aware of, that is to say... don't just click “OK” to a question... read it, and this does not just apply as far as the Ironkey device goes; it applies in general to any message on your PC. And no, you do not have to do that update. Set up the key first and then, maybe, just maybe, when the key feels like it and you, let it update.

The setup, on the other hand, aside from it taking me 30 minutes because I did not, I guess, read the setup wizard's questions properly, is straightforward as with most of those AES 256 hardware encrypted USB devices.

The test was performed, I must also add, on a slow old Compaq EVO which since has been retired as it was just getting too slow, and on XP Pro operating system. It works equally well on Vista.

Unfortunately I could not get the Ironkey to work on Linux though it is Linux ready and works on some versions of this popular replacement for Windows. The problem is, for me, that the version Ubuntu Linux operating system that I run is not supported. I still have a rather old Ubuntu “Dapper Drake” but, because I believe that if something works fine not to change it, I will stay with it, at least on that particular machine, for the moment. Therefore, playing with the Ironkey on Linux may have to wait a little.

Otherwise there was no problem with the stick and it performs well though I must say I find it slower in opening, for instance, than AES 256 hardware encrypted sticks from competitors and Ironkey is also the only one that does not allow for the device to be recycled in the event of a password loss and lock down when more than the set attempts – ten as default – of invalid passwords have been entered. The chip in the device is then destroyed and rendered entirely useless. This, considering the cost of Ironkey devices could prove to be a little on the expensive side and I understand that Ironkey is looking at following others to recycle the drives in the event of password lock down rather than rendering the device useless.

I have had that happen to me – the loss of password – with a Blockmaster Safestick but there all one has to do is to chose the “recycle” facility and the device can be made usable again. All data on the stick is lost but the device itself can be reused.

Also, when we look at being green in matters of IT that too is, in a way, important and having such devices then needlessly end up in E-waste just because someone has lost a password is not a good idea.

Will this compromise security? Personally I do not think so for the anti-tamper mechanism can remain in place which is to say that should someone try to force access to the chip the entire thing would be destroyed.

Not having been able, so far, to test the drive on Linux means that I cannot comment on that operating system and interoperability but we can, I am sure, leave that for another time.

Aside from the fact that I, inadvertently, triggered an update installation that took about 30 minutes, the setup was easy, as it should be, and anyone, I am sure, would be able to master that.

I must say though that I find the Ironkey considerably slower in opening, for instance, than other AES 256 devices. Ironkey takes probably twice the time in opening compared to, say, Sandisk Cruizer Enterprise or the Blockmaster Safestick.

On the other hand, though, Ironkey is much harder than others, I should think, being encased in solid steel.

In grading I would give Ironkey probably 8 out of 10 and this is simply because – aside from the problem I had due to possibly giving a “yes” to an update – it is considerably slower in setting up and in opening in comparison to other and because it will destroy the drive rather than recycle it in case of password lock-down.

The grading has absolutely nothing to do with the fact that due to my possible giving, as said above, permission for the update that took 30 minutes to complete, nor with the fact that it does not work with older versions of Ubuntu Linux, such as Dapper Drake, which it does not support. Only Ubuntu from Hearty Heron upwards is supported.

It is rather a shame that Ubuntu Dapper Drake is not supported as it is a long term support attached to it and is used in many government departments and such across the world.

On the other hand I do like the facility of having the Firefox Browser installed upon the drive enabling my own settings to be carried. Ironkey, aside from the MXI device I have reviewed some time back, is the only one that, thus far, has has such programs installed upon the drive.

Do I like the device? Yes, very much so.

Would I use it? Yes, definitely, but only for the most sensitive data I would like to carry.

Ironkey is, probably, more a device for the military and security- and other government agencies and large corporation rather than for SMEs or individuals and this not just because of the price tag but especially because it will destroy the drive rather than recycle it in case of password lock-down. The price one pays for the Ironkey would be rather a lot to lose for an individual or an SME.

However, I am told that in the future Ironkey may change things and just have the drive recycle itself if the password has been entered a set amount of times incorrectly rather than it destroying the chip and rendering the drive unusable.

The more ordinary user can find devices that perform similarly though may be not as secure for a much lower price.

For the right agencies and companies Ironkey will be the real and probably only choice because it, more than likely, offers the best security protection possible; hence it is a highly recommendable device for the right user and user group. It may not fit every user and every budget. But as we know, it is “horses for courses”.

© 2009
<>

Could "Opera Unite" be a Botmaster's best friend?

By Michael Smith (Veshengro)

Now this is about all we needed...

Opera has added a lot of cool new features to its upcoming Opera 10 browser. One of them, however, is almost certainly going to catch the eye of cyber criminals.

That feature is called “Opera Unite”, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster's best friend.

“Opera Unite” allows anyone run a Web server from their desktop. The browser connects to an Opera proxy server, which in turn then allows the browser to serve content to the rest of the Internet. This simplifies things for home users who want to host their own Web pages; with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.

But it also makes a precious resource more readily available to the bad guys.

In recent years, hacked Web sites have become the fastest-growing way for criminals to spread their malicious software. They have developed automated Web-hacking code, such as the recently reported Gumblar program, that can quickly hack into tens of thousands of Web pages in just a short period of time.

With “Opera Unite”, those selfsame cyber criminals may suddenly have a whole new crop of computers to attack.

“Unite” was just introduced as part of the Opera 10 beta this month, but it is only a matter of time until the criminals start playing with it, according to Don Jackson, a researcher with SecureWorks. "Bad guys always need Web servers," he said. "Anything that runs a Web server is prone to attack."

Because “Opera Unite” runs on the desktop, it may be easier to hack than most Web servers. "In this case it's a little worse, because instead of a machine that's managed in a data center, you may have someone on a machine in a hotel network that has no firewall on it," Jackson said.

Opera attack code is already included in the majority of browser attack tools that Jackson has studied. With “Unite”, he expects the hackers who write browser attack software to pay even more attention to Opera. "I think there will be a push to keep your exploit kit in marketable condition by developing exploits for Opera 10," he said.

Opera says it will monitor sites for malicious or inappropriate content, but Jackson says it will prove extremely difficult to police content that's being served by smart hackers. They may, for example, send Opera sanitized versions of their Web pages and reserve the malicious stuff for all other visitors.

Botmasters might start using Unite as a platform for saving data, or for running the command-and-control servers that are the brains of their networks of hacked computers, Jackson said.

Opera claims that it runs “Unite” within a "sandboxed" environment, which should make it hard for people to jump from “Unite” into other parts of the PC's file system, but the company doesn't say what steps it's taking to prevent hacked PCs from misusing the service.

Do we really need any more problems and make it easier for the cyber criminals? I think I shall stick with Firefox for it is I who then can control the add ons.

While such bells and whistles that are added to some browsers now by default that are supposed to make things so much better for the user are, in fact, dangerous additions that could make it easier for cyber criminals to either use PCs as bots or, probably worse still, to gain access to personal or business information.

Sometimes the good old adage of “if it ain't broken don't fix it” is still a good one.

© 2009
<>

Kingston Technology First to Market with a Massive 128GB Capacity USB Drive

New DataTraveler 200 can store over 6.5million A4 pages of text

by Michael Smith (Veshengro)

London, UK, June 2009 (Catalysis): Kingston Technology Europe Ltd, a subsidiary of Kingston Technology Company, Inc., the independent world leader in memory products, announced the release of the Kingston DataTraveler 200, the world’s first 128GB USB Flash drive, recently. The Kingston DataTraveler 200 provides users with the option to password protect their data, as well as giving consumers and business users the flexibility to carry vast amounts of data with them at all times.

“The DataTraveler 200’s immense 128GB storage capability lets users store as much data as 182 music CDs or up to 27 DVD movies. Business users benefit as they can carry around large databases or files whilst they are out of the office,” said Jim Selby, European Product Marketing Manager, Kingston Technology. “The password protection facility helps safeguard data and requires no admin rights, making the DataTraveler 200 a terrific solution for the home or office.”

The Kingston Technology DataTraveler 200 features a capless design that protects the USB connector when not in use and is enhanced for Windows ReadyBoost. The drive is also available in 32GB and 64GB capacities.

The values given as to amount of storage are all based on for documents on the calculation of 10 page Word file with various formatting, for CDs on standard 12cm compact disc with maximum of 703MB capacity, and for DVD movies on single-sided single-layer DVD with ~ 4.7GB capacity. As they say, it all depends. So don't expect to be able to store the 27 DVD movies if you have all of them on multi-layer discs or such. Same for documents if you store entire books of 100s of pages.

The DataTraveler 200 is backed by a five-year warranty and 24/7 tech support. For more information, visit www.kingston.com/Europe.

© 2009
<>

The Sky’s the Limit: Logitech Introduces Its First Force-Feedback Flight Simulation Controller

Logitech Flight System G940 Delivers Simulator-Grade Flying Experience, Authentic Controls, Realistic Force Feedback

Los Angeles - June 2009 (Brands2Life ) - To provide flight simulation enthusiasts with a realistic experience, Logitech (SIX: LOGN) (NASDAQ: LOGI) today unveiled the Logitech® Flight System G940. The latest addition to the acclaimed Logitech G-series line of gaming peripherals and the company’s first force-feedback flight simulation controller, the design and controls of the Flight System G940 were inspired by military and commercial planes and helicopters.

“There’s nothing ordinary about a G-series gaming peripheral, and the G940 is no different,” said Ruben Mookerjee, Logitech’s director of product marketing for gaming. “We approached this project with the goal of redefining the flight sim experience. Whether you’re flying an A380, an F/A-18 Hornet or a Comanche helicopter, when you want to feel the wind on your wings, control engines together or independently or master tricky manoeuvres, the G940 behaves and feels like the real thing – from takeoff to landing.”

For an immersive experience, the three-component Logitech Flight System G940 features a force feedback joystick, dual throttle and rudder pedals. And, with more than 250 programmable button options integrated into a fully featured HOTAS (or Hands On Throttle-and-Stick) design, you’re able to access critical aircraft systems without taking your hands off the controls.

The system is also easy to set up; just connect the throttle and the pedals to the joystick cable, and plug the USB connector into your computer. And all components feature mounting hard points, making it easy to secure them to a surface. The Flight System G940 is compatible with most popular PC flight simulators, including Microsoft® Flight Simulator X, IL-2 Sturmovik™: 1946 and Lock On: Modern Air Combat X-Plane 9.

Force Feedback Joystick
For added realism, the Flight System G940 joystick features Logitech’s award-winning force feedback technology, which allows you to control your aircraft with confidence as you feel its movement as well as its reaction to air, turbulence and g-forces. Unlike vibration feedback or rumble technology, force feedback is directionally precise and tactile, so you get an accurate simulation of the forces experienced in the game.

Featuring a two-stage metal trigger, six programmable buttons, mini-stick, 8-way hat and three analog trim controls, the Flight System G940 joystick is designed to put you in complete control of your aircraft. And to ensure comfort during long flights, the joystick has a wide, solid base, a palm rest, a slight forward tilt of the stick and soft touch surface.

Programmable Dual Throttle
To give you realistic control over any aircraft, the Flight System G940 features a split throttle design, for easy control of multi-engine aircraft. When flying a single engine aircraft, a push-button interlocks the throttles for a more comfortable experience.

The interactive, programmable throttle-base buttons integrate with your favourite flight simulation software and illuminate red, green, amber or off to indicate the status of critical aircraft systems – just like they would in a real cockpit. For your convenience, Logitech includes 80 pre-designed legend inserts that slip into the buttons, making it easy to create an authentic switch panel with, for example, GPS, autopilot and landing-gear controls.

In addition to the eight programmable base-buttons, the Flight System G940 provides two eight-way hat switches, four programmable grip buttons and two rotary analog-controls. The included Logitech® Gaming Software allows you to assign virtually every possible control to the G940 in just a few steps.

Authentic Pedals
The pedals – the four-bar mechanism, inspired by the designs of current jet fighters – feature an open frame design with rudder controls and toe brakes, giving you true-to-life control, especially when performing defensive manoeuvres or crosswind landings, or piloting helicopters. An adjustable pedal-force knob lets you change the resistance to fit your flying style. And for added comfort, the pedal base has carpet grips and heel rests to keep the pedals and your feet in place even during the most difficult manoeuvres.

Pricing and Availability
The Logitech Flight System G940 is expected to be available in Europe in September for a suggested retail price of £279 plus VAT.

Logitech is a world leader in personal peripherals, driving innovation in PC navigation, Internet communications, digital music, home-entertainment control, gaming and wireless devices. Founded in 1981, Logitech International is a Swiss public company listed on the SIX Swiss Exchange (LOGN) and on the Nasdaq Global Select Market (LOGI).

<>

Oh Great! Hackers offer T-Mobile data to highest bidder

Group claims to have completely cracked T-Mobile

by Michael Smith (Veshengro)

June 2009 - A group of hackers claims that they have completely cracked T-Mobile's network in the United States, and that they have stolen proprietary operating data, customer databases and financial records. So much for security.

A message posted on the Full Disclosure mailing list said that the hackers have emailed T-Mobile's rivals with an offer to sell the information, but that they had not heard back. They are now offering it to the highest bidder.

"We have everything, said the posting, their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009".

"We already contacted their competitors and they didn't show interest in buying their data - probably because the mails got to the wrong people - so now we are offering them for the highest bidder. Please only serious offers, don't waste our time."

I must say that it may not so much be the case that the email got to the wrong people but that T-Mobile's competitors actually have some integrity. Good for them.

To substantiate the claims, the hackers posted material on the site which they claim came from T-Mobile's servers, although opinion is divided about its authenticity.

In the past such an offer would be highly unlikely, since it automatically draws the attention of law enforcement. Nevertheless, T-Mobile has said that it is investigating the claims.

"The protection of our customers' information, and the safety and security of our systems, is absolutely paramount at T-Mobile," said the company in a statement.

"Regarding the recent claim, we are fully investigating the matter. As is our standard practice, if there is any evidence that customer information has been compromised, we would inform those affected as soon as possible."

This could, though T-Mobile might claim that the material is not genuine that has been posted out of their own interests, also a fake claim by the supposed hackers trying to, maybe, blackmail T-Mobile.

There is just a possibility there and I think that we might see more and more of such activities, that is to say the cyber-blackmail that will claim “we have gotten at your data – pay us x-amount or we sell this”.

I might be wrong but then again I could be right.

© 2009
<>

ASUS Eee PC: Best Low Power Solution for Developing Countries

by Michael Smith (Veshengro)

The ASUS Eee PC has been recommended as the best low power computing solution for developing countries, following the publication of results from an extensive study by UK charity Computer Aid International in April.

The research into the best low power PCs for use in developing countries was carried out in conjunction with three African universities and the ZDNet technical labs in London. After considering dozens of choices, ZDNet tested 8 computers, resulting in the following shortlist:
* ASUS Eee PC (overall winner)
* Intel Classmate
* OLPC XO
* Inveneo Computing Station
* Ncomputing X300

The above five were shipped to three African universities; Kenyatta University (Kenya), Jos University (Nigeria) and the National University of Science and Technology (Zimbabwe).
Using in depth qualitative and quantitative testing methods, the study has determined the ASUS Eee PC as the best solution, after it was preferred unanimously by all testing teams and considered to offer the perfect balance between power consumption, performance and portability.

The ASUS Eee PC findings were drawn from results of testing such as the installation and testing of additional software, compatibility with other operating systems and internet connection via LAN and wireless networks. In addition tests for video playback, web browser usage and word processing were also conducted.

Reporting on the results, the research team at Kenyatta University stated that “Asus had the best solution for an average individual owner and user in rural Africa who needs a low power PC”.

Tony Roberts, Founder of Computer Aid International, commented: “Many communities in Africa have no reliable access to mains electricity and are forced to rely on expensive alternatives like solar panels or diesel generators, so we set out to find a low power, low cost solution that will facilitate the availability and use of information technology in those regions.

“ICT can play a vital role in economic growth and education provision in the developing world, but it’s vital that we offer equipment that can meet the unique requirements of these countries. By working with ZDNet’s technical labs and three leading African Universities we have been able to accurately assess the performance and suitability of a number of low power computing options in the countries where they are required, to better inform future choices in ICT for education and development.”

The full study report is available to download now from: www.computeraid.org/lowpowerpcs

Computer Aid International champions the enabling role that ICT can play in attaining the UN Millennium Development Goals, which include universal primary education, improvement in healthcare and poverty reduction. The charity is the most experienced non-profit provider of ICT for development having provided more than 140,000 PCs and laptops to support e-learning, e-health, e-inclusion and e-agriculture projects in more than 100 countries such as Rwanda, Ecuador and Zambia.

Computer Aid is licensed by the Environment Agency, as an Authorised Approved Treatment Facility, to handle old electronic equipment. Comprehensive data deletion, using the world’s leading data destruction software from Blancco, and full asset tracking ensures the compliance needs of all UK donors are fully met.

ASUS is a leading company in the new digital era. With a global staff of more than ten thousand and a world-class R&D design team, the company’s revenue for 2008 was 8.1 billion U.S. dollars. ASUS ranks among the top 10 IT companies in BusinessWeek’s “InfoTech 100”, and has been on the listing for 11 consecutive years. ASUS was rated No.1 in quality and service by the Wall Street Journal Asia.

With an unparalleled commitment to innovation and quality ASUS won 2568 awards in 2007 – an average of 7 awards for every day of the year.

Over a remarkably short period of time ASUS has become one of the top laptop manufacturers worldwide creating compelling computer experiences that have delighted consumers across the world. ASUS are the Fastest Growing Laptop Brand in Europe and ASUS sales are outstripping manufacturers who traditionally dominated the market.

ASUS notebooks have changed the face of the consumer electronics market place with the introduction of highly original and ground breaking notebooks like the Eee PC™ family and the Lamborghini range. ASUS’s design excellence is renowned and it is always informed by the life-style needs of consumers creating laptops that are technologically advanced, sophisticated and refined yet ruggedly robust.

Personally, having been using an ASUS Eee PC 900 now for a considerable while, I am not at all surprised that the Eee PC has become the overall winner in this study.

The Eee PC Netbook has low power consumption, especially in the Linux version, and boots fast.

The only problem that I have found with the battery is that if the unit is, when in battery mode, booted up then shut down and then booted again.

It is my experience that booting from battery reduces the level of same immediately to 80%. If a shut down is then executed and the unit then booted up again later the battery level drops by another 10-20% immediately.

There is a way around it, and that is in that you boot up the PC with the power supply plugged in at the mains. Then shut the lid, putting the PC into “sleep mode”. Thus is seems to hold the power much better and a longer battery life can be achieved. Though I have to say that I find anything about 2 hours even with that little trick impossible to do.

While the Eee PCs, and other Netbooks, and even laptops, have a lower power consumption as compared to desktop PCs, this works all best still from the mains via the power supply. Batteries, in my opinion, are really an emergency power source only as far as computing is concerned, until such a time that we have batteries that can hold power for more than 10 hours in full use and that are light enough. We can dream, I know.

© 2009
<>

Experts say East European ATM sniffing down to poor code auditing

East European ATM sniffing down to poor code auditing says Fortify Software

June 2009 (Eskenzi PR) – Reports that hackers have developed a range of data-sniffing and stealing trojans that have skimmed cardholder data from Eastern European ATMs since the end of 2007 highlight what can happen if security code auditing is not carried out at all stages in program development, says Fortify Software, the application vulnerability specialist.
"Our colleagues at Sophos and SpiderLabs have discovered that the trojans home in on the data stream from the magnetic stripe of ATM users' cards and store/relay that data for subsequent fraudulent usage," said Richard Kirk, Fortify's European director.

"What's interesting about this case is that, if the ATM program code - which probably runs on Windows operating system as most ATMs are driven by the Microsoft operating system - had been fully code audited from day one, the security loophole that allows this trojan to operate probably wouldn't be there," he added.

What is also of concern, says Kirk, is the fact that hackers were able to use their trojan applications for around 18 months - and refine their own program code many times - before being detected.

This, he says, indicates that the hackers probably have a development process equal to, if not better, than the developers of the ATM software.

This, he explained, is ironic, and illustrates the dedication – driven by the illegal revenues available - that criminal gangs now have when pursuing their illegal careers.

"Now that the hackers' trojans have been rumbled, they will probably move on to new revenue-generating pastures. It is to be hoped that these pastures do not include the bank's ATM-controlling computers, otherwise we're all in deep trouble," he said.

For more on the East European ATM hacking spree: http://preview.tinyurl.com/oyzcot

For more on Fortify Software: http://www.fortify.com

<>

SACA Praises Change Your Password Day

ISACA Praises Australia's Change Your Password' Day – Recommends That Other Countries Follow Suit

London, UK, June 2009 (Eskenzi PR) – ISACA, formerly known as the Information Systems Audit and Control Association, a not-for-profit organisation that seeks to encourage best practice in the IT security industry, has applauded the National e-Security Awareness Week initiative taking place in Australia.

"We are particularly impressed with the national Change Your Password day, which aims to encourage all IT users to change their password to at least eight characters," said Jo Stewart-Rattray from ISACA’s international Security Management Committee and President of the Adelaide Chapter of ISACA.

"The Change Your Password day - which is being publicised by Ministers and IT security companies across Australia - is a splendid illustration of what can happen when private and public sector organisations co-operate effectively," she said.

According to Stewart-Rattray, there are software packages available whose application uses video cards to significantly increase the speed of brute force password decryption routines, mean that passwords of fewer than eight characters are potentially vulnerable to this type of decoding.

As a result, she explained, the Australian initiative - which also encourages IT users to switch to a mixture of upper- and lower-case alphanumeric characters - is an excellent way of explaining to end users the need to boost security on e-banking and other online systems.
Crakers (Criminal Hackers), she said, are no longer the altruistic bunch of programmers seen in movies such as 'Sneakers,' the 1992 cracking movie starring Robert Redford.

Today's crakers are a professional bunch, often with organised criminal backing, whose day job is focused entirely on extracting revenue - usually unlawfully - from anyone or any company that fails to secure their IT systems properly.

"Good password management is essential to preventing crakers completing their aims. This is why we're pleased to lend our support to this Australian initiative and encourage similar moves elsewhere in the world” said Stewart-Rattray, “COBIT Security Baseline which is free to download from www.isaca.org/cobitpubs, advises users to change passwords immediately upon receipt and then regularly in accordance with policy, ensure that the chosen password is difficult to guess and meets established best practices for length, complexity, unacceptable names, etc."

For more on the Australian e-Security week initiative: http://preview.tinyurl.com/nf2swo

With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.

ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.

For more on ISACA: http://www.isaca.org/

<>

Low bit levels could compromise encryption

Encryption take-up may be improving, but the bit levels being used also need to be increased says Origin Storage

June 2009 (Eskenzi PR) - Newswire reports suggest that the take-up of encryption amongst organisations is improving, but there is a big question mark over the encryption used being powerful enough to beat the crackers, says Origin Storage.

"Recent reports have shown a growing number of organisations are adopting data encryption in the wake of a litany of data breaches, losses and thefts in the last 18 months," said Andy Cordial, the storage systems integration specialist's managing director.

"The big question, however, is whether the public and private sector organisations adopting data encryption - particularly on their laptops and other portable storage devices - are employing the most powerful levels available," he added.

Cordial's comments come as the National Institute of Standards and Technology (NIST) in the US has recommended that firms no longer use 1024-bit RSA encryption from 2010 onwards in the light of rapidly-accelerating brute force decryption methodologies.

Microsoft, meanwhile, says Cordial, has followed NIST's recommendation - made in part three of NIST's Special Publication 800-57 - by promising to remove support for 1024-bit roots from its root certificate key-store as of January 1, 2011.

This comes as several research firms - notably IDC and Research & Markets - are reporting the take-up of encryption amongst organisation around the world as taking off.

If you look at Research & Markets' `Information Security - Asia Pacific Endpoint Encryption Market Outlook 2009 - 2013' report just issued, says Cordial, encryption is now recognised as a fundamental element to protecting data.

And, he continued, IDC's various global encryption reports in recent months back this up - encryption take-up is now soaring.

Whilst this is apparently good news, Origin's managing director added, the $64,000 question is whether firms are using a strong enough form of encryption, preferably 2048-bit and above.

This, he says, is particularly important where data is being stored on a laptop's hard drive or, for that matter, any form of portable storage, which - unlike a desktop PC - can be taken almost anywhere.

"It's all very well organisations embracing encryption to protect confidential data, but if they are using a basic level of encryption, chances are their data can still be decoded by an accelerated brute force password attack," he said.

"Since we know how difficult it is to get approval to sell into specific government areas, there is a strong chance that the antiquated approvals process may end recommending an encryption technology that will be about as much use as a chocolate teapot," he added.

For more on encryption take-up: http://www.researchandmarkets.com/reportinfo.asp?cat_id=0&report_id=993200&q=encryption&p=1

For more on Origin Storage: http://www.originstorage.com

<>

Download Your Software instead getting on disc

by Michael Smith (Veshengro)

Software CDs are made out of nonrenewable petroleum products, and are difficult to recycle, though there are ways of re-purposing them but...

They are placed in plastic cases, often of a polycarbonate type (jewel cases), stuffed into boxes with manuals, & all wrapped in even more plastic.

This can all be eliminated if you download the software directly from the company via the Internet instead of shopping for it at the computer software store.

You won’t have to drive, the manufacturers won’t have to ship to the stores, and you can relax. So go green and save resources, as well as time & fuel.

Once downloaded you can store the software, as a backup, on your hard drive, an external drive or you burn the software to CD. Some software that is downloaded, especially such as Linux operating systems come down the line, comes as an ISO, that is to say a CD disc image, and will need to be burned to a CD in order to be able to be installed. That way you also have a full CD, in the same way as if you would have bought it in the box from a vendor, with manuals in PDF and such.

There is a great deal of software out there anyway that you can even download for free, and that includes, as said, entire operating systems, such as the various Linux distros, complete office suites and other stuff.

Much of this, such as Linux OSs and the likes of Open Office office suite, and others, fall under the Open Source Software label while others are so-called “freeware”. The latter often is a restricted version of one to be paid for, or one where the pro-version has more intricate features which most users would never need.

Open Office, for instance, is a complete – bar Outlook and the newest kind of things – replacement for MS Office and it is free and you can install it on as many computers as you wish, even for commercial use without committing any felony.

Then we have The Gimp: a replacement, basically, for Adobe Photoshop. This program is reckoned by many expert users to be superior in many aspects to Photoshop bar the fact that it does not have postscript output. Again, this program is free. Ever looked at Photoshop's prices?

None of those can be bought in a box and all are to be downloaded. Saves money and the environment.

Foxit PDF is a lovely PDF reader that is superior to Adobe Reader in many aspects, not alone for the fact that with Foxit you can highlight and annotate PDFs and it will retain those alterations.

PDF Creator is a free PDF making software that, though not having all the features of Adobe Acrobat, suffices for most people's use. It is used as a virtual printer and creates PDFs as good as the commercial packages. I have yet to discover whether it has the locking facilities that Acrobat has but then it does not cost me hundreds of dollars.

Open Office has a one-click PDF maker built in but it does not compress the data as well as does the stand-alone PDF Creator and therefore, personally, though it is nice to have the one-click facilitiy in Open Office, I tend to go round the slightly longer way – when not using Linux – of using the PDF Creator as a virtual printer to make the PDFs I need.

This is just a very small example of the material that you can download and that you do not even have to pay for. But whichever way; the recommendation is: download rather than get on CD. You then have the freedom to put it on CD at home but...

© 2009
<>

ASUS Eee PC™ T91: A Head-Spinning Nice Touch

by Michael Smith (Veshengro)

ASUS have on June 10, 2009 announced the latest addition to its highly successful Eee PC™ range – the Eee PC™ T91, the first to feature a swivel touch-screen and suite of touch-screen software applications.

Once again being first-to-market with the latest innovations, ASUS created a buzz with the T91 at CES earlier in the year and are now launching the product into the UK market with an expected availability of early July.

Key Features of this ASUS Eee PC are:

  • 8.9” LED Backlit / Resistive Touch Screen Panel (Swivel)
  • TouchSuite software including Photo Editing & Memo
  • Choice of User Interfaces (Window XP, ASUS TouchSuite and Widget modes)
  • 1GB RAM (DDR2)
  • 82GB Hybrid Storage (16GB Solid State Drive + 16GB SD Card + 30GB Portable Hard Disk Drive* + 20GB Eee Storage)
  • Wi-Fi 802.11b/g/n
  • Bluetooth 2.1
  • Webcam
  • Available in Black or White
  • Genuine Windows® XP Home
  • Global 1-year Collect & Return warranty
  • SRP from £449 inc VAT
USABILITY
Users can enjoy touch-screen use as a simple, fun and user-friendly way to perform their day to day computing tasks:

TouchSuite: Users can use finger or stylus input to easily scroll documents and key in text, as well as to control a range of specially designed touch-screen applications pre-loaded onto the T91. The list of TouchSuite programs includes a host of functions including:

FotoFun: Users can navigate, organise and edit their photos via a customisable album interface. Fingertip control can perform simple tasks such as adjusting brightness, zoom and adding frames. FotoFun also allows users to upload their pictures to popular photo websites.

Memos: Users can easily remember important notes and tasks by jotting handwritten notes which can be ‘stuck’ onto the desktop. Interactive memos can even be sent across Eee PC™ devices to provide top notch sharing functionality for family and friends.

Touch Gate: With this application users can instantly switch between interfaces – from XP mode (a standard XP interface with a convenient application dock) to Widget Mode (shows a host of information in widget format), or Touch Mode (a streamlined icon-driven interface for ultimate user friendly navigation).

IE Toolbar: With this Internet Explorer toolbar, users can zoom in and out of webpages with fingertip manipulation, as well as speeding up the process of opening and switching between websites.

PORTABILITY
The Eee PC™ T91 has design and functionality which enables users to experience its range of features whilst on the move:

Flexible Design: The T91 is easy to carry under the arm and be used literally whilst on the move as the swivel-screen design means the tablet PC can be placed anywhere – not just on flat surfaces – and still allow comfortable use.

Lightweight and Slim: Designed for being used whilst on the move and cradled in users arms with no more hassle than a magazine, the T91 is one of the smallest and thinnest gadgets with an 8.9” display – measuring only 225x164cm and under 1kg in weight.

16GB Solid State Drive: Shock-resistant and robust internal SSD for greater protection against bumps and knocks whilst moving.

Eee Storage: Users can upload up to 20GB of media and documents to the web to the free online storage facility for access anywhere, anytime.

5 Hour Battery*: The integration of Super Hybrid Engine technology improves power management In order to provide extended battery life for users, reducing the need to carry extra adapters and allowing long-term use with no-compromise performance.

ALWAYS-ON CONNECTIVITY

The T91 is equipped with Wi-Fi 802.11b/g/n and Bluetooth® connectivity which ensures users can benefit from quick and simple access to the Internet and other devices in order to stay in constant communication:

PRICING & AVALIABILITY
Available from the start of July, the T91 is anticipated to have an SRP of £449 Inc VAT.

ASUS is a leading company in the new digital era. With a global staff of more than ten thousand and a world-class R&D design team, the company’s revenue for 2008 was 8.1 billion U.S. dollars. ASUS ranks among the top 10 IT companies in BusinessWeek’s “InfoTech 100”, and has been on the listing for 11 consecutive years. ASUS was rated No.1 in quality and service by the Wall Street Journal Asia.

With an unparalleled commitment to innovation and quality ASUS won 2568 awards in 2007 – an average of 7 awards for every day of the year.

Over a remarkably short period of time ASUS has become one of the top laptop manufacturers worldwide creating compelling computer experiences that have delighted consumers across the world. ASUS are the Fastest Growing Laptop Brand in Europe and ASUS sales are outstripping manufacturers who traditionally dominated the market.

ASUS notebooks have changed the face of the consumer electronics market place with the introduction of highly original and ground breaking notebooks like the Eee PC™ family and the Lamborghini range. ASUS’s design excellence is renowned and it is always informed by the life-style needs of consumers creating laptops that are technologically advanced, sophisticated and refined yet ruggedly robust.

I must say that, while having seen a number of touchscreen PCs, whether netbooks or other, and I believe this ASUS Eee PC is the first netbook with this facility, I am not as yet someone who has the greatest faith in them in regards to keeping the screens safe, so to speak. Too many screen of this type I have seen that are so badly scratched that viewing is becoming difficult.

I believe that there are horses for courses, as they say, and while handhelds, such as PDAs, Pocket PCs and Blackberries, etc., are great for on the move and have their place, netbooks and laptops, in my opinion, should be used with keyboards. But this is just my view...

© 2009
<>

IT experts say 109,000 pension holder data loss easily avoidable

Credant says 109,000 pension holder data loss could easily have been avoided if laptop had encryption technology

(Eskenzi PR) - The loss of personal details - including names, addresses, national insurance numbers and salary plus bank data - from The Pensions Trust could have been avoided if the laptop used by the organisation's contractor had used onboard encryption, says Credant Technologies.

"The fact that the Trust is a not-for-profit organisation does not mean that it can bypass any of the stringent IT security safeguards or require similar controls to be implemented by its contracting companies," said Michael Callahan senior vice president of Credant Technologies, the endpoint data protection specialists.

"Basically the data held on the laptop should have been protected by the highest possible levels of encryption, given the potentially serious consequences that could result from the loss of this type of information," he added.

According to Callahan, the cost of the hardware - in this case the laptop - stolen in these types of incidents is frequently outweighed by the potential financial consequences of the data loss.

Most companies in this position will have taken out insurance to cover the costs of something like this going wrong with their IT security policies and procedures, but this will be of scant concern for the pension holders - many of whom work in the voluntary sector – whose data has been stolen, he explained.

The irony of the situation is that the data was being used by the contractor company concerned in its staff training, he went on to say.

"It is to be hoped that the firm will now review is procedures on using live data in training situations, and also start beefing up its IT security procedures, including applying a policy of encrypting all private data, whether at rest or in transit," he said.

For more on the pension data loss fiasco: http://preview.tinyurl.com/lz6huo

For more on Credant Technologies: http://www.credant.com

<>

Kingston Technology Launches Fully Compatible Secure USB Drive for Apple Mac Systems

by Michael Smith (Veshengro)

Hardware Based Encrypted Drive offers Seamless Interoperability between MAC and PC Systems

Infosecurity Europe, 2009 -- Kingston Digital Europe Ltd, a subsidiary of Kingston Digital Inc, today announced that the Kingston Technology DataTraveler Vault - Privacy Edition is now fully compatible with Apple Mac operating systems (OSX 10.4x - 10.5x). The ultra secure hardware-based encrypted USB drive does not require any Windows software installation prior to use. For a live view of the Kingston DataTraveler Vault Privacy Edition benefits and features see ‘Mission: Ultra Secure’ <http://www.youtube.com/watch?v=RQ8ex4cQUFg> on youtube.com

“The Kingston DataTraveler Vault Privacy Edition is an essential solution for any corporate enterprise or government body that wants to transport confidential information securely,” said Mark Akoubian, Flash Memory Business Manager, Kingston Technology. “With the new DataTraveler Vault Privacy Edition, users can take advantage of 100% forced hardware based encryption and safeguard their sensitive data without compromising on interoperability between Windows and Apple Mac operating systems”.

The DataTraveler Vault Privacy Edition features 256-bit AES hardware- based encryption; the best commercially available encryption algorithm developed to date and is more secure than software based encryption. The drive automatically locks after 10 unsuccessful login attempts and then reformats itself; removing any data on the drive. Additionally, users can benefit from the ease of use, as no software or admin rights are required and quick data transfer rates, which allow users to quickly encrypt their data. For added protection the USB drive comes in a protective aluminum casing and is waterproof (up to 4 feet). Do not go diving with it though.

Kingston Digital, Inc. (“KDI”) is the Flash memory affiliate of Kingston Technology Company, Inc., the world’s largest independent manufacturer of memory products. Established in 2008, KDI is headquartered in Fountain Valley, California, USA.

The world is now eagerly awaiting the promised Linux version of this encrypted drive, and the same for others. The version here must on the same Linux kernel as that of the older versions of Ubuntu, such as the Ubuntu “Dapper Drake”, the 6.10, which is the widest used, to this day, distro of Linux Ubuntu and also employed by many governments – though not in the UK.

© 2009
<>

A Help Button Needed on Every Website According to ISAF

London, UK, June 2009 (Eskenzi PR) – According to the Information Security Awareness Forum (ISAF) Security incidents affect most of us from time to time, but how easy is it for us to report them? Some websites have a "Report Abuse" mechanism, but many don’t. With some simple changes, many websites could help users to be more secure online. The ISAF supports the principle that every website that users interact with should have a clear routine for providing feedback, which includes instructions on how to report problems such as abuse, impersonation, fraud etc. This should be provided for all sites that are visited by an ordinary consumer, including social networks, gaming and e-commerce.

According to Dr. David King, ISAF's chairman, “The simplest routine might be to use a button or click entry which leads to a semi-standard "Security Advice" page with instructions on how to report to the organisation's own incident response team (if applicable) as well as generic advice and contacts. This would enable a consumer / user to inform the intended website of issues, and for the website to manage an appropriate response – which may include liaison with police and anti-fraud authorities.”

A member representative in ISAF experienced an incident recently: "I went onto my ebanking provider and 'felt' that the website wasn't normal - it didn't have the usual colours, graphics, placement of icons etc....and yet I was able to log into my own bank account and all seemed in order (and thankfully this continues to be the case). If there had been an obvious 'report abuse' button on the homepage, I would have logged out and used it, if only to receive a reassuring email confirming that perhaps they were doing a website upgrade and not to be worried...."

The page for contact/feedback should also provide links to sites that provide targeted security advice. A list of sites suitable sites are published in the ISAF guide and are available at the home page of the ISAF (see http://theisaf.org). Sites that are likely to be of particular relevance to most audiences include Get Safe Online http://www.getsafeonline.org.

Dr. David King continued, “To avoid the risk that a hacked website might lead the user to a source of false advice, websites should encourage users to cut and paste links to these reference site into a browser as a matter of practice.”

The Information Security Awareness Forum (ISAF) www.theisaf.org is made up of a number of professional bodies and organisations involved in information security that have come together to coordinate and build on existing work and initiatives, to improve their overall effectiveness, and ultimately to increase the level of security awareness in the UK that will help protect us all. We are a group whose aim is to deliver rather than to merely talk about awareness.

The forum was borne out of the ISSA-UK Advisory Board which at its meeting in September 2007 identified the need for co-ordination activity within security awareness, and supported an awareness group to explore the agenda and identify specific actions that could be undertaken to make a difference. Founding members of the forum included the ISSA, (ISC)2, the IISP, EURIM, Infosecurity Europe and Get Safe Online.

The forum was launched on the 13th February 2008. The member representatives meet twice a month to progress the agenda and actions of the forum.

Founding members of the forum include ASIS International , the BCS, CMA, the Cybersecurity Knowledge Transfer Network, eema, EURIM, Get Safe Online, IAAC, the Information Technologists' Company, Infosecurity Europe, the Institute for the Management of Information Systems (IMIS), the Institution of Engineering and Technology , the International Underwriting Association of London (IUA), ISACA, (ISC)², ISF, ISSA, the Institute of Information Security Professionals, the Jericho Forum, the National Computing Centre, the National e-Crime Prevention Centre (NeCPC), the Police Central e-Crime Unit, SANS and SASIG.

The forum is chaired by Dr David King and its secretary is Stephan Freeman.

<>

Twitter's scareware distribution attack signals a new trend in social Internet security problems says Finjan

by Michael Smith (Veshengro)

Farnborough, United Kingdom, June 2009 - The arrival of what appears to be the first scareware distribution attack on the Twitter microblogging service at the weekend of May 31/July 1, 2009, signals the fact that firms need to think very hard before allowing staff access to these advanced types of social networking applications, says Finjan, the business Internet security specialist.

According to Finjan, this weekend's scareware attack - in which Twitter users were invited to click on a 'best video' link but also ended up being quietly infected with a rogue security application - signals a worrying new trend in social Internet site attacks.

That weekend's Twitter scam was a complex one with users invited to click on what appears to be a YouTube video, but the embedded program call also opens an IP connection to a second site, resulting in the download of a malware-infected PDF file that later installs a rough anti-virus.

Finjan has reported on the rough anti-virus risk on its recent Cybercrime Intelligence report: www.finjan.com/mpom

For more on the Twitter best video scam: http://www.viruslist.com/en/weblog?calendar=2009-06

For more on Finjan: http://www.finjan.com

Finjan MCRC specializes in the detection, analysis and research of web threats, including Crimeware, Web 2.0 attacks, Trojans and other forms of malware. Our goal is to be steps ahead of hackers and cybercriminals, who are attempting to exploit flaws in computer platforms and applications for their profit. In order to protect our customers from the next Crimeware wave and emerging malware and attack vectors, Finjan MCRC is a driving force behind the development of Finjan's next generation of security technologies used in our unified Secure Web Gateway solutions. For more information please also visit our info center and blog.

It is Finjan's job, obviously, to war firms as they did as regards to such events and as regards to suggesting that companies think hard before allowing staff access to these advanced types of social networking applications, as it is also their business, so to speak. It is what makes them money, after all.

The real problem are, however, neither the applications and maybe not even those that distribute such malware. The real problems are the users themselves. The user is one that is to blame in the highest order in most cases of malware infection of any system, personal or corporate, unless the malware was, in fact, introduced via an outside hack. The latter, that is to say a hack from the outside, is, except for military and security service systems, not such of an occurrence; injection of malware via users that act, for lack of a better word, stupid, is more often than not the culprit.

How many more times do they have to be told not to click on this or that, in the same way as to opening suspect emails and such. Clicking on links is something that should be discouraged, especially when the message comes from strangers.

I find that there are followers that arrive on my Twitter page that, when checked, have a very strange account themselves with, maybe, just the one posts that has a link and n o other posts.

Such accounts immediately should be suspect as well as any that do not look right. The user must be the main line of defense and the user must be savvy enough not to do stupid things, and in most cases this comes all down to stupidity on user's side.

Companies can try barring access to social networking sites as much as they like. There will always be users that will find a way to circumvent such blocks and, in fact, it has been found that the use of social networking sites by employees can be beneficial for the businesses, as is shown in the book “Throwing Sheep in the Boardroom” published by Wiley.

Getting users to act responsibly and thus avert the risks is much better than to block access; something that the authors of the above book also stand for.

It is the user who needs to be made aware of the risks and the fact that no corporate firewall, however good, can trap each and every piece of malware and hence users must be security conscious not to click on links, especially not on sites such as Twitter and Facebook from people they do not know as to their integrity. Simple as that!

© 2009
<>

Experts recommend preparing for withdrawal of Office 2000 security patch service

IT Experts say start preparing now for Office 2000 security patch service withdrawal from July 14

June 2009 (Eskenzi PR) Fortify Software, the application vulnerability specialist, is warning companies to take action now and prepare for Microsoft's withdrawal of its security update service for Office 2000 from July 14 onwards this year.

"That date is, of course, Patch Tuesday, so Office 2000 users can expect their last security patches for this still-popular version of Office to be issued on that date," said Richard Kirk, Fortify's European director.

"From that date onwards, however, if any security threats are discovered with this version of Office, no patches or updates will be issued," he added.

Although companies should now start preparing to upgrade to later versions of the software, Kirk says that users of customised applications - typically operating as a macro extensions of Office 2000 - should start reworking their specialist software as soon as practicable.

This, he explained, is because the development process will take time, especially since firms should also include program code auditing in their software's development.

Organisations using custom Office extension applications should also, he went on to say, avoid the temptation to carry on using Office 2000.

"As soon as we reach July 14, the malware clock will start ticking on this version of Office and there will undoubtedly be hackers preparing to exploit this weakness in firm's security armour," he said.

"This is no reflection on the efficacy of Microsoft's software, merely the fact that hackers and malware developers will now be gunning for Office 2000. Companies need to be aware of this possibility and prepare accordingly," he added.

For more on Microsoft's withdrawal of Office 2000 security updates. http://preview.tinyurl.com/r3asfh

For more on Fortify Software: http://www.fortify.com

<>

IT services provider, FORT, brings AVG to Irish market

by Michael Smith (Veshengro)

ISP customers to benefit from complete Internet security solution

London, UK – AVG, the world’s most downloaded Internet security software, is now available to a growing number of ISP customers in the Republic of Ireland as part of a deal negotiated by Fort Technologies.

AVG’s latest 8.5 anti-malware software, will now be available through Irish ISPs who will have the ability to offer end-users the opportunity to pay for their security software on a convenient monthly basis. Fort, which provides managed IT services to the public and private sectors in the Republic of Ireland , has already successfully negotiated distribution arrangements with three regional Internet Service Providers and one managed services provider.

Mike Foreman, MD for AVG UK , commented: “We’re delighted to be expanding our activities in the Republic of Ireland through Fort’s excellent relationships. It means that Irish ISPs are now able to ensure that their customers are well protected with our best in breed Internet security software.”

Noel O’Grady, Sales and Marketing Director at Fort, commented: “Online security is always a high priority for our customers. Through our deals in the Republic of Ireland , ISPs will now be able to offer complete peace of mind to their customers – knowing that they are protected by the World’s leading Internet security software.”

For more information on the complete range of AVG security products for consumers and small businesses, please visit www.avg.co.uk.

Keep in touch with AVG

For up-to-the-minute news on the latest cyberthreats you can subscribe to AVG Chief Research Officer Roger Thompson’s blog at http://thompson.blog.avg.com/

For general AVG updates you can follow AVG on Twitter http://twitter.com/officialAVGnews and/or register at www.avgnews.com

AVG Technologies (AVG) is a global security solutions leader protecting more than 80 million consumers and small business computer users in 167 countries from the ever-growing incidence of web threats, viruses, spam, cyber-scams and hackers on the Internet.

Headquartered in Amsterdam, AVG has nearly two decades of experience in combating cyber crime and one of the most advanced laboratories for detecting, pre-empting and combating Web-borne threats from around the world. Its free online, downloadable software model allows entry-level users to gain basic anti-virus protection and then to easily and inexpensively upgrade to greater levels of safety and defense in both single and multi-user environments. Nearly 6,000 resellers, partners and distributors team with AVG globally including Amazon.com, CNET, Cisco, Ingram Micro, Play.com, Wal-Mart, and Yahoo!. More information is available at www.avg.com

Fort Technologies is a professional IT services company. Our focus is on the delivery of hosted managed IT services. Customer service, flexibility and value for money are the core tenets of our business.

Fort provides enterprise class managed IT services to both public and private organisations of all sizes. IT professionals need to do more with limited budgets, while taking the environmental impact of their purchasing decisions into account. Our centralized IT services help reduce costs, deliver high value services without the headache of managing them and help organisations go green.

Fort differentiates itself from competitors by delivering a more complete range of managed services using next generation technologies such as visualization and Software as a Service to achieve cost and service delivery advantages. www.forttechnologies.com

Let me add one thing here and that is that, for good solid basic computer security you do not have to purchase any product bu use AGV Free, which is AVG 8.5 but minus the email support and such and which is, theoretically, for private personal use only.

While you may not be able to get the entire AVG Security Suite for free the basic AVG 8.5 anti-virus, combined with other free bits such as PC Tools' Firewall and TreatFire, plus some other tools, such as Spyware Blaster and SpyBot S&D should all be more than sufficient - for the home user and home office, and even the small business (though you should not really use the free version(s) in a business environment).

© 2009
<>