Business News Holding

Tag: security

  • SecuWipe Software Erases Smartphone Data


    Aiko Solutions has announced the public release of SecuWipe, a data erasure utility for PDAs and smartphones.

    Concerns over smartphone security have been rising steadily, not least because of the handsets’ great capacity for storing large amounts of corporate and personal information.

    Standard “deletion” and even a “hard reset” do not completely wipe data off the device, with the result that sensitive information can still be easily retrieved by using special recovery software.

    Aiko is claiming an industry first by offering software that overwrites data with US DoD (Department of Defense) compliant methods and makes data truly erased and unrecoverable.

    The security software developer says SecuWipe is an advanced software utility to securely sanitize data on Windows Mobile Pocket PCs, Smartphones and Windows CE handhelds.

    It says the solution can be used to clean the Smartphone before recycling or to remove traces of online activity, SMS and calls records.

    “SecuWipe is the best choice for those who want to avoid security breaches and protect customer privacy,” according to a statement from the company.

    The program employs different data sanitizing algorithms, including zero-filling, U.S. DoD 5220.22-M method, Bruce Schneier’s algorithm, and Peter Gutman’s algorithm.

    SecuWipe will securely erase:

    • Contacts
    • Email, SMS, MMS messages
    • Calls
    • Appointments, Tasks
    • Notes, Recordings
    • Internet Cache, Cookies and History
    • Free Space
    • SD card(s)
    • Files and Folders

    SecuWipe is available as a demo version at no cost, and it can be downloaded. A single-user license can be securely purchased online for USD $39.95. Volume and academic pricing is available upon request.

  • Company Secrets Sold With Smartphones


    Salary details, financial data, bank account details, sensitive business plans, notes from board meetings and personal medical details are being discovered by buyers of second hand smartphones.

    Nearly a quarter of re-sold smartphones contain sensitive data, according to research carried out by the BT, the University of Glamorgan in Wales and Edith Cowan University in Australia.

    BlackBerry owners were the worst offenders for discarding their handsets with sensitive company and personal information.

    The survey of over 160 used gadgets found that in a number of cases BlackBerries were left unprotected, despite having security features like encryption built in.

    Buyer Got More Than Bargained For

    In one example, a Blackberry was examined that had been used by the sales director for Europe, the Middle East and Africa (EMEA) of a major Japanese corporation.

    It was possible to recover the call history, the address book, the diary and the messages from the device.

    The information that was contained in these provided the business plan of the organisation for the next period, the identification of the main customers and the state of the relationships with them, the relationship of the individual with their support staff and so on.

    Forty-three per cent of the smartphones examined contained information from which individuals, their organisation or specific personal data could be identified, creating a significant threat to both the individual and the organisation.

    The high-end handset are increasingly being adopted and used by organisations to support mobile workforces – yet only 35 per cent of companies have a mobile device security strategy in place.

    Even on less sophisticated devices, 23 per cent of the mobile phones examined still contained sufficient individual information to allow the researchers to identify the phone’s previous owner and employer.

    Businesses Unaware of Data Security

    The research highlights a lack of awareness amongst businesses about the amount of data that can be retrieved from mobile devices.

    The situation is made more complex as most of the devices are provided by a supplier as part of a mobile communications service.

    When they reach the end of their effective life, in most cases somewhere between one and two years, they have little or no residual value and they are not, in most cases, given any consideration with regard to the data that they may still contain.

    For a significant proportion of the devices that were examined, the information had not been effectively removed and as a result, both organisations and individuals were exposed to a range of potential crimes.

    These organisations had also failed to meet their statutory, regulatory and legal obligations.

  • SecureLogix Offers Free VoIP Security Tool


    SecureLogix Corporation has announced that its releasing a free suite of custom Voice-over-IP (VoIP) security assessment tools.

    Downloadable from the company’s Web site, the tools can be used to assess susceptibility to a wide variety of SIP threats, including Denial-of-Service (DoS) and Man-in-the-Middle attacks, eavesdropping, audio insertion and deletion, and even call teardown.

    Earlier versions of some of these tools, developed by Mark Collier, SecureLogix’s CTO and VP of engineering and R&D team member Mark O’Brien, were released along with publication of the book Hacking Exposed: VoIP, which Collier co-authored.

    Collier and his team have enhanced these tools and simplified their use.

    They have also developed a number of others while completing publicly funded research into current and future threats to VoIP systems, protocols and application services.

    These new VoIP security assessment tools compliment the company’s voice network security scanner that identifies modem vulnerabilities in traditional circuit-switched networks, also available for free download from the SecureLogix website.

    Almost all organizations deploying VoIP maintain a significant amount of legacy voice infrastructure, especially at the voice network edge where it connects to long distance service providers.

    The combination of these VoIP and legacy scanning tools provides a comprehensive approach to identifying critical voice security vulnerabilities across an organization’s entire mix of VoIP and legacy infrastructure and systems.

    Collier said this full voice network security approach was unique to SecureLogix.

  • Who Said Smartphones Were Just For Fun?

    While the iPhone and Google’s HTC-made G1 may be introducing a more consumer-oriented market to the smartphone, it is still very much a business tool.



    The high-end handsets are being used to carry increasing amounts of confidential data, yet only 35 per cent of companies have a mobile device security strategy in place.



    Smartphone.biz-news.com spoke to Larry Ketchersid, chairman and CEO of Media Sourcery, about how it’s helping enterprises with mobile workforces securely distribute confidential information.

    Epitomised by RIM’s BlackBerry, with its reputation for secure email and text messaging, smartphones remain a powerful data communication tool for companies.

    Larry Ketchersid, chairman and CEO of Media Sourcery, believes that role is likely to gain in importance as more enterprises latch on to the benefits of utilising smartphone-based products.

    But security and data regulations have to be a major consideration when dealing with highly sensitive information.

    His company has developed a secure smartphone application called Mobile Data Messenger (MDM) that allows the sending and receiving of encrypted traffic.

    It securely transfers data files through a network without the need to use E-mail or FTP, or having to burning CDs or DVDs and sending them via snail mail or courier.

    Intended for use in virtually any size of organisation, it also enables companies to do away with the need for significant numbers of paper forms and provides real-time information that can be integrated directly into a data system.

    Ketchersid said the result was secure data transmission – but also increased productivity.

    “Security is great, and it’s required, but when it gets down to doing the ROI, the company and CEO are looking for simplified and improved accuracy and efficiency for their mobile workforce,” he said.

    Ketchersid said the MDM package was written in Java and was already being used by a major US healthcare company on its BlackBerries.

    “Security of patient health information is required in the US by the HIPAA regulations, and our solution solves that and other problems, such as the removal of paper forms, automation of data entry, cleaner data, mobilization of their application and so on, for our customers,” he said.

    Ketchersid said MDM wasn’t restricted to the RIM handsets or the BlackBerry encrypted enterprise server.

    Larry Ketchersid

    The package has been adapted for use on Nokia’s S60 platform at the request of the Finnish phone manufacturer.

    Media Sourcery has also just completed a request by HTC to port the application to Windows Mobile and Ketchersid said he was keeping a close watch on Android to see if it became more enterprise focussed in the future.

    “By having Symbian 60 and RIM, we have the two big ones,” he said. “So we have a pretty large market share.”

    Ketchersid said MDM was initially intended for use in heavily-regulated industries with a need for high security and audit trails.

    All transactions are encrypted and tracked for full regulatory compliance and once securely sent and succesfully received, confidential data is wiped from a smartphone’s memory.

    Simplicity Essential For High Adoption Rates

    Ketchersid said a prime example of the importance of this was in the healthcare industry, which has a mix of technically-trained staff and employees with low technical skills.

    “Our biggest customer in the US is the country’s largest hospice company,” he said.

    “We provide a user interface for healthcare workers to enter patients’ data, which is then sent back to the company’s database and automatically integrated into the back-end health information system.

    “What we have to do where the customer is not as used to smartphones as in other industries is make the application very simple.
    “We are talking about making the transfer from filling out a paper form, yet it has to be something everyone can do.”

    But Ketchersid said feedback from the client was good, adding: “They are loving it and asking us to put all the forms they have on it.”

    The MDM package is either sold as a hosted subscription service or as a software version for companies to manage themselves.

    Ketchersid said the decision on which version to adopt came down to whether IT departments wanted to have complete control of their own systems.

    MDM is also being used in the oil industry where security is an important feature, as are GPS requirements, a timestamp and automatic integration.

    “We have a customer in the oil field professional services that has to go out to remote locations,” said Ketchersid. “What they really need is an audit trail to show they were at a site and did tasks. It’s like a timesheet on steroids.”

    He said there was a growing market for MDM from companies looking for a forms package with Media Sourcery’s security built into it.

    Aside from the healthcare and oil industries, MDM is being used in the legal profession.

    Potential future uses include a law enforcement project where officers are required to record possible evidential data or prove a vehicle was stopped.

    “It’s a pretty open field. We got started in the healthcare market and will continue to have healthcare customers but are expanding out from that,” he said.

    “There are so many possibilities. It’s really going to be where the customer demand comes from.”

  • Creativity the Key to Secure Data Backup

    Guus Leeuw jr, president & CEO of ITPassion Ltd, urges creativity in the way data is stored.

    Any piece of electronic information needs to be stored somewhere and somehow. This should guarantee access to that piece of information over the years.

    You want that information backed up, in case a disaster strikes, so that you can restore and access it again. For some information, a need exists to keep it for a long period of time, three or seven years.

    Let’s focus on backup and restore for a moment. Often, a system or its data is backed up for disaster recovery purposes.

    Tapes are then eventually sent off-site for safe storage. Such tapes must be re-introduced to a restore environment. What happens with the tape while it is in secure storage is often unknown to the Enterprise.

    A tape that is sent for off-site storage contains some form of catalogue to identify the tape and its contents.
    This catalogue, in extreme cases, must hold enough information to retrieve the stored data, even if one had to re-install a new backup environment due to disaster.

    Backup solutions conforming to the NDMP standard could utilise a pre-described recipe to store the data on the tape, in form of well-quantified storage records. Anybody with a conforming reader application could then retrieve the data off the tape and try to inspect it.

    This is a potential security risk, especially in light of recent events of lost data and the concern that that caused with the general public. It would be good if the backups were duly encrypted so that even a good hacker cannot crack the contents of the tape, which is supposedly important, considering that a lot of Government Agencies deal with private data.

    Equally important is the fraud that we hear about so often in the news lately: Thrown-away computers that get shipped to some far-away location, where the hard disks are inspected for private data such as credit card and other “useful” information. It would be good if a PC had a little program that wipes all data securely off the disk, before people turn it off one last time.

    Governments have done what it takes to support this kind of security: Air Force System Security Instructions 5020, CESG, German VSITR, just to name a few. Tools are not hard to find, however they are generally not for free, and in my opinion, Governments can do more to publish the availability of this type of product.

    Talking of storage, let’s focus on the part of the storage infrastructure that is mostly “forgotten”, but very critical: the fibre optical network between the server equipment and the actual storage equipment.

    With the current trend to reduce carbon footprint and hence save the planet, there is another aspect of virtualisation that is actually more critical to business than the reduction of carbon footprint alone. That aspect is cost savings. Did you know that you can slash your annual IT cost by at least 40 per cent when opting for virtualised server environments alone: You need less hardware, which is the biggest cost, and overall you would spend less on power and cooling.

    As these virtualised environments support more and more guest environments, simply because the underlying physical layer gets more powerful, a faster and better access to the back-end storage systems is required.

    Speeds of up to 8Gbps are not unheard of in the industry for your storage network. Even storage devices start supporting 8Gbps connection speeds. Do you need it? Not always. If you’re supporting several I/O-intensive guest servers, you might be surprised how much more throughput you can achieve over 8Gbps bandwidth versus over 4Gpbs bandwidth.

    Implementing Microsoft Exchange environments on virtualised hardware becomes very possible. Especially if you can achieve end-to-end, virtual server to storage, guaranteed data paths as if your virtual environment were a physical environment.

    Hosting for multiple Government Agencies starts to wander into the realm of the possible as well. If all Agencies in a County were to put their IT together, great things can happen to the overall cost of running IT at the Government.

    Sharing knowledge and space wherever possible would seem a good strategy to follow up on, especially now that the public is intense on reducing Government Expenditure, increasing the success of Government IT Projects, and, last but least, enforcing the reduction of carbon footprint, which is also supported by the Government itself.

    Overall a good many ways exist to increase the capabilities of storage, backup and restore, and archiving. It is time that the IT industry becomes creative in this area.