tag:blogger.com,1999:blog-87837522330199576712024-02-08T05:48:23.925-08:00SecurVoiceSecurhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.comBlogger25125tag:blogger.com,1999:blog-8783752233019957671.post-23876169105141453732014-04-08T04:38:00.002-07:002014-04-08T04:38:33.172-07:00Hackers Lurking in Vents and Soda Machines<header class="story-header" id="story-header" style="background-color: white; color: #333333; font-family: nyt-cheltenham, georgia, 'times new roman', times, serif; font-size: 16px; position: relative;"><div class="story-meta" style="margin-bottom: 20px;">
<div class="story-meta-footer" style="border-top-color: rgb(226, 226, 226); border-top-style: solid; border-top-width: 1px; padding-top: 2px;">
<div class="byline-dateline" style="float: left; font-family: georgia, 'times new roman', times, serif; font-size: 1rem; line-height: 1.4375rem; margin-right: 45px; margin-top: 4px;">
<span class="byline" itemid="http://topics.nytimes.com/top/reference/timestopics/people/p/nicole_perlroth/index.html" itemprop="author creator" itemscope="" itemtype="http://schema.org/Person" style="font-family: nyt-cheltenham-sh, georgia, 'times new roman', times, serif; font-size: 0.6875rem; font-weight: 700; line-height: 0.75rem;">By <a href="http://topics.nytimes.com/top/reference/timestopics/people/p/nicole_perlroth/index.html" rel="author" style="color: black; outline: 0px;" title="More Articles by NICOLE PERLROTH"><span class="byline-author" data-byline-name="NICOLE PERLROTH" itemprop="name">NICOLE PERLROTH</span></a></span><time class="dateline" datetime="2014-04-07" style="color: black; font-family: nyt-cheltenham-sh, georgia, 'times new roman', times, serif; font-size: 0.6875rem; line-height: 0.75rem; margin-left: 12px;">APRIL 7, 2014</time></div>
<div class="inside-story" style="float: right; height: 36px;">
<ul class="inside-story-menu" style="list-style: none; margin: 0px; padding-left: 0px;"></ul>
</div>
</div>
</div>
</header><div class="lede-container" style="background-color: white; clear: right; color: #333333; float: right; font-family: nyt-cheltenham, georgia, 'times new roman', times, serif; font-size: 16px;">
<figure aria-label="media" class="media photo lede layout-large-horizontal" data-media-action="modal" itemid="http://static01.nyt.com/images/2014/04/08/business/Vulnerable1/Vulnerable1-master675.jpg" itemprop="associatedMedia" itemscope="" itemtype="http://schema.org/ImageObject" role="group" style="clear: right; float: right; margin: 5px 0px 45px 30px; position: relative; width: 540px;"><span class="visually-hidden" style="border: 0px; clip: rect(0px 0px 0px 0px); height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; width: 1px;">Photo</span><div class="image" style="cursor: pointer; margin-bottom: 7px; position: relative; width: auto;">
<img alt="" class="media-viewer-candidate" data-mediaviewer-caption="Security experts like Billy Rios of Qualys say computer-equipped machinery like air conditioners can be used to gain access to sensitive company data." data-mediaviewer-credit="Jessica Lifland for The New York Times" data-mediaviewer-src="http://static01.nyt.com/images/2014/04/08/business/Vulnerable1/Vulnerable1-superJumbo.jpg" itemid="http://static01.nyt.com/images/2014/04/08/business/Vulnerable1/Vulnerable1-master675.jpg" itemprop="url" src="http://static01.nyt.com/images/2014/04/08/business/Vulnerable1/Vulnerable1-master675.jpg" style="display: block; height: auto; max-width: 100%; width: 540px;" /><div class="media-action-overlay" style="-webkit-transition: opacity 0.2s ease-in; border-bottom-left-radius: 6px; border-bottom-right-radius: 6px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px solid rgba(200, 200, 200, 0.8); bottom: 15px; cursor: pointer; left: 15px; opacity: 0; position: absolute; transition: opacity 0.2s ease-in; z-index: 5; zoom: 1;">
<span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -342px -42px; background-repeat: no-repeat no-repeat; display: inline-block; height: 38px; line-height: 0; vertical-align: middle; width: 38px;"></span></div>
</div>
<figcaption class="caption" itemprop="description" style="bottom: 23px; color: #666666; font-family: nyt-cheltenham-sh, georgia, 'times new roman', times, serif; font-size: 0.8125rem; line-height: 1.0625rem; position: static; right: 0px; width: auto;"><span class="caption-text">Security experts like Billy Rios of Qualys say computer-equipped machinery like air conditioners can be used to gain access to sensitive company data.</span><span class="credit" itemprop="copyrightHolder" style="color: #999999; display: inline-block; font-size: 0.6875rem; line-height: 1.125rem;"><span class="visually-hidden" style="border: 0px; clip: rect(0px 0px 0px 0px); height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; width: 1px;">Credit</span>Jessica Lifland for The New York Times</span></figcaption></figure><div class="lede-container-ads" style="clear: right; float: right;">
</div>
</div>
<div aria-label="tools" class="sharetools theme-classic sharetools-story sharetools-init" data-description="Companies are finding that their greatest cybersecurity threats can hide in third-party systems, like networked air-conditioning equipment." data-publish-date="April 7, 2014" data-shares="email|email,facebook,twitter,save,show-all|more,ad" data-title="Hackers Lurking in Vents and Soda Machines " data-url="http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html" id="sharetools-story" role="group" style="background-color: white; clear: left; color: #333333; float: left; font-family: nyt-cheltenham, georgia, 'times new roman', times, serif; font-size: 16px; margin-bottom: 15px; width: 88px;">
<a class="visually-hidden skip-to-text-link" href="http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?hp&_r=0#story-continues-1" style="border: 0px; clip: rect(0px 0px 0px 0px); color: #326891; height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; text-decoration: none; width: 1px;">Continue reading the main story</a><span class="sharetools-label visually-hidden" style="border: 0px; clip: rect(0px 0px 0px 0px); height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; width: 1px;">Share This Page</span><ul style="list-style: none; margin: 0px 0px 11px; padding-left: 0px;">
<li class="sharetool email-sharetool login-modal-trigger" data-modal-title="Log in to Email" style="border-top-width: 0px; font-family: nyt-franklin, arial, helvetica, sans-serif; font-size: 0.625rem; line-height: 1.5625rem;"><a data-share="email" href="https://www.blogger.com/null" style="color: #999999; display: block; height: 23px; margin: 3px 0px; padding-left: 5px; text-transform: uppercase;"><span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -360px 0px; background-repeat: no-repeat no-repeat; display: inline-block; height: 16px; line-height: 0; margin-right: 10px; margin-top: -4px; vertical-align: middle; width: 16px;"></span><span class="sharetool-text">EMAIL</span></a></li>
<li class="sharetool facebook-sharetool " data-modal-title="" style="border-top-color: rgb(226, 226, 226); border-top-style: solid; border-top-width: 1px; font-family: nyt-franklin, arial, helvetica, sans-serif; font-size: 0.625rem; line-height: 1.5625rem;"><a data-share="facebook" href="https://www.blogger.com/null" style="color: #999999; display: block; height: 23px; margin: 3px 0px; padding-left: 5px; text-transform: uppercase;"><span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -496px 0px; background-repeat: no-repeat no-repeat; display: inline-block; height: 16px; line-height: 0; margin-right: 10px; margin-top: -4px; vertical-align: middle; width: 16px;"></span><span class="sharetool-text">FACEBOOK</span></a></li>
<li class="sharetool twitter-sharetool " data-modal-title="" style="border-top-color: rgb(226, 226, 226); border-top-style: solid; border-top-width: 1px; font-family: nyt-franklin, arial, helvetica, sans-serif; font-size: 0.625rem; line-height: 1.5625rem;"><a data-share="twitter" href="https://www.blogger.com/null" style="color: #999999; display: block; height: 23px; margin: 3px 0px; padding-left: 5px; text-transform: uppercase;"><span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -337px -115px; background-repeat: no-repeat no-repeat; display: inline-block; height: 16px; line-height: 0; margin-right: 10px; margin-top: -4px; vertical-align: middle; width: 16px;"></span><span class="sharetool-text">TWITTER</span></a></li>
<li class="sharetool save-sharetool login-modal-trigger" data-modal-title="Log in to Save" style="border-top-color: rgb(226, 226, 226); border-top-style: solid; border-top-width: 1px; font-family: nyt-franklin, arial, helvetica, sans-serif; font-size: 0.625rem; line-height: 1.5625rem;"><a data-share="save" href="https://www.blogger.com/null" style="color: #999999; display: block; height: 23px; margin: 3px 0px; padding-left: 5px; text-transform: uppercase;"><span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -256px -83px; background-repeat: no-repeat no-repeat; display: inline-block; height: 16px; line-height: 0; margin-right: 10px; margin-top: -4px; vertical-align: middle; width: 16px;"></span><span class="sharetool-text">SAVE</span></a></li>
<li class="sharetool show-all-sharetool " data-modal-title="" style="border-top-color: rgb(226, 226, 226); border-top-style: solid; border-top-width: 1px; font-family: nyt-franklin, arial, helvetica, sans-serif; font-size: 0.625rem; line-height: 1.5625rem;"><a data-share="show-all" href="https://www.blogger.com/null" style="color: #999999; display: block; height: 23px; margin: 3px 0px; padding-left: 5px; text-transform: uppercase;"><span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -440px -83px; background-repeat: no-repeat no-repeat; display: inline-block; height: 16px; line-height: 0; margin-right: 10px; margin-top: -4px; vertical-align: middle; width: 16px;"></span><span class="sharetool-text">MORE</span></a></li>
</ul>
</div>
<div class="story-body-text story-content" data-para-count="64" data-total-count="64" id="story-continues-1" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
SAN FRANCISCO — They came in through the Chinese takeout menu.</div>
<div class="story-body-text story-content" data-para-count="310" data-total-count="374" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.</div>
<div class="story-body-text story-content" data-para-count="294" data-total-count="668" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Security experts summoned to fix the problem were not allowed to disclose the details of the breach, but the lesson from the incident was clear: Companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest of places for vulnerabilities.</div>
<div class="story-body-text story-content" data-para-count="219" data-total-count="887" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Hackers in the recent Target payment card breach gained access to the retailer’s records through its heating and cooling system. In other cases, <a href="http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?pagewanted=all" style="color: #326891;" title="Times article.">hackers have used printers</a>, thermostats and videoconferencing equipment.</div>
<div class="story-body-text story-content" data-para-count="546" data-total-count="1433" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Companies have always needed to be diligent in keeping ahead of hackers — email and leaky employee devices are an old problem — but the situation has grown increasingly complex and urgent as countless third parties are granted remote access to corporate systems. This access comes through software controlling all kinds of services a company needs: heating, ventilation and air-conditioning; billing, expense and human-resources management systems; graphics and data analytics functions; health insurance providers; and even vending machines.</div>
<figure aria-label="media" class="media photo embedded has-adjacency has-lede-adjacency layout-small-vertical" data-media-action="modal" itemid="http://static01.nyt.com/images/2014/04/08/business/Vulnerable2/Vulnerable2-master180.jpg" itemprop="associatedMedia" itemscope="" itemtype="http://schema.org/ImageObject" role="group" style="background-color: white; clear: left; color: #333333; float: left; font-family: nyt-cheltenham, georgia, 'times new roman', times, serif; font-size: 16px; margin: 6px 30px 45px 135px; position: relative; width: 180px;"><span class="visually-hidden" style="border: 0px; clip: rect(0px 0px 0px 0px); height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; width: 1px;">Photo</span><div class="image" style="cursor: pointer; margin-bottom: 7px; position: relative;">
<img alt="" class="media-viewer-candidate" data-mediaviewer-caption="Vincent Berk, a security expert with FlowTraq." data-mediaviewer-credit="Herb Swanson for The New York Times" data-mediaviewer-src="http://static01.nyt.com/images/2014/04/08/business/Vulnerable2/Vulnerable2-superJumbo.jpg" itemid="http://static01.nyt.com/images/2014/04/08/business/Vulnerable2/Vulnerable2-master180.jpg" itemprop="url" src="http://static01.nyt.com/images/2014/04/08/business/Vulnerable2/Vulnerable2-master180.jpg" style="display: block; height: auto; max-width: 100%; width: 180px;" /><div class="media-action-overlay" style="-webkit-transition: opacity 0.2s ease-in; border-bottom-left-radius: 6px; border-bottom-right-radius: 6px; border-top-left-radius: 6px; border-top-right-radius: 6px; border: 1px solid rgba(200, 200, 200, 0.8); bottom: 15px; cursor: pointer; left: 15px; opacity: 0; position: absolute; transition: opacity 0.2s ease-in; z-index: 5; zoom: 1;">
<span class="icon" style="background-image: url(http://a1.nyt.com/assets/article/20140407-121335/images/sprite/sprite-no-repeat.png); background-position: -342px -42px; background-repeat: no-repeat no-repeat; display: inline-block; height: 38px; line-height: 0; vertical-align: middle; width: 38px;"></span></div>
</div>
<figcaption class="caption" itemprop="description" style="color: #666666; font-family: nyt-cheltenham-sh, georgia, 'times new roman', times, serif; font-size: 0.75rem; line-height: 1rem;"><span class="caption-text">Vincent Berk, a security expert with FlowTraq.</span><span class="credit" itemprop="copyrightHolder" style="color: #999999; display: inline-block; font-size: 0.75rem; line-height: 1rem;"><span class="visually-hidden" style="border: 0px; clip: rect(0px 0px 0px 0px); height: 1px; margin: -1px; overflow: hidden; padding: 0px; position: absolute; width: 1px;">Credit</span>Herb Swanson for The New York Times</span></figcaption></figure><div class="story-body-text story-content" data-para-count="68" data-total-count="1501" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Break into one system, and you have a chance to break into them all.</div>
<div class="story-body-text story-content" data-para-count="192" data-total-count="1693" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
“We constantly run into situations where outside service providers connected remotely have the keys to the castle,” said Vincent Berk, chief executive of FlowTraq, a network security firm.</div>
<div class="story-body-text story-content" data-para-count="444" data-total-count="2137" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Data on the percentage of cyberattacks that can be tied to a leaky third party is difficult to come by, in large part because victims’ lawyers will find any reason not to disclose a breach. But a survey of more than 3,500 global I.T. and cybersecurity practitioners conducted by a security research firm, the Ponemon Institute, last year found that roughly a quarter — 23 percent — of breaches were attributable to third-party negligence.</div>
<div class="story-body-text story-content" data-para-count="256" data-total-count="2393" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Security experts say that figure is low. Arabella Hallawell, vice president of strategy at Arbor Networks, a network security firm in Burlington, Mass., estimated that third-party suppliers were involved in some 70 percent of breaches her company reviewed.</div>
<div class="story-body-text story-content" data-para-count="77" data-total-count="2470" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
“It’s generally suppliers you would never suspect,” Ms. Hallawell said.</div>
<div class="story-body-text story-content" data-para-count="717" data-total-count="3187" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
The breach through the Chinese menu — known as a watering hole attack, the online equivalent of a predator lurking by a watering hole and pouncing on its thirsty prey — was extreme. But security researchers say that in most cases, attackers hardly need to go to such lengths when the management software of all sorts of devices connects directly to corporate networks. Heating and cooling providers can now monitor and adjust office temperatures remotely, and vending machine suppliers can see when their clients are out of Diet Cokes and Cheetos. Those vendors often don’t have the same security standards as their clients, but for business reasons they are allowed behind the firewall that protects a network.</div>
<div class="story-body-text story-content" data-para-count="441" data-total-count="3628" id="story-continues-2" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Security experts say vendors are tempting targets for hackers because they tend to run older systems, like Microsoft’s Windows XP software. Also, security experts say these seemingly innocuous devices — videoconference equipment, thermostats, vending machines and printers — often are delivered with the security settings switched off by default. Once hackers have found a way in, the devices offer them a place to hide in plain sight.</div>
<div class="story-body-text story-content" data-para-count="185" data-total-count="3813" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
“The beauty is no one is looking there,” said George Kurtz, the chief executive of Crowdstrike, a security firm. “So it’s very easy for the adversary to hide in these places.”</div>
<div class="story-body-text story-content" data-para-count="403" data-total-count="4216" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Last year, security researchers found a way into Google’s headquarters in Sydney, Australia, and Sydney’s North Shore Private hospital — and its ventilation, lighting, elevators and even video cameras — through their building management vendor. More recently, the same researchers found they could breach the circuit breakers of one Sochi Olympic arena through its heating and cooling supplier.</div>
<div class="story-body-text story-content" data-para-count="106" data-total-count="4322" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Fortunately, the researchers were merely testing for flaws that could have been exploited by real hackers.</div>
<div class="story-body-text story-content" data-para-count="363" data-total-count="4685" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Billy Rios, director of threat intelligence at Qualys, a security firm, was one of those researchers. He said it was increasingly common for corporations to set up their networks sloppily, with their air-conditioning systems connected to the same network that leads to databases containing sensitive material like proprietary source code or customer credit cards.</div>
<div class="story-body-text story-content" data-para-count="141" data-total-count="4826" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
“Your air-conditioning system should never talk to your H.R. database, but nobody ever talks about that for some reason,” Mr. Rios said.</div>
<div class="story-body-text story-content" data-para-count="238" data-total-count="5064" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
The Ponemon survey last year found that in 28 percent of malicious attacks, respondents could not find the source of the breach. Ms. Hallawell compared the process of finding the source of a breach to “finding a needle in a haystack.”</div>
<div class="story-body-text story-content" data-para-count="353" data-total-count="5417" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Ideally, security experts say, corporations should set up their networks so that access to sensitive data is sealed off from third-party systems and remotely monitored with advanced passwords and technology that can identify anomalous traffic — like someone with access to an air-conditioning monitoring system trying to get into an employee database.</div>
<div class="story-body-text story-content" data-para-count="463" data-total-count="5880" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
But even then, companies require security personnel with experience in detecting such attacks. Even though Target used security technology supplied by FireEye, a company that sounds alerts when it identifies such anomalous activity, its I.T. personnel ignored the red flags, according to several people who confirmed the findings of <a href="http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data" style="color: #326891;" title="Bloomberg Businessweek article.">a Bloomberg Businessweek investigation</a> last month but could not speak publicly about Target’s continuing internal investigation.</div>
<div class="story-body-text story-content" data-para-count="362" data-total-count="6242" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
Like all else, security experts say, it’s simply a matter of priorities. One Arbor Networks study found that unlike banks, which spend up to 12 percent of their information technology budgets on security, retailers spend, on average, less than 5 percent of their budget on security. The bulk of that I.T. spending goes to customer marketing and data analytics.</div>
<div class="story-body-text story-content" data-para-count="215" data-total-count="6457" itemprop="articleBody" style="background-color: white; color: #333333; font-family: georgia, 'times new roman', times, serif; font-size: 16px; line-height: 1.4375rem; margin-bottom: 1em; margin-left: 135px; max-width: 540px; width: 540px;">
“When you know you’re the target and you don’t know when, where or how an attack will take place, it’s wartime all the time,” Ms. Hallawell said. “And most organizations aren’t prepared for wartime.”</div>
Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-64305880506650498762014-04-08T04:37:00.002-07:002014-04-08T04:37:25.490-07:00Gen Y Bucks Policies on Use of Personal DevicesB<span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;">y <a class="author" href="http://www.baselinemag.com/cp/bio/Samuel-Greengard/" style="color: #002e5f; font-size: 14px; text-decoration: none;" title="Samuel Greengard">Samuel Greengard</a> </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;"> | </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;">Posted 2013-12-03</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;"> </span><span class="hr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px; margin-left: 10px;"><a href="http://www.baselinemag.com/email/security/slideshows/gen-y-bucks-policies-on-use-of-personal-devices.html//" rel="noindex,nofollow" style="color: #002e5f; text-decoration: none;"><img alt="Email this article" class="email" height="15" src="http://www.baselinemag.com/images/email.jpg" style="border: 0px; position: relative; top: 5px;" width="16" /> Email</a></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;"> </span><span class="hr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px; margin-left: 10px;"><a href="http://www.baselinemag.com/security/slideshows/gen-y-bucks-policies-on-use-of-personal-devices.html/" rel="noindex,nofollow" style="color: #002e5f; text-decoration: none;"><img alt="Print this article" class="print" height="15" src="http://www.baselinemag.com/images/print.gif" style="border: 0px; position: relative; top: 5px;" width="15" /> Print</a></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;"></span><span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;"></span><div class="vr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 5px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
</div>
<div class="vr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 5px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
</div>
<div id="dotted-line" style="background-image: url(http://www.baselinemag.com/images/dotted.jpg); font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 1px; line-height: 18.200000762939453px; margin: 0px; padding: 0px; width: 3564px;">
</div>
<div class="vr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 5px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
<div id="sharethis" style="margin: 0px; padding: 0px;">
<span class="st_facebook_hcount" displaytext="Facebook" st_processed="yes"><span class="stButton" style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 16px; margin-left: 3px; margin-right: 3px; position: relative; z-index: 1;"><span class="stMainServices st-facebook-counter" style="background-image: url(http://w.sharethis.com/images/facebook_counter.png); background-repeat: no-repeat no-repeat; display: inline-block; font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-bottom: 3px; padding-top: 3px; position: relative; white-space: nowrap; width: 60px;"> </span><span class="stArrow" style="background-image: url(http://w.sharethis.com/share4x/images/Facebook_bubble_arrow.png); background-position: 3px 8px; background-repeat: no-repeat no-repeat; display: inline-block; height: 14px; margin-left: -1px; padding-left: 3px;"><span class="stButton_gradient stHBubble" style="background-color: #eceef5; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(202, 212, 231); display: inline-block; filter: none; font-family: serif; height: 16px; margin-left: 3px; margin-right: 3px; padding: 2px; position: relative; z-index: -1;"><span class="stBubble_hcount" style="font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-left: 2px; padding-right: 2px; white-space: nowrap;">0</span></span></span></span></span> <span class="st_twitter_hcount" displaytext="Tweet" st_processed="yes"><span class="stButton" style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 16px; margin-left: 3px; margin-right: 3px; position: relative; z-index: 1;"><span class="stMainServices st-twitter-counter" style="background-image: url(http://w.sharethis.com/images/twitter_counter.png); background-repeat: no-repeat no-repeat; display: inline-block; font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-bottom: 3px; padding-top: 3px; position: relative; white-space: nowrap; width: 60px;"> </span><span class="stArrow" style="background-image: url(http://w.sharethis.com/share4x/images/Twitter_bubble_arrow.png); background-position: 3px 8px; background-repeat: no-repeat no-repeat; display: inline-block; height: 14px; margin-left: -1px; padding-left: 3px;"><span class="stButton_gradient stHBubble" style="background-color: white; background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(204, 227, 243); display: inline-block; filter: none; font-family: serif; height: 16px; margin-left: 3px; margin-right: 3px; padding: 2px; position: relative; z-index: -1;"><span class="stBubble_hcount" style="font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-left: 2px; padding-right: 2px; white-space: nowrap;">17</span></span></span></span></span> <span class="st_googleplus_hcount" displaytext="Google +" st_processed="yes"><span class="stButton" style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 16px; margin-left: 3px; margin-right: 3px; position: relative; z-index: 1;"><span class="stButton_gradient" style="background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(rgb(213, 213, 213)), color-stop(0.48, rgb(239, 239, 239)), color-stop(0.94, rgb(255, 255, 255))); background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(191, 191, 191); display: inline-block; font-family: serif; height: 16px; padding: 2px;"><span class="chicklets googleplus" style="background-image: url(http://w.sharethis.com/images/googleplus_16.png); background-repeat: no-repeat no-repeat; display: inline-block; font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-left: 20px; padding-right: 3px; white-space: nowrap;">Google +</span></span><span class="stArrow" style="background-image: url(http://w.sharethis.com/share4x/images/bubble_arrow.png); background-position: 3px 8px; background-repeat: no-repeat no-repeat; display: inline-block; height: 14px; margin-left: -1px; padding-left: 3px;"><span class="stButton_gradient stHBubble" style="background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(rgb(213, 213, 213)), color-stop(0.48, rgb(239, 239, 239)), color-stop(0.94, rgb(255, 255, 255))); background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(191, 191, 191); display: inline-block; font-family: serif; height: 16px; margin-left: 3px; margin-right: 3px; padding: 2px; position: relative; z-index: -1;"><span class="stBubble_hcount" style="font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-left: 2px; padding-right: 2px; white-space: nowrap;">2</span></span></span></span></span> <span class="st_linkedin_hcount" displaytext="LinkedIn" st_processed="yes"><span class="stButton" style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 16px; margin-left: 3px; margin-right: 3px; position: relative; z-index: 1;"><span class="stMainServices st-linkedin-counter" style="background-image: url(http://w.sharethis.com/images/linkedin_counter.png); background-repeat: no-repeat no-repeat; display: inline-block; font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-bottom: 3px; padding-top: 3px; position: relative; white-space: nowrap; width: 60px;"> </span><span class="stArrow" style="background-image: url(http://w.sharethis.com/share4x/images/bubble_arrow.png); background-position: 3px 8px; background-repeat: no-repeat no-repeat; display: inline-block; height: 14px; margin-left: -1px; padding-left: 3px;"><span class="stButton_gradient stHBubble" style="background-image: -webkit-gradient(linear, 0% 0%, 0% 100%, from(rgb(213, 213, 213)), color-stop(0.48, rgb(239, 239, 239)), color-stop(0.94, rgb(255, 255, 255))); background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 4px; border-top-right-radius: 4px; border: 1px solid rgb(191, 191, 191); display: inline-block; font-family: serif; height: 16px; margin-left: 3px; margin-right: 3px; padding: 2px; position: relative; z-index: -1;"><span class="stBubble_hcount" style="font-family: Verdana, Helvetica, sans-serif; height: 16px; padding-left: 2px; padding-right: 2px; white-space: nowrap;">0</span></span></span></span></span> <span class="st_fblike_hcount" displaytext="Facebook Like" st_processed="yes"><span style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 0px; margin: 3px 3px 0px; overflow: visible; padding: 0px; position: relative; vertical-align: bottom;"><div class="fb-like fb_iframe_widget" data-action="" data-href="http://www.baselinemag.com/security/slideshows/gen-y-bucks-policies-on-use-of-personal-devices.html/" data-layout="button_count" data-send="false" data-show-faces="false" fb-iframe-plugin-query="app_id=&href=http%3A%2F%2Fwww.baselinemag.com%2Fsecurity%2Fslideshows%2Fgen-y-bucks-policies-on-use-of-personal-devices.html%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false" fb-xfbml-state="rendered" style="display: inline-block; margin: 0px; padding: 0px; position: relative;">
<span style="display: inline-block; height: 20px; position: relative; text-align: justify; vertical-align: bottom; width: 78px;"><iframe allowtransparency="true" class="" frameborder="0" height="1000px" name="f1bad2e538" scrolling="no" src="http://www.facebook.com/plugins/like.php?app_id=&channel=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FwTH8U0osOYl.js%3Fversion%3D40%23cb%3Df25a2ab938%26domain%3Dwww.baselinemag.com%26origin%3Dhttp%253A%252F%252Fwww.baselinemag.com%252Ffb75420b4%26relation%3Dparent.parent&href=http%3A%2F%2Fwww.baselinemag.com%2Fsecurity%2Fslideshows%2Fgen-y-bucks-policies-on-use-of-personal-devices.html%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false" style="border-style: none; height: 20px; position: absolute; visibility: visible; width: 78px;" title="fb:like Facebook Social Plugin" width="1000px"></iframe></span></div>
</span></span> <span class="st_fbrec_hcount" displaytext="Facebook Recommend" st_processed="yes"><span style="cursor: pointer; display: inline-block; font-size: 11px; line-height: 0px; margin: 3px 3px 0px; overflow: visible; padding: 0px; position: relative; vertical-align: bottom;"><div class="fb-like fb_iframe_widget" data-action="recommend" data-href="http://www.baselinemag.com/security/slideshows/gen-y-bucks-policies-on-use-of-personal-devices.html/" data-layout="button_count" data-send="false" data-show-faces="false" fb-iframe-plugin-query="action=recommend&app_id=&href=http%3A%2F%2Fwww.baselinemag.com%2Fsecurity%2Fslideshows%2Fgen-y-bucks-policies-on-use-of-personal-devices.html%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false" fb-xfbml-state="rendered" style="display: inline-block; margin: 0px; padding: 0px; position: relative;">
<span style="display: inline-block; height: 20px; position: relative; text-align: justify; vertical-align: bottom; width: 124px;"><iframe allowtransparency="true" class="" frameborder="0" height="1000px" name="f2cbae5304" scrolling="no" src="http://www.facebook.com/plugins/like.php?action=recommend&app_id=&channel=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FwTH8U0osOYl.js%3Fversion%3D40%23cb%3Df20b50d44%26domain%3Dwww.baselinemag.com%26origin%3Dhttp%253A%252F%252Fwww.baselinemag.com%252Ffb75420b4%26relation%3Dparent.parent&href=http%3A%2F%2Fwww.baselinemag.com%2Fsecurity%2Fslideshows%2Fgen-y-bucks-policies-on-use-of-personal-devices.html%2F&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false" style="border-style: none; height: 20px; position: absolute; visibility: visible; width: 124px;" title="fb:like Facebook Social Plugin" width="1000px"></iframe></span></div>
</span></span></div>
</div>
<div class="vr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 5px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
</div>
<div id="dotted-line" style="background-image: url(http://www.baselinemag.com/images/dotted.jpg); font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 1px; line-height: 18.200000762939453px; margin: 0px; padding: 0px; width: 3564px;">
</div>
<div class="vr-space" style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; height: 5px; line-height: 18.200000762939453px; margin: 0px; padding: 0px;">
</div>
<div class="vspace" style="clear: both; font-family: Arial, Helvetica, sans-serif; font-size: 1px; height: 15px; line-height: 10px; margin: 0px; padding: 0px;">
</div>
<div class="article_body" style="color: #333333; font-family: Arial, Helvetica, sans-serif; font-size: 14px !important; line-height: 20px !important; margin: 5px 0px 0px; padding: 0px; text-align: justify;">
<div style="margin-bottom: 14px; margin-right: 14px; margin-top: 5px; padding: 0px;">
It's no secret that Generation Y has drastically different values about technology than other generations. But now these differences are playing out in the enterprise, particularly as mobility and the bring-your-own-device (BYOD) movement flourish. A newly released survey conducted by network security firm Fortinet found that younger workers are taking an increasingly hard-line stand on corporate policies that limit and control devices, particularly personal technologies such as smartphones, tablets, smart watches and emerging devices such as Google Glass. The "<a href="http://www.fortinet.com/resource_center/survey/internet-security-census-2013-global-survey.html" style="color: #002e5f; text-decoration: none;" target="new">Fortinet Internet Security Census 2013</a>" polled 3,200 employees ranging in age from 21 to 32 in 20 countries. Among other things, it found that there's a 42 percent increase in the respondents' willingness to break usage rules compared to a similar Fortinet survey conducted in 2012. The research also illustrates the extent to which Gen Y have been victims of cyber-crime on their personal devices, their "threat literacy" and their widespread practice of storing corporate assets in personal cloud accounts. "The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed," says John Maddison, Fortinet vice president of marketing. "Now, more than ever, there is a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations."</div>
</div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 18.200000762939453px;">- See more at: http://www.baselinemag.com/security/slideshows/gen-y-bucks-policies-on-use-of-personal-devices.html/#sthash.mll2bBBX.dpuf</span>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-10165759938762093412014-03-27T08:21:00.002-07:002014-03-27T08:21:35.889-07:00Android Security Remains a Glaring Problem: 10 Reasons WhyAndroid has grabbed an unassailable position in the mobile operating system market. In fact, some estimates put Android's global smartphone market share at 87 percent and rising. Most analysts believe that in a matter of years, Android will be as dominant in mobile as Windows was years ago in the desktop PC market. Google, through its partnerships with vendors, advertisers and application marketplaces, will benefit greatly from that.<br />
<br />
But there's another far less positive parallel between Windows and Android that cannot be underestimated. According to the latest data from security firm F-Secure, 97 percent of all mobile malware targeted Android devices in 2013. In 2012 that figure stood at 79 percent. What's worse, the total number of malware signatures is on the rise. In 2012, the mobile firm identified 238 Android threats. Now, that figure stands at 804.<br />
<br />
Those statistics, coupled with the ongoing concern among enterprise customers that no single security solution even comes close to solving the mobile world's troubles, should make just about anyone worry about Android security.<br />
<br />
Read on to find out why: -
See more at: http://www.eweek.com/mobile/slideshows/android-security-remains-a-glaring-problem-10-reasons-why.html?kc=EWKNLEDP03262014A&dni=114199973&rni=23389406#sthash.iJZoqGBT.dpufSecurhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-28250730813112539942014-03-07T08:28:00.003-08:002014-03-07T08:29:23.362-08:00Boeing's Secure Black Smartphone: 10 Cool Features We All Might WantBoeing, a company that is perhaps best known for its work in aviation and as a highly trusted U.S. government contractor, has unveiled a new smartphone it's calling, simply, Black. The handset, designed for U.S. and presumably allied intelligence agencies, will try to maximize device and data security while still providing agents in the field with reliable mobile connections. Boeing's Black smartphone highlights the impact cyber-security is having on governments around the world. Each day, it's believed that the United States and foreign governments like China are spying on government and corporate networks to gather strategic information. A hidden cyber-war is being waged, and the country that has the strongest tools might succeed in gaining an edge that could prove decisive in the event of conflict. This eWEEK slide show looks at the Boeing Black and what makes it such an interesting and potentially useful tool in the intelligence field. Admittedly, the following information is based only on what's been made publicly available. All of the specifications that make the Boeing Black valuable to the intelligence community will likely never see the light of day—at least not for years to come. - See more at: http://www.eweek.com/mobile/slideshows/boeings-secure-black-smartphone-10-cool-features-we-all-might-want.html?
3 Comments for "Boeing's Secure Black Smartphone: 10 Cool Features We All Might Want"
AmericanPrivacysaid on March 5, 2014 03:00 pm
NSA proof phone made in the USA? Yea Right. Between the Patriot Act and CISPA don't believe this for a second.And if NSA can tap into Google and others without them knowing it, then what would stop NSA from taking the data from Boeing which lifeline is and will remain government contracts. And Verizon as the carrier? Really they are already participating in the Prism program. Certain government officials here in the states already have a "hack-proof" phone and it is NOT available to the public. Visit www.americansrighttoprivacy.com for real solutions that reside in Switzerland. he Swiss specifically established a rate of privacy in their Constitution and reinforced it in their Data Protection Act which maintains that individuals and companies have a right to privacy in their electronic communications.
DDG-12said on March 3, 2014 12:18 pm
Right. That makes the game "spot the fed" like a child play - just pay attention on their handset. Agents will be compromised the second they pull it out of the pocket.
nrmr44said on February 28, 2014 06:02 pm
It is too obviously a Boeing Black. They should have made it look like an indigenous Chinese model.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-75618860994217879302013-04-03T11:50:00.000-07:002013-04-03T11:50:04.452-07:00Ameristar Network Inc. Completes Filing for "Current Information Tier" Status on OTC Markets (Pink)PR Newswire
NEW YORK, April 3, 2013
NEW YORK, April 3, 2013 /PRNewswire/ -- AmeriStar Network, Inc. (OTC Markets: AMWK)("AmeriStar") has complied with the filing requirements of OTC Markets and has been moved to the Current Information Tier. Since the merger of SecurDigital, Inc. into a subsidiary of the Company in February 2011, the Company has transformed itself into a mobile applications and SaaS provider of Cloud-based software solutions. SecurDigital is in final stages of product development and is undertaking the marketing of its SecurDigital mobile applications. According to CEO Bruce Magown, "Awareness in the marketplace about identity theft, industrial espionage and cyber-attacks has increased exponentially, with wireless mobile devices being particularly vulnerable -- and that's what we help protect by securing the communication."
SecurDigital, Inc. with its proprietary technology is poised to protect corporations, governments and even individuals from scanning, hacking and espionage through a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology can be delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model.
SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications, and it works across multiple carriers, operating systems and hardware, performing wireless "interoperability" for WiMAX and WiFi products globally. The market for mobile security applications in an environment marked by increasingly dangerous and sophisticated hackers and criminal elements has been estimated to exceed a billion dollars worldwide.
Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStar Network, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements.
Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of AmeriStar Network, Inc. in any jurisdiction.
SOURCE AmeriStar Network, Inc.
The above news release has been provided by the above company via the OTC Disclosure and News Service. Issuers of news releases and not OTC Markets Group Inc. are solely responsible for the accuracy of such news releases.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-83522047293084417232013-04-03T07:52:00.001-07:002013-04-03T07:52:41.316-07:00Army has lost control of its mobile devices, says DOD IGBy Defense Systems StaffApr 02, 2013
The inspector general of the Defense Department reports that the Army’s Chief Information Office/G-6 has, in essence, lost control over commercial mobile devices (CMD) within the Army, and that more than 14,000 smartphones and tablets are untracked. The upshot is that the Army CIO office does not have an effective cybersecurity program that identifies and mitigates risks surrounding CMDs and removable media, according to the DOD IG.
“The Army did not implement an effective cybersecurity program for commercial mobile devices,” wrote Alice Carey, assistant DOD inspector general for readiness, operations and support, in a memorandum dated March 26. “If the devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DOD information.”
According to the IG report, entitled, Improvements Needed With Tracking and Configuring Army Commercial Mobile Devices, the “Army CIO did not implement an effective cybersecurity program for CMDs. Specifically, the Army CIO did not appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army.” (The figure excludes Blackberry devices.)
Additionally, the Army CIO did not ensure that commands configured CMDs to protect stored data. According to the DOD IG, the CIOs at the U.S. Military Academy (USMA), West Point, NY, and the Army Corps of Engineers’ Engineer Research and Development Center (ERDC), Vicksburg, MS, did not use a mobile device management application to configure CMDs to protect stored data, which means that they did not have the capability to remotely wipe data stored on CMDs that were transferred, lost, stolen or damaged.
Also, the CIOs at USMA and ERDC allowed users to store sensitive data on CMDs that acted as removable media.
“These actions occurred because the Army CIO did not develop clear and comprehensive policy for CMDs purchased under pilot and non-pilot programs,” states the IG report.
In addition, the Army CIO inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information.
“As a result, critical information assurance controls were not appropriately applied, which left the Army networks more vulnerable to cybersecurity attacks and leakage of sensitive data.”
In response, the Army and Defense Information Systems Agency (DISA) agreed to develop a mobile device management (MDM) process to verify that users of CMDs are following Army and DOD information assurance policies and implementing the appropriate security controls to protect CMDs. Establishment of MDM and mobile application store architectures will be designed to make all CMDs managed mobile devices, which would result in the ability to observe every DOD-managed CMD, as well as the applications operating on the devices.
Additionally, the Army will gain the ability to wipe or remove a device from the environment, as well as monitor applications used, websites visited, plus data viewed, saved or modified on the mobile devices.
To that end, the Army issued a request for proposal for the MDM and mobile application store and expects to make an award this month, with initial operating capability expected by October 2013, with full operating capability available before the end of fiscal year 2014.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-46383750472949806552012-04-30T06:01:00.003-07:002012-04-30T06:02:49.094-07:00Kenneth Van Wyk: We need more secure mobile devicesAs things stand now, all bets are off if you lose your smartphone
Computerworld - When you combine the words "mobile device" and "security," you get an oxymoron. That's the state of security in the mobile world, and it's been that way since day one.
That has to change. Smartphones and tablets are increasingly doing heavy lifting in the corporate world, and are ever more likely to be repositories of sensitive data. But where do we start in making them more secure?
For now, forget about malware and sophisticated hacking. We first need to close the most gaping hole of all for mobile devices, one that every expert I have talked to over the years has agreed on: If a bad guy gets physical access to a mobile device, all bets are off. A few months ago, the folks at the OWASP Mobile Security Project backed up this assessment. They did a threat modeling exercise of mobile devices and determined that two of the most glaring issues are the loss or theft of the device and insecure communications.
A basic problem is that anyone who gets his hands on someone else's smartphone can access the user's login credentials with ridiculous ease. Mobile apps contribute to this problem. I myself have realized that some of the mobile apps that I use store login credentials and other sensitive data where they shouldn't be, and in the last month or so, I've read about numerous cases of such iOS app weaknesses. Using nothing more than a USB cable, an attacker can in many cases get to login and/or session credentials for many high-profile apps, on both iOS and Android platforms.
For starters, mobile app developers must keep in mind when writing their software that devices can easily be lost or stolen -- and recognize that a lost device shouldn't be a free ticket to valuable data. Most modern mobile platforms provide mechanisms for reasonably protecting things like user login credentials. These mechanisms are generally called keychains. Current versions of both Android and iOS have keychain APIs that app developers can and should be using. While not perfect, they do provide significant protection over simply storing usernames and passwords -- even when hashed -- in plaintext files (e.g., plist or properties files).
Second, other user data on mobile devices should be encrypted. This is something that users have to do themselves, but Android and iOS both provide mechanisms for doing that reasonably securely, and third-party add-ons like SQLcipher for AES encrypting SQLite databases are even better. If you look for strong mobile encryption mechanisms, you can find them.
Next, we need better default protection settings in our mobile platforms. For example, on Apple iOS devices, sensitive data (including things stored in app keychains) is protected by hardware encryption that is keyed with a combination of a unique 256-bit device key and the user's own device lock code. Since that device key can be obtained by an attacker with physical access to a device, the protection afforded the user by the keychain essentially comes down to how strong his device lock code is. The default setting on iOS is a four-digit PIN, which just isn't up to the task.
Usability advocates will argue that strong device passwords on mobile devices are annoying and won't be accepted by users. That's a fair argument -- strong passwords on a smartphone or tablet really are a hassle to work with. (Trust me.) Still, I'd prefer something stronger than four-digit PINs to unlock a device (and the data it holds). For the longer term, device vendors need to be shooting for stronger keying mechanisms -- perhaps a PIN in combination with a biometric like a fingerprint, facial pattern scan or voice recognition.
For now, though, what I suggest to people who are serious about the security of their mobile devices is to carefully select the apps they use. It's easy enough to do some cursory static analysis of an app and its files using tools like iExplorer (formerly iPhone Explorer). At the very least, make sure your apps don't store login credentials in properties files and the like.
Next, turn on strong passwords and use a reasonably strong one. A PIN just doesn't cut it.
The mobile computing world is as vibrant as any tech environment in the world today. To call the growth explosive would be an understatement. It's easy to lose sight of core security principles in such a rapidly moving world. Still, developers should at the very least make use of security APIs when the platform allows. There's just no excuse for not making use of keychains and other secure data storage mechanisms.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-5429560656643786682011-03-29T13:12:00.000-07:002011-03-29T13:18:02.699-07:00Network Nightmare? Personal Phones on Agency NetworksMarch 28, 2011 By Hilton Collins <br /><br />Elayne Starkey, Delaware’s chief security officer, was worried. In 2010, she was concerned about state employees accessing the government network with personal smartphones despite the availability of state-issued BlackBerrys. The Department of Technology and Information gave employees BlackBerrys that were secured to the government’s liking. Employees’ personal smartphones, however, were a different story. Owners may have had security controls on them; they may not have. <br /><br />The idea of employees using unsecured devices to access the state network didn’t make the state’s security chief happy. And employees voiced concerns of their own: The current standardization model wasn’t working. <br /><br />“They were carrying around their personally owned smartphone anyway, thinking, ‘Why can’t we just combine all this access into a single device? Why do I have a BlackBerry on one hip and my personal smartphone on the other?’” Starkey said.<br /><br />So on Nov. 15, 2010, Delaware state employees no longer had wholesale access to the state network on personal devices. If someone wanted to use a personal device for government business, he or she needed a manager’s approval. And the phone in question had to meet specific security standards to get the green light.<br /><br />“I’m sleeping easier at night because I know that, as of Nov. 15, we have closed a significant vulnerability,” Starkey said. “Before Nov. 15, there was unfettered access to state data.”<br /><br />Mobile security in general has caused quite a few headaches. The National Association of State Chief Information Officers (NASCIO) cited numerous laptop breaches in a two-part report, Security at the Edge — Protecting Mobile Computing Devices, including 2007 Ponemon Institute data claiming that more than 42 percent of all U. S. data breaches — public and private — came from lost or stolen laptops. The estimated average cost of each breach was nearly $50,000.<br /><br />With smartphones entering the picture, the possibilities for data loss and corruption dramatically increase. Kevin Murray, vice president of product marketing at iPass, a network and mobility services company, said mobile devices — and their dangers — are here to stay. “In 2010 and before, mobile workers were essentially the exception, not the rule, and what we’re seeing in IT in general is that the mobile worker is really setting the rules now.”<br /><br />The iPass Mobile Workforce Report, released in November 2010, found that 22 percent of employees surveyed breached corporate policy by using an unauthorized smartphone for work even when their companies had a strict policy against it.<br />Shifting Demands<br />Delaware changed its mobile device strategy to meet employee demands, but not without setting rules. If employees want to use their personal mobile phones for work, their managers must agree that there’s a need for it. And even after approval, some smartphones may not make the cut.<br /><br />Delaware still distributes state-issued BlackBerrys, but non-state-issued mobile devices must meet seven controls that include strong passwords that expire, inactivity time-outs, encryption, lockouts after seven failed password attempts and remote wiping capabilities in case of loss or theft.<br /><br />The Department of Technology and Information also created a list of devices that support the security controls, and supplied information to employees on what to tell their providers if they need assistance. <br /><br />Starkey would like her department to be even more helpful, but that’s not feasible. “As much as I’d love to be an expert on every single mobile device out there and every single operating system version that’s available on those devices, we just can’t do it,” she said. “It’s really impractical for them to look at the state help desk as their hotline for their personally owned smartphone questions.”<br /><br />Many would likely agree that it’s unwise to lay security responsibilities mainly in the hands of the employee. Murray is one of them. “It can’t be, ‘Here’s your phone,’ or, ‘Here’s the instructions on what phone to buy. Good luck,’” he said. “The critical thing is, IT still has to be involved with enforcing the policy on that device, even if it’s user liable.”<br /><br />Charles Robb, a NASCIO senior policy analyst, wrote in part two of the Security at the Edge series that of 36 surveyed states, 14 had policies allowing the use of personally owned smartphones for work, 10 prohibited their use, six were reviewing state policy on the matter, and six left the decision to individual state agencies rather than central IT. <br /><br />Theresa A. Masse, Oregon’s chief information security officer, agrees with others about the impending threats smartphones pose, especially when government IT doesn’t own or control them. “Now you potentially have state information on a personally owned device, so we don’t know what’s on it,” she said. “We don’t know who else is using it. We don’t know how it’s stored. It’s a huge issue. Are people patching it? Where are they wandering around on their own personal device? What are they looking at?”<br /><br />Masse’s department, the Enterprise Information Strategy and Policy Division, doesn’t issue government mobile devices en masse. The state leaves it up to individual agencies to decide how they’ll approach smartphone use on the job.<br /><br />“We ask them to make it as a business decision and to consider the risk,” Masse said. If agencies decide to go mobile, they must develop internal policy on network access and information storage. Oregon’s policies on acceptable use and controlling portable and removable storage devices were implemented in 2007.<br /><br />Nebraska’s stance is tougher: Employees aren’t allowed to use personal devices if they can access confidential information. The risks are too great. “If they have information that could walk away from state government, we have no ability to make sure that we are protecting the state against what that personal device could introduce to our networks,” said Nebraska CIO Brenda Decker.<br /><br />The Mobile Lockdown<br />The first Security at the Edge paper cites 2008 National Institute of Standards and Technology (NIST) recommendations on cell phone and PDA security, which may not be as up-to-date as some might like, but it’s certain that people from the organization have some insight on the issue. <br /><br />For starters, anyone assuming that federal information would be more attractive to cyber-criminals than state or local information should think again. “It depends,” said Tom Karygiannis, a senior researcher at NIST. “Los Angeles, how big is that economy, right? Or California, for example — the state of California is huge.”<br /><br />Government users can download unsafe apps onto their smartphones just as they can with laptops or PCs. And losing a smartphone could be a recipe for disaster even if it has nothing to do with a traditional hacker-victim breach. “Let’s say you’re drafting some memo in the public sector and it’s just a draft,” Karygiannis said. “It’s meant for internal use and just discussion. This thing gets out and then people start writing articles on it. It’s not even true.”<br /><br />He said users could compromise security out of device confusion. If a lab employee has a personal phone and a corporate one, it’s possible he may accidentally take a top-secret photo with a personal device instead of with the corporate phone. It’s an honest mistake, but now a top-secret image is on a personal network. “That’s just a goofy example, but you could be in an area where there are privacy issues and people shouldn’t be taking pictures,” Karygiannis said. NIST publishes guidelines and recommendations for various technologies at http://csrc.nist.gov. <br /><br />The iPass report recommends that enterprise IT look beyond the laptop when it comes to IT security — rising smartphone and tablet adoption demand a more holistic approach. And managers should ensure that employee devices meet established security criteria before they’re approved. <br /><br />http://www.govtech.com/security/Personal-Phones-on-Agency-Networks.htmlSecurhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-22622111272194390302011-03-05T04:50:00.001-08:002011-03-05T04:51:16.286-08:00AmeriStar Network Inc. Completes 1-for-2 Reverse Stock Split and the Merger of SecurDigital Inc.NEW YORK, NY -- (MARKET WIRE) -- 02/28/11 -- AmeriStar Network Inc. (PINKSHEETS: AMWKD) announced today that FINRA has put the 1-for-2 Reverse Stock Split on the FINRA Daily List. In addition, the merger of SecurDigital Inc. into a wholly-owned subsidiary of AmeriStar became effective. <br /><br />The Company is also pleased to announce that Mr. Bruce Magown, the co-founder, President and CEO of SecurDigital Inc., was elected to the Board of Directors. Mr. Magown will continue to manage the day to day operations of SecurDigital. <br /><br />SecurDigital Inc. developed proprietary technology to protect corporations, governments and even individuals from scanning, hacking and espionage that constitutes a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. <br /><br />SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability for WiMAX and WiFi products globally. <br /><br />Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Compnay filings with the Securities and Exchange Commission. <br /><br />Contact:<br /><br />O. Russell Crandall<br />Chairman<br />AmeriStar<br />Email: Email Contact<br />Phone (435) 229-1955<br /><br />Source: AmeriStar Network Inc.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-31051423104407177562011-03-05T04:40:00.000-08:002011-03-05T04:42:02.402-08:00AmeriStar Network Inc. Files Merger Agreement With SecurDigital IncNEW YORK, NY -- (MARKET WIRE) -- 02/09/11 -- AmeriStarNetwork, Inc.(PINKSHEETS: AMWK), quoted on OTC Markets (Pink) (see www.otcmarkets.com) under the symbol AMWK.PK, announced today that it has received certifications from the Delaware Secretary of State consummating the merger with SecurDigital, Inc. and the 1 for 2 reverse stock split; the effective date of both corporate actions is February 15, 2011. The Company has filed these State certifications with FINRA and believes it has met the filing requirements of that regulatory body. <br /><br />Secur Digital, Inc., a private company, has developed proprietary technology to protect corporations, governments and even individuals from hacking and espionage that is a major advance in the delivery of secure and interoperable wireless communications. Eliminating the exposure of wireless communication to scanners or hackers, its SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. <br /><br />SecurVoice™ is the world's first totally secure, wireless, digital communications "software only" solution for security and interoperability over wireless and VoIP communications and works across multiple carriers, operating systems and hardware, performing "wireless interoperability" for WiMAX and WiFi products globally. <br /><br />The headquarters of the merged enterprise will be moved to New York City, with branch offices located in Washington, D.C., Connecticut and Utah. The merged company intends to change its name to SecurDigital, Inc. and to apply for a new trading symbol after the effective date of the merger. <br /><br />Statements in this press release may be "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "optimizing," "potential," "anticipate," "goal," "intend" and similar expressions, as they relate to the company or its management, identify forward-looking statements. These statements are based on current expectations, estimates and projections about the company's business based, in part, on assumptions made by management. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Actual outcomes and results may, and probably will, differ materially from what is expressed or forecasted in such forward-looking statements due to numerous factors, including those described above and those risks discussed from time to time in Company filings with the Securities and Exchange Commission. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements. <br /><br />Nothing in this press release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction. <br /><br />Contact:<br />O. Russell Crandall<br />Chairman AmeriStar<br />Email: Email Contact<br />Phone (435) 229 - 1955<br />URL: www.ameristarnetwork.comSource: AmeriStar Network, Inc.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-80642848082622835342011-03-05T04:37:00.000-08:002011-03-05T04:40:33.130-08:00Ameristar Networks, Inc. (AWWKD), Bringing Disruptive Technologies to MarketNEW YORK, NY -- (MARKET WIRE) -- 01/10/11 -- AmeriStarNetwork, Inc. (the "Company") (PINKSHEETS: AMWK) announced today that it has filed documents with FINRA, the securities industry regulatory body, to provide notification of corporate actions and has received from FINRA a request for additional documents; the Company expects to deliver all required documents within the next few days. AmeriStarNetwork, Inc. has negotiated the acquisition of SecurDigital, Inc., a private company that has developed significant technology in the protection of wireless transmissions from hacking and espionage, as a merger of equals. The Company and SecurDigital, Inc. will consummate the merger ten days after delivery of all information requested by FINRA, which could be in mid-January. <br /><br />Among the requirements of the Merger Agreement with SecurDigital, Inc., AmeriStarNetwork, Inc. has agreed to reverse split the presently outstanding stock on the basis of two old shares for one new share, and this reverse split was approved by a majority of the shareholders of the Company on December 16, 2010, and will be effective at the time of the merger. While a majority of the shareholders of SecurDigital, Inc. have indicated a willingness to proceed with the merger, they have the right to cancel the merger if the Company has not accepted a minimum amount of subscriptions to its offering by January 15, 2011, which requires only $200,000 more in subscriptions. The Company anticipates achieving the minimum during the next ten days and closing the merger shortly thereafter. <br /><br />At present, the AmeriStarNetwork, Inc. corporate offices are located in Utah, and SecurDigital, Inc. has offices in Washington, D.C., Connecticut and New York City; it is anticipated that the headquarters of the merged enterprise will be moved to New York City. <br /><br />About Secur Digital , Inc.<br /><br />The founders of SecurDigital, Inc. are experienced technology entrepreneurs and business professionals, possessing a breadth of functional experience in software product development, system, network integration, the marketing of emerging products, new technologies, strategic collaborating, and corporate finance. <br /><br />The technology developed by SecurDigital, Inc. is unique and is a major advance in the delivery of wireless encrypted secure and interoperable communications. Eliminating the exposure of wireless communications to scanners or hackers, SecurVoice™ technology is delivered to subscribers over the Internet using the Software-as-a-Service ("SaaS") model. There are no charges for installing the SecurVoice™ software, and subscribers are charged a modest monthly subscription fee as long as they utilize the application. <br /><br />SecurVoice™ technology is agnostic as to carrier, operating system and hardware, performing "Wireless Interoperability" for WiMAX and WiFi products globally. It is an unrecognizable digital transmission, hence secure or private, depending on the level of encryption, and is the world's first totally secure, wireless, digital communications "software only" solution for security and INTEROPERABILITY over wireless and VoIP communications. <br /><br />Secur Digital, Inc. believes that the SecurVoice™ software, with its unique and versatile interoperable technology, is the best solution to secure voice, data, audio, video transmission, since it is designed for VoIP, wireless cell phone transmission, smart phones, satellite phones and push-to-talk (radio) units. <br /><br />About Ameri Star Network, Inc.<br /><br />Ameri Star Network, Inc. is a non-reporting public company listed on Pink Sheets Markets under the symbol AMWK.PK. The Company has invested in technology enterprises for over a decade and is managed by seasoned executives, most of whom have been shareholders of the Company since 2000. AmeriStarNetwork, Inc. currently holds a 20% interest in Mortgage Internet Technologies, Inc., a mortgage industry software development company founded in 1997. That company's proprietary flagship technology is called the Virtual Lender® (www.vLender.com), which completely automates the process of creating a full service online loan origination web site and business process management system for both the mortgage company and the mortgage loan originator. <br /><br />Forward-Looking Safe Harbor Statement<br /><br />Statements in this news release regarding future financial and operating results, future growth in research and development programs, potential applications of technology, opportunities for the Company and any other statements about the future expectations, beliefs, goals, plans or prospects expressed constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements that are not statements of historical fact (including statements containing the words "will," "believes," "plans," "anticipates," "expects," "estimates" and similar expressions) should also be considered to be forward-looking statements. There are a number of important factors that could cause actual results or events to differ materially from those indicated by such forward-looking statements, including limited operating history, need for future capital, risks inherent in the development and commercialization of potential products, protection of the Company's intellectual property and economic conditions generally. These statements and other forward-looking statements are not guarantees of future performance and involve risks and uncertainties. AmeriStarNetwork, Inc. assumes no responsibility to update any of the forward-looking statements in this news release. Neither the Company nor any other person assumes responsibility for the accuracy or completeness of these forward-looking statements. <br /><br />Nothing in this news release should be construed as either an offer to sell or a solicitation of an offer to buy or sell shares of Ameri Star Network, Inc. in any jurisdiction. <br /><br />Information about AmeriStarNetwork, Inc. is available on the Company's web site at www.ameristarnetwork.com or contact O. Russell Crandall, Chairman, by mail at the offices of the Company, by email at info@ameristar.com or call (435) 229 - 1955. <br /><br />Contact:<br />O. Russell Crandall<br />Chairman<br />Email Contact<br />(435) 229-1955<br /><br />Source: AmeriStar Networks, Inc.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-80276771009359691942010-07-29T05:52:00.000-07:002010-07-29T05:55:35.871-07:00Wireless Technology Risks and Enterprise Security interview S. GarrettIntroduction<br /><br />I recently had the pleasure of interviewing W. Steven Garret, Chairman of SecurDigital©, who has over thirty-five years of exceptional business experience as a CEO and Chairman of both private and public companies.<br /><br />Steven has been involved in directing leading-edge technology start-up companies by providing corporate strategic planning, systems organization, business continuity methods, designing incident management, orientation, executive marketing, and sales management, IT and physical security and efficiency development.<br /><br />Steven also has a wide variety of knowledge and experience in developing franchising, manufacturing plants, marketing & sales organizations, internet solution providers, software developers, security, and e-business systems.<br /><br />Steven's latest project, SecurDigital©, is a global leader in delivering system-level technology solutions to the advanced wireless markets, is focused on the globally accepted FIPS 140-2, level 2 validations, and will then begin the process for the NSA's Secret and Top Secret Certifications.<br /><br />SecurDigital© produces SecurVoice© - the world's first totally secure and interoperable digital communication software only solution. It protects voice, data, and video from being intercepted or scanned - it is an unrecognizable digital transmission.<br /><br />The interoperable capability of SecurVoice© allows global connection to all types of cell, satellite, walkie-talkie, and VOIP devices. SecurVoice© functions independently of operating systems, application platforms, devices, and is carrier independent, so it works with all existing legacy systems, and operates on top of the existing network carriers.<br />Analysis<br /><br />Q: What do you feel is single greatest threat to enterprise mobility systems today?<br /><br />Identity Theft, 75% of our world has their infrastructure built on Cellular Towers providing communications for receiving pay and paying utility bills and purchases from auction sites, clothes, music, appliances, and electronics. Most Federal Governments depend on private Corporations to deliver national communications without regulating security.<br /><br />Q: Mobile communication innovations have rapidly been adopted by businesses in the last five years, what kinds of vulnerabilities are companies facing that they may of be aware of.<br /><br />The largest vulnerabilities are because the Smart Phone manufactures do not build security, it is not their job; they leave that to the major Wireless carriers, which have not taken security as their responsibility.<br /><br />That is the reason that a new industry has emerged over the last two years in the private sector. SecurDigital, along with 5 other "Secure Voice" providers met by invitation with DISA (Defense Information Systems Agency) in a closed Roundtable discussion lead by Peter J. Zarrella of DISA's CTO office.<br /><br />It has been accepted as a new technology industry to secure all Communications, especially Digital Voice, Data, and Video. For $149.95, you can buy a software package from "Cell Spy" to enable your cell phone to listen to any other targeted smartphone. All forms of communications are vulnerable to theft and illegal miss-use.<br /><br />Q: With such variety available for devices, integration software, and enterprise networks, how can a business ensure they are not leaving themselves exposed to data loss from their communications systems?<br /><br />Every communications device is a target; Cellular, satellite phones, Radio walkie-talkies (Law Enforcement) and all office phones using VoIP (Voice over IP) You may have all your contacts copied to another phone, anything stored in a smart phone today can not, CAN NOT be deleted. You may not see it but there is a (Ghost) copy built into your phones PC board.<br /><br />Q: How do SecurDigital©'s solutions work to mitigate communication systems risk?<br /><br />I have been working with various types of security with my partner, Bruce Magown, within my group of leading edge security companies for 4-5 years.<br /><br />The PGC Consortium was blueprinting one of the worlds hardest above ground buildings in 2008. We held a large meeting at an old Air Strip and came to understand that we needed things that did not exist at the time.<br /><br />We needed to provide cell, satellite, and VoIP communications to each floor of a 20 story building that gave each floor a faraday cage (protection from eaves dropping or an EMP, Electromagnetic pulse attack).<br /><br />We developed SecurVoice© to be Device, Operating System, and Carrier Independent while having extremely high and hard security during the operation of the smart phone. Much like Skype, except a much stronger and harder method of delivering security.<br /><br />Q: How is SecurVoice© unique when compared with other commercial solutions?<br /><br />SecurDigital©' has used existing parts of software and designed a re-arrangement of software configurations to produce a common, yet hard architecture within Java and produced a small foot print of 38Kb that will be compliant tested with FIPS 140.2 validation, along with Secret and Top Secret Certifications during the coming year.<br /><br />Q: Issues surrounding confidentiality and differing methods of electronic communication have yet to be fully addressed from a legal perspective, what kind of risk is a company assuming when using mobile systems to relay proprietary information?<br /><br />We are seeing NEW HIPAA laws calling for secure communications for patients being remotely monitored, and to say that a Doctor giving a patients information over an un-secured cell phone is not being compliant with Patient Privacy of information laws surprises most Medical Centers and they7 now realize the damage they may be doing with carless actions with cell phones.<br /><br />We are discussing client privacy rights with a couple of DC law firms that now realize how easy it could be to scan a cellular conversation.<br /><br />Q: What can a company do to ensure they do not mistakenly forfeit their right to confidentiality when using wireless communications?<br /><br />Every person, Company, Organization or Agency must realize and accept responsibility that unless they take positive actions to secure their business communications of cellular and radio, that they may lose their most prized positions, clients, trade secrets, and methods of operation that made them the success that they are today.<br /><br />Q: SMB's, education, local government, and smaller organizations have a tough time keeping pace with technology upgrades and are falling further behind in regards to security efforts, how do SecurDigital©'s services impact ever tightening IT budgets?<br /><br />The switch from hardware security to software is a very green and cost saving event. We stop manufacturing metals and plastics and the implementation of more and more hardware to create interoperability.<br /><br />In a National Guard Demonstration in Melbourne, FL at the Conference for the Global Center for Preparedness in 2008, we saw five trucks loaded with hardware used to create open communications with a central command center, but to have the ability to cross talk directly.<br /><br />Our Government has been using a hardware device to secure the Blackberry communications for years and the cost of that hardware is $3,350.00 retail, while the cost of using SecurVoice© with that huge number of users will be only about $0.99. Per month and in time we see the pricing dropping to $0.49 per month when the carriers put on millions of users.<br /><br />Q: Consumers face many of the same security issues as enterprise, is the SecurVoice© software available for noncommercial users?<br /><br />SecurVoice© is available to sets of two users for only $19.95 per month and will be downloaded directly from our web site by December. Bruce Magown of InterWeave has constructed a back office for SecurDigital that will accept payment, issue a license, and then download the soft ware directly to a laptop or phone, any type of phone instrument. We can audit and manage more than 250,000 licenses per day.<br /><br />Q: Anything else you would like to add.<br /><br />SecurDigital© is the product need for another solution of keeping people safe and secure during an event that could harm many people, either from man or Mother Nature. I have committed myself towards making a difference in life threatening emergencies to the human race.<br /><br />I spent the morning of 9/11 watching a large screen TV with two friends that had been through the war in Vietnam. The correlation is the same for us now. Soldiers no longer wear uniforms; your next-door neighbor could be the one sending a Van loaded with explosives into the heart of New York City.<br /><br />In my time of being self-educated in systems and methods of security, I found that you could never really be secure until you give up some privacy, which is the trade off. You make that decision.<br /><br />Thank you for your consideration and well composed and thoughtfully contemplated questions, Anthony!<br /><br />Conclusion<br /><br />The Infosec Island community is extremely grateful at this opportunity to glean some of Steven's expertise and vast experience, and we appreciate his time and efforts!Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-55094550389293917832010-06-26T04:56:00.000-07:002010-06-26T05:03:33.923-07:00Police Warn of Smartphone Scanner AppsDuring a city-wide sweep for gang members and drug dealers last week, the Oakland (Calif.) Police Department confiscated several cellular phones loaded with an application that could stream the department’s police radio system. The software app is one of several available for iPhones and other smartphones that stream public safety radio audio obtained from scanner radios via the Internet. OPD has not said if the apps were actually running on the smartphones, or if any suspects were able to avoid arrest from hearing police radio broadcasts. However, in a bulletin notice to officers, the department warned officers that criminals are able to monitor the city’s 800 MHz trunked radio system from smartphones, and to use caution when transmitting confidential information.<br /><br /><br />Article posted at Dispatch Magazine On-Line - http://www.911dispatch.com<br />Link to full story: http://www.911dispatch.com/2010/06/police-warn-of-smartphone-scanner-apps/Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-46782037890380550332010-04-15T14:03:00.000-07:002010-04-15T14:06:16.680-07:00Smartphones won't take off as true enterprise devices (beyond e-mail) until companies start investing in security.I thought this article very relevant. If your mobile device is secure - enterprises won't be adopting. <br /><br /><br /><span style="font-weight:bold;">Practical Analysis: Why There's No Enterprise 'App For That'</span><br /><br />Smartphones won't take off as true enterprise devices (beyond e-mail) until companies start investing in security.<br /><br />By Art Wittmann<br />InformationWeek<br />April 12, 2010 12:00 PM (From the April 12, 2010 issue)<br /><br />A lot happens in two years, particularly in the world of smartphones and mobile applications, or at least it seems that way with all the noise about upgraded networks and fancier handsets. When we did our first survey on mobile device management two years ago, the iPhone 3G was barely out and the BlackBerry Curve was all the rage. Enterprise deployment of smartphones was in full swing: 56% of survey respondents had supplied smartphones to up to 25% of their employees, 27% had given them to 26% to 50% of employees, 11% had them out to 51% to 75%, and 6% had equipped every employee with smartphones. The vast majority of those devices were BlackBerrys, and they were used mainly for e-mail and calendar management.<br /><br />Now two years later (full report to come later this summer), with widely available 3G networks, you'd think that the devices would be more widely used and that the applications would be richer and more varied. You'd be dead wrong. Within the accuracy of our survey, which is within five percentage points, the extent of deployment and the applications in use on smartphones are practically identical to what they were in 2008. E-mail is still the main use by a large margin, and whereas just 30% used a smartphone for job-specific applications in 2008, 31% now report such use. The fraction of employees with smartphones remains the same; they still use mostly BlackBerrys.<br /><br />More Insights<br />Whitepapers<br /><br />* Automating Virtualization Management: Critical Management Practices for Next Generation Data Center<br />* Beyond Reporting Delivering Insights with Next-Generation Analytics<br /><br />Webcasts<br /><br /> * Wireless Security – What Hackers Know That You Don’t<br /> * Real-Time Goes Prime Time: Seize the Moment with Event Processing<br /><br />Reports<br /><br /> * Google Rethinks The Operating System<br /> * How To Manage Risk In Tough Times<br /><br />Videos<br />Bay Area Internet Solutions Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2 Al Williams gives you a demor of One-Der: The One Instruction CPU<br />Raja Hammound, Group Product Manager at Adobe, at Enterprise 2.0 2009 giving a demo of Adobe LiveCycle ES2<br />It could be that there's limited call for job-specific applications, and that over the past two years those applications have grown from rudimentary designs to more robust enterprise tools. But it seems highly unlikely that everyone who wanted to start down the mobile app path had done so before 2008.<br /><br />So why do we see such stagnation? Device management is still a work in progress by any measure, even though it's clear that you see the need for it. Whereas in 2008, 52% of you said security was the reason to deploy mobile device management, that's now up to 73%, with the next highest response coming in at 10%. And therein lies the problem.<br /><br />While the vast majority of you say that unmanaged devices are a security risk, 61% of those not implementing device management identify staffing resources as an issue, up from 46% in 2008; and 32% of you now see mobile device management as too expensive, up from 26%. Simply put, for many organizations IT budgets have been too tight over the past two years to allow them to tackle mobile device security, and until those issues are addressed, few shops are likely to step step up their development or deployment of job-specific applications beyond e-mail and the basic productivity tools that come with the BlackBerry.<br /><br />This is just one of many examples that have played out in our research recently. It's becoming clearer and clearer that through the depths of this recession, the lack of staff and money to do security right has (correctly) led many organizations to shelve projects that would otherwise be highly beneficial to the business. As the economy improves, however, those same organizations must understand that if the lack of security could stop key business initiatives, then its presence should now be seen just as much as an enabling technology. The days when the value of security was viewed as too difficult to quantify should be behind us.<br /><br />Art Wittmann is director of InformationWeek Analytics, a portfolio of decision-support tools and analyst reports.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-75930037858673732612010-01-19T10:52:00.000-08:002010-01-19T10:54:05.770-08:00Smartphones need smart security practicesYes, it's 'blue and plays music,' but that cute smartphone is also a serious computer that must be secured<br />By Mary Brandel<br />January 18, 2010 06:00 AM ET<br /><br />Computerworld - As vice president of IT at Windsor Foods in Houston, Stephan Henze has to stay one step ahead of the latest IT trends. That's why he's spending a lot of time thinking about securing and deploying smartphones enterprisewide. The company had only a few-dozen smartphones just a short time ago, but IT now manages about 100 of them, and Henze foresees substantial growth in the near future.<br /><br />The task of securing smartphones keeps getting hairier, Henze says, while the company's need for mobile communications grows stronger, even on the shop floor, where maintenance engineers will soon receive automatic SMS alerts on their phones.<br /><br />He's not sure he can continue to enforce the company policy of supporting only Windows Mobile-based phones, yet nonstandard devices will complicate his security efforts. He is well aware that for some people, a smartphone is a fashion statement. "With PCs, I was able to tell them we're not a Mac environment, but I'm not sure I can do that with phones down the road," he says.<br /><br />Henze is among a growing number of IT and security leaders grappling with the challenge of securing these increasingly popular devices. The primary concern, of course, is the risk of exposing sensitive data if a phone or removable memory card is lost or stolen. Data can also be exposed if a phone is sold or sent in for repairs without its memory first being erased.<br /><br />There's also the risk that VPN-connected devices could expose corporate networks to hacker and malware intrusions. And there's a growing potential for viruses to attack the phones themselves through SMS hacks and other exploits. "If I take your device and muck around with it, what if the VPN is set up on it?" asks Philippe Winthrop, an analyst at consultancy Strategy Analytics Inc. "It's a huge risk not being dealt with enough today."<br />10 smartphone security risks<br /><br />Here's a look at 10 common smartphone security risks, with tips for dealing with them from Gartner analyst John Girard:<br /><br />1. No configuration management plan.<br />Tip: Responsibility for managing smartphones should be given to the same staffers who provision and manage PCs.<br /><br />2. No power-on password, or a weak password policy.<br />Tip: Several vendors' device management consoles allow you to configure password complexity rules and password reset questions and answers.<br /><br />3. No inactivity timeout/auto-lock.<br />Tip: Timeout policies should be enforced over the air through your device management console, so that the enterprise can maintain near-real-time control.<br /><br />4. No auto-destruct/data-wiping plans.<br />Tip: Two methods should be used: over-the-air commands and locally initiated wipes. The latter should occur after a password has been entered incorrectly a certain number of times or when a device has been off the network for a predefined amount of time.<br /><br />5. No memory encryption rules.<br />Tip: Major enterprise smartphone operating systems provide settings for enforcing encryption.<br /><br />(continues on next page)<br /><br />Complicating matters, users are apt to view smartphones as their own personal gadgets, not something IT should control. "There's a deep underlying current of 'This is my mobile device,' " says John Girard, an analyst at Gartner Inc. A user will often see his smartphone as something that's "blue and plays music," not as an asset that needs to be secured, he says.<br /><br />Smartphones' multimedia capabilities raise other concerns, Girard says. For instance, company policy might prohibit moving corporate documents to external media, but is there a policy that governs using a smartphone to take photographs in the office or record meetings?<br /><br />Many companies try to take control by purchasing standard phones for employees -- a move that at least enables them to support just a single operating system. But even then, users may adhere to the standard only loosely, says Paul DeBeasi, an analyst at Burton Group. "I see employees who have the company phone in their left pocket and their personal phone in their right," he says.<br /><br />Indeed, in a recent study of 300 companies in the U.S. and Europe by Good Technology Inc., a vendor of mobile security and management tools, nearly 80% of the respondents reported an increase in the number of employees who wanted to bring their own devices into the workplace in the past six to 12 months, and 28% reported a data breach because of an unauthorized device. <br /><br />To view the whole article, select this URL. http://www.computerworld.com/s/article/345297/Smartphones_Need_Smart_SecuritySecurhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-88283996595730667252009-12-28T09:11:00.001-08:002009-12-29T12:51:18.625-08:00SecurDigital, Inc. announces a reseller agreement with WC2I, LLC., for SecurVoice© Privacy Edition.FOR IMMEDIATE RELEASE<br /><br />Washington, DC., December 28, 2009 - SecurDigital, Inc. (SD), the master reseller for the market and technology leader in secure communications with SecurVoice©, announced today the reseller agreement with WC2I, LLC. (WC2I) for the SecurVoice© Privacy Edition. SecurVoice© is the world’s first completely secure voice, data and video encryption communication solution designed for government and enterprise customers who require communications privacy (ex. Health Care. Legal, Financial Services) and is now available to all corporations, companies and individuals, world-wide, through http://www.wc2i.com.<br /><br />SecurDigital is expanding rapidly by partnering with foundation partners whose customers require secure communications. WC2I will be providing SecurVoice© Privacy Edition, v1.0, utilizing the VOIP (data channel) function on the Blackberry 8830, 96xx or Tour, running version 4.5 OS and up, which interacts with the SecurVoice© Enterprise servers (SaaS Hosted) running at Rackspace Managed Hosting (a Sarbanes/Oxley, SaaS 70 and Symantec certified MSP), or locally at EHIINSM. Customers may also purchase and install their own Enterprise Servers in their environment. The v2v (Voice2Voice) function will be available in Q110. SecurVoice© was designed to meet the GSA’s FIPS 140.2 compliance validation and the certification process is underway. US customers who require a FIPS certified system may place an order and will be notified when the certification has been completed by the NSA.<br /><br />"WC2I,LLC. specializes in physical security assessments, executive security awareness and training, and researching security requirements for companies worldwide. Our approach to solutions is to only recommend services, equipment, and capabilities appropriate to the needs of the client, without limiting them to a single brand. This allows us to tailor our recommendations to the client and the environment, and not lock them or us in to a single product line. Unlike many of our peers who focus only on sole-source solutions, we deliver the right mix of products to create a specifically-tailored solution to our client’s security requirements. SecurVoice© is a welcome addition to our capability.” said Stephen Weatherford, President of WC2I,LLC.<br /><br />“We welcome WC2I to the Securfamily as a preferred partner to promote, distribute and support SecurVoice©, specifically for our Asia/Pac customers.” said Bruce Magown, CEO, SecurDigital, Inc. “The partnership with W2CI allows us a personalized introduction with our prospective customers in the Asian/Pacific region; working primarily with governments, carriers, world corporations. This is essential to accomplish the rapid growth, technology adoption and market share we are focused on. W2CI’s capabilities and established relationships allow us to accelerate our market demographics with a very strong partner.” said Magown.<br /><br />SecurVoice©, by The Genesis Key, Inc., secures whatever platform you are using. Securing multiple, distributed platforms allows a cellular user to call to a satellite user or a VoIP caller to access someone in on a Blackberry – there are no boundaries on how or on what platforms clients deploy. SecurVoice© is the one simple solution that works across all platforms. SecurVoice© Solutions are available in different configurations that provide maximum flexibility. From supporting a small group of devices to an Agency-wide installation, SecurVoice© solutions fit any requirement.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-54628246607321448902009-12-19T04:31:00.000-08:002009-12-19T04:33:02.679-08:00Militants have been recording video from US Predator drones in Iraq and Afghanistan using laptops and $30 software; total lack of encryptiPredator drones use less encryption than your TV, DVDs<br /><br />Militants have been recording video from US Predator drones in Iraq and Afghanistan using laptops and $30 software, thanks to a total lack of encryption. <br />By Nate Anderson | Last updated December 17, 2009 11:13 AM<br /><br /><br />What three-letter Internet acronym best fits the bizarre news out of Iraq and Afghanistan that militants there have been intercepting US Predator drone video feeds using laptops and a $30 piece of Russian software: LOL, WTF, or OMG?<br /><br />Actually, all three are appropriate for something this farcical, horrible, and brain-numbing. The reason that the transmissions could be picked up easily by a cheap satellite recording program? They were broadcast in the clear between the drone and ground control. That's right—no encryption was used.<br /><br />Perhaps, you might be thinking to yourself in a mental bid to make the military seem competent here, no one could have suspected this would happen. But they did suspect it, because it had been happening for a decade already. The Wall Street Journal, which broke the story, included this tidbit in its report: "The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The US government has known about the flaw since the US campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said."<br /><br />After finding various laptops containing hours of recorded drone footage, the military has at last moved to encrypt the downlink between the drone and ground control, but there are problems. Not with encryption technology, which is robust, but with the fact the military 1) did not use encryption at the beginning and retrofitting is hard, and 2) the Predator's maker uses some proprietary communications gear, so off-the-shelf encryption tools don't all work.<br /><br />The sad but inevitable comparison has to be drawn here with consumer electronics. Blu-ray discs, which use the AACS control scheme, feature a new DRM scheme of bewildering complexity in an attempt to thwart pirates.<br />Encryption, Hollywood style<br /><br />Operating system vendors have built entire "protected path" setups to guard audio and video all the way through the device chain. TVs and monitors now routinely use HDCP copy protection to secure their links over HDMI cables. Game consoles are packed with encryption schemes to prevent copied games from playing. Microsoft even goes out of its way to add encryption when Windows Media Center records unencrypted over-the-air TV content. Even the humble DVD, with its long-since-breached CSS encryption, offers more in the way of encryption.<br /><br />But US drones, which spy on militants and rain down death from a distance, have none. The mind boggles, as it seems like the situation should be totally reversed: no encryption on legally-purchased content, more encryption on devices designed to watch and kill human beings.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-79263172947936370752009-12-12T03:51:00.000-08:002009-12-12T03:52:17.666-08:00Security firm H4RDW4RE launches open source project to crack GSM encryptionby Andrew Munchbach on December 9th, 2009 at 1:04pm<br />Filed under: GSM, News 21 Comments<br /><br />GSM Encryption<br /><br />It has been long argued that the A5/1 encryption standard used to secure GSM traffic from eavesdropping is, in fact, insecure, and California based security firm H4RDW4RE is pioneering an effort to hammer that point home by cracking the encryption scheme. The A5/1 cipher is based on a 64-bit key — each cell phone has a 64-bit secret key which is also known by the connected GSM network. When you initiate a call the GSM network uses the secret key to generate a session key and encrypt your phone call. H4RDW4RE’s approach will be to crack this session key using a compressed and custom version of the A5/1’s 128-petabyte code book. Yikes. The aim of the project is to: take the vast code book and compress it down to around 2 or 3 terabytes of data, organize the data into rainbow tables, have these tables searched by a free P2P open-source program (much like SETI@home) in order to cipher session keys. Session keys will, theoretically, provide the ability to decrypt and listen in on GSM phone calls. H4RDW4RE’s goal is to push GSM vendors to finally admit that the technology is flawed and move to the more secure A5/3 code book, which is a 128-bit cipher, and already used by newer cellular technologies such as UTMS. Pretty powerful way to send a message, it sure does beat a letter writing campaign… Hit up the article for more details about the project.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-44132310194998288562009-12-07T07:01:00.000-08:002009-12-07T07:03:42.013-08:00W. Steven Garrett, Chairman, The Genesis Key, speaks on secure communication solutions interoperability at the Conference on Global PreparednessSecurVoice© target markets include the world’s first totally secure, wireless, digital communications software only solution, for security and INTEROPERABILITY over wireless/VoIP communications. AVAILABLE TO ALL: EMERGENCY MANAGERS / FIRST RESPONDERS / EMS / FIREMEN / NATIONAL GUARD / STATE AND LOCAL LAW ENFORCEMENT / CRISIS MANAGERS / FEMA / DHS / HHS / SPORT TEAMS / CELEBRITIES / ETC<br />FOR IMMEDIATE RELEASE<br /><br />Washington, DC., December 07, 2009 - The Genesis Key, Inc. (GK), the market and technology leader in secure communications with SecurVoice©, announced today W. Steven Garrett, Chairman, The Genesis Key, will be presenting SecurVoice©, the world’s first completely secure voice, data and video encryption communication solution designed for government and enterprise customers who require communications privacy at the 3rd Annual Conference on Global Preparedness in Melbourne, Fl. The Global Center for Preparedness at Florida Institute of Technology hosts the 3rd Annual Conference on Global Preparedness, featuring top leaders in business, industry, government, non-profits and academics gathered to address security and preparedness from a global perspective.<br /><br />"At this year’s conference, you will hear speakers from public sectors and private industry, higher education, state, national and foreign governments—all presenting innovative practices and emerging technologies designed to protect and preserve national and global assets and human lives. Major topics will include emergency response, the economy, cyber-security, human factors and secure technology—raising the bar from sustainable to resilient. Presentations will show how these areas are interconnected to identify the challenges we face today as well." said Dr. Clifford R. Bragdon, AICP, FASA.<br /><br />”Genesis Key has upped the ante considerably here. In a sudden leap, this innovative new product has shaken off the complexity of unified communications and has taken the lead in terms of ease of use, security and interoperability. Starting with simple encryption techniques in a Java-based application, Genesis Key has introduced SecurVoice© Privacy Edition, the next-gen secure digital data transmission solution, which takes the focus away from hardware or firmware centric smartphone offerings and provides a Solution that is application platform, operating system, device and carrier independent. SecurVoice© delivers encrypted voice, data or video transmission from any device to any device(s), with selectable encryption algorithms - allowing any agency to literally deploy “Secur Communications” across all devices." said W. Steven Garrett, Chairman, The Genesis Key, Inc.<br /><br />SecurVoice©, by The Genesis Key, Inc., secures whatever platform you are using. Securing multiple, distributed platforms allows a cellular user to call to a satellite user or a VoIP caller to access someone in on a Blackberry – there are no boundaries on how or on what platforms clients deploy. SecurVoice© is the one simple solution that works across all platforms. SecurVoice© Solutions are available in different configurations that provide maximum flexibility. From supporting a small group of devices to an agency-wide installation, SecurVoice© solutions fit any requirement.Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-48592868118200368202009-11-25T06:16:00.000-08:002009-11-25T06:18:15.247-08:00So Much Data, So Little Encryption<div class="storyDekFull" style="background-color: white; margin-left: 0px;"> We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand. </div> <!-- / teaser (dek) copy --> <span class="byLine" style="margin-left: 2px;"> By Michael A. Davis
<br /><span id="courtesyOf" style="margin-left: 2px;"> <!-- remove http:// substring (if present) from the url --> <a href="http://www.informationweek.com/;jsessionid=DG1E5IJ4DEETRQE1GHRSKH4ATMY32JVN" target="_blank"> </a></span></span>
<br /><span class="storyDate" style="margin-left: 2px; line-height: 20px;"> <nobr> November 21, 2009 12:00 AM (From the November 23, 2009 issue) </nobr> </span>
<br /><!--body--> <p><span id="articleBody"><div class="IntelliTXT">If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure--86% of the the 499 business technology professionals responding to our <i>InformationWeek Analytics</i> State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices. And 31%--more than any other response--characterize the extent of their use as just enough to meet regulatory requirements. </div></span></p> <p> </p><p> <link rel="Stylesheet" rev="Stylesheet" href="http://i.cmpnet.com/informationweek/article/mspoke_widgets.css" type="text/css"> <script type="text/javascript"> function showDesc(img) { var element = document.getElementById("videoBoxDisplayAreaText"); if(element) element.innerHTML = img.alt; }; </script> <!-- mSpokeSection: [recommendations?channels=whitepaper:2,webcast:2,report:2,video:3&itemid=221900355&cid=sec] --> </p>The reasons for this dismal state of affairs range from cost and integration challenges to entrenched organizational resistance exacerbated by a lack of leadership. The compliance focus is particularly galling. Encrypting a subset of data amounts to a "get-out-of-jail-free card" because it may relieve companies from having to notify customers of a breach. But knowingly doing the bare minimum to check a compliance box isn't security; it's a cop-out. <p> Admittedly, IT pros often face stiff resistance when they try to do more. "Our IT staff is working to increase the use of encryption, but frankly, users are more interested in quick and easy access to their data and don't really think about security," says one respondent. "The idea of getting data on a flash drive or laptop encrypted never enters the minds of most of the staff, from the director on down." </p> <p> We say entrenched resistance because this isn't a new phenomenon--back in 2007, a Ponemon Institute survey found that just 16% of U.S. companies take an enterprise-wide approach to encryption. <i>Network Computing</i> examined the state of enterprise encryption at the time and found adoption to be a gradual process, often starting with backup tapes and spreading from there. A piecemeal approach was the norm then, and we're still moving in fits and starts, despite the momentum generated by compliance frameworks such as PCI, which requires encryption of credit card data in transit. </p> <p> <strong>The Interoperability Factor</strong></p> <p> Part of the problem is that standards efforts have yielded exactly zero breakthroughs where we need them most--in interoperability, which would make encryption management easier and less expensive. We don't expect that situation to get better anytime soon. </p> <p> When we asked IT pros what would increase their companies' use of encryption, responses ranged from built-in operating system support for creating encrypted files and folders (something Microsoft is working toward, as we'll discuss) to improved ease of use and performance, lower cost, and better key management. A few desperate souls wished for <i>more</i> regulation, or even a breach that would require notification of customers, to use as leverage for gaining funding and management buy-in. </p> <p> "I'd like to think that it would only take the force of will to do the right thing," says a network director at an educational institution. "In reality, it would probably require a breach or exposure to shine the light on the problem."</p> <p> Our favorite response: "I wish I knew so I could exploit it."</p>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-83042922446787306652009-11-19T10:35:00.000-08:002009-11-19T10:38:34.364-08:00The Genesis Key announces a reseller agreement with EHI-INSM, Inc., for SecurVoice© Privacy Edition<p><span style="font-size:85%;"><strong><span style=";font-family:verdana;" >Washington, DC., </span></strong><span style=";font-family:verdana;" >November 16, 2009 - The Genesis Key, Inc. (GK), the market and technology leader in secure communications with <strong><span style="font-family:verdana;">Secur</span></strong>Voice©, announced today the reseller agreement with EHI-INSM, Inc. (EHIINSM) for the <span style="font-family:verdana;"><strong>Secur</strong>Voice© Privacy Edition. <strong>Secur</strong>Voice© is the </span>world’s first completely secure voice, data and video encryption communication solution designed for government and enterprise customers who require communications privacy (ex. Health Care. Legal, Financial Services) and is now available to all corporations, companies and individuals, world-wide, through </span><a href="http://www.ehiinsm.com/"><span style=";font-family:verdana;color:black;" >www.ehiinsm.com</span></a><span style=";font-family:verdana;" >.</span></span></p> <p><span style="font-size:85%;">The Genesis Key, Inc. is expanding rapidly by partnering with foundation partners whose customers require secure communications. EHIINSM will be providing <strong><span style="font-family:verdana;">Secur</span></strong><span style="font-family:verdana;">Voice© Privacy Edition</span>, v1.0, utilizing the VOIP (data channel) function on the Blackberry 8830, 96xx or Tour, running version 4.5 OS and up, which interacts with the <strong><span style="font-family:verdana;">Secur</span></strong><span style="font-family:verdana;">Voice</span><strong><span style="font-family:verdana;">© </span></strong>Enterprise servers (SaaS Hosted) running at Rackspace Managed Hosting (a Sarbanes/Oxley, SaaS 70 and Symantec certified MSP), or locally at EHIINSM. Customers may also purchase and install their own Enterprise Servers in their environment. The v2v (Voice2Voice) function will be available in Q110. <strong><span style="font-family:verdana;">Secur</span></strong><span style="font-family:verdana;">Voice© </span>was designed to meet the GSA’s FIPS 140.2 compliance validation and the certification process is underway. US customers who require a FIPS certified system may place an order and will be notified when the certification has been completed by the NSA.</span></p> <p><span style="font-size:85%;"><span style=";font-family:verdana;" >“EHIINSM has a vast amount of experience in the IT Security space as well, providing integrated solutions for global enterprise clients, encompassing firewalls, vulnerability analyses, intrusion detection systems, and anti-piracy media protection products (Cerebus Media Security™) for our clients, helping them to avoid critical breaches and proactively assess future concerns in an automated fail-safe manner.” said Mike Stollarie, CEO, EHI-INSM, Inc. “Unlike our competition, who focus only on point solutions, we deliver a synergistic blend of products that deliver a cohesive solution, which is tailored to our client’s requirements.<strong> Secur</strong></span><span style=";font-family:verdana;" >Voice© is a welcome addition to the family.” said Stollaire.</span></span></p>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-70522658689637892492009-11-03T09:59:00.000-08:002009-11-03T10:01:02.634-08:00Android's Smartphone Battle - CNBC.com<div style="font-family: verdana;" class="news-article"> <h2 style="color: rgb(0, 0, 0);"><span style="font-size:100%;"><a href="http://www.linkedin.com/news?viewArticle=&articleID=82405247&gid=2237393&articleURL=http%3A%2F%2Fwww%2Ecnbc%2Ecom%2Fid%2F15840232%3Fvideo%3D1310356083%26play%3D1&urlhash=Ahhb&trk=news_discuss" title="Read article" class="news-TEXT_">Android's Smartphone Battle - CNBC.com</a></span></h2> <p style="color: rgb(0, 0, 0);"><span style="font-size:100%;"><strong>From:</strong> <cite>Gartner</cite> | November 02, 2009. New Security in android not working yet... <a href="http://www.linkedin.com/news?viewArticle=&articleID=82405247&gid=2237393&articleURL=http%3A%2F%2Fwww%2Ecnbc%2Ecom%2Fid%2F15840232%3Fvideo%3D1310356083%26play%3D1&urlhash=Ahhb&trk=news_discuss" title="Read article" class="callto">Read more at Gartner »</a></span></p> <blockquote style="color: rgb(0, 0, 0);" cite="http://www.cnbc.com/id/15840232?video=1310356083&play=1"> </blockquote> <div class="poster"><ul style="color: rgb(0, 0, 0);" class="meta"><li class="who"><span style="font-size:100%;">By <span id="yui-gen0" class="miniprofile-container http://www.linkedin.com/miniprofile?vieweeID=12715678&context=anet&view miniprofile-initialized" tracking="mp_commenter"><strong><a href="http://www.linkedin.com/profile?viewProfile=&key=12715678&authToken=PTjS&authType=name">W. Steven Garrett</a></strong></span>, Chairman at The Genesis Key, Inc.</span></li></ul><span style="font-size:100%;">This article was submitted on November 02, 2009 at 08:45 AM PST</span> </div> </div> <div style="font-family: verdana;" class="comments"> <ol class="comment-list"><li class=""> <div id="0-comment-view"> <div class="details" id="comment_1"> <p class="comment"><span style="font-size:100%;"> SecurVoice by www.SecurDigital.com is addressing two distinct customer segments; Consumer Markets first and then Federal and State. Although our products have broad application, we have targeted the Banking Institutions, Financials Services, and Legal Confidentiality corporate market concerns, plus the US Government needs of Privacy (128-bit encryption) as our initial area of focus.<br /><br />Strategic and channel vendors with consumer distribution capabilities will be approached first. The proceeds from this raise will be utilized for product development and to build sales, marketing and support resources for these sectors. In the Federal and State initiative, SecurVoice will work to attain both Secret and Top Secret Certification from the U.S. Government and the NSA. </span> </p> <div class="commenter"><span style="font-size:100%;">By <span id="yui-gen1" class="miniprofile-container http://www.linkedin.com/miniprofile?vieweeID=12715678&context=anet&view miniprofile-initialized" tracking="mp_poster"><strong><a href="http://www.linkedin.com/profile?viewProfile=&key=12715678&authToken=PTjS&authType=name">W. Steven Garrett</a></strong></span> Chairman at The Genesis Key, Inc.</span></div> <p class="meta"><span style="font-size:100%;"> posted <a href="http://www.linkedin.com/newsArticle?viewDiscussion=&articleID=82405247&gid=2237393&comment=1#comment_1" title="Permanent link to this comment">1 day ago</a></span> </p> </div> </div> </li></ol> </div> <div class="d-form" id="comment-form"> <form action="/newsArticle" method="POST" charset="UTF-8" name="newsDiscussionForm" id="add-comment-form"> <input name="csrfToken" value="ajax:-1990344344763274628" type="hidden"></form></div>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-87994997341098956302009-11-03T09:45:00.000-08:002009-11-03T09:48:52.336-08:00Differences between Rim's solutions, including BlackBerry Enterprise Server and Microsoft Mobile Solutions<span style="font-family: verdana;font-size:100%;" ><span style="font-size: 10pt;">Found this free guide discusses the differences between Research in Motion's solutions, including BlackBerry<st1:city st="on"><st1:place st="on"> Enterprise</st1:place></st1:city> Server, and Microsoft Mobile Solutions, including Microsoft Exchange Server. Read as experts compare and contrast administrator experience and user experience regarding various features and functionalities.</span><br /><span style="font-size:85%;"><br />http://rapidrequest.emediausa.com/2/Go.aspx?Xinb6a90G7qYnUqYnrXL/GX6UkiU9uSzBMggFgQQ8h0=</span></span>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-57243193597285105372009-10-23T06:53:00.000-07:002009-10-23T06:56:33.224-07:00Just How Safe Is Mobile Banking? | Bank News, Bank Deals, My Bank Tracker Source: mybanktracker.com<a style="color: rgb(20, 102, 52); font-size: 14pt; font-weight: 100;" title="blocked::http://shar.es/1ODeF" href="http://shar.es/1ODeF">Just How Safe Is Mobile Banking? | Bank News, Bank Deals, My Bank Tracker </a><br /><span style="font-size:85%;color:#333333;">Source: mybanktracker.com </span><br /><br /><br /><h1 class="subtle">Just How Safe Is Mobile Banking?</h1> <h4><script type="text/javascript">tweetcount_url='http://www.mybanktracker.com/bank-news/2009/10/12/just-how-safe-is-mobile-banking/';tweetcount_title='Just How Safe Is Mobile Banking?';tweetcount_short_url='http://bit.ly/MM26X';tweetcount_cnt=8;tweetcount_src='RT @mybanktracker';tweetcount_via=false;tweetcount_links=true;tweetcount_background='95DD3C';tweetcount_border='80B62A';tweetcount_api_key='R_daaf68af2448b4b6cee612bb54ead293';</script><div style="float: left; margin-top: 10px; margin-right: 10px;"><script type="text/javascript" src="http://widgets.backtype.com/tweetcount.js"></script><iframe src="http://widgets.backtype.com/tweetcount?url=http%3A//www.mybanktracker.com/bank-news/2009/10/12/just-how-safe-is-mobile-banking/&short_url=http%3A//bit.ly/MM26X&cnt=8&src=RT%20%40mybanktracker&via=false&links=true&title=Just%20How%20Safe%20Is%20Mobile%20Banking%3F&api_key=R_daaf68af2448b4b6cee612bb54ead293&background=95DD3C&border=80B62A" allowtransparency="true" scrolling="no" frameborder="0" height="60" width="52"></iframe></div></h4><p>Word is out that mobile banking may soon become the new black. <span id="more-5123"></span>Account balance and recent transaction inquiries, and fund transfers may be the most common mobile banking transactions nowadays, but with the development of better and more advanced phone banking applications, it certainly won’t be long before <a href="http://www.mybanktracker.com/bank-news/2009/09/30/mobile-banking-may-replace-your-local-branch/">you’re using your phone more than your local branch</a> for banking matters.</p> <p style="text-align: center;"><a href="http://static.mybanktracker.com/bank-news/wp-content/uploads/2009/10/3348672504_62accd4a99.jpg" onclick="pageTracker._trackPageview('/outgoing/static.mybanktracker.com/bank-news/wp-content/uploads/2009/10/3348672504_62accd4a99.jpg?referer=http://www.fiercefinanceit.com/story/what-should-you-be-telling-customer-about-mobile-security/2009-10-15');"><img class="aligncenter size-full wp-image-5190 border-all" title="3348672504_62accd4a99" src="http://static.mybanktracker.com/bank-news/wp-content/uploads/2009/10/3348672504_62accd4a99.jpg" alt="3348672504_62accd4a99" height="340" width="500" /></a><a style="color: rgb(255, 255, 255); text-decoration: none; background-color: rgb(0, 99, 220);" title="Link to Asiacamera's photostream" href="http://www.flickr.com/photos/asiacamera/" target="_blank" onclick="pageTracker._trackPageview('/outgoing/www.flickr.com/photos/asiacamera/?referer=http://www.fiercefinanceit.com/story/what-should-you-be-telling-customer-about-mobile-security/2009-10-15');">Asiacamera</a></p> <p>If you think about it, it’s not surprising at all that more people would be encouraged to take up mobile banking. It is after all, the ultimate in banking convenience. Even when you’re on a road trip or having fun under the sun in the Caribbean, a forgotten payment due date or an account running low on funds isn’t that much of a problem as payments and transfer are just a few cell phone keys away. But once you’ve established how convenient and time-saving the technology is, you’d most likely ask yourself, “How safe is mobile banking?”</p>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0tag:blogger.com,1999:blog-8783752233019957671.post-73472797955351943272009-10-23T01:51:00.000-07:002009-10-23T01:53:36.592-07:00The Genesis Key, Inc. announces the formation of the SecurDigital companies, world-wide, to support SecurVoice Comunications Solutions<p><span class="style238">The Genesis Key, Inc. announces the formation of the Secur</span><span class="style30">Digital </span><span class="style238">companies, world-wide, to support the promotion, distribution and support of the “Secur</span><span class="style30">Voice©</span><span class="style238"> Privacy Edition”, which provides secure communications for the Health Care, Emergency Management, Banking, Financial, Technology, Energy, Utilities, Gas and Oil Institutions – all corporations, companies and individuals with an attractive new pricing model.</span></p> <p style="margin-bottom: 0pt;"><strong>Washington, DC., October 7, 2009</strong> - The Genesis Key, Inc. (GK), the market and technology leader in secure communications with <strong>Secur</strong>Voice©, the world’s first completely secure voice, data and video encryption Solution announced today that <strong>Secur</strong>Voice© Privacy Edition, designed for government and enterprise customers who require communications privacy (ex. Health Care. Legal, Financial Services) is now available to all corporations, companies and individuals, locally, through www.securdigital.com. </p>Securhttp://www.blogger.com/profile/17301915014748421255noreply@blogger.com0