Business News Holding

Tag: security

  • Samsung Launches "Industry First" Self-encrypting SSDs


    Samsung Electronics has unveiled what it claims are the first hardware-based self-encrypting solid-state drives.

    To be available in 256-, 128- and 64-GB versions, the SSDs provide full-disk encryption using Wave Systems’ technology, which activates and manages the encryption.

    Dell has already said that it will use the drives in its next laptops.

    Despite the improved security, Samsung maintains the SSDs’ performance is not affacted.

    It says the encryption provides better security than the software alternative, because encryption keys and access credentials are generated and stored within the drive hardware, making it more difficult to hack.

    Each Samsung self-encrypting SSD will come bundled with Wave’s EMBASSY Trusted Drive Manager, which provides pre-boot authentication to the drive and enrolling drive administrators and users.

    Jim Elliott, memory vice president, Samsung Semiconductor, said the SSD drives offered business users the best of performance and security in a single drive.

    "Samsung has combined the tremendous performance advantages of solid state technology with integrated hardware encryption for drives designed especially for today’s ‘road warrior’ professionals," he said.

  • Three Quarters Of Organisations To Increase Cloud Computing Security


    A survey by Infosecurity Europe of 470 organisations has found that 75 per cent intend to reallocate or increase budgets to secure cloud computing and software as a service within the next 12 months.

    However, interviews conducted with a panel of 20 chief information Security Officers (CISOs) of large enterprises also found concerns about availability and security aspects of software services in the cloud.

    They were especially concerned about the lack of standards for working in the cloud, SAAS and secure internet access, all of them said that they would welcome the development of guidelines in this area.

    Tamar Beck, group event director of Infosecurity Europe, said cloud computing and SAAS have a pivotal role to play in today’s evolving environment.

    CIOs are being challenged to add value to the business and CISOs required to ensure that new services are reliable and secure.

  • INTERVIEW: PC's Problems Will Come To Mobiles


    The BBC was recently criticised for scaremongering about the threat mobile viruses posed to smartphones, particularly those operating on the Symbian platform.

    F-Secure was one of two anti-virus software companies quoted by the BBC – the other was Adaptive Mobile.

    So it was interesting for smartphone.biz-news to speak with Samu Konttinen, vice president of mobile solutions at F-Secure, to hear his views on the danger of viruses to smartphones.

    To put things in context, he began by saying it was inevitable that some of the PC’s problems would come to mobiles.

    This is made ever more likely as increasing numbers of people use powerful multimedia handsets, particularly for mobile browsing.

    "When the mobile phone is used to browse the Internet, then users get exposed to the same Internet problems as PCs," he said.

    "It is relatively naive to think that threats will suddenly disappear when you access the Internet with a mobile browser," he said. "It’s the very same Internet."

    PC or Mobile – The Internet Is Risky

    With that in mind, Konttinen described the Internet as a relatively dangerous place – and said the threat is growing.

    Between 1986 and 2007, there were an estimated 500,000 viruses on the Internet.

    He said that figure has doubled in the past year.

    "A lot of things are happening. Before it was mostly students trying to hack into databases to show they could do it," he said.

    "The ‘industry’ has changed. Now it’s mostly criminals building viruses to make money."

    When it comes to cell phones, Konttinen said the picture is also shifting.

    Previously, the problems centred around phones and SMS.

    So far only around 400 mobile viruses have been detected – a tiny sum compared to the Internet.

    Konttinen said that for this reason it is important not to "hype up" the threat.

    But even though the risk isn’t as severe as on the Internet it doesn’t mean people should be complacent.

    Earlier this month F-Secure launched a new version of its smartphone security solution, introducing an anti-theft feature that includes easy remote locking and wiping of confidential data if the phone is lost or stolen.

    "We think that certain elements, the key foundation of cyber crime in the PC world, will work in mobiles as well," he said.

    Konttinen said that convergence made it more likely that security risks found in PCs would be replicated in mobiles.

    "It would be foolish to think that the mobile ecosystem will be entirely the same as the PC one, but many of the security issues will be relatively similar," he said.

    Bigger Targets, Bigger Risk

    The explosion in mobile penetration means it is inevitable that malware writers will gravitate towards them.

    "If there are volumes, there is motivation," said Konttinen.

    Gartner, the industry analyst, forecasts that there will be four billion mobiles compared with 1.3 billion computers by 2010.

    However, Cloudmark, a messaging security company, recently estimated that penetration of smartphones needs to reach 20 per cent to 30 per cent before it becomes worthwhile for hackers to spread viruses.

    Another barrier to deter virus writers is the fragmented nature of the mobile industry.

    However, with the mobile industry moving towards open operating systems and more harmonisation, such as in the case of Symbian, this could change.

    Konttinen said the shift towards open source is likely to create a more "interesting" platform for malware writers.

    "The reason why there are only 400 viruses rather than millions is because the industry is so fragmented," he said. "Fragmentation is a security mechanism."

    Whatever the current level of risk, Konttinen said the mobile industry – both hardware and software – took the security issue very seriously.

    Not least because they recognise the criminals behind the viruses are "worthy opponents", he said.

    "The PC has proved that whatever security measures you take, the bad guys find a way around it.

    "Some of our analysts and researchers think that cyber crime is the fastest growing part of the IT industry."

    Enterprise Preparing For Problems

    It’s not just the industry that is addressing anticipated security issues.

    Konttinen said many companies were taking the threat seriously, especially now that high-end handsets were becoming an increasingly important tool for everyday work.
    He said IT departments have a love/hate relationship with Internet and mobile anti-virus companies.

    "They see us as being necessary," he said. "Companies now treat smartphones as part of IT and need similar security for their mobile users as they have for laptop users.

    "So already there is a real policy-based demand for this type of security.

    "Companies don’t want to be seen as entities that don’t take security seriously."

    Good to hear. But as mobile computing does become more mainstream the risk of malware will undoubtedly rise.

    How real a threat are viruses to smartphone users? Please send us your comments.

  • Security tool for VoIP solutions released


    A new tool which allows enterprises to assess if their VoIP solutions are vulnerable to targeted eavesdropping has been released.

    UCSniff, from Sipera Systems’ VIPER Lab, is a free application which allows network managers find out how easy it is to imitate an enterprise VoIP phone, download a directory and then listen in on confidential calls.

    "UCSniff is an assessment tool that helps demonstrate vulnerabilities in VoIP design and implementation," said VIPER Lab director Jason Ostrom.

    "It was born from the concept of combining targeted attacks against VoIP users along with the corporate directory, intelligent VLAN support, and man-in-the-middle features."

    The results of a survey released last month revealed that security was one of the top-five concerns for respondents when investing in VoIP solutions.

    The security and regulatory compliance implications are significant for VoIP eavesdropping, especially given the ability for outside hackers to access corporate directories.

    Once done they can use that information to target and automatically record conversations between anyone from CEOs, CFOs, corporate counsel and outside law firms to accounts rReceivable dealing with customer credit card payments.

    The UCSniff tool is available now for SIP and SCCP signaling protocols. A future version will allow testing VoIP Video calls on the Windows OS.

  • Firmware Update May Limit Blackberry Storms


    A security issue could lead to shortages of Verizon’s Blackberry Storm on its US launch day today.

    The last minute hitch has forced both maker RIM and exclusive operator Verizon to update the firmware and reduce supplies of phones, according to a report on BGR.

    It says that one Verizon store due to receive 100 units is now to get only 40.

    While supplies are expected to be distributed nationwide, there will be less of them and shortages are expected in some areas.

    Third-party retailers, such as Best Buy, are now being given second priority and could have their in-store dates pushed back to reduce shortage problems at carrier stores.

    The hitch is hardly the start RIM would have wanted for its first touchscreen Blackberry – and now main rival contender to Apple’s iPhone.

    Apple racked up a million sales if its 3G handset worldwide in its first weekend alone.

    Aside from supply difficulties, advance reviews of the Storm have generally been very favorable.

    Aspects where the handset has advantages over the iPhone include features such cut-and-paste text, a "clickable" capacitive touchscreen, full turn-by-turn GPS navigation and removables such as the battery and microSDHC memory cards.

    The lack of WiFi is seen as a big disadvantage, as is the dearth of apps available compared to what is offered by Apple’s App Store.

    With both smartphones priced similarly – around USD $200 and USD $70 per month for service – price isn’t going to be a determining factor.

    If you’re heading out today to get your hands on a Bold, please let us know of any shortages you come across.

  • Data Loss Stats Testament To Poor Security


    Less than a fifth of consumers regularly back up data on PCs, according to security solutions firm Webroot.

    Its latest research report, “State of Internet Security: Protecting Your Digital Life”, also shows that nearly one in five users had never backed up their personal files.

    The primary reasons cited for not backing up were forgetting that it doesn’t happen automatically and that it takes too long.

    Webroot’s report says that PC users are storing vast amounts of personal, professional and financial data on their home computers – and 46 million users lost some, if not all, of their valuable data last year because it was left vulnerable to hardware failure, software corruption and human error.

    It concludes that while 98 per cent of PC users surveyed have antivirus protection on their computers and 95 per cent use firewall protection, few have safeguards in place for their data.

    Paul Lipman, Webroot’s senior vice president and general manager of the Desktop Business Unit, said the focus of PC security had traditionally been on protecting the computer, and not the data stored on it.

    "But it’s the precious personal files – digital photos, music and financial records – that cannot be replaced if they are lost,” he said.

    “Based on our research, nearly 90 people per minute experienced some loss of personal data last year.”

    According to the Webroot report, the average home PC user has nearly 2,000 digital photos and nearly 2,500 digital music files on their computer.

    Loss of family photos was the number one concern reported, followed by loss of financial information, text documents and work projects.

    Webroot has published suggestions for protecting valuable files, including usinge automatic online backup, not relying on free sites to archive digital photos and backing up laptops and mobile devices.

  • USB Virus Infections Spreading


    The number of computers infected with viruses from USB flash memory drives is spreading in Japan, according to a survey from Trend Micro.

    Results from the company’s monthly surveys show USB-mediated infections with Autorun, a typical computer virus, totaled 143 in August.

    The number rose to 347 in September and 471 in October.

    Based on the finding, the Tokyo-based virus-scanning software company has called on PC users to take precautions when sharing data with others via USB memory sticks.

    Conventional viruses are programmed to attack a computer when a file attached to an e-mail message opens or on-line software is downloaded.

    But the September survey found that 53.7 per cent of newly detected computer viruses are programmed to spread via USB devices.

    "It is recommended that users refrain from recklessly sharing USB devices. They should frequently run a virus scan," a Trend Micro official said.

    USB devices are a "blind spot" for computer users as many of them are only cautious against virus infections via e-mail messages and the Internet.

  • Future SIM Cards Capable of Mass Audio and Video Storage


    Infineon Technologies and Micron Technology have announced a joint-venture to develop high-density subscriber identity module (HD-SIM) cards with a capacity greater than 128MB.

    HD-SIMs combine high density with improved security functionality, which the firms say enables operators to offer graphically-rich, value-added services such as mobile banking and contactless mobile ticketing.

    Operators are also able to securely update or delete applications through their wireless network while new applications, services and settings can be downloaded or pushed to the HD-SIM at any time.

    Working in close technical collaboration, both companies are leveraging their respective expertise to architect modular chip solutions that combine an Infineon security microcontroller with Micron’s NAND flash memory with features designed specifically for HD-SIM applications.

    Micron will manufacture the NAND on 50-nanometer (nm) and 34-nm process technology.

    Dr. Helmut Gassel, vice president and general manager of the Chip Card and Security division at Infineon Technologies, said: "Infineon envisions a new role of future SIM cards that will be capable of audio and video mass content storage and even Flash card replacement."

    Prototypes are expected to be available in the autumn of 2009 and will be sold in die form or in a chip card IC package.

  • CEOs Must Take Responsibility For Data Breaches


    A rapid rise in losses from giant databases highlights the need for tougher sanctions to deter such security breaches, according to a privacy watchdog.

    The UK’s Information Commissioner’s Office (ICO) is also calling on chief executives to take responsibility for the personal information their organisations hold.

    The number of data breaches reported to the ICO has soared to 277 in the past year.

    New figures, released today by the ICO, include 80 reported breaches by the private sector, 75 within the National Health Service and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

    The ICO is investigating 30 of the most serious cases.

    Richard Thomas, the Information Commissioner, said information can be a toxic liability and that accountability rests at the top.

    He said CEOs must make sure their organisations have the right policies and procedures in place.

    "It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," he said.

    "We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud.

    "Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk."

    Describing these breaches as "serious and worrying", Thomas said this was especially so because personal information is now the lifeblood of government and business.

    He said that as a result data protection has never been more important.

    "It is time for the penny to drop. The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he said.

    "The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.

    "The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.

    "Put simply, holding huge collections of personal data brings significant risks."

    Earlier this year, the UK Parliament decided that the ICO should have the power to impose substantial penalties for deliberate or reckless breaches.

    The ICO is working with the government to ensure this measure is implemented as soon as possible.

    It hopes that the threat and reality of substantial penalties will concentrate minds and act as a real deterrent.

  • Smartphone Users Offered Software To Scrub Data


    Smartphone users worried about what would happen to confidential info in old handsets can sleep a little easier.

    Aiko Solutions has come up with what it claims is an industry-first – software that really does erase all data from a smartphone, according to smartphone.biz-news.com.

    The solution could be good news for many people as a nearly a quarter of re-sold smartphones contain sensitive data, according to recent research.

    BlackBerry owners were the worst offenders for discarding their handsets with sensitive company and personal information.

    Aiko Solutions says SecuWipe is an advanced software utility to securely sanitize data on Windows Mobile Pocket PCs, Smartphones and Windows CE handhelds.