Monday, April 30, 2012
Kenneth Van Wyk: We need more secure mobile devices
As things stand now, all bets are off if you lose your smartphone
Computerworld - When you combine the words "mobile device" and "security," you get an oxymoron. That's the state of security in the mobile world, and it's been that way since day one.
That has to change. Smartphones and tablets are increasingly doing heavy lifting in the corporate world, and are ever more likely to be repositories of sensitive data. But where do we start in making them more secure?
For now, forget about malware and sophisticated hacking. We first need to close the most gaping hole of all for mobile devices, one that every expert I have talked to over the years has agreed on: If a bad guy gets physical access to a mobile device, all bets are off. A few months ago, the folks at the OWASP Mobile Security Project backed up this assessment. They did a threat modeling exercise of mobile devices and determined that two of the most glaring issues are the loss or theft of the device and insecure communications.
A basic problem is that anyone who gets his hands on someone else's smartphone can access the user's login credentials with ridiculous ease. Mobile apps contribute to this problem. I myself have realized that some of the mobile apps that I use store login credentials and other sensitive data where they shouldn't be, and in the last month or so, I've read about numerous cases of such iOS app weaknesses. Using nothing more than a USB cable, an attacker can in many cases get to login and/or session credentials for many high-profile apps, on both iOS and Android platforms.
For starters, mobile app developers must keep in mind when writing their software that devices can easily be lost or stolen -- and recognize that a lost device shouldn't be a free ticket to valuable data. Most modern mobile platforms provide mechanisms for reasonably protecting things like user login credentials. These mechanisms are generally called keychains. Current versions of both Android and iOS have keychain APIs that app developers can and should be using. While not perfect, they do provide significant protection over simply storing usernames and passwords -- even when hashed -- in plaintext files (e.g., plist or properties files).
Second, other user data on mobile devices should be encrypted. This is something that users have to do themselves, but Android and iOS both provide mechanisms for doing that reasonably securely, and third-party add-ons like SQLcipher for AES encrypting SQLite databases are even better. If you look for strong mobile encryption mechanisms, you can find them.
Next, we need better default protection settings in our mobile platforms. For example, on Apple iOS devices, sensitive data (including things stored in app keychains) is protected by hardware encryption that is keyed with a combination of a unique 256-bit device key and the user's own device lock code. Since that device key can be obtained by an attacker with physical access to a device, the protection afforded the user by the keychain essentially comes down to how strong his device lock code is. The default setting on iOS is a four-digit PIN, which just isn't up to the task.
Usability advocates will argue that strong device passwords on mobile devices are annoying and won't be accepted by users. That's a fair argument -- strong passwords on a smartphone or tablet really are a hassle to work with. (Trust me.) Still, I'd prefer something stronger than four-digit PINs to unlock a device (and the data it holds). For the longer term, device vendors need to be shooting for stronger keying mechanisms -- perhaps a PIN in combination with a biometric like a fingerprint, facial pattern scan or voice recognition.
For now, though, what I suggest to people who are serious about the security of their mobile devices is to carefully select the apps they use. It's easy enough to do some cursory static analysis of an app and its files using tools like iExplorer (formerly iPhone Explorer). At the very least, make sure your apps don't store login credentials in properties files and the like.
Next, turn on strong passwords and use a reasonably strong one. A PIN just doesn't cut it.
The mobile computing world is as vibrant as any tech environment in the world today. To call the growth explosive would be an understatement. It's easy to lose sight of core security principles in such a rapidly moving world. Still, developers should at the very least make use of security APIs when the platform allows. There's just no excuse for not making use of keychains and other secure data storage mechanisms.
Tuesday, March 29, 2011
Network Nightmare? Personal Phones on Agency Networks
March 28, 2011 By Hilton Collins
Elayne Starkey, Delaware’s chief security officer, was worried. In 2010, she was concerned about state employees accessing the government network with personal smartphones despite the availability of state-issued BlackBerrys. The Department of Technology and Information gave employees BlackBerrys that were secured to the government’s liking. Employees’ personal smartphones, however, were a different story. Owners may have had security controls on them; they may not have.
The idea of employees using unsecured devices to access the state network didn’t make the state’s security chief happy. And employees voiced concerns of their own: The current standardization model wasn’t working.
“They were carrying around their personally owned smartphone anyway, thinking, ‘Why can’t we just combine all this access into a single device? Why do I have a BlackBerry on one hip and my personal smartphone on the other?’” Starkey said.
So on Nov. 15, 2010, Delaware state employees no longer had wholesale access to the state network on personal devices. If someone wanted to use a personal device for government business, he or she needed a manager’s approval. And the phone in question had to meet specific security standards to get the green light.
“I’m sleeping easier at night because I know that, as of Nov. 15, we have closed a significant vulnerability,” Starkey said. “Before Nov. 15, there was unfettered access to state data.”
Mobile security in general has caused quite a few headaches. The National Association of State Chief Information Officers (NASCIO) cited numerous laptop breaches in a two-part report, Security at the Edge — Protecting Mobile Computing Devices, including 2007 Ponemon Institute data claiming that more than 42 percent of all U. S. data breaches — public and private — came from lost or stolen laptops. The estimated average cost of each breach was nearly $50,000.
With smartphones entering the picture, the possibilities for data loss and corruption dramatically increase. Kevin Murray, vice president of product marketing at iPass, a network and mobility services company, said mobile devices — and their dangers — are here to stay. “In 2010 and before, mobile workers were essentially the exception, not the rule, and what we’re seeing in IT in general is that the mobile worker is really setting the rules now.”
The iPass Mobile Workforce Report, released in November 2010, found that 22 percent of employees surveyed breached corporate policy by using an unauthorized smartphone for work even when their companies had a strict policy against it.
Shifting Demands
Delaware changed its mobile device strategy to meet employee demands, but not without setting rules. If employees want to use their personal mobile phones for work, their managers must agree that there’s a need for it. And even after approval, some smartphones may not make the cut.
Delaware still distributes state-issued BlackBerrys, but non-state-issued mobile devices must meet seven controls that include strong passwords that expire, inactivity time-outs, encryption, lockouts after seven failed password attempts and remote wiping capabilities in case of loss or theft.
The Department of Technology and Information also created a list of devices that support the security controls, and supplied information to employees on what to tell their providers if they need assistance.
Starkey would like her department to be even more helpful, but that’s not feasible. “As much as I’d love to be an expert on every single mobile device out there and every single operating system version that’s available on those devices, we just can’t do it,” she said. “It’s really impractical for them to look at the state help desk as their hotline for their personally owned smartphone questions.”
Many would likely agree that it’s unwise to lay security responsibilities mainly in the hands of the employee. Murray is one of them. “It can’t be, ‘Here’s your phone,’ or, ‘Here’s the instructions on what phone to buy. Good luck,’” he said. “The critical thing is, IT still has to be involved with enforcing the policy on that device, even if it’s user liable.”
Charles Robb, a NASCIO senior policy analyst, wrote in part two of the Security at the Edge series that of 36 surveyed states, 14 had policies allowing the use of personally owned smartphones for work, 10 prohibited their use, six were reviewing state policy on the matter, and six left the decision to individual state agencies rather than central IT.
Theresa A. Masse, Oregon’s chief information security officer, agrees with others about the impending threats smartphones pose, especially when government IT doesn’t own or control them. “Now you potentially have state information on a personally owned device, so we don’t know what’s on it,” she said. “We don’t know who else is using it. We don’t know how it’s stored. It’s a huge issue. Are people patching it? Where are they wandering around on their own personal device? What are they looking at?”
Masse’s department, the Enterprise Information Strategy and Policy Division, doesn’t issue government mobile devices en masse. The state leaves it up to individual agencies to decide how they’ll approach smartphone use on the job.
“We ask them to make it as a business decision and to consider the risk,” Masse said. If agencies decide to go mobile, they must develop internal policy on network access and information storage. Oregon’s policies on acceptable use and controlling portable and removable storage devices were implemented in 2007.
Nebraska’s stance is tougher: Employees aren’t allowed to use personal devices if they can access confidential information. The risks are too great. “If they have information that could walk away from state government, we have no ability to make sure that we are protecting the state against what that personal device could introduce to our networks,” said Nebraska CIO Brenda Decker.
The Mobile Lockdown
The first Security at the Edge paper cites 2008 National Institute of Standards and Technology (NIST) recommendations on cell phone and PDA security, which may not be as up-to-date as some might like, but it’s certain that people from the organization have some insight on the issue.
For starters, anyone assuming that federal information would be more attractive to cyber-criminals than state or local information should think again. “It depends,” said Tom Karygiannis, a senior researcher at NIST. “Los Angeles, how big is that economy, right? Or California, for example — the state of California is huge.”
Government users can download unsafe apps onto their smartphones just as they can with laptops or PCs. And losing a smartphone could be a recipe for disaster even if it has nothing to do with a traditional hacker-victim breach. “Let’s say you’re drafting some memo in the public sector and it’s just a draft,” Karygiannis said. “It’s meant for internal use and just discussion. This thing gets out and then people start writing articles on it. It’s not even true.”
He said users could compromise security out of device confusion. If a lab employee has a personal phone and a corporate one, it’s possible he may accidentally take a top-secret photo with a personal device instead of with the corporate phone. It’s an honest mistake, but now a top-secret image is on a personal network. “That’s just a goofy example, but you could be in an area where there are privacy issues and people shouldn’t be taking pictures,” Karygiannis said. NIST publishes guidelines and recommendations for various technologies at http://csrc.nist.gov.
The iPass report recommends that enterprise IT look beyond the laptop when it comes to IT security — rising smartphone and tablet adoption demand a more holistic approach. And managers should ensure that employee devices meet established security criteria before they’re approved.
http://www.govtech.com/security/Personal-Phones-on-Agency-Networks.html
Elayne Starkey, Delaware’s chief security officer, was worried. In 2010, she was concerned about state employees accessing the government network with personal smartphones despite the availability of state-issued BlackBerrys. The Department of Technology and Information gave employees BlackBerrys that were secured to the government’s liking. Employees’ personal smartphones, however, were a different story. Owners may have had security controls on them; they may not have.
The idea of employees using unsecured devices to access the state network didn’t make the state’s security chief happy. And employees voiced concerns of their own: The current standardization model wasn’t working.
“They were carrying around their personally owned smartphone anyway, thinking, ‘Why can’t we just combine all this access into a single device? Why do I have a BlackBerry on one hip and my personal smartphone on the other?’” Starkey said.
So on Nov. 15, 2010, Delaware state employees no longer had wholesale access to the state network on personal devices. If someone wanted to use a personal device for government business, he or she needed a manager’s approval. And the phone in question had to meet specific security standards to get the green light.
“I’m sleeping easier at night because I know that, as of Nov. 15, we have closed a significant vulnerability,” Starkey said. “Before Nov. 15, there was unfettered access to state data.”
Mobile security in general has caused quite a few headaches. The National Association of State Chief Information Officers (NASCIO) cited numerous laptop breaches in a two-part report, Security at the Edge — Protecting Mobile Computing Devices, including 2007 Ponemon Institute data claiming that more than 42 percent of all U. S. data breaches — public and private — came from lost or stolen laptops. The estimated average cost of each breach was nearly $50,000.
With smartphones entering the picture, the possibilities for data loss and corruption dramatically increase. Kevin Murray, vice president of product marketing at iPass, a network and mobility services company, said mobile devices — and their dangers — are here to stay. “In 2010 and before, mobile workers were essentially the exception, not the rule, and what we’re seeing in IT in general is that the mobile worker is really setting the rules now.”
The iPass Mobile Workforce Report, released in November 2010, found that 22 percent of employees surveyed breached corporate policy by using an unauthorized smartphone for work even when their companies had a strict policy against it.
Shifting Demands
Delaware changed its mobile device strategy to meet employee demands, but not without setting rules. If employees want to use their personal mobile phones for work, their managers must agree that there’s a need for it. And even after approval, some smartphones may not make the cut.
Delaware still distributes state-issued BlackBerrys, but non-state-issued mobile devices must meet seven controls that include strong passwords that expire, inactivity time-outs, encryption, lockouts after seven failed password attempts and remote wiping capabilities in case of loss or theft.
The Department of Technology and Information also created a list of devices that support the security controls, and supplied information to employees on what to tell their providers if they need assistance.
Starkey would like her department to be even more helpful, but that’s not feasible. “As much as I’d love to be an expert on every single mobile device out there and every single operating system version that’s available on those devices, we just can’t do it,” she said. “It’s really impractical for them to look at the state help desk as their hotline for their personally owned smartphone questions.”
Many would likely agree that it’s unwise to lay security responsibilities mainly in the hands of the employee. Murray is one of them. “It can’t be, ‘Here’s your phone,’ or, ‘Here’s the instructions on what phone to buy. Good luck,’” he said. “The critical thing is, IT still has to be involved with enforcing the policy on that device, even if it’s user liable.”
Charles Robb, a NASCIO senior policy analyst, wrote in part two of the Security at the Edge series that of 36 surveyed states, 14 had policies allowing the use of personally owned smartphones for work, 10 prohibited their use, six were reviewing state policy on the matter, and six left the decision to individual state agencies rather than central IT.
Theresa A. Masse, Oregon’s chief information security officer, agrees with others about the impending threats smartphones pose, especially when government IT doesn’t own or control them. “Now you potentially have state information on a personally owned device, so we don’t know what’s on it,” she said. “We don’t know who else is using it. We don’t know how it’s stored. It’s a huge issue. Are people patching it? Where are they wandering around on their own personal device? What are they looking at?”
Masse’s department, the Enterprise Information Strategy and Policy Division, doesn’t issue government mobile devices en masse. The state leaves it up to individual agencies to decide how they’ll approach smartphone use on the job.
“We ask them to make it as a business decision and to consider the risk,” Masse said. If agencies decide to go mobile, they must develop internal policy on network access and information storage. Oregon’s policies on acceptable use and controlling portable and removable storage devices were implemented in 2007.
Nebraska’s stance is tougher: Employees aren’t allowed to use personal devices if they can access confidential information. The risks are too great. “If they have information that could walk away from state government, we have no ability to make sure that we are protecting the state against what that personal device could introduce to our networks,” said Nebraska CIO Brenda Decker.
The Mobile Lockdown
The first Security at the Edge paper cites 2008 National Institute of Standards and Technology (NIST) recommendations on cell phone and PDA security, which may not be as up-to-date as some might like, but it’s certain that people from the organization have some insight on the issue.
For starters, anyone assuming that federal information would be more attractive to cyber-criminals than state or local information should think again. “It depends,” said Tom Karygiannis, a senior researcher at NIST. “Los Angeles, how big is that economy, right? Or California, for example — the state of California is huge.”
Government users can download unsafe apps onto their smartphones just as they can with laptops or PCs. And losing a smartphone could be a recipe for disaster even if it has nothing to do with a traditional hacker-victim breach. “Let’s say you’re drafting some memo in the public sector and it’s just a draft,” Karygiannis said. “It’s meant for internal use and just discussion. This thing gets out and then people start writing articles on it. It’s not even true.”
He said users could compromise security out of device confusion. If a lab employee has a personal phone and a corporate one, it’s possible he may accidentally take a top-secret photo with a personal device instead of with the corporate phone. It’s an honest mistake, but now a top-secret image is on a personal network. “That’s just a goofy example, but you could be in an area where there are privacy issues and people shouldn’t be taking pictures,” Karygiannis said. NIST publishes guidelines and recommendations for various technologies at http://csrc.nist.gov.
The iPass report recommends that enterprise IT look beyond the laptop when it comes to IT security — rising smartphone and tablet adoption demand a more holistic approach. And managers should ensure that employee devices meet established security criteria before they’re approved.
http://www.govtech.com/security/Personal-Phones-on-Agency-Networks.html
Saturday, March 5, 2011
AmeriStar Network Inc. Completes 1-for-2 Reverse Stock Split and the Merger of SecurDigital Inc.
NEW YORK, NY -- (MARKET WIRE) -- 02/28/11 -- AmeriStar Network Inc. (PINKSHEETS: AMWKD) announced today that FINRA has put the 1-for-2 Reverse Stock Split on the FINRA Daily List. In addition, the merger of SecurDigital Inc. into a wholly-owned subsidiary of AmeriStar became effective.
The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital.
SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission.
Contact:
O. Russell Crandall
Chairman
AmeriStar
Email: Email Contact
Phone (435) 229-1955
Source: AmeriStar Network Inc.
The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital.
SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission.
Contact:
O. Russell Crandall
Chairman
AmeriStar
Email: Email Contact
Phone (435) 229-1955
Source: AmeriStar Network Inc.
AmeriStar Network Inc. Files Merger Agreement With SecurDigital Inc
NEW YORK, NY -- (MARKET WIRE) -- 02/09/11 -- AmeriStarNetwork, Inc.(PINKSHEETS: AMWK), quoted on OTC Markets (Pink) (see www.otcmarkets.com) under the symbol AMWK.PK, announced today that it has received certifications from the Delaware Secretary of State consummating the merger with SecurDigital, Inc. and the 1 for 2 reverse stock split; the effective date of both corporate actions is February 15, 2011. The Company has filed these State certifications with FINRA and believes it has met the filing requirements of that regulatory body.
Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally.
The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Contact:
O. Russell Crandall
Chairman AmeriStar
Email: Email Contact
Phone (435) 229 - 1955
URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.
Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally.
The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Contact:
O. Russell Crandall
Chairman AmeriStar
Email: Email Contact
Phone (435) 229 - 1955
URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.
Ameristar Networks, Inc. (AWWKD), Bringing Disruptive Technologies to Market
NEW YORK, NY -- (MARKET WIRE) -- 01/10/11 -- AmeriStarNetwork, Inc. (the "Company") (PINKSHEETS: AMWK) announced today that it has filed documents with FINRA, the securities industry regulatory body, to provide notification of corporate actions and has received from FINRA a request for additional documents; the Company expects to deliver all required documents within the next few days. AmeriStarNetwork, Inc. has negotiated the acquisition of SecurDigital, Inc., a private company that has developed significant technology in the protection of wireless transmissions from hacking and espionage, as a merger of equals. The Company and SecurDigital, Inc. will consummate the merger ten days after delivery of all information requested by FINRA, which could be in mid-January.
Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter.
At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City.
About Secur Digital , Inc.
The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance.
The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application.
SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications.
Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units.
About Ameri Star Network, Inc.
Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator.
Forward-Looking Safe Harbor Statement
Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955.
Contact:
O. Russell Crandall
Chairman
Email Contact
(435) 229-1955
Source: AmeriStar Networks, Inc.
Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter.
At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City.
About Secur Digital , Inc.
The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance.
The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application.
SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications.
Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units.
About Ameri Star Network, Inc.
Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator.
Forward-Looking Safe Harbor Statement
Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction.
Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955.
Contact:
O. Russell Crandall
Chairman
Email Contact
(435) 229-1955
Source: AmeriStar Networks, Inc.
Thursday, July 29, 2010
Wireless Technology Risks and Enterprise Security interview S. Garrett
Introduction
I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.
Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.
Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.
Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.
SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.
The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.
Analysis
Q: What do you feel is single greatest threat to enterprise mobility systems today?
Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.
Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.
The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.
That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.
It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.
Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?
Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.
Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?
I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.
The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.
We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).
We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.
Q: How is SecurVoice© unique when compared with other commercial solutions?
SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.
Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?
We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.
We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.
Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?
Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.
Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?
The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.
In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.
Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.
Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?
SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.
Q: Anything else you would like to add.
SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.
I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.
In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.
Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!
Conclusion
The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!
I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.
Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.
Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.
Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.
SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.
The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.
Analysis
Q: What do you feel is single greatest threat to enterprise mobility systems today?
Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.
Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.
The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.
That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.
It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.
Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?
Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.
Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?
I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.
The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.
We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).
We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.
Q: How is SecurVoice© unique when compared with other commercial solutions?
SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.
Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?
We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.
We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.
Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?
Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.
Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?
The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.
In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.
Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.
Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?
SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.
Q: Anything else you would like to add.
SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.
I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.
In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.
Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!
Conclusion
The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!
Saturday, June 26, 2010
Police Warn of Smartphone Scanner Apps
During a city-wide sweep for gang members and drug dealers last week, the Oakland (Calif.) Police Department confiscated several cellular phones loaded with an application that could stream the department’s police radio system. The software app is one of several available for iPhones and other smartphones that stream public safety radio audio obtained from scanner radios via the Internet. OPD has not said if the apps were actually running on the smartphones, or if any suspects were able to avoid arrest from hearing police radio broadcasts. However, in a bulletin notice to officers, the department warned officers that criminals are able to monitor the city’s 800 MHz trunked radio system from smartphones, and to use caution when transmitting confidential information.
Article posted at Dispatch Magazine On-Line - http://www.911dispatch.com
Link to full story: http://www.911dispatch.com/2010/06/police-warn-of-smartphone-scanner-apps/
Article posted at Dispatch Magazine On-Line - http://www.911dispatch.com
Link to full story: http://www.911dispatch.com/2010/06/police-warn-of-smartphone-scanner-apps/
Subscribe to:
Posts (Atom)
