Security Press

www.security-press.com for SALE

2009-04-24T17:25:00.003+02:00

After 3 years of publishing security-related news we are sorry to tell you that we`ve decided to sell Security Press. Due other projects within the security industry we are not able anymore to keep the content up to date.

We did not fix the price for our website, so we'll wait until we will receive an acceptable offer.

In case of any questions or offers please get in contact with us via email.
Email contact

Security Press (www.security-press.com & www.securitypress.blogspot.com)

Pentura launches new Firewall Risk Assessment

2009-01-27T20:30:00.000+01:00

Pentura, a leading IT security consultancy and the UK’s first Risk Management Service Provider, has today launched a new firewall security risk assessment. Pentura’s Firewall Risk Assessment will audit and analyse router and firewall configuration to ensure the highest level of protection is achieved and to identify any system vulnerabilities.

The Firewall Risk Assessment provides corporate security managers with a detailed report of the threats to corporate security, ranking and prioritising the dangers to business critical assets based on system vulnerabilities. The risk assessment also exposes complex firewall configurations that lead to security risks being hidden within firewall rules and highlights duplicated, disabled, unused or expired rules in order to increase the performance and speed of firewall security.

Steve Smith, managing director of Pentura comments, “Monitoring and updating firewall security is crucial in helping organisations remain well protected from IT threats. The Firewall Risk Assessment offers a powerful auditing and analysis tool to identify the risks facing any organisation and the steps that need to be taken to eliminate each risk. By offering a granular level of visibility into firewall and router configurations, enterprise customers can enhance their level of security, increase operational efficiency, and maintain compliance with corporate policies and regulatory requirements.”

GROTECK: Exclusive Survey of Russian Security Market was presented at Security Essen

2008-11-12T21:33:00.000+01:00

According to Russian Prime Minister - Vladimir Putin, Russia will take the 7th place in the rating of the biggest economics of the world in 2008.

Russian Economics is characterized by a big degree of concentration and decisive role of the Government. In 2007 a new tendency appeared. Government corporations started creating.

Owing to this fact, a role of Government in politics continues to grow. Russian Security market is one the most dynamic growing markets in the world. The total values of Purchases of the equipment and services in the area of security in 2008 will exceed $17 mlrd.

In 2006-2008 The Russian market for electronic physical security equipment (EPS) shows a 20% rate of annual grows rate. Over 80% of technical security equipment sales take place in 4 out of 85 of the Russian Federation areas: Moscow and Moscow region, Saint Petersburg and Leningrad region.

The number of solid customers of the EPS market in Russia is relatively small. Approximately 500 state and corporate customers comprise 80% of EPS purchases in Russia.

Of that, the share of the three largest Russian monopolies-CJSC “Gasprom”, RAO Unified Energy Systems of Russia and CJSC “RZHD”- constitute about 18% of the total supply share. The total number of prominent players in the market (producers, resellers and fitters) dealing with technical security systems does not exceed 1,000.

A maximum of 20 companies control at least 50%, and in some cases, up to 90% of the total volume in each segment of the Russian EPS market. Demand for technical security equipment in the private sector falls below 5%. In the course of update researching the security market experts has formulated three scenarios of security market growth in 2009 - 2011.

All the three scenarios rely on the expert’s forecasts in the area of two fundamental causes, having an influence on the Russian market growth and it’s additional segments: Oil price, Economic politics of Russian Government. Majority of experts has inclined towards the optimistic scenario with 20% growth of Russian security market per year.

Source: Russian Security Market Survey 2008
GROTECK Business Media
www.groteck.com

All rights reserved.

Full version of the survey you can see here

To order any special surveys from Groteck Research Dept contact us at int@groteck.ru

Survey reveals dangerous lack of knowledge about virtualization

2008-10-15T00:44:00.000+02:00

More than forty per cent of IT directors and managers that have implemented server virtualization may have left their IT networks open to attack because they wrongly believe that security was built in.

These shock findings were revealed today when network security vendor Clavister published a survey it commissioned from international research and consulting organisation, YouGov*.

With virtualization now one of the boom technologies of the IT world, the extent of the problem was emphasized when 38 per cent of survey participants admitted that they had already implemented the technology. Virtualisation brings environmental benefits, cost savings and management efficiencies.

“When companies implement virtualization, it is very dangerous for them to believe that everything is automatically secure because they can actually face new security threats,” explains Andreas Asander, VP product management at Clavister.

“Virtualization offers new points of attack and gives access to a far wider number of applications than a traditional physical server. It is vital that IT staff take steps to achieve the same level of security in their virtualized environment that they had in their traditional environment.”

Clavister has developed a five-point check-list for IT managers and directors who are considering the adoption of virtualization. They should:

Re-define the security policy to include the virtualization aspect
Use virtual security gateways which run inside the virtual infrastructure
Protect the virtual administration center and only allow access to this from a separate network
Limit the number of administrators who have access to the virtualization administration tools to a minimum
Evaluate and test the security level on a regular basis. Replicating the production environment to a test environment is easy with virtualization and this should be utilized.

To find out more about security virtualization, please visit www.clavister.com

CRYPTOCard Launches Password Amnesty

2008-10-15T00:41:00.000+02:00

CRYPTOCard, a leading developer of two-factor authentication (2FA) technology for multi-vendor environments, today announces a ‘Password Amnesty’, calling on UK businesses to hand-in their obsolete single passwords and replace them with a free two-factor managed authentication service for up to 200 users, per business. The initiative, launched in support of National Identity Fraud Prevention Week, aims to highlight the dangers of ‘single password’ strategies that leave organisations wide open to hackers, and urges business leaders to rise to the challenge of protecting their information assets.

Neil Hollister, CEO of CRYPTOCard, explains; “The government estimates that costs of over £1bn per year can be attributed to identity fraud, but this is just the tip of the iceberg. For example, nearly every week we hear of laptops being lost or stolen, but it is not just the data stored on these devices that we should be concerned about.

“Most laptops provide remote access to a company’s corporate network, with username and password stored for ease of connection, and thereby allowing hackers easy access to a company’s entire internal network. Many businesses have yet to implement some form of password validation strategy and many hold back because of cost and complexity. But what cost the price of stolen identities and the brand damage that ensues?”

Hollister concludes; “Today, we’re offering all UK businesses an amnesty on their password, and will replace their insecure existing password system with our proven managed 2FA service, CRYPTO-MAS, free of charge, for up to 200 users.”

Jason Hart, former ethical hacker and now VP Europe for CRYPTOCard, adds; “Most businesses already recognise the need to implement a firewall or anti-virus solution, but few do anything to verify the identity of users accessing the network. I’ve seen hackers crack passwords in a matter of minutes, using a variety of methods, most of which are available free on the internet. Unless you lock the door, then anyone can walk into your company and literally destroy your reputation or the integrity of your data.”

CRYPTO-MAS is a unique managed service which provides a flexible, affordable solution using 2FA technology, and positively identifies individuals before giving them access to applications, data and networks. The service requires users to input something they know, such as a password, and something they don’t, such as a one-time generated PIN, delivered via hardware or software token, SMS, or smartcard.

CRYPTO-MAS simply sits in front of a company’s remote access or VPN network – no hardware or software installation is required. High levels of security can be provided in a matter of minutes.

To hand-in your password and register for a free managed two-factor authentication service, please visit: www.cryptocard.com/howtobuy/passwordamnesty.

Terms & Conditions:
The Password Amnesty applies only to UK businesses (referred to from this point forward as the ‘Business’). The service, CRYPTO-MAS, is available for this promotion from 08.10.08, and will expire on 31.12.08. On registration, the Business must provide the name and contact details of a nominated project leader. CRYPTOCard will supply the service and up to 200 software tokens (PC or BlackBerry), with the option to take an additional SMS token, free of charge, per registered Business. The Business will be contacted within 24 hours of registration to confirm and coordinate CRYPTO-MAS set-up.

To ensure eligibility of the promotion, upon registration, the Business commits to the following: the Business agrees that its contact details can be forwarded to a selected agent or partner of CRYPTOCard for the fulfilment of the service; the Business commits to trialling the service; the Business will provide feedback to CRYPTOCard following the expiry date of the service; the Business acknowledges that the service will expire on 31.12.08.

Aboundi Inc. debuts the first of its VersatileWire™ series of Ethernet over long distance Coaxial Cable Solution

2008-08-29T00:39:00.000+02:00

Innovative solution enabling high speed Ethernet packets to traverse over 2.5 Km on existing Coaxial Cable infrastructure

Nashua, NH – August 28, 2008 – Aboundi Inc. today announced the release of its APL2400 series of VersatileWire™ Quad Ethernet CoaxBridge™ products which enables commercial and business users the confidence and reliability of extending the new IP based devices and application to run over their existing long distance coaxial cable infrastructure.

Aboundi has introduced its innovative “VersatileWire™” technology to enable the extension of the ubiquitous Ethernet applications through coaxial cable deployment already in existence. It is specifically designed to minimize the obsolescence of the pre-existing coaxial cabling where upgrading from the older analog based devices such as analog CCTV cameras to the newer IP based cameras for the ease of remote video surveillance monitoring and smart management applications. Hence, allowing both maximum capital investment preservation and minimum Total Cost of Deployment (TCD) associating with the migration to the new IP technology oriented applications. The

‘VersatileWire™’ family of products allows a very simple plug and play installation with any new high speed Ethernet based devices to the existing cabling infrastructure. The customary requirement for the need to rewire “home run” Ethernet CAT5 cables in order to replace these older analog devices is no longer necessary.

The APL2400-200 UltraSpeed ™ Quad Ethernet CoaxBridge™ provides four (4) shielded MDI/MDIX RJ45 auto-detect full/half duplex Ethernet ports that can be connected to any 10/100 Mbps Ethernet ports on PCs and other peripheral devices such as Point of Service (POS), IP cameras, monitors, serial servers and etc.

“The APL2400-200 CoaxBridge™ has proven its immediate value with great savings in deployment cost for Bolton, Massachusetts.” said Bob Johnson, President of Bolton Access Television. “The distance from Town Hall to Emerson High School is over 1000 meters and we needed a cost effective Ethernet connection between these facilities over lines already in use for video connections” said Johnson. “Aboundi’s APL2400-200 took no time to install and it provided us with instant high speed Ethernet connectivity.”

“We are most delighted our VersatileWire™ solution has expanded our Electric

Connect® capability to reach beyond just the AC electric wiring networking infrastructure for commercial business applications”, stated Hong Yu, President and CEO of Aboundi

Inc. “It is surprisingly easy to bring the new Ethernet applications to an existing coaxial cable plant that is already in place and ‘synergistically’ co-exist with active video applications.”

The APL2400-200 series product is available now from Aboundi’s authorized Distribution

Partners and the listed MSRP is $330.

Application Security Testing Should Be Mandatory For Outsourced Development

2008-04-06T00:38:00.000+02:00

Response to Quocirca report "Why application Security is crucial"

A new report published today by European technology analysis group, Quocirca, based on a survey of 250 C Level executives in UK, Germany and the UK suggests that 90% of organisations are outsourcing more than 40% of their code. Other findings in the survey are:

* 78% of organisations state that software development is business critical for them yet
* at the same time 60% of companies that outsource the coding of their critical applications do not demand that security is built into their applications.

Matt Moynahan, CEO of Veracode, responds to this survey by highlighting the need for application security testing of code to become mandatory:

"With almost £100 billion in custom code being developed in locations such as India, China, Eastern Europe and South America, many businesses have rushed to take advantage of cost savings and flexibility in their striving for competitive advantage....At the same time attacks on applications - the weakest links in the corporate security chain - have grown exponentially. Organisations relying on outsourcing application development need to demand independent verification of applications as part of their formal software acceptance criteria. Users are in a position to call the shots. As application security becomes the most pressing issue on the security agenda, users should veto service providers who cannot demonstrate that a full independent security audit has been conducted on their final deliverable to ensure proper security quality has been achieved, " said Matt Moynahan, CEO at Veracode.

According to Gartner, 75% of new attacks target the application layer directly while software vulnerabilities have reached an all time high with over 7,000 new software vulnerabilities disclosed over the last year according to the National Vulnerability Database.

The conventional approach at attempting to solve this issue has been to either conduct costly and time-consuming manual penetration testing or to use source code testing tools. Testing at the source code level not only is unpractical as offshore code often is unavailable to the enterprise but also insufficient. Offshore development is a multi-tier process with many parties involved where growing types of threats - such as those coming from backdoors - are impossible to spot with traditional tools. Additionally tools are typically run by the very same developers who are building the code, potentially implementing backdoors. Research from the US Department of Homeland Security points to a significant risk from backdoors and 23% of software packages used by US government employees have backdoors built into them.

Technology now exists - from organisations such as Veracode - that allows enterprises to conduct proper security audits by a trusted entity on the final application code as part of an organisation's formal software acceptance, without the need for source or costly on-site consultants. Veracode inspects application code at the same level at which it is attacked - the binaries. By assessing the final application code, Veracode ensures that all threats, including vulnerabilities and malicious code are detected, thereby providing the most complete security audit across internally developed applications, third-party commercial off-the-shelf software and offshore code. Additionally Veracode delivers its offerings on a software-as-a-service basis, ensuring that application code can be independently verified and validated, irrespective of their source.

New research reveals that indiscreet public conversations are a threat to company security

2008-04-05T00:37:00.000+02:00

"Can you hear me?" - the refrain familiar to anyone used to traveling on a commuter route - could start to become a thing of the past as Vodafone UK announces that it has teamed up with Virgin Trains to deliver improved mobile phone coverage within carriages. The new 'repeater'
technology, which retransmits 2G and 3G within carriages, will be installed on all 52 of Virgin's high speed Pendolino trains on the London to Glasgow route by November 2008 and has already improved the number of calls completed without interruption by around 60%.

But the news also comes with a warning that companies need to advise their colleagues to be more discreet - and use alternative forms of communication when discussing sensitive information. New research commissioned by Vodafone UK has found that more than 70% of all workers talk business on their mobile phones in public, with one-in-five talking about business-critical subjects such as sales leads, and 15% admit to openly discussing confidential new products or services whilst traveling. More than a quarter of workers (26%) even confessed to following up on a lead they have overheard in someone else's phone
conversation.*

"This research shows that people need to consider which contact method they use when communicating sensitive information on the move - whether that be voice, text or email," says Mark Bond, Director of Enterprise, Vodafone UK. "Vodafone provides customers with access to many forms of communication on the move, allowing business people, when necessary, to switch to more discrete methods such as text or mobile email."

Over half of the mobile phone users surveyed say they always talk business on the phone in public and never switch to a more private communication channel such as email or text. And only 6% of people use code names for people, places or projects when talking in public.

And it's not just company security that employees should be aware of.
The research also shows that mobile phone users admit to discussing their love lives and even sex lives, as well as those of other people, while talking on the phone in public - unwittingly compromising friends and colleagues in it in the process. While only one in five of us will discuss our own love lives - health, careers and children being more popular conversation topics - six out of ten are quite happy to discuss the private lives of our pals. Over a third 16-24 year olds will also happily share details of their sexual conquests.

* Survey of 2,053 mobile phone users (666 business users) carried out by TNS between 21.02.08 and 25.02.08.

CRYPTOCard Adds SMS Token To Innovative 2FA Managed Authentication Service

2008-04-04T00:36:00.000+02:00

CRYPTOCard, a leading developer of two-factor authentication (2FA) technology for multi-vendor environments, has today launched in the UK its new SMS Token as part of the CRYPTO-MAS Managed Authentication Service portfolio. The SMS token offers the flexibility of CRYPTOCard's existing two-factor authentication tokens - which are widely regarded as the most secure available - and additionally addresses the need for greater portability, affordability and simplicity, particularly among an enterprise's distributed workforce. Delivered as part of the CRYPTO-MAS Managed Authentication Service, it answers the market requirement for zero up-front investment and maximum ease of use.

Colin Campbell, IT Services Manager at Stroud and Swindon Building Society, is already using CRYPTO-MAS to underpin the organisation's 2FA strategy and sees the new SMS functionality presenting exciting possibilities, "We have been using the CRYPTOCard Managed Service for the past 12 months. Our users have total confidence in the system and find it easier than having to decide on, and regularly change, the traditional static password system we were using previously. We have just started using the new SMS token which answers our users' demands for a more portable and easier to use token offering, and promises tremendous additional operational efficiency advantages while maintaining all of the protection we've come to expect."

To gain access to the network using a traditional 2FA solution, users would enter their PIN and then press the button on a hand held device to get a unique One-Time-Password (OTP). Using the new SMS solution, the OTP is delivered to the user's mobile phone - there is no need to carry any additional devices. The solution uses CRYPTOCard's unique "OTP Now" feature which means that every time the user logs-in to their network, their unique OTP is waiting for them on their mobile phone; there is no waiting, no manual intervention and no additional hardware.

CRYPTO-MAS is a unique managed service which provides a flexible, affordable solution using two-factor authentication technology, which positively identifies individuals before giving them access to applications, data and networks. CRYPTO-MAS simply sits in front of a company's remote access or VPN network - no hardware or software installation is required. High levels of security can be provided in a matter of minutes. CRYPTOCard is the only vendor to offer a strong authentication managed service, enabling the company to address a broad market spectrum of SMEs, mid market enterprises and large multi-nationals.

The SMS token is available as part of the overall CRYPTOCard managed service, CRYPTO-MAS and prices start at just £6 per user per month, including the token. Any company can now afford to implement an alternative to passwords, something analysts such as Gartner and Forrester recommend as an essential consideration for any network.

Webroot(r) Research Finding: Rapidly Growing Email Security Threats Impacting Businesses Worldwide

2008-04-02T00:35:00.000+02:00

Westerham, UK., April 1, 2008 - Webroot, a leading provider of security solutions for the consumer, enterprise and SME markets, today released its latest research report, "State of Internet Security: Protecting Business Email." The report reveals the significant impact that rapidly growing email security threats, in size and volume, are having on businesses worldwide and underscores the need for a multi-layered approach to Internet security.

"The battle against spam is an on-going struggle for many organisations with spammers continuing to present a serious and costly threat to most businesses. In 2008, we estimate there will be over 42,000 spam emails for every single business email account, or about 116 per day. And, because spammers are working at beating conventional filters with images and attachments, the size of spam has grown 60 percent since 2004," said Mike Irwin, COO, Webroot. "The size and volume of these spam attacks is largely due to the partial success of current filtering defenses that now make spamming success a numbers game. It's clear why first-generation defenses such as appliances and server-based software are struggling to keep up."

Along with the rapid growth in spam, there is a similarly rapid growth in malware. Industry research shows that malware jumped from about 50,000 variants in 2004 to 5.5 million in 2007. Webroot research found that spam has become a significant vector of attack for deploying these new malware variants. But, while companies are seeing an increased malware threat to their email, they are still using it to gather and exchange vital customer and employee information such as credit card numbers and other confidential financial data. About one out of five businesses that responded to the survey experienced a threat to sensitive or confidential online information last year underscoring the growing need for securing and storing business email.

"Huge amounts of spam and malware can easily overwhelm the networks of small and mid-size businesses and, in some cases, even small countries.
In our survey, more than half of the respondents said that they suffered spyware and virus attacks via email," added Irwin. "Because existing defenses are getting over-run, large numbers of companies are increasingly losing important data. Spam is growing in relation to the importance of email as a business communications tool. As a result, companies and organisations need defenses that can quickly and easily scale to exceed the demand."

In the "State of Internet Security: Protecting Business Email" report, Webroot studied email-related threats and the latest methods to protect business email. Webroot surveyed approximately 1,500 email security product decision-makers in companies across seven countries: Australia, Canada, France Germany, Japan, the United Kingdom and the United States.

Key Findings at a Glance:

Email is Business Critical
* According to IDC, over 6.62 trillion business emails will be
exchanged in 2008;and,
* Three-fourths of Webroot survey respondents rely on email for
communicating with customers and providing customer support.

Risks to and from Email are Prevalent
* More than half surveyed experienced spyware and virus attacks
via email and over 40 percent experienced a phishing attack;
* About one out of five organisations reported that sensitive
online transactions were threatened and confidential information was compromised as a result of spam;
* Over 60 percent of respondents had at least one email outage in
2007; and
* One out of three survey respondents said that the hourly cost of
an email outage is over $1,000.

Employee Behavior Increases Email Security Risks
* Individual email users open messages before realising they are
spam, open messages in junk folders and even make purchases from emails marked as spam;
* The 2007 eCrime Watch report found that current employees were
second only to hackers as groups that pose the greatest cyber security threat to organisations; and
* One out of three organisations reported employee misuse of email
resources.

Few Companies Have Protective Policies in Place
* Less than a third of organisations surveyed have key employee
email security policies in place; and,
* Less than half of companies with more than 100 computers have
policies in place to restrict employees' personal email use.

The State of Internet Security report is issued quarterly as an in-depth review and analysis of the most critical computer and data security-related concerns. Each report focuses on a specific aspect of information security, and provides industry data, trends and best practices in light of the threat landscape.

The complete "State of Internet Security: Protecting Business Email"
report is available at http://www.webroot.com/En_GB/land-sois-home.html

Comsec Consulting Outlines The Challenge For Businesses To Stay 'In Control' Of Security At This Year's Forrester's Security Forum EMEA

2008-04-02T00:33:00.000+02:00

LONDON, UK, 1st April 2008, Comsec Consulting, a leading information security consulting firm, will be outlining the challenges faced by businesses to remain 'in control' of security as it presents at Forrester's Security Forum EMEA on Transformation and Excellence in Security & Risk Management on 2nd and 3rd April 2008 in Amsterdam, The Netherlands.

Henk Van der Heijden, the company's Managing Director in The Netherlands, will be outlining the challenges faced by enterprises and SMEs to remain transparent in their control of security within an internal or outsourced environment. Mr Van der Heijden will highlight the importance of the management cycle and its place within corporate policy, which has an impact on the business, its customers, its employees and the law.

Comsec' presentation will take place at 3.15pm on Wednesday 2nd April 2008. Forrester's Security Forum EMEA 2008 offers security and risk practitioners the opportunity to share innovative best practices and experiences in preparing for tomorrow's security challenges. Other confirmed speakers include Andrew Strong, Global Security Officer, Unilever; Nick Bleech, IT Security Director, Rolls Royce UK and Pascal Lointier, IS Risks Advisor, AIG.

Henk Van der Heijden explains Comsec's views on the current challenges, 'To maintain compliance with new laws and regulations, those responsible for IT have been forced to rethink the way that they control their data security measures. The assurance of integrity and confidentiality of data is imperative as internal and external threats adapt in their sophistication and prove to be a tremendous threat. Every business should be underlying its corporate policy with organisation, management and technical controls.'

In addition, Mr Van der Heijden will address the future role of technology in combating security and provide delegates with important information to design a framework which will enable a measurable, secure response to their internal and external requirements.

Background information - Henk Van der Heijden, Managing Director of Comsec in the Benelux:
Mr. Van der Heijden joined Comsec in 2004 and is the Managing Director of Comsec's operation in The Netherlands. In his current role Henk is responsible to run the Benelux operations and to leverage the growth of Comsec Consulting in Europe. Henk also is involved in Strategic customers to be their Trusted Advisor with regards to Information Security and Risk Management programs. Henk is an Information Security professional with over 20 years experience in Information Technology Services, his last position being with EDS. In his latest role with EDS, he was responsible as Director of Managed Security Services, EDS Security, Privacy and Business Continuity Services, leading all developments and rollout of services for EDS clients in all areas of Managed Security Services.

Henk has earned a Bachelors Degree in Business Administration from the University of Amsterdam.

About Comsec:
Comsec Consulting is a leading Information Security Consulting firm, helping Europe's enterprises to design and incorporate security into their information technology infrastructure. With dedicated security professionals, comprehensive methodologies and more than 20 years of security experience, Comsec provides a diverse range of services across market sectors including high-tech, telecoms, financial services and Government, amongst others. Comsec's UK head office is in London, providing the UK's leading organisations with client-led professional services on governance, risk and compliance, application level security, ERP security and information security management. In these areas, the company provides assessments, designs, testing, evaluation, training, documentation, leadership and overall security guidance. Visit www.comsecglobal.co.uk or call 020 7483 9180.

BullGuard releases BullGuard Backup 8.0 - New Features, more Backup and free Support

2008-03-18T20:26:00.000+01:00

Copenhagen, 18th March 2008 - Today BullGuard releases BullGuard Backup 8.0, the second version of its stand-alone backup offering. New features include improved encryption and compression options, a larger Online Backup Drive and a unique Support experience. BullGuard has been developing backup technologies since 2003.

With BullGuard Backup users can easily set up, schedule and configure their backups. An upgradable 10 GB Online Backup Drive is included in the subscription. Backups to local media are also supported as are email backups for Outlook, Outlook Express, Windows Mail and Thunderbird email clients.

"My favourite new feature is the integration of our Online Drive with Windows Explorer," says Theis Søndergaard, CTO and co-founder of BullGuard. "The Online Drive shows up as a drive in Windows Explorer allowing users to simply drag and drop files to and from the Online Drive. This makes the Online Drive much more accessible."

Under the default scheduling setting, BullGuard Backup 8.0 will automatically launch backup profiles to run when the computer is idle, making sure backups are performed regularly and without interrupting the user. Other scheduling options are also available.

In BullGuard Backup 8.0 files are compressed before being transferred to the Online Drive, significantly speeding up the transfer process. Users also have the option of compressing their files during storage, allowing more files to be stored. As in the previous version, files are encrypted during transfer, but users can now also choose to encrypt files during storage.

Remote access, the revolutionary new feature in BullGuard's Support structure that was first introduced in BullGuard Internet Security 8.0, is also part of BullGuard Backup 8.0. "With remote access, users can grant our supporters temporary access to their computers. This will enable our Support team to handle questions even more efficiently", says Søndergaard. Users can access BullGuard Support 24/7 via email or live chat.

BullGuard Backup 8.0 is available immediately from www.bullguard.com. A one-year subscription costs £25.

Web application attacks are the biggest security threat faced by businesses today says SANS Institute

2008-03-17T11:19:00.000+01:00

17 March 2008, Godalming, C-MI Labs Plc, a UK distributor of security applications and managed security services, has signed a distribution agreement for 2008 to support Applicure Technologies’ drive into the UK market. The web application firewall vendor was recently highlighted in the SANS Institute Top-20 Security Risks report – the security industry benchmark for prioritizing IT security threats – as providing technology that protects against external and internal attacks on web applications.

With UK distributors under increasing pressure to deliver solutions that will help meet upcoming PCI Compliance legislation and protect against growing web application attacks and data leakage, C-MI Labs will be introducing Applicure’s dotDefender technology to hosting companies, SMEs seeking web server protection and enterprises that require a technology to protect internal web applications.
Neil Patmore, Channel Marketing, C-MI Labs said, “Applicure’s technology is well suited to any size of company and is a particularly strong fit for the mid-market sector which has the same security issues as larger enterprises but without the resources and budget to deal with them effectively. We will target a large cross section of our clients with the comprehensive, low TCO, high ROI web application security that Applicure offers”.

Amir Peled, Director European Sales, Applicure Technologies Ltd added: “We believe that the potential for Applicure’s technology is huge and our agreement with C-MI Labs underlines their commitment to support Applicure as it provides its unique technology to the UK market. Through C-MI Labs excellent service to the channel as a true value-add distributor, we are sure to increase market share during 2008 and beyond.”

Applicure’s flagship software product - dotDefender - provides dedicated web application security that complements network protection (firewall, IPS/ IDS). This innovative website security software provides strong protection against SQL Injection, Cross-site scripting, Path Traversal, Defacement and many other application attacks. dotDefender is multi-platform, working on Apache, IIS, and ISA Server, with central management and reporting. Implemented as a software plug-in, it is rapidly deployed, and requires minimal maintenance, providing excellent TCO in the industry.

Applicure also provides a free downloadable security monitor that identifies attempts to hack the website or application in real time. It allows companies to assess their exposure based on actual attacks, and prioritize their investment accordingly.

Intamac wins prestigous European Business Awards - Business Innovation of the Year, 2008 ...plus two Ruban d'Honneur's Ribbons...

2008-03-17T11:17:00.000+01:00

17th March 2008 - Intamac Systems, the specialists in home and security monitoring solutions has won the European Business Awards - 'Business Innovation of the Year Award'. It also received two Ruban d'Honneurs ribbons, for Business Innovation and Entrepreneur of the Year. The award ceremony was held in Paris on 11 March 2008.

The European Business Awards was set up to recognise and reward excellence, best practice and innovation in companies across the 27 EU member states. It serves to showcase Europe's most successful business achievements.

Intamac have utilised the World Wide Web to revolutionise the capabilities and reduce the cost of home monitoring and security systems. The Intamac solution offers a unique combination of innovative technology, practical purpose and ease of use. In light of this, the company has already secured major contracts with large international players, including BT, and Australia and New Zealand's largest general insurer, IAG. Intamac's technology has also been adopted in a number of high street products by companies such as Linksys and Yale.

European Business Awards CEO Adrian Tripp said, "Intamac has the potential to completely shakeup the traditional home security industry.
It is providing some very strong businesses not presently in the home security market with excellent new technologies and business models to challenge the existing players." Intamac was selected over a shortlist of ten International businesses such as British Telecom, Deutsche Post and Daimler AG.

Intamac's CEO and founder, Kevin Meagher commented, "We are delighted to win the Business Innovation of the Year Award. It demonstrates that our work in providing innovative monitoring solutions at an affordable price is being recognised outside the UK. We are an Innovation led company, which is constantly driving for growth and has a strong customer focus.
We are honored to have won this renowned award against such strong global competition".

Intamac's services are currently available through global partners such as Cisco, BT, Yale and IAG, and through leading retailers such as Homebase and PC World or by visiting www.intamac.com

A third of businesses leave their back-up tapes in the office overnight, says new research report from Connect

2008-03-16T22:44:00.000+01:00

33% of small to medium sized enterprises in the UK leave their back-up tapes in the office at the end of the day, negating the benefit of backing up their servers, according to a new research report entitled ‘Risky Business’, published today by Connect - the IT support company . Two thirds of businesses (69%) had never tested whether they could retrieve all the information held on their backups.

The survey was conducted by an independent research company on behalf of Connect and consisted of in-depth interviews with IT Managers and Directors at 151 UK companies in a range of industry sectors.

Mark MacGregor, CEO, Connect, comments:
“It is alarming that one in three businesses are storing their backup tapes in their own offices. If there’s a fire, a flood or a burglary, they risk losing both the original data and the back-ups. Equally surprising is why so many organisations are using backup tapes at all. There are plenty of better and more up-to-date methods that can be used to protect their business critical data and at a similar cost.”

Other significant results from the research include:

* Back-up tapes are still the prevalent back-up technology used by UK SMEs - 89% of UK firms use back-up tapes to store their data;

* 10% of the SMEs surveyed by Connect have suffered a major data loss as a direct result of back-up failure;

* 33% of UK firms experience a major server problem every six months;

* 69% of small to medium-sized companies have not tested their backup systems in the last six months;

* Only 11% of the companies surveyed by Connect back up their data over the internet to a secure offsite data centre using a service similar to Total Recall;

From Murder To Money-Laundering - GB Groups Technology Helps Make The UK A Safe Place To Live

2008-03-16T22:43:00.000+01:00

An innovative on-line people tracing tool from GB Group, a specialist provider of identity information, is helping bring criminals to justice by enabling police forces to trace criminal suspects to their known address.

GB's Accelerator IQ is helping reducing the burden on police administrative resources by many hundreds of man-hours by focusing resources to locate individuals quickly. Already in use by the Metropolitan Police and Suffolk Police forces, its most recent high profile use was in tracking Steve Wright, recently convicted of the murder of five Ipswich women.

GB Accelerator IQ is a specialist tool that is used specifically by police and Government agencies for the prevention and detection of crime. It works by cross referencing the broadest and most current spectrum of UK population databases to confirm the last known or current address of a suspect

Richard Law, Chief Executive at GB Group, said: "We support the police and Government with leading edge technology to save valuable resources and to speed up the time taken to conclude an investigation. In many cases, time is of the essence and by quickly identifying suspects, such as Steven Wright, and being able to trace them to a current address, we can provide intelligence to the investigating team that would previously have taken thousands of man-hours to complete.

"We firmly believe that GB Accelerator IQ is making the UK a safer place to live by helping the security services to identify and profile suspects quickly. At a time when citizens in the Ipswich area felt particularly at risk, we were pleased to support Suffolk Police in helping secure a firm conviction. We have since extended the use of our identity technology to many other Police Forces and Government Agencies.

Detective Inspector Phil Boswell from Suffolk Police said: "GB Accelerator IQ has saved us hundreds of hours which would otherwise have been spent manually searching through intelligence provided by the community. Accurate intelligence gathering and address verification is key in an investigation of any size, but on the scale we experienced here it made officer time far more efficient and made a vital difference.

"We have always been keen to employ the latest technology in an investigation and this case has proved why."

Richard Law added: "Our ability to locate and verify people for the prevention of criminal activity underpins our position as the market leader in online identity verification solutions. Our technology is equally used within the private sector to combat money laundering and fraud - activity that is often used to fund organised crime syndicates or terrorist groups - groups who are particularly adept at covering their tracks."

Consumers need to lock the door on internet crime by securing their wireless netwo

2008-03-16T22:41:00.000+01:00

Core Facts
• According to the Guardian, the government says it intends to launch a consultation on legislation for ISPs and rights holders to "cooperate in taking action on illegal file sharing... with a view to implementing legislation by 2009".

• Tracking service Mininova recorded the 4 billionth torrent download last week, say Tech Radar

• The FT reports that ISPs are opposed to the idea, "ISPs are no more able to inspect and filter every single packet passing across their network than the Post Office is able to open every envelope," it said.

• Industry fears that proposals will lead to increase in Wi-Fi highjacking

• Two men were arrested for ‘Wi-Fi' highjacking this week, according to the Register

• APACS, the credit card industry association, reports that Card Not Present fraud increased 44% in the first six months of 2007 to £137 million

• GSEC1 recently launched the XGate, the first device to offer all in one security and wireless protection, straight out of the box.

Quotes
• Mark Brooks, marketing director at internet and computer security company Global Security One (GSEC1) says:
"While the proposals to tackle illegal file sharing will be unpopular with ISPs and could, in practice, be unworkable (how are they policed?), they do highlight an important issue about businesses and consumers protecting their wireless network.
"How many times have you turned on your laptop, only to be greeted by a completely open wireless networks? Even those protected by WEP security can be cracked in under a minute by experts. Wi-Fi highjacking, phishing and drive by pharming - where DNS weaknesses are exploited - are all on the rise.
"Legislation is unlikely to help with these internet threats and some ISPs will be more vigilant than others to tackle illegal file sharing. Consumers need to lock the door on internet crime by securing their wireless networks.
"Consumers understand the importance of wireless security, but weaknesses are often exploited in the rush to get online. Also, most anti-virus and online banking security is software based, which is time consuming to administrate and still open to attack. The solution is to take a hardware-based approach, using more secure wireless standards than WEP, such as WPA2."

Glasgow School Installs Bloxx Web Filtering To Combat Anonymous Proxies

2008-03-16T22:36:00.000+01:00

The High School of Glasgow Selects Bloxx to Protect Staff and Students Online

Bloxx, the enterprise web filtering specialist, today announced that The High School of Glasgow has deployed Bloxx web filtering technology to monitor pupil and staff online activity and to provide enhanced security for its IT network.

With 1,100 pupils, The High School of Glasgow caters for children of all ages, from kindergarten up to the age of 18 years and offers a wide and varied curriculum.

It is divided into two campuses for Junior and Senior level, both of which are based in northwest Glasgow.

The decision to replace the school's existing SurfControl web filtering solution with Bloxx Tru-View Technology, followed concerns by IT management that it was becoming increasingly difficult to protect the students from accessing offensive or inappropriate web material whilst at school.

"SurfControl's heavy reliance on lists of URLs to determine which sites were subject to filtering provided avenues for pupils to attempt and in some cases succeed in bypassing the filtering system, mainly through the use of anonymous proxies," explains the school's Network Manager, Thomas Makridis.

Anonymous proxies are websites that allow users to easily bypass web filtering, enabling them to access blocked sites. With hundreds of new proxy sites being created every week, blocking access to these sites using URL lists has become difficult and time consuming for IT staff.

Bloxx Tru-View Technology web filtering combines the best of conventional tools with new intelligent identification methods and analysis technologies which can identify and block websites quicker and more accurately than other web filters that rely on manual URL classification and keyword scoring alone. In addition, Bloxx can automatically detect and block the vast majority of newly created anonymous proxy sites, significantly reducing the workload of IT staff and increasing protection against anonymous proxies.

Since installing Bloxx the school has witnessed considerable benefits.
"Not only has Bloxx significantly reduced costs and made my job easier but, more importantly, by design it is much more effective and efficient than SurfControl was. It also has the bonus of malware and anti-virus functionality, adding additional layers of protection to our IT network," comments Makridis.

"Children of this generation are becoming increasingly tech-savvy. This, coupled with the issue of anonymous proxies, means that schools need to strike a balance between protecting their students online, yet still enable them to take advantage of the Internet as a valuable source of information," adds Bloxx Managing Director, Eamonn Doyle. "As the school has such a diverse range of ages and subjects, it is important that the network manager has the ability to tailor the solution to meet the specific needs of the users. It is great to hear how the school is benefiting from the added protection and flexibility of Bloxx."

About Bloxx Tru-View Technology
Bloxx Tru-View Technology uses internationally patent pending technology to analyse and block web sites quicker and more accurately than other web filters, which use manual classification and keyword scoring.
Tru-View Technology uses intelligent identification and analysis providing instant classification of web content as soon as it is accessed even if the content has not been seen by anyone before.

Bloxx Tru-View Technology helps organisations proactively manage users'
access to web content which might lower productivity, expose the organisation to risk and liability or pose a network security threat.

An estimated one million + users already benefit from enhanced security and performance with low administration and no cost per user charges.
Additional protection is provided via anti-virus, anti-spyware and anti-phishing functionality, alongside onboard cache

Mobile And Remote Working: Is It Secure?

2008-03-12T22:50:00.000+01:00

Increased remote working implies increased security at the end points and there is a wide range of solutions available including remote firewalls and specific end point solutions, which can be administered centrally. Such solutions can extend network protection strategies to mobile and remote users. They can also ensure that firewall, anti-virus and security patches are used by remote and mobile users when they should be.

Check Point provides 'End Security', an end point security solution which combines a firewall, network access control, program control, anti-virus, anti-spyware, data security and remote access. It allows security policies at end points to be viewed and modified from a single management console.

Branch offices can install low-cost remote unified threat management systems (UTMs) which incorporate VPNs and these can be centrally administered, typically by the head office, providing the same levels of gateway protection as there is at the centre. SSL VPNs can provide security of data in transit for mobile users connecting into head office or between branches.

Solutions such as WatchGuard's Firebox SOHO Edge (available in wired and wireless versions) and Check Point's UTM-1 Appliance are UTMs suitable for remote/branch offices which combine a firewall, VPN, zero day protection, anti-virus, anti-spyware, anti-spam, intrusion prevention and URL filtering.

Low cost encryption can protect remote laptop users and safeguard against data loss. In the past, poor performance and high costs prevented the use of encryption software, but today's high performance and low cost solutions make it impossible to justify not encrypting laptops. Low cost solutions from encryption specialists such as Utimaco can protect network data, laptops and removable media.

Finally, wireless is high risk and all mobile wireless traffic should be over VPNs and be encrypted, with the use of strong authentication.

Applied Security Launches New File Encryption Solution

2008-03-10T22:49:00.000+01:00

fideAS(r) file enterprise delivers data loss and information leakage prevention

10 March 2008: Applied Security has launched its new fideAS(r) enterprise file and folder encryption solution in the UK to protect and secure access to sensitive data on fileservers, deskops and laptops by encrypting all the files and folders on the disk drives. Integrated into existing workflow and completely transparent to users, the
fideAS(r) encryption process can also be used to control removable storage media such as USB keys or removable hard drives. This prevents data theft or leakage and also ensures that viruses or other malware are blocked from getting onto the network.

Other features of fideAS(r) file enterprise include automatic encryption of email attachments, revision-safe logging and the enforcement of the 'four-eyes-principle' that ensures at least two people are present to access specific confidential data.

The entire administration of fideAS(r) file enterprise, including access authorisations, is performed centrally using a simple graphical interface and is integrated with existing directory services such as Microsoft Active Directory. Role separation between system and security administrators ensures that no one has unauthorised access to confidential files; while keys and certificates are generated automatically and distributed to users as software or on smartcards and USB tokens.

"Recent high profile date loss incidents from the HMRC and Royal Navy to TKMaxx, and Marks and Spencer, could all have been avoided if files had been encrypted," says Frank Schlottke, CEO at Applied Security.

"It is clear that companies and public sector organisations now recognise that encryption is the most effective way to protect confidential data falling into the wrong hands and fulfilling compliance requirements. fideAS(r) file enterprise has been designed to combine a high level of cryptographic security with maximum user friendliness, so that encryption does not slow down or get in the way of day-to-day work activity," adds Schlottke.

Also available from Applied Security is fideAS(r) file safe, a free tool for encryption and decryption of files by a password that can be used to decrypt email attachments encrypted by fideAS(r) file. fideAS(r) file safe uses AES-256, the strongest state-of-the-art symmetric encryption algorithm.

Trend Micro Introduces Secure Message Archiving Solution for Mid-Size Companies

2008-03-10T22:47:00.000+01:00

New solution helps customers securely store and quickly access archived email; includes rapid e-discovery, compliance, tamper-proof architecture, and "privacy-guard."

Cupertino, Calif. - March 10, 2008 - Trend Micro Incorporated (TSE:
4704), a leader in network antivirus and Internet content security software and services, announced today its message archiving solution designed to help companies archive with accessibility and encryption, reduce email management costs, and protect and preserve the integrity of their electronic data.

Trend Micro(tm) Message Archiver (TMMA) delivers a fast, on-demand email search capability so employees can quickly access any archived email without leaving Microsoft(tm) Outlook(tm), or the need for IT support; installation time averages 30 minutes. The solution's tamper-resistant design, combined with forensics technology that uses digital fingerprinting and encryption, ensures that emails are authentic and un-altered for automatic legal compliance. In today's regulatory environment, this is a critical component and another reason why analysts predict the message archiving market will reach $1.37 billion in 2011.[1]

In a recent survey of IT administrators for mid-size companies, more than three quarters of them cite privacy safeguards to be especially important in an email archiving solution.[2] Trend Micro Message Archiver's "privacy-guard," a distinctive feature compared to other solutions, tracks and logs email searches by authorized users and sends an audit of them to a designated "data guardian" in order to safeguard employee privacy. Privacy-guard avoids potential abuse by privileged users and guarantees email searches occur for valid purposes.

"It's no surprise that email volume for companies is growing rapidly - nearly everyone uses it on a daily basis. And because of the tremendous amount of intellectual property that's stored in email, our customers have been asking for efficient message archiving to complement their Trend Micro content-security solutions," said Steve Quane, executive general manager for Trend Micro's small and medium business unit.
"Message Archiver addresses our customers' need for compliance, data protection, authenticity of data, easy management of large quantities of email, and employee privacy."

"Trend Micro Message Archiver was a quick installation; it was also easy to learn how to manage the system - no extra training was needed,"
said Seth Bjorn, network engineer for Goodwill Industries of Orange County. "As a mid-size company, we need something that is effective but doesn't consume a lot of time and money. Trend Micro Message Archiver addresses our need for compliance, our need to store huge amounts of emails securely, and our need to be able to access and search for these archived emails quickly and easily."

Pricing and Availability for North America Trend Micro Message Archiver is available immediately. Per user pricing varies by seat count and price decreases with volume. For the 501-1000 seat level, TMMA is $33.70 per user. This price includes search and compliance capabilities, as well as the first year of maintenance. The solution is available for a 30-day-trial download at:
http://us.trendmicro.com/go/tmma.

WatchGuard Unifies Security and Mobility

2008-03-06T22:42:00.000+01:00

New WatchGuard SSL VPN Stand Alone Security Appliances Give Remote and Mobile Workers Best in Class, Highly Secure Remote Connectivity

March 6, 2008 - WatchGuard® Technologies, a global provider of network security solutions, today unveiled new SSL VPN remote access appliances designed to give remote and mobile workers highly secure connectivity to their corporate networks. The WatchGuard SSL 1000 and WatchGuard SSL 500 offer an array of enterprise-class remote access features optimised for today's diverse range of mobile devices, platforms and network authentication options.

"Today, more than ever, mobility is the key to increased productivity and fundamental to global business practices," said Eric Aarrestad, Vice President of Marketing at WatchGuard. "With mobility comes the challenge of managing identities and keeping data secure. With WatchGuard SSL VPN solutions, customers can continue to provide remote and mobile workers with strong, secure access to their critical data without having to compromise on security or ease of use."

The WatchGuard SSL 1000 and 500 utilize web browsers or thin clients, end-point integrity checking, network interface control, as well as virtual desktops and session cleanup to deliver business applications right to the user for maximum productivity. The WatchGuard SSL 1000 and 500 deliver the most comprehensive range of authentication, identity management and security features along with support for the broadest number of devices and access options.

Best known for award-winning unified threat management (UTM) network security solutions, WatchGuard is leveraging its security experience and advanced technology to deliver powerful SSL VPN appliances that can work side-by-side with its UTM products, or be deployed in a mixed, heterogeneous network environment.

Key Features & Benefits
Multiple features make the new WatchGuard SSL VPN appliances ideal for mobile-rich, heterogeneous application environments. Key features include:
* Clientless SSL VPN Access - eliminates hassles of having to install proprietary software on every client device, while giving employees full remote access to all their applications
* Strong Authentication - allows administrators to use SMS and software-based two-factor authentication, as well as 14 additional methods of authentication, including token support for RSA, VASCO and VeriSign, which builds on IT investment protection for superior network security
* Single Sign On - allows users to seamlessly access information without having to repeatedly re-authenticate, which reduces help desk issues and enables users to be more productive
* Federated Identity - allows for sophisticated environments, such as business-to-business networks or company/departmental relationships, to give users seamless access to multiple or disparate resources
* Endpoint Integrity - examines every user device before it connects to the network, which reduces risk and provides for contiguous integrity and enforcement of security policies
* Administrative & Management features - with real-time scanning capabilities, automatic session cleanup, ActiveX and Java client support, as well as consolidated and comprehensive audit capabilities, administrators will appreciate having full control over remote workers

Pricing & Availability
The WatchGuard SSL 1000 and 500 appliances will be available globally from WatchGuard resellers in 30 days. The WatchGuard SSL 1000 with a 10 user license lists for £4,825 and the WatchGuard SSL 500 with a 10 user license is £2,850. As an incentive, WatchGuard will include its new SSL VPN appliances as part of its "Trade Up" program that gives generous discounts to WatchGuard customers upgrading from legacy systems, as well as to customers with competitive products who are looking for a superior price/performance alternative.

Secure 2008 - International Exhibition & Conference

2008-02-18T21:27:00.000+01:00

We are pleased to inform you that Services International is organizing a 2nd International Exhibition & Conference SECURE 2008 at Bandra Kurla Complex, Mumbai during 24th -26th November, 2008.

SECURE 2008 Exhibition represents a great opportunity for those seeking partnerships, alliances, potential investors and suppliers of new technologies and products. The exhibition will feature domestic and international companies displaying an unrivalled safety and security products, technology and services. It includes an investment of efforts towards strengthening the hands of safety and security on the whole with the help of cross boundary awareness in general and in different related industries towards the latest technologies, products and advancements in the same fields.

Main Industry Focus:

Access Control Systems , Alarms & Alarm Systems , Biometrics, Building Management Systems, CCTV and Remote Monitoring Control Systems , Control Station Equipment , Detection & Alarm Systems , Encryption Technologies, Guard Control & Monitoring, Identification Systems/ Smart Card Solutions, Retail Security Systems, Integrated Security Management Systems, Metal Detectors & X-ray/ Screening Equipment, Monitoring Technology and Systems, Network Security Systems, Automotive Security Systems, Aviation and Airlines Security Systems, Operations/ Security Control Centre Systems, People, Vehicle Tracking Systems/ Vehicle Security Systems, Perimeter Security Systems, Radio Systems, Surveillance Systems & Intruder Detectors, Tagging and Tracking Systems, Threat Image Projection Systems, Videophones, Counter Surveillance Equipment, Detection Devices (CBRN-Chemical, Biological, Radiological & Nuclear Threats / Gas detector etc.), Home Security, Information / Data Security, Integrated Digitals Voice Recorder (IDVR), Maritime Security, Night Vision & Optical Equipment, Security Screening, Hologram Manufacturers, Security Services, Safety & Protection products, Special Security Vehicle, Training Solutions, VIP Protection, Others.

VISITORS' PROFILE:

Airlines / Airports, Architects, Border Protection, Custom Department, Construction Companies, Diplomatic Corps, Government Departments / Civil Defense Officials, Hotels / Municipalities / Hospitals, Intelligence Agencies, Leisure & Retail Industry, Banks, Media, System Integrators, Transportation, Training Institutes, Security Managers, CCTV Team Leaders, CCTV Operators, Loss Prevention Managers, Senior Security Supervisors, Buildings & Transport Managers, Fire & Security Officers, Community Safety Officers, Surveillance Unit Co-coordinators, Risk and Insurance Officers, Asset Protection Consultants, Business Development Managers, Residential Sec Co-coordinators, IT Consultants, Digital Forensics Students, Head of Departments, Researchers, Security Advisors, Electrical Design Engineers, Cabling Services Officers, Senior CCTV Maintenance Engineers, CCTV / Security Officers, National Security Managers, Security Advisors, Risk Control Surveyors, Heads of Corporate Security, Computer Crime Investigators and Others.

To ensure your business success, a dedicated international and regional marketing campaign using the key industry publications, signage, targeted visitor mail outs, newsletters, and websites will be carried out to advertise the event. The show attracts an international and national audience of the security manufacturers, suppliers and service providers, showcasing an entire range of products, latest machinery and new technologies Security industry offers.

This edition promises to showcase the best in the industry by sourcing innovations, ideas and making global business alliances. It is the most cost effective way to reach the greatest number of decision makers in your specific target market in the shortest space of time. Make sure that your brand is present amongst the biggest names in the Safety and Security Industry.

Junk Mail problem solved by innovative solution

2008-02-17T20:25:00.000+01:00

The scourge of unwanted direct mail could be a thing of the past with today's launch of ChooseYourMail, a new online service at www.chooseyourmail.co.uk.

The service allows consumers to register their preferences and to receive direct mail only from companies and lifestyle sectors that interest them.

Currently, consumers have to decide between either opting-out of receiving direct mail altogether or else opting-in and receiving hundreds of mail pieces from companies that are of no interest.
However, because the opt-out solution (the Mailing Preference Service run by the Direct Marketing Association) prevents consumers from getting mail from companies that would be of interest, consumers are often unsure over whether to register with that service.

Chooseyourmail.co.uk, by contrast, allows consumers a third way whereby they can opt-in to receive direct mail only from lifestyle sectors and companies that are of interest, allowing them to be in total control of the direct mail they choose to receive.

Each year, more than 3.4 billion pieces of direct mail are delivered throughout the UK and research undertaken by Chooseyourmail.co.uk shows that upwards of 60% of people throw more than half of everything they receive straight into the bin whilst a third throw away more than 90% without giving it a second glance.

The research, conducted by pollsters the Leadership Factor, also reveals statistics about the type of direct mail people least like to receive, with more than half suggesting that financial offers were their least favourite mailings, with charities also faring particularly poorly.

Mark Jackson, a partner at Chooseyourmail.co.uk, says:
"The results of our research clearly show that consumers do not want to receive mailings from companies in which they have no interest. However, it must be remembered that businesses are also trying to cut wastage, and that's where we can assist too and in the process help reduce environmental pollution."

He added, "It's clear that people want to take control of what comes through their letter-box. At Chooseyourmail.co.uk we are giving people that choice by allowing them to select the direct mail they receive. For example, if a woman is interested in fashion, she can subscribe to Chooseyourmail.co.uk for free and choose to be contacted just by certain fashion companies whose products she wants to buy."

Global Security One revolutionises online security with launch of XGate

2008-02-16T20:32:00.000+01:00

Global Security One (GSEC1) has launched a ground-breaking security device which creates a highly secure wireless network, straight out of the box. XGate provides a range of benefits to both home and business users, including identity protection, secure banking and safe internet use for children through chatroom monitoring.

The pioneering device comes with a built-in firewall, anti-virus and anti-spyware to protect against banking fraud and parental controls such as web filters and remote PC shutdown via SMS. By identifying and blocking threats before they reach the computer, XGate provides a defence to ensure that personal information and sensitive data is kept truly secure.

“With the increase in criminal activity on the web, our aim is to make the internet safer, without limiting or restricting use,” comments Mark Brooks, Global Marketing Director at GSEC1. “The recent Panorama programme highlighted the potential dangers to children on the net, with 12 per cent of children admitting they have met with a stranger they found online. The explosion in social networking sites has also meant a rise in online threats, as cyber criminals create attacks targeting users of these sites to gather personal information.

“In online banking, fraud is a very real threat for many internet users. Payments association APACS says that card not present fraud is over £212 million, and this is just the tip of the iceberg when it comes to overall online financial losses. XGate provides a feature-rich solution to combat all of these common issues posed by the internet, along with identity protection, secure remote office working and other issues, enabling web services to be used more freely,” adds Mark.

As the first hardware security device, XGate eliminates the need for a separate router and security software, providing an easy to use, all in one solution for a safe internet environment. Additional functionality includes secure gaming, remote access via virtual private network and auto-configuration for simple set-up.

For further information please visit www.xgate.com.

IT Underground - International Security Workshop & Conference

2008-02-06T20:40:00.000+01:00

27.02.2008- 29.02.2008

Hotel STEP, Prague, Czech Republic

Your IT Life - Security or Disaster? - the choice is yours.....
Come to Prague, meet hackers - the good ones!!
3 days, over a dozen hours of workshops, best-known speakers...
Take care of all IT risks in your company! Join us and feel safe!

If you are interested in IT systems penetration and security issues,
this conference is for you!

IT Underground 2008, a conference organised by S.W. Media and Software - Conferences team. With each passing day your protections become more insecure. As well as the knowledge of your IT people obsolete. That's the reason, we created IT Underground - the conference for IT specialists. To deliver the most important thing everybody needs - KNOWLEDGE - how to defend yourself and how to improve your security

****INTERNATIONAL EXPERTS****
Daniel Mende, Oliver Roeschke, Raoul "Nobody" Chiesa, Skyper, Enno Rey, Simon Rich, Zaljko Vrba, Alessio "Mayhem" Pennasilico, Riley Hassel, Angelo Rosiello Thomas B. Ruecker Joffrey Czarny

****THE SPECIAL GUEST STAR****
SKYPER - THC researcher presenting GSM security

**** BYOL ****
Most lectures will be conducted in BYOL (Bring Your Own Laptop) mode, aimed at participants who have brought their own computers and therefore will actively participate in sessions. Attendees will be able to boot their machines using a CD containing Hakin9 Live distro as well as documentation and then hack into test networks using the techniques described by the lecturers or try to defend themselves against such attacks performed by others.

**** PRAGUE ****
PRAGUE- is a tourists’ paradise offering all a tourist could hope for. From secret corners and romantic places overlooking the historically valuable city centre with vibrant atmosphere......
Need more?
Everyday, innumerable cultural events take place in Prague and it is impossible to manage to see them all.

www.itunderground.org

Veracode Shines Spotlight on Software Backdoors as Emerging Threat

2008-02-04T20:30:00.000+01:00

Exciting innovator in application security testing heals pain points with first online based subscription service for testing software code

Burlington, Mass., 4 February 2008 – Veracode, the first provider of on-demand application security testing solutions, today announced a further innovation – comprehensive detection of backdoors and malicious code.

Veracode is the only company to offer application code reviews on a software-as-a-service subscription basis. Veracode’s SecurityReview® is the first solution to enable organisations to discover security flaws in software automatically, without releasing their valuable source code. Whether a company is buying or building software Veracode helps improve the security quality of applications without the need to hand over precious intellectual property by providing comprehensive identification and remediation of the security flaws contained in binary code, the very foundation of today’s software applications.

The addition of the new backdoor detection capability further strengthens Veracode’s position as a true trailblazer in the application security arena. Backdoors are often included in programmes by developers for seemingly legitimate purposes but are increasingly being exploited by hackers to compromise applications. Research from the US Department of Homeland Security points to a significant risk from backdoors and 23% of software packages used by US government employees have backdoors built into them.

"Backdoors and malicious code pose significant operational risk to enterprises and software that are just too significant to ignore,” said Matt Moynahan, chief executive officer of Veracode. “Given the complexity of modern application development, the common practice of outsourcing and increasing use of third party libraries, it is nearly impossible for an enterprise to identify the pedigree and security level of the software running their business-critical applications and handling their customer’s personally identifiable information. As a result, we expect backdoors and malicious code insertion to become an increasingly prevalent attack vector against the enterprise. Because the binary (compiled code) represents the actual attack surface for the hacker, testing the application binaries is the most accurate and complete way to conduct final, independent security validation and verification.”

As the complexity of modern software applications increases, with components assembled from reusable binary components, backdoors can easily circumvent even the best of QA cycles, resulting in the need for a more complete and accurate approach to software security testing. Veracode’s binary software testing, which provides 100% coverage as opposed to the partial coverage of today’s source code-only analysis solutions, is uniquely positioned to tackle the backdoors and malicious code challenge by offering a complete, independent security verification of an entire software application.

On the back of extensive research, Veracode has developed the first comprehensive taxonomy of backdoors so that organisations and application developers can better understand how to detect these hidden threats. Veracode has found that the average time to discovery of a backdoor inserted in open source software was measured in weeks. Backdoors in commercial “closed source” applications went undetected for years, putting company and individuals’ personal data at risk.

SecurityReview is now fully available in the UK.

For more information on Veracode’s software backdoor capabilities, please visit us at http://www.veracode.com/.

Brits Lack Trust in Digital Age

2008-02-04T20:28:00.000+01:00

Alarming levels of distrust emerging amidst UK's mobile users and their social networks

London: Four in five UK internet users admit to feeling unsafe sharing their mobile phone number via the contact areas of social networking sites such as; Facebook, Bebo and MySpace. Nearly 80% of all respondents in a recent Mobyko.com survey stated they would not publicise their own number in this manner. The findings reveal the reason behind this growing trend of cautiousness - is the innate lack of trust relating specifically to the people within an individual's online social network.

Julian Saunders, CEO of Mobyko.com said: "We know that people freely share their mobile numbers in the physical world. But, when it comes to doing so in the virtual world different factors come into play. It could be argued that the majority of people within our virtual communities are simply people we've either never met or perhaps just the once - and are not necessarily trusted acquaintances. This raises the question; would we have bothered to keep in touch if social networking hadn't gone mainstream?"

The Mobyko.com study investigated trust in relation to the valuable content on people's mobile phones. It found that 10% of Brits openly confess to frequently checking their partner's mobile phones - without them knowing or having permission to do so. The most checked items are; text messages (90%), call history (75%) voicemails (40%), photos and videos (35%). The findings also revealed that we're becoming mobile snoopers - with nearly one in ten of us regularly sneaking a peek at a stranger's mobile phone - when travelling on tubes, buses and trains.

Saunders concluded: "As consumers we need to better manage and protect the valuable content carried around both in our pockets and published on the web. These findings point toward a growing level of distrust and 'sticky beak' syndrome across the UK.

We generate lots of content by everyday use of our mobiles - photos, texts, messages etc - much of which finds its way onto social network profiles. As such, there is a defined need for a secure personal 'space' in which to store and manage it."

Web hosting providers underestimate the security threat facing web applications

2008-01-30T16:26:00.000+01:00

Hosting customers left to fend for themselves as attack levels rise

January 30, 2008, New York. Despite the highly publicized attacks on websites worldwide, many web hosting customers remain unprotected against the newest forms of attacks as cyber crime tactics evolve, says Applicure, a leading web application firewall specialist which protects hosting companies and their customers from incoming web server attacks.

Hundreds of thousands of web site operators - many with little or no technical expertise - rely on web hosting providers to keep their websites and web applications safe. Yet events such as the recent SQL injection attack that compromised more than 70,000 websites, and the 10,000 web sites serving up malicious code in December, show hackers are exploiting vulnerabilities in web applications with impunity.

The combination of traditional firewall technology becoming mainstream and enterprise networks improving their defenses has driven hackers to find more vulnerable targets.

Yaacov Sherban, CEO of Applicure, commented: 'Popular entry routes for attacks now focus on web applications including message boards, forums and registration forms, which puts websites of every kind right in the firing line. With many web applications virtually unprotected, it's easy for hackers to deface or shut down the website, or else manipulate the applications to reveal sensitive data. For web host providers all it takes is one customer website to be breached and the whole server, with thousands of hosting customers, can be wide open.'

The traditional approach to application vulnerabilities is to scan programs and patch the weaknesses. 'Naturally, hosting companies cannot be expected to scan and patch vulnerabilities in their customers'
applications,' says Sherban. 'The good news is that security technology has advanced to the point where attack monitors and specialized web application firewalls can be deployed within minutes, and the additional security is provided to customers as a value added service.'

Sherban goes on to say: 'What makes this new technology special is that it detects and intercepts suspicious traffic before it gets to the customer's site, potentially preventing an attack that would otherwise lead to a damaging breach.'

Applicure's web application firewall solution:
Applicure's dotDefender v3.2 is a security software solution for web applications which provides advanced protection against external and internal hacking. dotDefender provides high strength protection against SQL injection, cross-site scripting, path traversal, and many other application attacks. Free download of Applicure's attack monitoring tool, dotDefender Monitor, and free 30 trial of dotDefender are available at www.applicure.com.

Web hosting providers underestimate the security threat facing web applications

2008-01-30T16:25:00.000+01:00

Hosting customers left to fend for themselves as attack levels rise

January 30, 2008, New York. Despite the highly publicized attacks on websites worldwide, many web hosting customers remain unprotected against the newest forms of attacks as cyber crime tactics evolve, says Applicure, a leading web application firewall specialist which protects hosting companies and their customers from incoming web server attacks.

Hundreds of thousands of web site operators – many with little or no technical expertise – rely on web hosting providers to keep their websites and web applications safe. Yet events such as the recent SQL injection attack that compromised more than 70,000 websites, and the 10,000 web sites serving up malicious code in December, show hackers are exploiting vulnerabilities in web applications with impunity.

The combination of traditional firewall technology becoming mainstream and enterprise networks improving their defences has driven hackers to find more vulnerable targets.

Yaacov Sherban, CEO of Applicure, commented: ‘Popular entry routes for attacks now focus on web applications including message boards, forums and registration forms, which puts websites of every kind right in the firing line. With many web applications virtually unprotected, it’s easy for hackers to deface or shut down the website, or else manipulate the applications to reveal sensitive data. For web host providers all it takes is one customer website to be breached and the whole server, with thousands of hosting customers, can be wide open.’

The traditional approach to application vulnerabilities is to scan programs and patch the weaknesses. ‘Naturally, hosting companies cannot be expected to scan and patch vulnerabilities in their customers’ applications,’ says Sherban. ‘The good news is that
security technology has advanced to the point where attack monitors and specialized web application firewalls can be deployed within minutes, and the additional security is provided to customers as a value added service.’

Sherban goes on to say: ‘What makes this new technology special is that it detects and intercepts suspicious traffic before it gets to the customer’s site, potentially preventing an attack that would otherwise lead to a damaging breach.’

Applicure’s web application firewall solution:
Applicure’s dotDefender v3.2 is a security software solution for web applications which provides advanced protection against external and internal hacking. dotDefender provides high strength protection against SQL injection, cross-site scripting, path traversal, and many other application attacks. Free download of Applicure’s attack monitoring tool, dotDefender Monitor, and free 30 trial of dotDefender are available at www.applicure.com.

WatchGuard Ups the Ante for Network Security

2008-01-28T16:23:00.000+01:00

Unveils next generation of highly reliable security solutions that strengthen network security, improve user connectivity and simplify network management

January 28, 2008 - WatchGuard(r) Technologies, a global provider of network security solutions, today unveiled its latest network security software for the Firebox(r) X Peak(tm), Core(tm) and Edge unified threat management (UTM) appliances. This positions WatchGuard UTM devices as the leading price/performance UTM appliances, delivering a wide range of new security capabilities, connectivity features, increased performance
and robust network administrative tools.

The new WatchGuard Fireware(r) 10 and Edge 10 releases are highly-reliable, feature-rich UTM operating systems. Unlike other network security devices, Fireware 10 and Edge 10 are optimized for today's complex network connectivity schemes and are designed for high-reliability, enhanced UTM functionality, hardened security and
greater administrator management and ease of control.

New features include integrated SSL VPN functionality along with support for Mobile VPN for Windows(r) Mobile devices, and SIP and H.323 for voice over IP or video conferencing; real-time Virus Outbreak Detection
(VOD) that identifies and blocks e-mail based malware based on Recurrent Pattern Detection; and a powerful new enterprise logging and reporting
engine.

"Businesses today face increasingly new challenges of more mobile workers, remote and branch office environments and new technologies that stretch the limits of conventional network security appliances," said Eric Aarrestad, Vice President of Marketing at WatchGuard. "Recognising this, WatchGuard developed version 10 to alleviate connectivity challenges, while improving security and providing administrators with new levels of network security visibility."

"We're excited by this new product announcement as it moves WatchGuard further forward and is a clear example of the major changes that have taken place under the new owners and management," says Ian Kilpatrick, director, Wick Hill, WatchGuard's UK distributor. "This is part of the new direction and focus that will support and underpin the strong channel growth plans for 2008."

New Levels of Security and Connectivity Version 10 includes a myriad of new features to keep users securely connected to their network. For example, Fireware 10 and Edge 10 now integrate SSL VPN functionality. This makes them an ideal solution for mobile and remote workers who need to securely connect from virtually anywhere. Further addressing secure mobility needs, both operating systems will support Mobile VPN for Windows(r) Mobile devices, and for workers who use voice over IP or video conferencing, Fireware 10 and Edge 10 support SIP and H.323 connections. Additionally, Edge 10 includes a wireless bridge mode that extends secure connectivity for wireless users.

Once connected, users and network administrators will appreciate the new single sign-on capability, which provides pass-through authentication to help users stay seamlessly connected to their corporate networks.

For customers running the optional WatchGuard spamBlocker security subscription, version 10 now includes support for Virus Outbreak Detection (VOD), an advanced, real-time security technology that identifies and blocks e-mail based malware, including spam, viruses and phishes. Because VOD uses Recurrent Pattern Detection technology, no signature updates are required, thus giving connected users immediate protection against unknown, "zero-day" virus attacks.

Additionally, Fireware 10 adds support for Vasco's popular two-factor authentication solutions for businesses that require the highest levels of secure connectivity. In summary, these features help workers stay more securely connected than ever before, thus allowing businesses to focus on productivity rather than employee help desk calls.

Full UTM Security Optimized for Network Administrators Administrators will value WatchGuard System Manager's (WSM) all new logging and reporting engine that scales for enterprise environments.
This is complemented by powerful new log analysis tools, integration of WatchGuard LiveSecurity(r) alerts into the appliance UI and support for SNMP v3; all of which provide administrators with unparalleled network security visibility, management and control.

Additional administrative tools in WebBlocker with version 10 include up to 54 categories of web filtering preferences, including URL-based filters, giving administrators unprecedented granular control and greater accuracy than just IP-based filters.

Another management issue addressed by version 10 revolves around employees and students who misuse HTTPS to bypass network security filters. By inserting "s" at the end of "http" in most web browser URL lines, users can often bypass many firewall and administrative rules, and hence surf inappropriate, unauthorized or otherwise unsafe websites.
Fireware 10 and Edge 10 now include WebBlocker filtering for HTTPS web pages, effectively eliminating this pernicious security and productivity risk.

WatchGuard Fireware 10, Edge 10 and WSM 10 - Pricing & Availability WatchGuard Fireware 10 and Edge 10 will be available for free for customers who have a current WatchGuard LiveSecurity subscription. New WatchGuard Firebox X Peak, Core and Edge UTM devices will include Fireware 10 or Edge 10 for free and can be purchased from resellers around the world. Fireware 10, Edge 10 and WSM 10 will be available for download within 30 days.

BullGuard Declares War on Spam with Free Spamfilter

2008-01-23T16:21:00.000+01:00

BullGuard Launches Free Spamfilter with Free Support

Copenhagen, 23rd January 2008 - Today BullGuard, specialist security solution provider, is pleased to announce its global attack on spam with the release of a free Spamfilter. The BullGuard free Spamfilter which includes 24/7 Live Support and integrates with all major email clients is available for download from BullGuard's website www.bullguard.com.

"Research has shown that people consider spam to be the number 1 nuisance on the internet", says Theis Søndergaard, CTO and co-founder of BullGuard. "Over 80% of all emails sent today are spam. With our free Spamfilter we give people a tool to keep their inboxes clean. In turn we use their input to further improve the efficiency of the BullGuard Spamfilter.

The BullGuard Spamfilter is a collaborative filter which benefits from user input worldwide. If BullGuard Spamfilter users report a message as spam, which is done by simply clicking a button in their email client, other users will no longer receive this message in their inbox - it will automatically be identified and sent to the spam folder instead. The BullGuard Spamfilter integrates fully with the Outlook, Outlook Express, Windows Mail and Thunderbird email clients.

"Two unique components of the BullGuard Spamfilter are Thunderbird integration and the incorporation of BullGuard Support. We normally include BullGuard Support in all our products, but it is not often you see a free product which includes free 24/7 access to live support", says Søndergaard.

The BullGuard Spamfilter is already part of BullGuard Internet Security, BullGuard's award winning complete PC security solution which also consists of BullGuard's Antivirus, Antispyware, Firewall, Backup and Support components. BullGuard Internet Security users are also set to benefit from the release of the BullGuard Spamfilter as a wider user base will result in more user input and improved spam filtering.

Visit www.bullguard.com and join the BullGuard spam revolution today.

New Avaya Communication Manager Software Accelerates Evolution to Full-Featured, End-to-End SIP Communications

2008-01-21T16:20:00.000+01:00

Avaya's Advanced Intelligent Communications Platform Helps Kratos Defense & Security Solutions, Xeta Technologies Gain Flexibility, Streamline Costs

FOR IMMEDIATE RELEASE: Monday, January 21, 2008 Basking Ridge, NJ -- Avaya today introduced enhancements to its market-leading IP Telephony solutions delivering advanced Intelligent Communications capabilities using end-to-end, full-featured Session Initiation Protocol (SIP). This includes the latest version of Avaya's flagship IP telephony software - Avaya Communication Manager 5.0 - which enables businesses to gain essential and innovative telephony functions using end-to-end SIP. With open standards-based SIP, businesses can drive greater cost-efficiencies in the deployment of enterprise communications, and help improve productivity among an increasingly-mobile workforce.

Since its debut in 2002, Avaya Communication Manager has helped businesses cost-effectively evolve their communications to IP Telephony and now, SIP. It also provides a foundation for applications powering contact centers, unified communications and mid-sized businesses (using MultiVantage Express). Avaya is the global leader in IP Telephony revenues[1].

Avaya Communication Manager 5.0 gives IT administrators a more cost-efficient and reliable way to implement end-to-end SIP. The software now features embedded SIP, allowing co-residency on a single server (initially with the Avaya S8300C Server) - eliminating the cost and management issues associated with multiple servers. New SIP trunk alternate routing - a key capability for redistributing voice, video and data when network congestion arises - is also available, making communications more reliable.

New SIP firmware for Avaya endpoints provides an integral part of the end-to-end solution. Avaya's advanced one-X IP Deskphones can be SIP-enabled - leveraging open, multimedia communications for improved productivity and mobility - and the phones can interchange between SIP or IP environments. Avaya's SIP-enabled phones bring presence to directories to let users see the availability of colleagues. Mobility features are also SIP-enabled, such as Extension-to-Cellular, which transparently bridges a user's cell phone with their phone extension, and "SIP Visiting User", which lets users log into and access their deskphone features from any phone on the network.

A new version of the Avaya Video Telephony Solution is also now SIP-enabled, providing a more cost-effective way to deploy enterprise-class videoconferencing. Enhancements allow users to handle "ad hoc" video calls in the same way as voice calls, simply adding and forwarding both voice and video, and creating video conferences for up to six people.

"Businesses expect enterprise-class communications to be reliable, feature-rich and always-on," said Simon Woollett, vice president and general manager, Avaya's Converged Communications Division. "Avaya now delivers on these expectations in the open SIP world, enabling companies to more easily and cost-effectively deploy next generation applications such as customer service and unified communications - and gain maximum impact from them."

Avaya recently attained SIPconnect Compliant certification from the SIP Forum, a leading independent IP communications industry association that contributes to the development of global IP communications based on SIP.

Other new advancements in the Avaya Communication Manager platform include a new software maintenance model for its communications applications Software Support Plus Upgrades. With the introduction of Communication Manager 5.0, this new model is available on virtually all of Avaya's enterprise communication applications. It provides a three-year subscription for all major upgrade releases and service packs, driving lower upgrade prices and streamlined access to future releases. Customers can save 25-35% on average in upgrade costs with Software Support Plus Upgrades.

The updated portfolio also gains a new media gateway - the Avaya G450 - for more flexible choices for branch offices and small campuses.

More Businesses Evolving to Intelligent Communications With Avaya SIP Over the years, Avaya Communication Manager has helped businesses securely and easily evolve their communications from traditional telephony to IP telephony and now to SIP. Kratos Defense & Security Solutions, a national provider of defense, services and public safety and security solutions, relied on the flexibility of Avaya Communication Manager, as they grew rapidly through new acquisitions. With SIP, the communications systems inherited through each acquisition can be seamlessly integrated into Kratos' network.

"We recently acquired a company that had another vendor's phones," said John Jensen, director of communications for Kratos Defense & Security Solutions. "With the SIP capabilities of Avaya Communication Manager, we've been able to integrate the other vendor's phones very easily - and enhance them with a much broader feature set."

Another Avaya SIP user is Xeta Technologies, a leading provider of voice communications systems and data networks and an Avaya Platinum business partner. Xeta uses the new Avaya Communication Manager 5.0. According to Jim Middleton, senior solution architect with the company, the solution lets businesses download configurations directly to any SIP phone on their network, which eliminates the need to program each one individually.

"The new advancements eliminate the need for a separate application server for SIP," adds Middleton. "We see SIP reducing deployment costs by about $5,000 for every one hundred users, making enterprise communications far more affordable than ever before."
New Products Referenced in this Press Release Include:
--Avaya Communication Manager 5.0
--Avaya SIP Enablement Services 5.0
--SIP R2.0 firmware for the Avaya one-X Deskphone 9620, 9630/G, 9640/G models
NOTE: Avaya 9600 series phones can be provisioned as either SIP or H.323 devices with no extra charge.
--Avaya Video Telephony Solution
--Avaya G450 Gateway

Email bullying, online fraud, electronic identity theft: guard against cyber crime with new course

2008-01-18T16:19:00.000+01:00

If a malicious employee stole data from your organisation, would you have the skills to detect it? Could you gather evidence that would help the authorities prosecute a criminal case? Would you be able to produce the evidence to handle a disputed transaction, or a misbehaving employee? In this digital age we live in, computing security and business IT processes are under more scrutiny and pressure than ever
before.

A new postgraduate course from The Open University is now available to equip professionals with a basic understanding of this complex field.
Computer Forensics and Investigations provides an introduction to the world of digital evidence collection, forensic computing and IT incident management. The course will enable people to know what to do in the first initial stages of investigation - being a 'First Responder' to a situation and helping an organisation prepare for problems before they happen.

Carefully constructed to balance the legal and technical aspects of this area, the course is relevant to IT professionals wishing to broaden their skill set, human resources managers who need to understand the issues and legal professionals seeking a new challenge. Specially commissioned material has been written by a legal and technical expert in the field, Peter Sommer, who has acted as an expert witness in high-profile cases ranging from terrorism and fraud, Internet child abuse and international hacking to corporate espionage, defamation and
murder. Peter also has had experience in Westminster and Whitehall as
a specialist advisor.

Peter Sommer said: "IT related crimes are more prolific and businesses have to guard themselves against a multitude of issues: fraud, illegal downloads, theft of data and online bullying, for instance. Cyber crime is a major issue: in addition to the spectacular events that capture media attention, most businesses are likely, over a 12-month period, to suffer from incidents where digital investigation and evidence are required, for example, disputed transactions, employee disputes, minor
frauds and attacks. Some universities offer courses to produce
forensic technicians and analysts - but there is a huge need to support the 'first responder' as it is at this point that much useful information is lost, or even inadvertently destroyed."

Students on the course will learn the essentials behind identifying, acquiring, preserving and analysing evidence and gain an overview of relevant law. They will use authentic computer forensic tools during investigations of specially prepared scenarios that replicate real-life situations, developed with input from digital forensic consultancy Evidence Talks Ltd.

Course Team Chair Blaine Price said: "An understanding of the basics of computer forensics is becoming more and more important for a wide range of professionals. But in contrast to the high-profile media representations of the subject on TV shows like CSI and Spooks, this course is not aimed just at 'techies' - it also teaches skills important for managers and those with legal interests at companies of just about any size."

This course will give a good grounding in forensic computing and equip students for further study. It is a 15-point postgraduate level course which can be used towards a postgraduate qualification. The first presentation of the course starts in May 2008, with registration closing at the end of March. The course will run again in November 2008.

Time To Take Information Classification Seriously Warns The ISF

2008-01-16T16:18:00.000+01:00

Data losses put focus back on classifying and protecting sensitive data says a new report from the Information Security Forum

16 January 2008: Recent high profile date losses have highlighted the need for better information classification and the implementation of data protection measures based on the level of sensitivity and confidentiality, according to the Information Security Forum (ISF). In its latest report, the ISF suggests that because many existing approaches to information classification are overly complex they rarely deliver business benefits and are often simply ignored.

"Traditional Information classification is characterised by the 'Top Secret' rubber stamp in James Bond films," says Nick Frost, the report's author and senior research consultant at the ISF. "Today, information exists in many different forms, from paper documents and verbal communications to the masses of electronic data stored, transmitted and processed. While introducing an effective enterprise wide scheme is daunting, organisations can no longer afford to ignore its importance if further embarrassing data loses are to be avoided."

Information classification requires a consistent process to determine the level of confidentiality of a piece of information; the development of techniques for communicating the level of classification; and the practical implementation of measures to protect information accordingly.

But the benefits of successful Information Classification are considerable according to the ISF report. By ensuring that information is adequately protected, good information classification helps to prevent over- or under-engineering of controls, so reducing potential operational overspend and unnecessary drains on resources. Information Classification can also help to enforce better access control policies and be used to demonstrate compliance for legislation such as Data Protection and Privacy along with regulations including HIPAA and Gramm-Leach Bliley.

The report highlights that to achieve these levels of success requires participation across an organisation from HR and Legal to IT and Audit, along with Board level support. "Having senior managers with a shared strategic vision and understanding of information classification and the value it can deliver is critical to overcome budgetary and organisational issues," says the ISF's Nick Frost: "It is also vital to run a successful pilot project to show a 'quick win' to demonstrate the benefits."

The ISF is a not-for-profit international association of over 300 leading international organisations, which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research programme and has invested more than US$100 million to create a library of over 200 authoritative reports along with information risk methodologies and tools that are available free of charge to ISF Members. For more information visit www.securityforum.org

Gemalto and Nagravision Achieve A World’s First By Demonstrating An End-to-End OMA BCAST Smartcard Profile Interoperability Solution

2008-01-15T16:16:00.000+01:00

• First ever integration and testing of the complete value chain was implemented at Open Mobile Alliance (OMA)TestFest 21

• Nagravision and Gemalto first to successfully demonstrate interoperability between head-end equipment and a Mobile TV card in full compliance with the OMA BCAST SCP 1.0 specifications

• Nagravision’s OMA BCAST SmartCard Profile head-end solution is available today and Gemalto’s one will be available early 2008 providing all the functions needed to protect broadcasted service and content

Cheseaux, Switzerland and Paris, France - January 15, 2008 - Nagravision, a Kudelski Group (SWX:KUD) company, and Gemalto (Euronext: NL0000400653 GTO) announced today that they achieved a world’s first by demonstrating a fully operational, end-to-end OMA BCAST Smartcard Profile 1.0 Solution for mobile TV services.

At the OMA TestFest 21, held in Bled (Slovenia), from November 9th to 16th, the companies implemented the first ever integration and testing of the complete value chain of products from the head-end to the consumer device. The successful demonstration of interoperability between Nagravision head-end equipment and Gemalto Mobile TV cards was tested and verified to be in full compliance with the OMA BCAST SCP 1.0 specifications.

The OMA BCAST smartcard profile is an open standardized SIM-based service protection system defined by OMA members including mobile operators, device and network suppliers, and content providers.

Jean-Luc Jezouin, senior vice president Mobile TV business unit at Nagravision said: “We are building on our clear leadership in mobile conditional access, demonstrated by our current 95% market share in DVB-H users worldwide using the DVB OSF standard, and we continue to lead the market by delivering the first products that are fully compliant to the OMA BCAST specifications. Through this collaboration with Gemalto, we are actively participating in the launch of the mobile TV business and can further assist operators by helping them protect and make money from the content delivered. At TestFest 21, Nagravision demonstrated the most advanced OMA BCAST Smartcard Profile head-end platform, performing all tests covering the entire mobile TV value chain. The product is now available for shipment to our customers.”

“Gemalto has successfully performed the end-to-end testing and integration of its Mobile TV card with the Nagravision Head End server; it is a first in the world and Gemalto achieved it” comments Gabrielle Bugat, senior vice president Mobile TV Business Group at Gemalto. “Gemalto SCP cards will be available by early 2008 and will fully comply with the OMA BCAST specifications. The Mobile TV cards will be bundled with a unique maintenance service that allows USIM-based software to be updated at any time to maintain a constant high level of security and implement new functionalities.”

OMA believes that interoperability is critical to ensure the commercial success of mobile data services, including those delivered by 2.5G and 3G networks.

Consequently, the OMA interoperability process (IOP) was established around the concept of regularly held Test Festivals, now called OMA TestFests. Hosted by the OMA, member companies, like Nagravision and Gemalto can bring their implementations to test in multiple cross-vendor combinations. OMA TestFests are designed to have a dual purpose by ensuring the quality of OMA specifications and enabling vendors to verify and test the interoperability of their product implementations.

For the first time, Nagravision and Gemalto OMA BCAST Smartcard Profile solutions were successfully tested, providing all the functions needed to protect broadcasted service and content. Solutions can be configured as extensions to existing Nagravision conditional access integrations or as a stand-alone platform.

The solution will be showcased at the 2008 GSMA Mobile World Congress in Barcelona (11-14 February 2008) at Nagravision hospitality suite 4.4HS02 and on Gemalto booth 8 A 102 (Hall 8).

70,000 websites hit by SQL attack - media commentary

2008-01-09T21:35:00.000+01:00

Commentary from Yaacov Sherban, CEO Applicure Technologies Ltd, on recent SQL attack on 70,000 websites.

The recent SQL injection attack which compromised more than 70,000 websites (including .gov and .edu sites) and hijacked visitors’ PCs is another real life example of how hackers are now targeting applications instead of network vulnerabilities.

This time it was a database attack: MS SQL was attacked, next time it could be Oracle, MySQL or indeed some entirely different system component. The unavoidable conclusion is that unless organizations deploy a web application firewall with updating capabilities their websites, customers, and information assets will be exposed to attacks. The underlying fact is that developers are unable to build secure web applications for three main reasons:

1. Developers are not working closely enough with the security industry to develop securer applications. Security training and secure coding are essential to create safer applications.

2. Even if a developer did a good job, new vulnerabilities are discovered all the time and the system developed will always need to play catch up. The problem is inherent to the system architecture and cannot be addressed by secure coding alone.

3. Investment in developing secure applications is not a high priority, and it is very costly. We have seen cases where secure development doubled the development costs. And then there is a need to maintain the investment to cover patching and other updates. Some organisations opt for penetration testing after the application was developed, but at this time it is too late the fix the problem thoroughly and ensure patches do not create new security problems.

While the industry strives to address these issues, Applicure Technologies offers a tool for system owners to protect their existing non-secured applications against the majority of threats. dotDefender adds a security layer to applications that stops harmful requests before they reach the application, thus preventing abuse of the vulnerabilities.

Ultra-Portable USB Device Protects PCs from Broadest Range of Attacks

2008-01-07T19:08:00.000+01:00

LAS VEGAS, January 7, 2008 – Taking a page from its own miniaturization playbook, Yoggie Security SystemsTM (exhibiting at 2008 International CES in the Sands Convention Center, Innovation Pod #269) has introduced a unique, ultra-portable USB key-sized hardware-based firewall solution to protect PCs from malicious attacks.

The Firestick PicoTM places a physical barrier between PCs and the Internet to ensure that threats never reach users’ computers. Unlike software firewalls, the fire red colored Firestick Pico mini-computer is based on a dedicated hardware platform specifically designed to protect PCs from the most devastating menaces including denial of service, buffer overflow and the broadest range of malicious attacks. It blocks all Internet threats and attacks outside – before they reach PCs or laptops.

The Firestick Pico is a complete Linux-based 300 MHz computer with a dual flash memory mechanism that constitutes an ‘untouchable operating system’ running an independent firewall application. In addition, each Firestick Pico comes with a complimentary Kaspersky security software suite.

“Yoggie’s Firestick Pico brings another choice to end users,” said Shlomo Touboul, CEO and founder of Yoggie Security Systems. “While our Gatekeeper Pico offloads all security applications from a PC, the Firestick Pico offloads just the firewall functionality at a much lower cost. This allows different levels of security and a range of price points for discerning buyers who are joining the Yoggie revolution: moving security applications from the PC to dedicated, miniature computers to enhance security and improve PC performance.”

With Yoggie’s Firestick Pico, road warriors can connect to any unsecured hotspot with the comfort of being completely protected.

The Firestick Pico, at an MSRP of $119, is now available at leading e-tailers including: Buy.com, Amazon.com, NewEgg.com and BestBUY.com, in leading high-street retailer Fnac in France and will be introduced into leading retailers in the U.S. and U.K. in early 2008. A full list of e-tailers and retailers can be found at www.yoggie.com/retailers.

Pitney Bowes Calls For ‘Soft Target’ Security Review

2007-12-20T21:15:00.000+01:00

New FBI Report Identifies Trend Towards Use of Chemical / Biological WMD’s

Document outsourcing specialist Pitney Bowes Management Services is calling on public and private sector businesses to urgently review mail security measures in light of a new terrorism threat report released by the FBI.

The report called "Terrorism 2002-2005" argues that terrorists are increasingly eyeing so-called ‘softer targets’ as security around traditional diplomatic and military targets improves.

The report suggests that it is chemical and biological WMD’s that represent the gravest threat – and that ‘civilian targets’ have become the focus.

Richard Thompson, Managing Director, Pitney Bowes Management Services, states: “This latest FBI report should make UK public and private sector businesses sit up and take notice.

“One need only think back to the letter-bomb incidents earlier this year to recognise how ill-prepared organisations are to mail-based threats of this type.

“For many, the mail remains a critical area of vulnerability. Aside from the risk to life, site contamination can cost businesses millions in downtime and business critical documents may be quarantined or even destroyed. Even hoax attacks can disable buildings and lose companies millions.

“The post-room can be made into a highly controlled environment where mail is screened, threats identified and danger isolated and averted. Organisations must concentrate on addressing the points of potential attack that can be monitored and controlled in practicality.”

A recent report by Pitney Bowes Management Services (PBMS) highlighted those industry sectors that receive a higher proportion of mail-based security attacks.

PBMS analysed a representative sample of the secure mail facilities of organisations across the US and the UK to establish the sectors that receive most suspicious packages. Using a year’s worth of data on mail throughput and suspicious parcel investigation, an index of vulnerability was constructed amongst key sectors, revealing relative levels of suspicious letter or package receipt.

The resulting index figures showed that Government, Finance and Hi-tech companies stand out as those mainly at risk from attack through the mail – a scale leap ahead of any other sector studied. Evidently, organisations within these sectors that do not yet have secure facilities screening their mail need to act fast if they are not to face insupportable levels of risk.

Simplistic Security Could Cause Corporate Collapse in 2008, Warns Secerno

2007-12-17T21:13:00.000+01:00

Database security expert argues intelligent behaviour analysis will be key

Oxford, United Kingdom, 17 December 2007 - Secerno (www.secerno.com), the technology leader in data security, today warned that simplistic security solutions based on signature block lists or rules-based network security will put organisations at risk in 2008, as it becomes impossible for these products to keep up with the multitude of new attacks.

2007 has been regularly punctuated with data breaches, and as a result public awareness of data protection has risen to an all-time high of 85% (1). The Information Commissioner's annual report also highlighted the ICO received almost 24,000 enquiries and complaints concerning personal information over the 2006/7 period, prosecuting 16 individuals and organisations just over 12 months (2).

Steve Hurn, CEO, Secerno comments, "The memory of the damage caused by 2007's numerous security breaches will not fade quickly. Breaches such as the HMRC's loss of two discs affected 25 million people, whilst Leeds Building society recently lost sensitive data relating to workers payslips and just last week, the DVLA compromised 6,000 drivers after losing their sensitive information. Consumers and credit card companies will no longer tolerate what have now become exceedingly routine data loss incidences."

Secerno's annual report: "The State of Data Security 2007/8" predicts this will drive security attention from the network towards the applications, and particularly data sources. The result will be the emergence of an increased number of intelligent behavioural analysis solutions that can understand the context of requested data transfers and data flows, both into and out of organisations.

"While the business drivers of cost and centralisation make sense, the security issues pertaining to authorised access and authentication to prevent abuse of access rights to a single, large source of sensitive data are tremendous. 2008 will finally see the acceptance of monitoring and auditing procedures in an attempt to achieve control over data access through the adoption of more intelligent blocking approaches to protect enterprise scale environments," adds Hurn.

During 2007, legal compliance has also been a key driver for security spending globally. However, as complexity of compliance increases due to political pressure and government legislation, IT security purchasers will demand reporting procedures to be integrated into their existing technology platforms. Hurn believes, "This will force point solutions providers to deliver added value and security beyond audit and reporting. Those without the required assets will fade away."

Hurn concludes, "Security will increasingly become an issue of tracking and proactively securing data in its many forms, rather than seeking footprints of intruders on the network. Approaches that follow the data across the enterprise and model the behaviour of those using it will start to make headway.

"Traditional security approaches will buckle under the strain of new threats and increasing numbers of authorised users. Firewalls in complex environments can run into tens of thousands of rules. The hope that any human can understand and manage the complete picture is rather fanciful."

Security Companies Europe launched the latest version of their directory with security-related resources.

2007-12-12T15:19:00.000+01:00

Security Companies Europe launched the latest version of their directory with security-related resources.

Vienna, AT - 7 December, 2007 – Security Companies Europe, a non-profit web directory launched their latest version a few days ago. The free web directory offers a listening to websites, companies and other security-related resources in several categories of their directory. Since September 2006, when Security Companies Europe went online they nearly doubled the content and functions.

What’s new?

• Directory for free and trial version downloads
• Directory for manuals as books, guides and standards
• Directory for newsletters
• Directory for news feeds
• Advertising possibilities with logos

“Everyone is invited to add his resource to our directory. A listening is free of charge and no back link is required for the 1st add into the directory (excluding logo advertising). If someone want to get more that one listening in our directory we require a back link to increase the knowledge of Security Companies Europe in the World Wide Web.”

What will be available in the next version?

• Customised search engine
• Searchable database for companies

“We currently work on a customised search engine for all areas of security. In association with Google we want to offer a Websearch which will find for you more relevant information that belongs to your search. So if you’re looking for a special topic in a Forum you will get information just out of websites which have a forum and exclude all other websites not related to your search.”

If you have a security-related website and would like to get listed in the directory of Security Companies Europe you can follow this link. Add link.

Survey Shows Slapdash Staff Risk Corporate Data

2007-12-11T21:11:00.000+01:00

Workers’ reliance on corporate data conflicts with their neglect of company resources

London, 11 December, 2007 – A survey of more than 100 UK office workers has revealed that employees are hugely reliant on access to network data to do their jobs, yet show an alarming apathy about the value of that data. The survey was carried out by secure online backup specialist, Databarracks, and the findings are a stark warning to UK businesses:

• Data dependent: Workers are so dependent on corporate data that 84% felt they couldn’t do their job for more than half a day if they lost access to it, whilst 43% felt they could not cope for any period without access

• Recreational risk: More than half (57%) have at some point lost an office work laptop/BlackBerry/USB stick, with the most common loss location being a pub, bar or restaurant

• Personal priorities: More than three-quarters (77%) admitted storing personal content such as photos on their office network or PC, putting obvious strain on company resources as well as increasing the risk of malware infection. Meanwhile, the same number (77%) would prioritise their personal mobile phone over their work PC if both were on fire, clearly valuing personal over corporate data

• Loss liabilities: Companies are massively exposed to human error. Nearly two-thirds (63%) of respondents have accidentally deleted data on the networks, whilst 69% admitted to saving more than 10 important work files on their PCs alone, causing major potential disruption if they were stolen or damaged

• Neglecting nature: Many employees are neglecting their ‘carbon footprint’, with 24% stating they never switch off their PC at close of business and 23% only sometimes. More than half (55%) of respondents also feel their company should plan better for environmental incidents, such as the floods that took place earlier this year

Peter Groucutt, MD of Databarracks, commented: "This research paints a frightening picture for UK organisations. Almost every business, irrelevant of sector, is reliant on the information stored on its IT network to manage day-to-day operations. This dependence makes it critical for organisations and their employees to protect their network information, yet our survey shows carelessness and even negligence among many respondents, who have a haphazard view of how corporate data should be handled.

“Whilst employees can be educated to treat corporate data more carefully, human error will always be a factor, so this is not a problem that is going to disappear overnight. In addition, organisations have a myriad of different applications to protect, and data retention and archiving regulations to comply with. More organisations have to start seriously considering secure online backup to protect themselves from unforeseen events.”

Security Companies Europe launched new version of their directory

2007-12-07T21:57:00.000+01:00

Vienna, AT - 7 December, 2007 - Security Companies Europe launched the latest version of their website which nearly doubled the categories.

What is new?

As up from now

Websense Predicts 2008's Top Ten Security Threats

2007-12-06T21:48:00.000+01:00

Olympics, Online Advertisements and Web 2.0 Threats Top Hacker's To-Do Lists

Chertsey - December 6, 2007 - Websense, Inc. (NASDAQ:WBSN) today issued its annual security predictions for 2008-with content-based threats topping the list.

Specifically, the Websense® Security Labs(tm) expects: the Olympics will spur a flurry of hacker activity such as compromises of popular Olympic news or other sports sites; hackers will leverage the increased

adoption of Macs and iPhones as new means for cross-platform Web attacks; special interest groups that fall within a certain age group, wealth bracket, or people with particular purchasing habits, will become

targets of Web 2.0 attacks; and spam will increase in the blogosphere and "talk back" sections of news sites to drive traffic and increase search engine rankings of infected Web sites.

"Looking at the current attack trends, cyber criminal techniques are evolving quickly and efficiently to not only evade detection, but to steal data and manipulate trusted content such as Web sites and applications," said Dan Hubbard, vice president of security research, Websense. "It's critical that organisations and individuals recognize that attackers are changing techniques and launching targeted attacks."

Websense Security Labs researchers gather threat intelligence with Websense ThreatSeeker(tm) technology which scans more than 600 million Web sites per week searching for malicious code, along with Websense's On Demand Services, which scans more than 350 million emails per week for email security threats. The Websense Security Labs research team, credited with finding several high-impact Web exploits and zero-days, sends out an average of 80 security updates per day, to protect more than 42 million employees from external and internal computer security threats.

Websense 2008 Security Threat Predictions

1. Olympics - new cyber attacks, phishing and fraud
Event-based attacks and scams are popular, and with the whole world watching, the 2008 Olympics may fuel a surge in cyberattacks. As the Olympic torch burns, Websense researchers predict the possibility of large scale denial-of-service (DoS) attacks on Beijing Olympic-related sites as political statements and fraud attempts through email and the Web surrounding the Olympics. Additionally, Websense predicts compromises of popular Olympic news or other sports sites -attacks designed to install malicious code on end-users' machines and steal personal or confidential business information.

2. Malicious SPAM invades blogs, search engines, forums and Web sites
Websense predicts that hackers will increasingly use Web spam to post URLs to malicious sites within forums, blogs, in the commentary or "talk-back" sections of news sites and on compromised Web sites. This activity not only drives traffic to the infected Web sites but also assists in the purveyor's site sitting higher on search engine rankings, increasing the risk that users will visit the site.

3. Attackers use Web's 'weakest links' to launch attacks
The Web is an entanglement of links and content. The advent of Web 2.0 additions such as Google Adsense, mash-ups, widgets, and social networks along with the massive amounts of Web advertisements linked to Web pages have increased the likelihood of 'weak links'-or Web sites and content that are vulnerable to compromises. Websense predicts that attackers will increasingly exploit the weakest links within the Web infrastructure in order to target the greatest number of Internet users. Most vulnerable to these attacks are search engines and large user networks such as MySpace, Facebook or other social networking sites.

4. Number of compromised Web sites will surpass number of created malicious sites
The Web as an attack vector has been steadily increasing for the last five years and now attackers are using compromised sites as their launching platforms-even more than their own created sites. Compromising sites-particularly, sites well-visited by end-users, such as the Dolphin Stadium attack that occurred a few days prior to the 2007 Super Bowl XLI in Miami., provides attackers with built-in Web traffic and minimizes the need for lures through email, instant messaging or Web posts.

5. Cross-platform Web attacks - Mac, iPhone popularity spurs increase
With the brand popularity and growing use of iPhones and Macintosh computers, Websense researchers predict attackers will increasingly launch cross-platform Web attacks that detect the operating system in use and serve up code specifically targeting that operating system instead of attacks based on just the Web browser. Operating systems that are targeted now include Mac OSX, iPhone, and Windows.

6. Rise in targeted Web 2.0 special interest attacks-hackers targeting specific groups of people based on interests and profile
Web 2.0 has spawned a proliferation of Web users that visit chat rooms, social networking sites, and special interest Web sites such as travel sites, automotive, and more. These sites provide attackers with potential victims that fall within a certain age group, wealth bracket, or people with particular purchasing habits. In 2008, Websense researchers predict targeted attacks will rise toward specific social networking or special interest sites that have a higher probability of delivering a payoff.

7. Morphing JavaScript to evade anti-virus scanners
Hackers are upping the ante with evasion techniques that use poly-morphic JavaScript (Polyscript) - which means that a uniquely-coded Web page is served up for each visit by a user to a malicious Web site. By changing the code every visit, signature-based security scanning technologies have difficulty detecting Web pages as malicious and hackers can extend the length of time their malicious site evades detection.

8. Data concealment methods increase in sophistication
Websense predicts an increased use of crypto-virology and sophistication in data concealment including the use of stenography, embedding data within standard protocols, and potentially within media files. Toolkits widely available on the Web will be used to embed proprietary information and steal data.

9. Global law enforcement will crack down on key hacker groups and individuals
In 2007, large-scale Internet-based attacks garnered the attention of law enforcement officials around the world. Websense anticipates that through the global cooperation of enforcement agencies, in 2008 the biggest crackdown and arrests of key members of a hacker group will occur.

10. Vishing and voice spam will combine and increase
The vast cell phone user population has grown into a lucrative market to exploit with spamming and "vishing" for financial gain. To date, researchers have seen an increased number of vishing attacks but not a lot of spam-or pro-active automated calling. In 2008 Websense predicts that "vishing", or the practice of using social engineering and Voice over IP (VoIP) to gain personal and financial information and voice spam will combine and increase-users will receive automated voice calls on LAN lines with voice spam to lure them to input their credentials through the telephone.

To subscribe to the latest threat research and alerts, please visit: www.websensesecuritylabs.com

FASTHOSTS WEBHOSTING HACK COULD HAVE BEEN AVOIDED

2007-12-06T21:45:00.000+01:00

*Mission critical and e-commerce websites should have been protected

*Free Applicure download detects threats in realtime for hosting companies and small/medium sized businesses

Today’s Times story on the shut down of many small websites in a crucial retailing period before Christmas is a further blow to the web hosting community.

Web hosting companies are an easy target to hit multiple businesses in one fell swoop. “Firewalls have improved significantly, so it is now difficult to perform attacks on a network level, therefore hackers are now aiming at the web application level”, said Yaacov Sherban, CEO of Applicure. “Unfortunately, web application developers are writing pretty awful code. This is a major issue, and most web applications are vulnerable at some level.”

Applicure is an expert in application security products for websites and web-based applications, and offers dotDefender Monitor as a free download from www.applicure.com. It is the only product on the market that can provide IT professionals with real time alerts on application attacks, sources of attack, and which application vulnerabilities they target. The dotDefender Monitor detects attacks using a database of hundreds of advanced security rules, while an intuitive log viewer allows users to quickly receive information about who is attacking their application.

Applicure Technologies’ dotDefender Monitor is based on the technology of dotDefender™, Applicure’s plug & play web application firewall. It is available free from www.applicure.com.

Web application security protection

Applicure monitors and also protects organisations against web application threats. Applicure’s dotDefender v3.2 is a security software for web applications which provides advanced protection against external and internal hacking.

dotDefender provides high strength protection against SQL Injection, Cross-site scripting, Path Traversal, and many other application attacks. It is deployed as a web server security plug-in that inspects incoming requests as they are processed by the server. This allows dotDefender to deliver excellent performance and support all types of encryption.

A rules based security engine, dotDefender monitors, blocks and manages attacks against websites and online web applications. An automatic live update ensures continuous protection against emerging threats and 0-day attacks. The plug-in is multiplatform and can be used on Apache, Microsoft ISA and IIS and is geared at the enterprise and SME markets.

Websense Predicts 2008's Top Ten Security Threats

2007-12-06T21:09:00.000+01:00

67% Of Security Executives Do Not Have Robust Controls In Place To Prevent Data Leakage

2007-12-06T21:08:00.000+01:00

According to real-time survey conducted at the Qualys CSO Interchange Event in London

CSOs are most concerned about brand reputation and risk management

London, 6 December 2007 - Brand reputation, risk management and preventing data loss surfaced clearly as the burning concerns of senior security professionals participating in the London meeting of the CSO Interchange, a high level forum geared to discussing hot topics of the day. 60% profess to having only "some idea" as to where their customer data is stored and "limited controls" over it. 72% see the impact of
payment card loss on brand reputation as their biggest concern.

Speaking at the event, cross-bench peer, Lord Erroll, a member of the House of Lords Science and Technology Committee, described the recent HMRC data breach as a "godsend"..."with luck the missing CDs have ended up in a landfill site but this fiasco will force the government to start taking security seriously and the powers of the Information Commissioner's Office will be strengthened."

Concerns about data loss were clearly a running theme throughout the debate. Although 32% felt they did know where their customer data was being kept and had controls in place. Alarmingly, 9% of those present had not even yet considered data loss as a specific issue.

Philippe Courtot, Chairman and CEO of Qualys and Co-founder of the CSO
Interchange added. "More than 70% of the security professionals
attending CSO Interchange indicated that securing their networks and therefore the confidentiality of their electronically stored data is now
harder than ever. The HMRC breach and other recent media stories are
forcing this in to the open as a public issue. We must take these matters seriously and rethink the way security is provided online.
Four years ago The Jericho Forum was the first non-government organisation to sound the alarm by suggesting practical and effective solutions for high industry. As yet their call to action has gone unanswered. Now is the time for industry and government alike to seize
the initiative."

Managing risk was clearly seen as being the biggest driver to security
strategy and executives know they need to improve at this. Half of
those surveyed felt they could do better at articulating the impact of risks within their organisation as well as the impact of mitigating them financially. There was clear recognition too for the risks posed by insiders within their organisation - with 75% citing this as greater than the risks from outsiders.

These and other interesting findings were revealed in an interactive survey of 35 top ranking professionals from major blue chip organisations taking place at the event organised by Qualys. The survey consisted of 26 key questions relating to business issues of importance to security executives.

Other key findings were:

* 50% see Software-as-a-service (SaaS) as displacing enterprise
software
* 64% see the job of securing their networking environment as
harder than one year ago - with the majority seeing time, personnel and budget as the biggest obstacles to doing their job.
* 62% have no real interest yet in environmental issues

Other participating keynote speakers in addition to Lord Erroll, were Mark Hughes, Director, Group Security for BT, and Paul Wood, Group Business Protection Director for Aviva.

FaceTime Provides Unprecedented Visibility into Greynets with New Public Resource for IT Managers

2007-12-05T21:50:00.000+01:00

GreynetsGuide.com Catalogs More than 600 Applications Free RTDiscover Tool Provides Real-Time Visibility on Employee Usage

BELMONT, Calif., Dec. 5, 2007 — FaceTime Communications, the leading provider of solutions that control greynets and manage Unified Communications in the enterprise, today announced it has launched www.GreynetsGuide.com. Greynets are Internet-enabled, communication eore prominent bug referring to Spywareguif

/Oscar List price!rodu.er the Salus/Oscar list.

ds:

ration.ce for unified communicaapplications that are typically installed by end users without the sanction of corporate network managers.

The Web-based guide aims to be a comprehensive reference center to help enterprise network administrators better understand evasive and consumer-oriented applications like public IM clients, P2P file-sharing, anonymizers, IPTV and consumer VoIP that are increasingly being adopted by employees.

GreynetsGuide.com details the source, behavior and effective removal tools for more than 600 greynet applications of concern to IT managers. FaceTime Security Labs’ researchers are identifying and adding new greynets to the database daily.

FaceTime is also offering a free tool called RTDiscover™ that will enable IT managers to gain visibility into the greynet traffic that is traversing their networks.

FaceTime RTDiscover, delivered on DVD, provides a comprehensive report of greynet and Web traffic on the enterprise network at user, group and enterprise levels. RTDiscover presents the user with a real-time view of all malware threats including spyware, adware, keyloggers and rootkits currently resident on PC endpoints throughout the organization.

“Our goal is to provide a comprehensive public resource that catalogs and provides independent analysis of the greynet applications that have become pervasive on enterprise networks,” said Frank Cabri, vice president of marketing and product management for FaceTime. “Just as SpywareGuide.com is the definitive resource for identifying and controlling malware, GreynetsGuide.com is designed to be the definitive resource for understanding and controlling greynets in the enterprise.”

What are Greynets?

Greynets are Internet-enabled communication applications that are installed on an end user's system without permission from IT and are highly evasive to existing security infrastructure. While many of these applications deliver collaborative benefits to users, they pose a unique challenge to network administrators by traversing the network through a variety of ports and evasive techniques. If left unmanaged, greynet applications can impact productivity, become vectors for malware attacks, and introduce compliance risks including leakage of confidential information.

While some greynets such as Skype, public instant messaging (IM) and Web Conferencing have legitimate business uses, IT requires visibility and control to ensure their safe and productive use. With other greynets, such as P2P file sharing, video streaming, and anonymizers, the risks might outweigh the benefits and organizations need the ability to accurately detect and block them.

“Enterprises face three key risks from unmanaged greynets: confidential or proprietary information leaking out, malware and other infections entering the network, and the legal ramifications due to insufficient archiving and retrieval,” Cabri explains.

Greynet Usage is on the Rise

According to the 2007 survey Greynets in the Enterprise: Third Annual Survey of Trends, Attitudes and Impact, conducted by NewDiligence Research and commissioned by FaceTime*, the number of greynet applications installed at a typical work location has increased significantly in the past year. According to the survey, the number of work locations with eight or more greynet applications in use has almost tripled in the last three years.

“With so many greynet applications freely available online, the IT security manager must examine the behavior of the company’s own workers, and understand the nature of these greynets before setting and enforcing security and management policies,” said Cabri. “GreynetsGuide.com provides a resource for understanding the true nature of these stealthy applications, to aid in making policy decisions about their use on the corporate network.”

The costs of greynet usage can be very high. In the recent survey, IT managers reported spending an average of nearly $289,000 annually to repair or re-image company PCs after malware attacks that occurred over greynets. On average, IT managers experience nearly 39 incidents per month that require some kind of repair or remediation to end user PCs and each repair requires, on average, about nine hours of work.

“We’re providing enterprise IT with the information they need to manage the new work environment where employees feel empowered to download the applications they determine necessary to do their jobs,” said Cabri. “Workers take these applications for granted as a just another convenient way to do business, keep up with friends and take a well-deserved break during work hours, but IT understands that the potential costs are very real and very high.”

Visit www.GreynetsGuide.com on the web for the most up to date information about more than 600 greynets, and click here to request the free RTDiscover tool.

UK businesses fight laptop theft with unique tracking and remote deletion software

2007-12-04T21:54:00.000+01:00

Absolute Software and police help ITN and BRC recover laptops and charge alleged thieves

4 December 2007, Newbury - ITN (Independent Television News), a leading news and multimedia content company, has seen the benefits of Absolute Software's ComputraceOne laptop monitoring and tracking service following two recent thefts. In two unrelated crimes, one laptop was stolen from a staff member's car and another was stolen from an employee's home. The police were able to identify and charge two alleged thieves.

Another demonstration of how well this type of software works can be seen with recent recoveries of stolen laptops for BRC Reinforcement Solutions (BRC), the UK's largest supplier of steel products for use in construction. BRC's company directors had activated ComputraceOne on their laptops, as had reps on the road needing access to CAD drawings.
Following the theft of a laptop, the stolen machine was tracked after the stolen laptop was switched on and connected to the internet, so allowing for it contact Absolute's monitoring centre to indicate its location. The Absolute recovery team was able to work with the police, resulting in charges being brought.

"I am always sceptical of new technology until it is proven," said Adrian Marks, IT Systems Administrator at BRC Reinforcement "I was really impressed by the recovery process. Absolute informed me when the laptop started 'calling in', and then I had a call from the police telling me the laptop had been recovered. All we had to do was let Absolute know when one of our laptops went missing."

William Pound, senior director of international operations, Absolute Software explains: "Organisations across Europe face slowed productivity, media scrutiny, as amply demonstrated by the HMRC discs loss, as well as increased costs when stolen computers and the information on them falls into the wrong hands.

"ComputraceOne combines the ability to track computers, recover those that go missing and remotely delete sensitive information. It also provides secure IT asset management for computers that are disconnected from company networks. As these customers can attest, ComputraceOne provides an easy-to deploy, cost-effective solution for combating issues surrounding lost or stolen computers. "

UK businesses fight laptop theft with unique tracking and remote deletion software

2007-12-04T21:07:00.000+01:00

Webroot® Moves Aggressively To Extend Enterprise Security Capability – Merges With SAAS Firm Email Systems

2007-11-27T21:00:00.000+01:00

Disruptive Innovation Comes to Security. Webroot Merges With E-mail and Web Security Software-as-a-Service Leader.

Boulder, Colo. / London, November. 27, 2007 — Webroot Software, Inc., a leading provider of security software for the consumer, enterprise and SMB markets, today announced that it has merged with Email Systems, a leading Software as a Service (SaaS) security provider. Consequently, Webroot moves decisively into providing security SaaS solutions to enterprise organisations, particularly SMBs. Webroot will now provide a new Email and Web Security SaaS solution that delivers email archiving, image scanning and encryption, anti-spam, anti-phishing and anti-virus services for protecting email, http web filtering and other web-based communications. This strategic combination will leverage the technology expertise, management and client bases of both organisations on a global scale.

“Email Systems offers an unrivalled SaaS technology that represents a tipping point in enterprise security. We now have the opportunity to offer it on a much bigger scale. The new organisation will incorporate the management, sales, marketing and technical teams of our two companies to create a true global partnership,” said Mike Irwin, COO, Webroot Software. “Our customers will now be able to easily engage a multi-layered security strategy that includes industry-leading end-point and SaaS-based perimeter security in a unique and integrated package. Additionally, it will all be offered through our combined global network of channel partners.”

Webroot will now be able to offer email and Web management, protection and compliance services that can be integrated with the award-winning Webroot AntiSpyware Corporate Edition with AntiVirus end-point protection solution. This multi-layered hybrid approach to security provides a powerful alternative to the traditional hardware and server based perimeter solutions at a fraction of the cost, while delivering additional levels of protection.

“As is the case with most new technologies, excitement has grown over the Software as a Service (SaaS) model for various reasons. The ease of deployment, management, scalability and reducing the workload of internal IT staff have driven much of the fervor,” said Brian Burke, Program Director, Security Products at IDC, a global provider of market intelligence. “As a security solution, we anticipate seeing an increase in hybrid models that include both an on-premise and a hosted security service. Overall, IDC expects that worldwide spending on hosted messaging security services, which totaled $300 million in 2006, will reach $1.4 billion by 2011.”

As one of the fastest growing vendors in the fastest growing enterprise technology segment, Email Systems has been providing SaaS-based email and web protection, management and compliance services since 2002. Recently awarded CRN UK Magazine’s 'Security Vendor of the Year', Email Systems now protects more than 1,500 businesses and 2.5 million email boxes worldwide. The company currently filters and scans more than 1.2 billion messages per month.

“By joining forces, we are poised to provide one of the most unique and powerful security solutions in the industry. SaaS is a disruptive technology that we’ve seen grow to dominate business applications and expect to see the same with security,” said Neil Hammerton, CEO, Email Systems. “The combination of Webroot’s global support, the delivery to a far broader audience through our expanded channel reseller network, and our latest product release soon to be announced, we feel like we are poised to take full advantage of a technology sea-change.”

Terms of the agreement were not disclosed, however, both businesses will continue to operate within existing market spaces in the near-term. Since both companies are growing rapidly, Webroot will be retaining all current employees and accelerating targeted new hires. The new organisation has also reaffirmed its commitment to a channel-led model in the SaaS space. Moving forward, Webroot will support all existing customers of Email Systems and their current offerings with Webroot’s world-class support organisation that will now be able to offer follow-the-sun service with offices in EMEA, US, Australia and Japan. Additionally, Webroot customers can now obtain a free 14-day trial of Webroot Email Security SaaS. For more information regarding these services visit
http://www.webroot.com/land/webroot-email-security.php or call 1-800.870.8102.

Reputation of UK Brands Dramatically Affected by Phishing Attacks according to Survey Commissioned by Cloudmark

2007-11-26T20:59:00.000+01:00

Though consumers believe ISPs and individuals themselves, rather than the brands, are most responsible for protection against phishing attacks

London - 26 November 2007 - Cloudmark Inc., the global leader in carrier-grade messaging security, today announced the results of a survey conducted on its behalf by YouGov, which revealed that public confidence in consumer brands is dramatically affected by phishing attacks, with 42% of people surveyed feeling that their trust in a brand would be greatly reduced if they received a phishing email claiming to be from that company. The survey also showed that the majority of consumers feel that the responsibility for protection against phishing attacks lies with themselves, their service provider and the service provider that transported the phishing emails.

Phishing attacks are email scams that attempt to defraud consumers of their personal information, such as bank account details or social security numbers, by pretending to have been sent by a trustworthy entity such as a bank or credit lender.

The survey revealed that:
- 42% of respondents surveyed feel that the trust in a brand would be greatly reduced if they received a phishing email claiming to be sent by that brand.
- 41% of those surveyed felt that their trust in a bank would be greatly reduced if they received a phishing email claiming to be from that company, compared to 40% who felt the same for an ISP, 36% for an online shopping site and 33% for a social networking site.
- 26% of those surveyed feel that they are the party most responsible for protecting themselves from phishing attacks, with 23% believing their Internet Service Provider (ISP) or email service provider is the most responsible and 17% thinking that the sender's ISP and email service provider holds the greatest responsibility.

"Phishing is a highly sophisticated and well orchestrated form of crime. The gangs behind these attacks work to compromise financial information via e-mail scams and then propagate that information into a highly stratified and efficient economy, selling the data on to those who will profit from the accounts," commented Neil Cook, UK technology chief at Cloudmark. "Earlier this year we conducted research into the effect that phishing has on the individual that found consumers were still extremely concerned about falling victim to such a scam. What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, who rely on a high degree of trust with their customers."

In addition to the YouGov survey, Cloudmark's own research team today released results showing that Natwest Bank was the most phished brand in the UK during October 2007. The research was collected using Cloudmark's user base, which consists of 260 million mailboxes. Cloudmark's research also indicates that across Europe, the majority of unique phishing websites are created using the top level domain associated with the United Kingdom, .uk.

"Not only are we seeing evidence of more .uk phishing URLs, but also a shift in phishing techniques. Vishing is a good example of this where the scammers use cheap VoIP call centre systems as the back end to their phishing attacks, which changes the whole dynamic of trust," commented Cook. "The example we've seen on our database was a message attack that appeared to be a notification from the recipient's bank requesting they ring customer services to deal with a problem. If the recipient makes the call, it gets routed to a cheap VOIP answering system, which may have been set-up on a compromised host. The system captures the user ID and pincode to sell on to the highest bidder, who then has full access to your account. All the while the call seems very genuine. The reassurance of speaking to an individual rather than working online will lead to many instances of consumers falling foul to such threats."

"Whilst awareness to the problem is essential, it is unrealistic to expect businesses to be able to secure themselves fully against such sophisticated criminal activities. The increasingly dynamic and transient nature of the latest threats requires a combination of desktop protection at the client level, and accurate message filtering from ISPs. By including comprehensive phishing detection ISPs will help ensure protection against the latest threats and outbreaks," commented Nigel Stevens, Product Director, THUS plc.

Cloudmark uses an innovative way of stopping spam and phishing attacks, through a combination of intelligent algorithms and a global threat network of trusted reporters in 163 countries. By using this approach, Cloudmark is able to detect and block many attacks and variations automatically, without the need for manual rule writing, as required by other systems. The automation in the system means that the entire Cloudmark network can be protected against new threats within minutes of them first being detected.

For the top 10 tips on how to avoid malware and protect yourself from dangerous online behaviour, please visit www.cloudmark.com/backtoschool/.

Yoggie targets online gamers and parents with Yoggie Gatekeeper Internet security products

2007-11-20T17:48:00.000+01:00

12 November, 2007, New York, USA: The Yoggie Gatekeeper SOHO™ and the Yoggie Gatekeeper Pro™ are part of Yoggie Security Systems™ stable of Personal Security Servers: miniature computers, the size of a credit card, with their own processors and memory, that provide 13 layers of integrated security for the PC or laptop. These multiple award-winning Internet security devices represent a true ‘first’ for both parents and gamers – delivering unrivalled online protection while speeding up computer performance and, for families, providing strong parental controls.

The level of security is equivalent to that employed by the FBI. In fact, it’s like having your own security server that’s small enough to fit into your back pocket. All Internet traffic is routed through the devices and ‘cleansed’ before it gets to the host computer – as opposed to traditional software security applications where the fight against Internet borne threats takes place inside the host computer. Since the Yoggie Gatekeeper SOHO and Pro™ use their own hardware to run the security, the host computer performance is boosted as it no longer needs security software installed.

With simple ‘plug and forget’ installation, each time the Yoggie Gatekeeper Pro or SOHO™ connect to the Internet, they check for updates which are installed without any user action. The Yoggie Gatekeepers™ offers firewall, intrusion detection, intrusion prevention, Anti-Virus, Anti-Spyware, Anti-Spam, Anti-Phishing and parental control, as well as three unique Yoggie™ patented applications to guard users and repel viruses, spyware, malware and hackers. They even include technology to protect against new security threats not yet known to standard anti-virus software.

Yoggie’s solution is the world’s first Personal Security Server: a credit card size Linux-based 520 Mbps computer with 13 built-in security applications and 128 MB memory.

The Yoggie Gatekeeper SOHO™
Plugging straight into the network router – the gadget that connects the family’s computers to the Internet - Yoggie’s Gatekeeper SOHO™ - allows parental control from outside a child’s computer and filters unwanted content and messages.

Access to sites offering inappropriate content can be prevented. E-mails ‘phishing’ for information such as passwords which your youngsters may be tempted to answer are blocked. As are e-mails, which, if opened, can unleash software sent to spy on your personal information such as banking and credit card details. What’s more, if one of the children removes the Yoggie Gatekeeper SOHO™, inadvertently, or in order to access potential inappropriate content, the computer will simply not connect to the Internet.

Protecting up to five computers in one household couldn’t be simpler. Users require no technological background as the unit is plugged in between the internet connection and router/switch. The Yoggie Gatekeeper SOHO™ offers a revolutionary approach that significantly improves security and the 13 applications include firewall, intrusion detection, intrusion prevention, Anti-Virus, Anti-Spyware, Anti-Spam, Anti-Phishing and parental control, as well as three unique Yoggie™ patented applications.

The Yoggie Gatekeeper Pro™ offers Internet security at its best
As the popularity of online gaming has increased, so has the threat of keylogging, account hacking, viruses and other security threats. While there are many security software suites on the market, most of them cannot keep up with today’s threats and running large suites drains performance just when games are placing increasing demands on available memory and processor power.

For the first time ever, gamers can ‘connect and forget’ a USB miniature personal security server that seamlessly provides laptop and desktop security. By offloading 13 security applications, the Yoggie Gatekeeper Pro™ also boosts performance.

Designed to off-load your PC from any installed security software this dedicated mini-server provides PC users with the following benefits:

Yoggie Gatekeeper Pro Yoggie Gatekeeper SOHO
Blocks all Internet threats outside, before they reach your PC The fastest way to effective assurance of children’s Internet safety.
Hides your PC from Internet Hackers Increases computer performance by offloading 13 security applications onto one piece of dedicated hardware.
Boosts your PC’s performance Affordable centralized security solution for the entire home network of up to five computers.
Offers a Dual Flash memory mechanism constitutes an “Untouchable Operating System” barrier for complete physical isolation of your PC from threats No need to install heavy software products that pop up with confusing messages.
Protects against known as well as unknown attacks Yoggie Gatekeeper SOHO™ updates its security profiles on an hourly basis, without disturbing the user or hampering computer or home network resources.
Plug and Forget easy installation and operation with no special technical knowledge required Simple and the intuitive one step security - plug in the USB for FBI-level security with no need for any complex technical know-how.
Security software updates accumulate on the Yoggie’s external mini-server, instead of draining your PC’s resources Prevents unprotected or unauthorized Internet access. By removing the Yoggie Gatekeeper SOHO™ from the network all network connections are stopped.
Blocks all Internet threats outside, before they reach your PC Protection from Web and Mail threats via one simple to use device.
Hides your PC from Internet Hackers Simple installation - place Yoggie Gatekeeper SOHO™ between the Internet router and your home switch to protect all the computers in the home network.
Boosts your PC’s performance All-in-one security solution – no need to purchase and integrate multiple security solutions.

Pricing and availability
The Yoggie Gatekeeper Pro™ retails at $220 which includes licensing for all 13 security applications for one full year. For your buying convenience, please enter http://www.yoggie.com/where-to-buy for Yoggie stores.

The Yoggie Gatekeeper SOHO retails at $249, and comes with one full-year licensing for protecting up to five computers. For your purchasing convenience, please enter http://www.yoggie.com/where-to-buy for Yoggie stores.

Partnership leverages strengths in secure ID card printing and holographic overlaminates

2007-11-13T17:50:00.000+01:00

Minneapolis, MN (November 13, 2007) Fargo Electronics, Inc., a global leader in secure technologies for ID card systems, announced it has signed a joint marketing agreement with UK-based Optaglio Ltd., a leader in security microstructure technology. The agreement will provide the framework for secure solutions utilizing Fargo’s High Definition Printing™ series in conjunction with Optaglio’s E-Direct® high-security holograms in Fargo overlaminates.

Specifically aimed at government and financial markets, the agreement will leverage HDP’s superiority in printing on technology cards with Optaglio’s world-leading Optically Variable Microstructure (OVM) technology.

“The combination of Fargo’s High Definition Printing technology and Optaglio’s E-Direct holography will produce one of the most formidable solutions possible for those who desire ultra-high security in their national ID card programs,” said Alan Fontanella, vice president of product marketing for Fargo. “It’s an ideal pairing of solutions designed to protect governmental organizations from the risk of counterfeiting and identification fraud.”

“We are delighted to join forces with Fargo in supplying cutting edge security solutions to national ID customers worldwide, said Jamie Willis, Managing Director of Optaglio Limited. “We have high hopes for the future of this partnership, and believe that our customers will very much benefit from Fargo and Optaglio combining our unique capabilities to meet the need for more secure ID documents.”

BT and Intamac Complete Homesafe Pilot

2007-11-09T17:46:00.001+01:00

Innovative way in which home owners can protect their property via broadband.

Northampton, 9th November 2007: In Q4 2006 over half (50 per cent) of all UK adults lived in households with a broadband internet connection, according to Ofcom statistics - up from 39 per cent a year before and seven times the 2002 penetration level.

BT, one of the UK's leading suppliers of Broadband, has been working with Northampton-based internet monitoring and control specialist Intamac Systems to show the wider benefits of broadband. Together they have been developing and piloting a revolutionary new IP security system with CCTV capability that customers can install in their homes. Called BT Homesafe, it provides people and their property with new levels of protection using broadband connectivity and at much lower cost than with conventional alarm systems.

Using Intamac technology, the BT Homesafe system can be managed over the internet and is able to send personal alerts by text, email and phone messages when activated. Through the easy-to-use secure Web portal homeowners can programme their system remotely, and set the system to provide new levels of safety with automated alerts when their children are safely home from school or to help elderly relatives in their own homes. Accessories can monitor for fire, power failure and flooding and the system has a CCTV option which allows individuals to view their property from anywhere in the world with low cost IP cameras that store pictures online and pass pictures to mobile phones.

50-person pilot
The BT Homesafe system has been piloted amongst 1500 individuals nationwide. The pilot was also extended to cover 1500 homes in the UK and is now on offer from Intamac at £219.99

Kevin Meagher, CEO of Intamac Systems comments, "This initiative with BT has enabled us to pilot the world's first self installed IP-based alarm monitoring system. It's a revolutionary new approach and the trial has been very successful in helping us to refine the product and service. Extending pilot will show the practical value of the new technology in protecting people and their property at price points that were not possible in the past. We believe this technology will become standard in all homes."

BT and Intamac Complete Homesafe Pilot

2007-11-09T17:46:00.000+01:00

Ingrian Networks Releases New Hardware Platform Delivering Industry's Fastest Encryption Rates

2007-11-08T23:41:00.000+01:00

New FIPS-compliant DataSecure Appliances capable of transaction speeds up to 100,000 encryptions per second

REDWOOD CITY, Calif. - October 31, 2007 - Ingrian® Networks, Inc., the leading provider of data privacy solutions, today announced a new family of hardware platforms for the company's flagship DataSecure® Appliances, offering the highest level of security available today in a commercial encryption solution. The new DataSecure Appliances, the 100 Series and 400 Series, have achieved FIPS 140-2 compliance and Common Criteria EAL2 validation, and perform transaction rates of 100,000 encryptions per second - increasing performance by more than 266%. The new platforms offer users the ability to use one encryption solution for FIPS and non-FIPS environments, and centralise all cryptographic processing to deliver performance robust enough for even the most demanding batch processing and high-volume online transac¬tion processing environments. Ingrian's new product line is featured at http://www.ingrian.com/products.html

"As enterprises continue to store large amounts of information in their networks, encrypting the data can become quite cumbersome and slow - taking large amounts of time or resources," said Jon Oltsik, senior analyst, information security for Enterprise Strategy Group. "Because of this, the ability to quickly encrypt data and ensure an organisation is in compliance with current legislation, it is becoming more important than ever."

DataSecure 100 Series and 400 Series appliances handle 50,000 and 100,000 encryptions per second, respectively. Through load balancing capabilities, Ingrian makes it easy to add additional appliances and boost scalability as performance needs dictate. By offering CPU-intensive cryptographic processing from disparate servers and databases, DataSecure can also restore server and database performance to optimal levels-resulting in less waiting for information and higher resource utilisation. Designed specifically for business-critical pro¬cessing, DataSecure features replication, health checking, and disaster recovery capabilities.

"Ingrian consistently strives to make compliance with legislative and industry mandates as simple as possible for its customers," said Michael Howard, CEO of Ingrian. "Offering the fastest encryption speeds available and recently achieving FIPS 140-2 compliance and Common Criteria EAL2 validation, demonstrates Ingrian's commitment to providing the most efficient encryption platforms in accordance to cryptographic standards. We have received tremendous interest from the government sector for our enhanced performance features and current FIPS solutions, and expect a significant increase in demand now that we can offer our full-line of encryption products and have achieved market-leading performance numbers."

Over 400 Senior IT Security Professionals Gather To Tackle IT Security Issues At The Information Security Forum Annual World Congress

2007-11-01T23:41:00.000+01:00

South Africa hosts 18th Annual ISF Congress in December

1 November 2007: The Information Security Forum's (ISF) 18th Annual World Congress takes place in Cape Town on 9th-11th December, bringing together over 400 senior security professionals from leading companies and organizations around the world to tackle the security challenges they will face in 2008 and beyond.

The ISF Congress, recognized as the leading information security conference in the world, provides a unique and confidential environment to share knowledge and experiences, as well as hear from industry experts and gain practical advice on current and emerging information security risks.

This year's event boasts an impressive line up of keynote speakers, dealing with a range of important issues from the growth in organized online crime and cybersecurity to the increasing demands of IT governance and global legislation. Other topics under the spotlight during Break-Out Sessions will include mobile security; security tools and techniques; managing risk; culture, awareness and behavior; security strategies and outsourcing. These sessions will be led by senior security professionals and ISF researchers focusing on experiences and lessons learned.

The specially invited and world renowned guest speakers include: Professor Mervyn King, Chairman of the Brait Société Anonyme and of the King Committee on corporate governance in South Africa; Wolfgang Grulke, author, futurist and CEO of FutureWorld International; Ira Winkler, President of the Internet Security Advisors Group; Mikko Hyppönen, Chief Research Officer for F-Secure; Stuart McIrvine, Director of Corporate Security Strategy at IBM; and Reggie Butler, Senior Consultant and Master Facilitator for Global Lead Management Consulting. The event will be chaired by the BBC royal and diplomatic editor, Nicholas Witchell.

"Attendance at the ISF Annual Congress has grown year on year, reflecting the increasing threats and challenges facing security professionals around the world," said Kim Aarenstrup, Chairman of the ISF and Group Head of Information Security at the A.P. Moller - Maersk Group. "Unlike other IT security events and conferences, the ISF Annual Congress provides a unique opportunity to meet, listen, debate and gain practical advice in a peer-to-peer, confidential environment."

Attendance at the Annual Congress is exclusive to ISF Members and is one of the benefits of ISF membership. The ISF is a not-for-profit international association of over 300 leading international organizations including half of the Fortune 100, which fund and co-operate in the development of practical, business driven solutions to information security and risk management problems. The ISF undertakes a leading-edge research program and has invested more than US$100 million to create a library of over 200 authoritative reports along with information risk methodologies and tools that are available free of charge to ISF Members.

In addition, its latest Standard of Good Practice for Information Security has recently been published and is available free to non-members at www.isfstandard.com.

TriCipher Launches MySignatureBook for Secure, Fast and Affordable Electronic Document Signing

2007-10-25T00:39:00.000+02:00

Consolidates Multiple Signatures into Single Document for Streamlined Workflow, Security and Centralised Management

RSA Europe Stand 49

London, UK, 24 October - TriCipher today released the first digital document signing technology that gathers and stores multiple signatures on a single, centrally managed file. Unlike any other solution, TriCipher MySignatureBook(tm) (MSB) saves multiple signatures from a centrally managed, Web-based workflow to a single, unaltered document, relieving companies from manually tracking dozens of files each with a lone signature.

MSB is the only solution that ensures end-to-end security for highly regulated and sensitive documents, and eliminates time-consuming and costly paper-based signature processes, including shipping and storage.

Pfizer initially developed MySignatureBook and has been using it since the summer of 2006, in conjunction with its authentication credentials certified by the SAFE(tm) BioPharma Association, which provides the pharmaceutical industry's legal foundation for digital signatures.
TriCipher has expanded the product's support for multiple credential types, making it easy for pharmaceutical, healthcare and financial services employees and customers to leverage digital signatures for high-risk and regulated activities.

For enterprises without a credential infrastructure, MSB supports the TriCipher Armored Credential System (TACS). This platform gives organisations user-friendly, low-cost, highly secure credentials, while maintaining the familiar username and password login experience and quickly enabling digital signing for all users.

With MySignatureBook, organizations can:

* Reduce costs and increase speed of product development.
* Eliminate geographic obstacles for project approvals.
* Deploy digital signatures equivalent to paper-based signatures,
with full non-repudiation for electronic filing requirements.
* Manage the lifecycle of digital signatures for electronic
records such as laboratory notebooks, regulated e-documents, and internal records such as software development documents.
* Scale across entire departments and global workgroups.

"Pfizer uses MySignatureBook with both SAFE and Pfizer corporate credentials to eliminate paper-based signatures and replace them with digital signatures. As a result, we lowered costs dramatically," said George Rathbun, a Director in Pfizer's worldwide technology engineering organization. "We also accelerated the process of obtaining signatures for the global user community. Now the only limitation to obtaining a signature is the length of time it takes someone to respond to an e-mail message."

MySignatureBook's auditable framework provides vital evidence for defending patents and accelerates regulatory electronic document submission - shortening time-to-market for new drugs.

As Gartner analysts Kristin Noakes-Fry and Gregg Kreizman said in Gartner's October 11, 2006 report, "A Quick Look at E-Signature Vendors and Products," "For early adopters, e-signatures have meant not only signature and document integrity but also the competitive advantage of serving customers more quickly and efficiently."

Pharmaceuticals Spearhead Virtual Signatures

Through an online portal, chemists, clinical investigators and regulatory affairs personnel electronically sign experiment results, clinical trial information and regulatory electronic documents with their SAFE credentials via MySignatureBook. The product then gathers and stores digital signatures from witnesses and managers, ensuring online transactions are authentic, irrefutable and tamper-proof.

By electronically archiving documents, pharmaceutical companies can easily search through electronic records to pinpoint specific data such as chemical reactions; manually, this would require chemists to pore through notebooks until they spotted the information. Also, records management becomes paperless and signatures all become legible - especially important when searching data a few years old.

Financial services companies and healthcare organizations can also use MySignatureBook to secure electronic signatures for high-value transactions such as loan applications and verifying patient information online.

"The pharmaceutical industry has set the standard and reaped the rewards for proving the business value of secure digital signatures," said David Franklin, VP EMEA, TriCipher. "As with our credentials, we give enterprises the most secure and affordable option to eliminate costs and improve corporate processes for employees and customers."

Gemalto Provides Web Services To Seb’s German Affiliate For Designing Personalized Credit Cards

2007-10-22T22:29:00.000+02:00

Gemalto supplies SEB with user-friendly online tool for full card customization with a personal photograph

Amsterdam, October 22, 2007 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announces it has supplied SEB Germany with an innovative end-to-end solution for secure Internet design of personalized credit cards. The SEB Group is a North European financial group for 400,000 corporate customers and institutions and 5 million private customers. It has a strong local presence in Germany with some 1,000,000 clients in this country. Gemalto’s CardLikeMeTM provides SEB customers with a user-friendly interface to upload a picture of their choice on the bank website to create a unique personal card. As part of its overall project management responsibility, Gemalto developed the software solution required for processing the photograph on SEB’s website and ensured complete card personalization and fulfillment. Commercial launch took place this summer.

Gemalto’s CardLikeMe makes it extremely simple for SEB customers to design a unique credit card with a personal illustration. Once users have uploaded their picture on the bank website, they can visualize the card in real time and adjust the photograph as they wish. Users may also choose a picture from a wide range of attractive background visuals offered on SEB’s online gallery.

Under the contract, Gemalto provided SEB with a comprehensive turnkey solution that includes web, printing and personalization services. Gemalto manages the entire solution, from software integration into the bank website through to card delivery to the end-user.

“Simplicity and convenience were key words when we decided to offer our customers the option to design their own credit card,” commented Marc Vormann, head of product management at SEB. ”Gemalto proposed an easy-to-use end-to-end solution. For SEB, working with one single company at all stages of the process simplified implementation and saved time on the overall project.”

“CardLikeMe is a good example of the differentiating services Gemalto supplies to address the need for personalized solutions,” added Philippe Cambriel, executive vice-president Secure Transactions Business Unit at Gemalto. “Our strong local presence in Germany has allowed us to operate closer to SEB and support them all the way through the project.”

MessageLabs Launches Next Generation Version Of Email Archiving Service

2007-10-17T22:28:00.000+02:00

- Software as a Service (SaaS) provider is first to offer a complete solution for major archiving needs: email storage management, legal discovery and regulatory compliance -

New York, NY and London - October 17, 2007 - MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today announced the launch of v3.0 of its Archiving service.
A pioneer in the software as a service industry, MessageLabs is the first managed service provider to offer email archiving suited to all three major archiving needs: email storage management, legal discovery and regulatory compliance.

According to research conducted by Osterman Research, 49 percent of organizations that today do not have an archiving system expect to implement a solution by the end of 2008. Much of the interest in archiving is being driven by rapidly growing email databases - Osterman Research data shows that message stores are growing at an average of 35 percent annually. Inbox size management is a pain point for both IT teams and end users, requiring most organizations to implement mailbox size quotas that are tedious and time-consuming to manage.

"Regulations, such as FRCP in the US, plus court requirements place the burden of fast legal discovery of messaging on all businesses," said Michael Osterman, President, Osterman Research. "According to a recent survey conducted by Osterman Research, the average time investment to complete just one discovery request is 17 person-hours - 60 percent of messaging decision makers considers discovery requests to be a painful or disruptive process."

Offered as a managed service, MessageLabs Archiving Service safely archives all internal and external email communications while ensuring complete privacy and total data security. The service also provides rapid, on-demand access to email after it has been archived. Customers with legal discovery and compliance needs can continue to rely on MessageLabs for these robust archiving needs while new functionality will reduce storage requirements and lessen the amount of time users spend managing their mailbox size.

"As email archiving becomes a necessary and sought after tool for businesses worldwide, organizations have a choice in using an in-house or hosted solution," said Jos White, President, MessageLabs.
"MessageLabs hosted solution frees businesses from the expense and effort involved with storing vast amounts of email in-house as well as the potential resulting network inefficiencies. With easy-to-use functionality such as search and retrieval, supervision and reporting capabilities, messaging policy set-up and enforcement and 100 percent privacy and data security, MessageLabs satisfies every archiving business requirement with one, comprehensive hosted archiving service."

Confirming the demand for archiving services over the last 12 months, MessageLabs Archiving Service has increased its customer base by 126 percent and more than 50 percent of those customers now deploy five or more of MessageLabs managed security services, including Anti-Spam, Anti-Virus, Image Control, Content Control and Web Security Services, emphasizing the convenience of having all messaging and security services integrated with one vendor.

For US-based investment management firm Segall, Bryant & Hamill, regulatory compliance was the main reason for implementing the MessageLabs Archiving Service.

"Other solid business reasons also played a part," said Gregg Mehr, MIS Director, Segall Bryant & Hamill. "We wanted an email archiving service that would be absolutely reliable and at the same time reduce the workload of the IT department whose time was being drained chasing misplaced emails. The MessageLabs system automatically and reliably archives and retrieves email with guaranteed storage integrity."

New and Enhanced Key Features of MessageLabs Archiving Service v3.0 The MessageLabs Archiving Service v3.0 provides an industry-leading, cost effective solution for easy search and retrieval. New and enhanced key features include:

* Attachment stubbing, an automated process that replaces
attachments in users' mailboxes with references to the archive thereby reducing the amount of storage required in Exchange by leveraging the data already stored in the Secure Archive. Users benefit from unlimited mailboxes and no longer need to spend time managing inbox size. By 2010, 50 percent of archiving implementations will use the archive created for compliance and/or discovery to improve e-mail management through message stubbing, according to Gartner. [1]

* Microsoft 2007 Support, supports end user search within Outlook
2000, 2003 and 2007 as well as the new Office 2007 document format and Exchange 2007 envelope journaling.

MessageLabs Archiving Service combines five key components:

- Archiving Policy Engine - provides templates for creating
acceptable use, retention and supervision policies and automatically enforces these policies as emails are processed and archived

- Secure Archive - automatically captures and stores every
internal and external email communication in a fully encrypted, tamper-proof, scalable and reliable infrastructure

- Archive Search & Retrieval - offers advanced, real-time,
customizable search features, accessible via a secure, user-friendly, web-based interface

- Archiving Supervision - enables complete visibility into
corporate policy compliance

- Archiving Reports - accurately analyzes email patterns and
behavior within an organization, available anytime via a secure, user-friendly, web-based interface

Companies Exposed from Inadequate Disaster Recovery Planning and Testing

2007-10-17T22:25:00.000+02:00

Core Facts:
* Inadequate Disaster Recovery Planning and Testing - Symantec
today announced the findings of an international study indicating that while 91 percent of IT organisations carry out full scenario testing of their disaster recovery plans incorporating relevant people, processes and technologies, nearly 50 percent of those tests fail. This means that one in two UK organisations is not equipped to handle events, such as natural disasters, computer system failures and external computer threats.

* Nearly Half Executed Disaster Recovery Plan - Nearly half of IT
organisations surveyed have had to execute their company's disaster recovery plans. The research findings show that 48 percent of organisations have had to execute disaster recovery plans and 44 percent surveyed without a disaster recovery plan experienced one problem or disaster, while 26 percent experience two or more, and 11 percent experienced three or more.

* CEO's Not Taking Active Role in Disaster Planning - 69 percent
of respondents were concerned about their company's brand and reputation, 65 percent feared harm to overall customer loyalty, 65 percent were concerned with the impact to their competitive standing, while 64 percent were worried about losing company data in the wake of disasters. Despite this 77 percent of CEOs surveyed are still failing to take an active role on disaster planning committees.

* Natural Disasters Top Concern Prompting Creation of Disaster
Recovery Plan -Concerns that prompted IT organisations to create a disaster recovery plan included 69 percent citing natural disasters, 57 percent naming virus attacks and 31 percent specifying war and/or terrorism.

* Exposure to IT-specific Threats - 67 percent surveyed cited
computer failure and 57 percent named external computer threats, while
89 percent agreed upon acceptable levels of risk with non-IT business executives in their organisation, only 33 percent have done so for all the threats to which they feel exposed.

Quote:
Guy Bunker quote.
"IT executives are taking a fresh, hard look at their disaster recovery and business continuity strategies. To protect against downtime, organisations must implement high availability and disaster recovery across their enterprise environments. They must also maintain procedures for non-disruptive disaster recovery testing that continually evaluate the effectiveness of their disaster recovery strategy without impacting the production environment. Symantec addresses these critical demands through a broad range of industry-leading services and solutions for heterogeneous environments."

Webroot(R) Research Finding: Most Small and Mid-sized Businesses Worldwide Are Exposed to the Growing Wave of Internet Security Threats

2007-10-16T22:21:00.001+02:00

Seven Out of 10 SMEs Worldwide Reported Spyware and Virus Infections but Underestimate the Consequences. Global Economic Engine Vulnerable to Cyber Crime.

Crawley, UK, October 16, 2007 - Webroot Software, Inc., a leading provider of Internet security software for the consumer, enterprise and SME markets, today unveiled its latest report, "State of Internet Security: Protecting Small and Medium Businesses". The report highlights startling survey results surrounding Internet security threats among SMEs worldwide. In conjunction with the report, Webroot has released a handbook for SMEs, "A Guide to Security for Small & Medium Business" that provides tips and best practices for protecting technology infrastructure and sensitive customer data from malware and cyber criminals.

"Unlike larger corporations, SMEs often lack the monetary resources and IT expertise to install and maintain the type of protection needed in the face of today's growing malware threats. The real dichotomy here is that most of these companies think the real threats are viruses and worms, but the reality is the percentage of spyware is much higher and growing quickly," said Peter Watkins, CEO, Webroot Software. "As a result, these companies are easier targets for cyber criminals when compared to larger companies with dedicated IT security resources."

Consistent around the world, SMEs make up the overwhelming majority of the world's business landscape, totaling more than 99.5 percent of all businesses in each country surveyed and representing more than 50 percent of the Gross Domestic Product (GDP) in each country. Because of the sheer number of SMEs worldwide, they are easy for criminals to find and have several consistent internal attributes that heighten their Internet security risk including:

* Pervasive Internet use. Seventy-seven percent of SMEs said their success depends on the Internet.
* Home-based and remote workers. Up to 52 percent of new businesses are home-based or remote.
* The need to store valuable customer and employee data due to online sales.

According to the report released by Webroot, SMEs are increasingly connected in order to do business, but there are a number of other factors impacting their IT security including:

* Lack of in-house security expertise.
* Limited budget and resource constraints.
* A constant struggle to keep pace with a growing mobile workforce.
* Absence of policies managing personal use of work computers.
* Increasing volume of sensitive customer and employee data.
* A rapidly evolving threat landscape.

"We're seeing a perfect storm developing that could possibly have serious economic impact. SMEs are heavily reliant on the Internet for their work, making them a target. Compounding matters, there has been a 183 percent increase in Websites harboring spyware since January 2007, and SMEs aren't defending themselves adequately," added Watkins. "Given that these companies are the lifeblood of the world's leading economies in both revenue generation and employment, we have a situation that could expose both businesses and customers to a very real, significant and growing threat on a global basis."

Report Highlights:
- Low Awareness and Misperception of Real Problem. In all six countries surveyed, SMEs reported viruses and worms as more of a threat than spyware, yet last year spyware threats increased 254 percent while viruses were on the decline.

- High Virus Infection Rates Despite Protection. Approximately 96 percent of respondents reported that they have an antivirus solution installed, but more than 60 percent of respondents in Canada, France and the U.S. still reported a virus infection in the past year, which reflects the need for broader protection due to the increasingly complex nature of malware threats, and the need for someone to help manage the solution.

- Lack of Policies for Perceived Threats. To the extent that SMEs view employee errors and data theft as serious threats, 40 to 60 percent lack a policy to restrict or monitor employees' personal use of work computers.

- Limited or No IT Staff. Approximately 40 percent of SMEs in Japan reported having no IT department at all, while three-fourths of SMEs surveyed have fewer than ten people in IT. The lack of in-house security expertise helps explain why 61 percent of SMEs have never sought information about how to properly protect customer and employee data.

The State of Internet Security report is issued quarterly as an in-depth review and analysis of the most pressing computer and data security-related concerns. Each report focuses on a specific aspect of information security, and provides industry data, trends and best practices in light of the threat landscape. The State of Internet Security: Protecting Small and Medium Businesses report includes survey results of companies with five to 999 computers in six countries: Canada, France, Germany, Japan, the United Kingdom and the United States. Webroot is also offering a companion guide called, "A Guide to Security for Small & Medium Business" to help SMEs protect themselves.

The complete report is available at www.webroot.com/sois.

Webroot(R) Research Finding: Most Small and Mid-sized Businesses Worldwide Are Exposed to the Growing Wave of Internet Security Threats

2007-10-16T22:21:00.000+02:00

Gemalto Achieves Major Breakthrough in Security Technology with Java CardTM Highest Level of Certification

2007-10-10T22:23:00.000+02:00

World's first Common Criteria certificate of a smart card involving formal assurances from the utmost EAL7 level

Amsterdam, The Netherlands - October 10, 2007 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announces that its implementation of Java CardTM technology has been Common Criteria certified EAL4 using formal assurances from the EAL7 level, the highest level of certification possible. This is the world's first Common Criteria certificate of a smart card involving formal assurances from the EAL7 level. It provides high confidence in open multi-application cards as it ensures that each embedded application is completely and securely isolated from the others and that this security process has been mathematically proven. Gemalto received the certification end of September 2007.

The EAL levels, which range from 0 to 7, offer a simple scale for comparative measurement to the consumer. Internationally designed and recognized "Common Criteria" security certificates using the EAL scale enable to verify that products meet the security claims made by vendors. The EAL7 formal assurances in this certification provide the highest measure to verify the design and implementation of the security mechanisms of the Java Card System of the smart card. This achievement demonstrates that Gemalto uses the most advanced means of designing and testing the security of its Java Card products. The certification also conforms to Sun Microsystems' Java Card System Protection Profile.

The certification was performed by the French DCSSI (Central Administration for Information Systems Security - Direction Centrale de la Sécurité des Systèmes d'Information). The measures of the DCSSI are focused on the functional and assurance requirements of a security product. Functional requirements define the desired security of the product as offered by the security vendor, and assurance requirements confirm the effectiveness and implementation of the security mechanisms.

This certificate received by Gemalto is recognized internationally, through the SOG-IS and CCRA international agreements.

All trademarks are properties of their respective owners.

Poor ID and Access management Leaves UK Enterprises Vulnerable

2007-10-08T21:17:00.000+02:00

New independent survey by Siemens Insight Consulting uncovers security policy lapses in UK business

* 71% of respondents still use username and password
authentication - one of the weakest security measures

* 62% of respondents admit that their organisation has no
Information Security Management System in place - or don't know if they do

* 50% of survey respondents were unsure whether access rights are
removed when an employee leaves

London, IDC Security Conference, September 25th, 2007 - Insight Consulting, the independent security, compliance and continuity consultancy of Siemens Enterprise Communications, today announced the findings and availability of new research on the attitudes of UK businesses to Identity and Access Management. The new report released today reveals grave concerns over potential security and identity management lapses in business.

Insight conducted the survey to measure the uptake of new Identity and Access Management (IDAM) technologies and assess whether Identity Management systems are the future hubs of security technology. It is apparent from the research that security precautions beyond the prevalent use of password authentication is still extremely lax, a situation exacerbated by limited up-take of single sign on, which can help eliminate the need for multiple and insecure passwords.

"The lack of single "sign-on" awareness together with reliance on passwords was just the first of a series of major concerns highlighted by the research," said Colin Robbins, Principal Consultant, Insight Consulting.

"The failure of finance and retail sectors in particular to implement mandated audit requirements is also a grave concern, and demonstrates the need for a broader, immediate adoption of integrated identity and access solutions." Robbins continued. This is evidenced by 70% of UK enterprise (with greater than 5000 employees) who admitted that they find it hard or even impossible to accurately produce audit reports that show access to their networks, applications or data. This has been made all the more difficult through a lack of HR integration, where businesses simply fail to update security protocols when staff leave the company. The research identified this as one of the major factors of IDAM that is still overlooked by half of UK businesses.

One positive aspect of the survey was that business is beginning to realise the threat, with 74% of the respondents admitting that they were actively looking at new 'user centric' identity management technology

"While it is clear that many medium and large enterprise are already investigating new IDAM technology, what has also become clear from our research is that many businesses are simply not doing enough, or are even in many cases wholly unaware of the existing risks to their business and how to go about managing the resources available to them,"
concludes Robbins.

Information Security Forum Spreads The Word With Global Security Briefings

2007-10-02T21:20:00.000+02:00

The ISF highlights latest security risks and threats at executive briefings across 13 cities and ten countries

The Information Security Forum (ISF) is hosting 13 executive security briefings around the world during October, November and December to raise greater awareness of the risks to information security and emerging threats. These interactive sessions aimed at senior information security and risk executives, will start in Chicago on 9 October and run in New York, Toronto, Charlotte, Atlanta, Mexico City, Paris, Madrid, Munich, London, Sharjah, Mumbai and finish in Pretoria on 6 December.

The Information Security Forum is a not-for-profit international association of over 300 major companies and public sector organisations across 25 countries, including half of the Fortune 100. The ISF is the leading independent authority on information security and has invested more than $100million in delivering practical research, in-depth authoritative reports and advanced methodologies and risk assessment tools.

The events will focus on three main topics. ‘Managing the Complexity of Security – Hints and Tips from the Front Line’ will look at the IT security challenges faced by ISF members and how they have overcome them. The second part, ‘Assessing and Reducing Business Risk’, will explore efficient and cost-effective ways to approach information risk, drawing on the ISF’s extensive research, surveys and methodologies for best practice risk management.

The final session entitled, ‘Where is the Pain?’, is an interactive roundtable discussion about the common information security problems faced by organisations in day-to-day business. This will be driven by attendees so the topics may vary from virtualisation and digital rights management (DRM) to data leakage.

Speakers at the briefings will include Simone Seth and Andy Jones CISSP, leading information risk specialists and senior research consultants with the ISF. Simone Seth has 20 years’ experience with key information security management positions at firms such as JP Morgan, Deutsche Bank and CitiGroup. Andy Jones CISSP also has over 20 years of IT industry experience, holding senior information security positions at a large international airline and Sainsburys.

Many of the briefings are hosted by ISF Members and the full 2007 schedule:

DATE CITY Host
09 October Chicago Motorola
10 October New York Guardian Life
11 October Toronto Bell Canada
16 October Charlotte Transamerica
17 October Atlanta State Farm
19 October Mexico City Scotiabank

06 November Paris Symantec
07 November Madrid BBVA
08 November Munich BT
09 November London BT

14 November Sharjah / UAE In conjunction with MEITSEC 2007
16 November Mumbai
06 December Pretoria

For more information on the ISF Executive Briefings, please visit www.securityforum.org or call Susan Swope Tel +1 650 474 2628, or email susan.swope@securityforum.org.

- 2nd Wave of C-Level Targeted Attacks with Increased Sophistication -

2007-09-27T21:18:00.000+02:00

New York and London - 27 September 2007 - MessageLabs, the leading provider of integrated messaging and web security services to businesses worldwide, today announced the results of its MessageLabs Intelligence Report for September and 3rd quarter of 2007. The new data reveals that virus and phishing levels have significantly increased, reaching levels not seen since early 2006. In addition, MessageLabs exposes a second wave of highly targeted C-level and senior management email attacks with increased sophistication and outreach.

With a virus threat now incorporated within every 48 emails, cyber-criminals are steering away from using the more obvious attachment method of distribution and favoring the use of links to malicious websites hosting malware code. This technique, which increased in popularity by approximately 15 percent this quarter, enables social engineering-based attacks such as e-postcards to be utilized.

Mirroring the recent resurgence in virus attacks, the volume of phishing threats has also reached exponential levels this month with every 87 emails comprising of a phishing attack. Through the increased availability of phishing kits and the uptake of aggressive phishing techniques such as 'rock' phishing, the quantity and severity of these attacks are able to increase dramatically. 'Rock' phishing utilized a phishing kit which enables a single compromised computer within a botnet to host multiple phishing sites at the same time.

"The start of the new school year seemed to bring back an increase in old-school threats and in high volumes. With email more ubiquitous than the telephone and one in 48 emails containing a virus, most people are unwittingly receiving more than one virus a day," said Mark Sunner, Chief Security Analyst, MessageLabs. "As we enter the last quarter of
2007 and draw closer to the holiday season, the bad guys will be provided opportunity to disguise their attacks through the increase in genuine well-wishing emails and the anticipated upsurge in online shopping traffic. In addition, with the incessant rise of comprised machines through aggressive botnet activity, further spam level increases are anticipated."

September is not just the month of mass-outreach attacks, the highly targeted approach is still rife. On September 12, more than 1,100 C-level and senior management executives became the target of another attack, thought to be from the same perpetrators of the June 26 C-level assault. With increased sophistication, the emails, which purport to be from a recruitment company, use a Microsoft error message to persuade the victims to click on the RFT attachment. Once opened, the RFT file contains an executable which drops two files onto the computer which in turn will be used to pass sensitive information back to the attacker.

Other report highlights:
Web Security: Analysis shows that 73.8 percent of the malware intercepted in September was new. Analysis of policy-based traffic highlighted that corporate tolerance of social networking sites is diminishing with Facebook being the most blocked site within the Personal's and Dating category for SMBs and Friends Reunited top of the
same category for the Enterprise.

Spam: In September, the global ratio of spam in email traffic from new and unknown bad sources, for which the recipient addresses were deemed valid, was 73.5 percent, a decrease of 0.5 percent on the previous month. When reviewing the overall spam rates on a quarterly basis, a drop of 0.9 percent was observed since Q2 2007.

Viruses: This month, the global ratio of viruses in email traffic from new and previously unknown bad sources destined for valid recipients was
1 in 48.8 emails (2.05 percent), an increase of 0.8 percent since last month. Virus and trojan levels have declined steadily since 2006, with the Q3 2007 rates of 1 in 67.2 emails being the highest quarterly level since Q2 2006.

Phishing: With an increase of 0.6 percent, one in 87.2 emails comprises of some form of phishing attack in September, the highest level to date.
When judged as a proportion of all email-borne threats such as viruses and trojans, the number of phishing emails has risen by 9.7 percent to 56.0 percent of the malware threats intercepted in September. Over the last quarter, phishing rates have increased from 1 in 232.0 to 1 in 124.3.

Geographical Trends:
* Israel continued to have the highest spam rate this month with
73.8 percent. Hong Kong was the second most highly spammed country registering a 6.6 percent increase in spam since August.
* Japan had the lowest spam rate with 27.1 percent. Germany also
saw a sharp decrease of 10.2 percent in spam rates in the last month, marking a quarterly decline of 6.63 percent
* India still remains the region most affected by viruses with 1
in 53 emails containing a virus. The largest rise in virus activity was observed in the Netherlands where levels rose by 0.2 percent, from 1 in
750.1 emails in August to 1 in 303.3 emails in September.

Vertical Trends:
* The Agriculture sector is still ranked the most spammed sector
with 67.8 percent, marking a slight increase of 0.9 percent from the previous month. Over the previous quarter this marks a continued increase of 7.36 percent.
* Despite an increase of 3.3 percent, Finance remains the least
spammed sector; this is reflected in a large quarterly decrease of 11.13 percent.
* Since rising to the top of the virus chart in August, the
education sector continues to retain its position, with an increase of
0.25 percent in September.
* In contrast to being the most spammed, Agriculture is the sector
least affected by viruses with a further drop of 0.2 percent in September contributing to a quarterly drop of 0.28 percent.

The September 2007 & Q3 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at http://www.messagelabs.com/intelligence.aspx.

MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.

Yoggie Security Systems(tm) enhances its revolutionary range of

2007-09-19T23:45:00.000+02:00

Feature-packed update improves usability and functionality

Yoggie Security Systems(tm) has extended functionality and user-friendliness of the Yoggie Gatekeeper(tm) and Yoggie Pico(tm) series by releasing a new firmware update. This update, Version 1.3.0, which is a comprehensive response to direct customer requests and feedback, is available immediately for download and a full list of features and fixes can be found at (http://www.yoggie.com/PDF/Yoggie-1.3.0-RN.pdf).

The Yoggie customer-care team of 20 professionals is in constant dialog with its customers via the Yoggie(tm) Knowledge Base, support phone lines and email as well as direct interaction with Yoggie(tm) distribution partners, and has worked with users to identify the main areas for enhancement. All Yoggie Gatekeeper(tm) and Yoggie Pico(tm) computers will automatically and transparently detect, download and install the 11 additional features and 12 fixes on connection to the Internet. User action is not required.

Significant Firewall functionality enhancement

In this latest update, the firewall mechanism has been significantly redesigned and improved. There is now full control and configurability of all incoming and outgoing traffic. Additionally, on the Yoggie
Gatekeeper(tm) models, the Port Forwarding component has also been upgraded to match the new improved firewall control.

Further improvements include interface quality and speed, new categories for the web filtering function and, in addition:

* Dialer improvements which now enable users to place a Yoggie
Gatekeeper SOHO(tm) between the router and modem to facilitate simultaneous wired and wireless connectivity
* Improved user control over Yoggie's unique Layer8(tm) Security
Engine and Intrusion Detection and Intrusion Prevention rules
* The log system, used to display security and system logs, has
been improved with more user-friendly screens that also load more quickly
* Graphic CPU Usage and Temperature indicators have been added to
the support section

Vordel 3rd Annual SOA Security Conference focuses on practical control of SOA

2007-09-12T23:44:00.000+02:00

Iona, ZapThink, Atos Origin, nCipher to feature at industry's leading SOA Security conference

Dublin, Ireland September 12, 2007 - Vordel will play host this October in Dublin to many of the industry's leading analysts, vendors, systems integrators and end user organizations at its 3rd annual SOA Security user conference. Focusing on the theme of Practical Control of the SOA, the event offers attendees an excellent mix of strategic enterprise architecture advice coupled with practical with hands on training.
Keynote presentations will include Sean Baker of Iona, Jason Bloomberg from ZapThink, David Yeates at EBS Building Society, Paddy Keenan Chief Architect with Atos Origin, Daniel Mothersdale of nCipher and many others.

Engineers attending the Conference training will receive Accredited Vordel Engineer Certifcate status from the course for Vordel's award winning XML networking products.

As enterprises and technologists grapple with the concepts of SOA and the implications placed on resource allocations by investing in such technologies, managers need to be able to separate the facts from spin.
The 3rd Annual Vordel SOA Security User Conference event is the forum where companies acquire the insights and knowledge about the practical real world use of XML and Web Services technologies that affect these decisions.

The Vordel SOA Security Conference has established itself as one of the industry's key end-user events dedicated to providing attendees with the opportunity to expand their knowledge of this increasingly mission critical technology and to exchange ideas, expertise, and experience of practical applications of SOA security and governance with fellow delegates.

A new school year and a new computer - study safely online

2007-09-10T23:42:00.000+02:00

Children are now preparing for the start of the new academic year and while the prospect of returning to school may not please every child, a significant number are probably happy that it has prompted parents to invest in PCs and laptops to support success in studies. However, Manchester-based Global Security One (GSEC1) is advising parents to ensure that they have appropriate systems to protect their children from the more unsavoury aspects of the Internet.

"The internet is a fantastic resource, with encyclopedic knowledge a few keystrokes away, but once children have access to the Internet, it is only fair to assume that they will want to engage in the social aspects too, from chat rooms to messaging," explains Mark Brooks, International Marketing Manager of GSEC1. "While there are bodies who strive valiantly to police the Internet and keep youngsters safe, it is a daunting, enormous challenge. It is unsurprising therefore, that many parents will want to try and manage their children's use of the Internet to safeguard them from online threats such as websites with unsuitable content, child grooming and cyber-bullying.

"That said, I know from being a parent myself that it's unrealistic to expect Mum or Dad to monitor every minute of their child's surfing. There are household chores to perform, there may be more than one child with a PC or laptop in the home, working patterns may not coincide with children's activities and so on. That is why we have developed the XGate which has the ability to significantly reduce any harmful online communication, without parents having to permanently survey their children's activity."

The XGate monitors real time children's online activity and alerts parents if relevant by email or sms on their mobile phone to inappropriate material and/or behaviour in terms of website content, chat room activity and emails and their attachments.

GSEC1's XGate will:
- flash an alert page (which reads 'This page has been blocked under the category of pornography, please contact your guardian') on the PC screen should a user try to access a website with pornographic content; the page will stay on the screen until the child decides to navigate away from the site
- email or sms the website address to parents' mobile phones to advise them so they can discuss with their children later
- block emails with pornographic or bullying content and attachments via its intelligent email filter
- email or sms to parents' mobile phones if inappropriate or 'trigger' language occurs while their children are in chat rooms and at risk of being groomed; grooming language includes phrases such as 'sex', 'secret', 'meet', 'mobile phone number', 'age', 'webcam', 'are you alone' etc
- allow a parent to remotely control the child's computer by using simple replies to any email or sms alerts received, including the ability to remotely shutdown the child's computer
- control access to specific websites at pre-agreed times to children, e.g. education websites only between 18:00 and 20:00 for support with school assignments

Mark explains how XGate offers this level of control: "The XGate features an intelligent web filter, which is a dynamic solution checking against a centralised database containing millions of websites that are constantly updated, categorised and rated according to their content. The XGate comes with a control centre and parents can select categories of websites and email content which is to be off-limits, for example sites with pornographic or bullying content. Should a child then attempt to access such a site the XGate cross references with the dynamic database, identifies that it is prohibited material, blocks access to the site, generates the alert page and informs the parents. These restrictions can be applied on a permanent basis or can be restricted based on the time, allowing children the flexibility to browse the Internet whilst also concentrating on their studies at the same time"

In the unlikely event that a particular website requested does not currently appear within the categories listed in the database, the web filter uses an intelligent algorithm to rate the website and will block or allow the website accordingly, and also update the central database - all in real time. Access to the control centre is via password chosen and known only by the parents so that children cannot override it and alter the restrictions.

Unlike traditional security solutions for home PC users, the XGate is not a piece of software that sits on the PC and slows it down. It is a hardware device which plugs into the PC and includes an ADSL modem, enabling the user to safely browse the internet as fast as the connection allows.

There is no other device in the world today able to offer such peace of mind to a parent. Mark adds '"The issue of child security while on the Internet is an ever changing landscape and we believe that it is right that leading organizations in computer security, such as GSEC1, should play their part. We believe that the XGate enables parents to be in charge of their children without being afraid of technology and the Internet which, used safely, is a wonderful tool."

Key benefits of the XGate approach include:
- it is a unified approach to home Internet security so doing away with the need for the user to buy disparate pieces of software or worry about integration, compatibility and licensing issues.
- A single XGate meets all home broadband Internet security needs and allows up to 4 computers to be connected
- A single renewal relieves the user from tracking multiple software subscriptions
- It's a stand alone device which stops threats before they reach the computer. Unlike conventional security software which will only identify threats when they have actually infiltrated the computer system

The XGate retails at £99.95 and is available via Amazon while visitors to www.xgate.com can find details of other outlets. The XGate is currently ADSL compatible as GSEC1's research highlights that the greater proportion of the country has that type of Internet access and so it can offer a wider population of children the protection they need. The next iteration of the XGate will be compatible with cable Internet, wireless and ADSL.

Pitney Bowes MapInfo Aligns with Exclusive Analysis to Provide Advanced Terrorism Risk Analytics

2007-09-10T23:40:00.000+02:00

TerrorRisk(tm) Enables Insurers to Conduct Enhanced Strategic Planning Through Location-Specific Terrorism Risk Exposure

London, UK - 10 September, 2007-Pitney Bowes MapInfo, the leading global provider of location intelligence, have aligned with Exclusive Analysis, the leading strategic intelligence company, to provide the insurance industry with TerrorRisk(tm), a unique and powerful terrorism risk assessment tool. TerrorRisk, combining Exclusive Analysis' terrorism forecasting expertise with Pitney Bowes MapInfo's leadership in location intelligence, employs fact-based, location-specific metrics developed by Exclusive Analysis to score the maximum likely severity of violent risks to more than 3,700 global points of interest. Armed with Exclusive Analysis' insight and the location intelligent capabilities delivered by Pitney Bowes MapInfo(r) technology, insurers and risk managers are able to make more insightful underwriting, rating, coverage and risk selection decisions.

TerrorRisk's global database contains up-to-date intelligence and high-end analysis covering a range of terrorist threats. The tool provides insurers and risk managers with the means to evaluate terrorism risk exposures worldwide on a building-by-building basis, across target types and by desired political or geographical boundaries-such as city, country or postal code. TerrorRisk is easily integrated into existing analytical work suites, enabling insurers to carry out terrorism exposure location analytics, portfolio risk management, risk proximity analysis and street-level terrorism risk assessment.

"Terrorism is a paramount global concern for businesses such as insurance agencies and Exclusive Analysis' risk assessment delivers targeted and actionable forecasts to help maximise opportunities and mitigate risk. Our insight coupled with Pitney Bowes MapInfo location intelligence equips insurance professionals with a complete view of their overall risk environment, enabling well-grounded business decisions in underwriting and reinsuring," said Simon Sole, CEO of Exclusive Analysis.

TerrorRisk delivers trusted terrorism risk analysis, classifying targets by name, address and target class. The data set includes locations considered by Exclusive Analysis to be the most likely terror targets.
This evaluation is based on previous patterns of attacks, both against individual buildings and more than 40 discrete target classes, analysis of terror groups, their capabilities and targeting priorities, and the value of a building as a potential target. When used in conjunction with Pitney Bowes MapInfo location intelligence solutions, such as the Risk Data Suite, MapMarker(r) geocoding, and analysis and visualisation platforms such as MapInfo Professional(r) or Envinsa(r), TerrorRisk provides insurers with the most flexible risk analytics solution on the market.

"Location is one of the most critical elements in assessing risk and aligning with Exclusive Analysis enables us to provide insurance companies with an additional trusted analysis solution to help determine the probability and severity of losses. Potential terrorist attacks have become an increasingly important risk factor for our clients and the global insurance industry," said John O'Hara, Executive Vice President of International Operations, Pitney Bowes MapInfo. "TerrorRisk adds another critical data set to our rapidly growing portfolio of location intelligence solutions. Risk managers from financial institutions, manufacturers and global retailers are interested in utilising TerrorRisk as an attribute of their ERM (Enterprise Risk Management) programmes."

TerrorRisk is currently available. For more information visit www.mapinfo.co.uk/TR

Research Highlights Changing Threat Landscape And Increased Risk To The Web 2.0 Enabled Enterprise

2007-09-05T23:37:00.000+02:00

Latest WatchGuard report identifies reasons to be fearful

5 September 2007: WatchGuard Technologies, a leading provider of secure appliances and unified threat management (UTM) solutions, warns that the changing nature and scale of security threats will pose more strenuous challenges for security administrators as they embrace the Web 2.0 world.

Research over the last three years by WatchGuard's Rapid Response team has tracked attack patterns and identified five key threats: DNS system attacks, virus and malware, buggy web applications, hacking for profit, and the end users themselves.

"The increase in the range and sophistication of threats, combined with more complex architectures and the move to Web 2.0, will make the job of securing enterprise networks more difficult than ever before," says Steve Fallin, director of WatchGuard's Rapid Response team. "Other factors putting organizations at more risk include increased levels of remote access, continued poor user behaviour and the shift from hobby hackers to organized crime."

According to WatchGuard's survey, many of today's attacks are targeted and done for profit, such as the sale of personal information or blackmail. The focus of web based attacks has also shifted to applications running on the web server and the data systems that back them up by exploiting flaws in website design.

On the desktop, relatively harmless virus infections have now morphed into a devil's brew of sophisticated viruses, spyware, root kits and botnets. At the same time, attacks such as phishing and drive-by downloads target the most vulnerable portion of the network infrastructure - its users - with surprising levels of success.

"The last few years have seen a considerable change in the nature of security challenges faced by the internet enabled enterprise," says Fallin. "As we are now on the verge of widespread adoption of Web 2.0, with its promise of the collaborative enterprise, it is vital to adapt enterprise security to address the threats posed by a Web 2.0 world."

Ian Kilpatrick, chairman of Wick Hill Group, WatchGuard's largest worldwide distributor, commented: "WatchGuard has been in the frontline of threat defence for over ten years. Its LiveSecurity service has ensured that customers have not only been protected at the gateway from hidden vulnerabilities in their internal systems, but have also been informed of how to fix them. WatchGuard's UTM solutions are a further step forward in defending against today's increased threat levels, as highlighted by this research."

WatchGuard's Rapid Response team is responsible for monitoring threats on the Internet, assessing the nature and severity of the threat and rapidly delivering threat defences to all WatchGuard UTM appliances on a
24x7 basis.

Notes for editors: the need for a more comprehensive security solution:

Increasingly complex architectures
As we expect our networks to do more for us than ever, they are growing more complex and becoming an increasing management burden. This is reflected by the growing number of network 'discovery' tools. The security impact of this trend is straightforward - what is not seen is not managed and what is not managed can't be kept secure and operational over time.

Excessive User rights
Most administrators give end users local administrator rights on their machines to cut down on support calls. But it also means that an attacker may inherit administrator rights and gain a more useful platform to launch further attacks against other network resources.
Administrators should weigh carefully whether this risk is worth the inconvenience of the added support burden.

Phishing Attacks
More sophisticated forms of this type of attack are targeting organizations or individuals with schemes that seek network access credentials and confidential corporate communications. All users must be reminded that if it sounds too good to be true, it probably is - so don't click on it.

Malware
Targeted at end users and typically exploiting unpatched software such as browsers or email clients, malware is the new 'virus' threat. Today's malware uses the web to lay traps and email to draw victims to the site where they are susceptible to all manner of dangerous code. The secure network must manage these threats in a holistic manner, including user education and perimeter security to protect the end users from themselves.

Users
With most end users having excessive permissions on their computers they are prime targets. For them, security as an impediment to getting their jobs done and they are seldom as knowledgeable as they need to be when it comes to being safe on the internet. These factors create a major risk and organizations must reach out to educate their end users in critical network security skills.

Ubiquity of AV/ file decompression software For the past two years, a dedicated group of researchers has released a steady stream of security advisories pointing to specific flaws in how popular anti-virus software handles compressed data. With over 90% of organizations running AV software with a high level of security permissions, any vulnerability leads to attackers with administrator access. Perimeter security solutions must provide defence in depth to counter this threat, protecting the AV systems from harmful file types.

New application servers
New application servers such as those supporting VoIP and collaboration applications are now found in data centres which, in most cases, have been optimized for mature, stable applications such as web and email servers. This means that future security solutions must support these business requirements and shelter the servers from abuse.

New web applications
While web servers in general are quite stable and secure, the web sites that run on them are another matter. If not designed properly and securely, the web site can be used as a platform to attack the data behind it leading to information disclosure and online fraud.

Attacks against DNS servers
The global DNS system is the 'phone book' that makes the internet possible, translating names into numbers. With DNS, we trust that when we type the address of a web site into a browser, that we will end up at that right web site. But attackers are increasingly probing this system for weakness and attack techniques such as fast flux and pharming exploit this trust placed in the DNS system to deliver malware or harvest personal information from trusting users.

PortaOne and Paradial Announce Interoperability of the RealTunnel(c) Firewall and NAT Traversal Solution with PortaOne Solutions

2007-09-04T23:37:00.000+02:00

Paradial connectivity solution enables PortaOne services to work automatically and securely across firewalls, NATs, and web proxies.

Coquitlam, British Colombia and Oslo, Norway, September 4, 2007 - PortaOne and Paradial announced that Paradial's award winning
RealTunnel(c) firewall and NAT traversal product is interoperable with PortaOne software billing and softswitch solutions (PortaSwitch) for ITSPs. The solution allows PortaOne customers to deploy IP-media services with no worries about firewalls, NAT devices and web proxies that otherwise prevent end-users from accessing communication services.

The end-user experience of IP-media services, such as VoIP, is often disappointing due to the lack of connectivity resulting from firewalls and NAT devices interfering with SIP and H.323 traffic. The interoperable PortaOne and RealTunnel solution allow SIP and H.323 solutions to work across any firewall, NAT and web proxy without the need to reconfigure those devices. QoS is maintained and cost is kept down as RealTunnel always establishes the most efficient communication path available.

"Service providers will benefit from this announcement by being able to deploy VoIP services that meet the service availability and QoS expectations of end-users", says Paradial CEO Ingvar Aaberg. "Being able to deploy VoIP services that always work - independent of where the end user is located - allows providers to focus on business objectives and lower support and production cost."

"As VoIP evolves in the enterprise market, it is essential for billing and softswitch developers to be able to offer a solution that removes the complexities of VoIP deployment, such as security, reliability and interoperability", adds Roman Khalenkov, Sales and Marketing Director at PortaOne. "Our PortaSIP class 5 softswitch has already provided NAT traversal solutions. Today, the combination of Paradial's RealTunnel(c) with PortaOne's VoIP billing and switching products further enhances ITSP network management capabilities to meet the market challenges."

Gemalto Launches the “Gemalto Innovation Forum”

2007-09-04T23:34:00.000+02:00

As part of the 8th edition of the Smart Event, the Forum will provide attendees with the latest updates on digital security

Amsterdam, The Netherlands – 4th September, 2007 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announces the Gemalto Innovation Forum, a one-day event aimed at sharing the company’s approach of innovation in various fields including contactless, mobile TV, identity, online secure Internet transactions, to name but a few. Gemalto experts will deliver keynote speeches on the company’s strategy and market trends in digital security, followed by presentations of the advanced technologies that support these challenges. Gemalto Innovation Forum will be held on September 18 in Sophia Antipolis, France.

Research and development ranks among Gemalto’s major priorities. The company has built up a world-class team of 1,500 engineers worldwide, including internationally renowned experts. The Gemalto R&D team is constantly developing cutting-edge solutions in diverse market sectors such as telecoms, banking, access, transport, healthcare, Internet and identity. Its effort has contributed to making the company the world leader in digital security and in setting major international standards in all its key markets. Gemalto employees’ thought leadership and breakthrough innovation was rewarded by over 5,000 patents and patents applications.

Gemalto Innovation Forum will be part of the Smart Event, a worldwide renowned professional forum. Over 30 smart card industry and trade associations, European universities, international institutions and standardization bodies, R&D laboratories and technological consortia recognize the quality of its contents and support the event.

“This initiative reflects Gemalto’s strong commitment to innovation,” stated Xavier Chanay, chief innovation and technology officer of Gemalto. “We are dedicated to creating more value for our customers by enabling them to differentiate themselves from their competitors, more value for our shareholders by constantly innovating in our products and solutions, always accelerating their time to market and providing a more complete range of software and services.”

Please register with http://www.strategiestm.com/conferences/gemalto-innov-forum/07/index.htm and look at Gemalto Innovation Forum’s detailed program available on this dedicated website.

Acunetix Launches Free Cross Site Scripting Security Scanner

2007-09-04T22:56:00.000+02:00

Organizations now able to protect their websites from growing threat of Cross Site Scripting vulnerabilities

London, UK – 4 September, 2007 – Acunetix today launched a Free Edition of its popular web vulnerability scanner, which allows companies to check for cross site scripting vulnerabilities in their websites at no charge. The Free Edition of Acunetix Web Vulnerability Scanner (WVS) is available immediately at http://www.acunetix.com/cross-site-scripting/scanner.htm
.

What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.
Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting (XSS), as it is one of the most common yet underestimated of web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store. Whereas in June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website.

A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that Cross-Site scripting ranked first in a list of top security risks. In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners.
Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for Cross Site Scripting

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition To check whether your website has cross site scripting vulnerabilities, download the free edition from http://www.acunetix.com/cross-site-scripting/scanner.htm
. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here http://www.acunetix.com/websitesecurity/xss.htm
.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

Acunetix Launches Free Cross Site Scripting Security Scanner

2007-09-04T22:02:00.000+02:00

Organizations now able to protect their websites from growing threat of Cross Site Scripting vulnerabilities

London, UK – 4 September, 2007 – Acunetix today launched a Free Edition of its popular web vulnerability scanner, which allows companies to check for cross site scripting vulnerabilities in their websites at no charge. The Free Edition of Acunetix Web Vulnerability Scanner (WVS) is available immediately at http://www.acunetix.com/cross-site-scripting/scanner.htm
.

What is Cross Site Scripting?
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet.
Cross site scripting vulnerabilities are extremely dangerous and the number of the attacks is on the rise. More information about Cross Site Scripting can be found at http://www.acunetix.com/websitesecurity/cross-site-scripting.htm

Many a large-scale corporation has fallen prey to Cross Site Scripting (XSS), as it is one of the most common yet underestimated of web attacks. In August 2006, hackers stole the personal data of nearly 19,000 DSL equipment customers through a vulnerability in AT&T’s online store. Whereas in June 2006, PayPal users were tricked into giving away social security numbers, credit card details and other highly sensitive personal information through a cross site scripting vulnerability in the PayPal website.

A report from Mitre Corp., a US government funded research organization, issued in September 2006 indicated that Cross-Site scripting ranked first in a list of top security risks. In a study conducted by Acunetix, 42% of the websites scanned with Acunetix WVS were found to be vulnerable to Cross Site Scripting.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners.
Consequently, security officers don’t have the tools to protect their websites. The free XSS scanner will give security officers access to a professional cross site scanning tool, that will allow them to assess their web sites for the cross site scripting danger,” said Jonathan Spiteri, Technical Manager of Acunetix.

Scanning for Cross Site Scripting

Scanning for XSS vulnerabilities with Acunetix WVS Free Edition To check whether your website has cross site scripting vulnerabilities, download the free edition from http://www.acunetix.com/cross-site-scripting/scanner.htm
. This version will scan any website / web application for XSS vulnerabilities and it will also reveal all the essential information related to it, such as the vulnerability location and remediation techniques. Scanning for XSS is normally a quick exercise (depending on the size of the web-site). A detailed guide how to scan for cross site scripting vulnerabilities can be found here http://www.acunetix.com/websitesecurity/xss.htm
.

The Free Edition also allows you to sample what other threats Acunetix WVS can find by allowing you to scan the Acunetix test sites for vulnerabilities.

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. It checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist. Acunetix WVS Reporting Application allows security alerts to be presented in a document which abides by the PCI Compliance specification.

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta) and an office in London, UK. For more information about Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de

GFI Releases New Web Security And Web Filtering Solutions For SMBs

2007-08-23T23:33:00.000+02:00

GFI WebMonitor for ISA Server available in three versions to meet administrators' particular web management requirements

London, UK, 23 August, 2007 - GFI Software, a leading developer of network security, content security and messaging software, today announced the release of the latest version of GFI WebMonitor for ISA Server, a solution that gives administrators comprehensive control over corporate web usage and what employees are downloading from the Internet. GFI WebMonitor 4 boosts employee productivity and increases security whilst maintaining optimum use of the Internet as a business tool.

The Internet is an important business-to-business (B2B) resource but uncontrolled and unmonitored access could lead to lower productivity when employees waste time browsing non-work related material. Research carried out by IDC shows that up to 40% of employee Internet activity is non-work related and this includes the downloading of music files, usage of social sites like Facebook or eCommerce sites like eBay and browsing the web for personal entertainment. Access to the Internet also increases the risk of viruses, spyware and unauthorized software being downloaded. Such activity can lead to malicious software active on companies' systems, leading to security breaches and data loss.

A practical method of mitigating these unwanted aspects of the corporate Internet connection would be to deploy GFI WebMonitor. This solution grants the administrator full control over Internet resources to create a secure online experience, to proactively counter risks of vicarious liability and, in turn, to set higher efficiency levels.

GFI WebMonitor for ISA Server is available in three editions, offering administrators a specific or holistic web management solution. These
are: the WebFilter Edition; the WebSecurity Edition and the UnifiedProtection Edition, a suite that delivers a secure browsing experience through the use of multiple anti-virus engines, increases productivity through the WebGrade URL Filter and drives implementation of user web policies through granular download control policies.

WebFilter Edition
The WebFilter Edition of GFI WebMonitor for ISA Server comes with WebGrade, a 100% human-reviewed site categorization database and web filtering technology that gives administrators control over what sites users can browse and block access to websites in particular categories, such as adult, online gaming, P2P and travel websites. The WebFilter Edition permits real-time web monitoring of all corporate web activity and also bandwidth monitoring. Administrators are also able to proactively enforce company policy on a per-user basis to filter out unwanted web usage.

WebSecurity Edition
The WebSecurity Edition provides the tools needed to create download control policies and monitor what files employees are downloading from the web and to block particular file-types such as mp3s. GFI WebMonitor also uses multiple virus scanners to scan every file that is downloaded; this drastically decreases the time to obtain virus signatures, thereby reducing the possibility of infection.

The WebSecurity Edition also reduces the potential risks of social engineering by blocking access to phishing websites through the use of an auto-updatable database of phishing URLs. In so doing administrators are also lowering the risk of data-leakage from within the company.

UnifiedProtection Edition
Other features common to both editions include monitoring of which websites users are browsing and what files are being downloaded; monitoring and blocking of those applications that connect to their home pages to download updates; the ability to track download and upload traffic and URL hits over time; allow exceptions through the use of whitelists and blacklists; and controlled access to the configuration and monitoring interfaces.

"GFI WebMonitor delivers three major benefits that previously were available only to customers with enterprise-level budgets. First, GFI WebMonitor on an ISA Server can deliver a secure browsing experience for employees by protecting them against viruses, spyware and fraudulent websites. Second, it can enhance productivity by controlling access to websites such as adult and bandwidth hungry sites and, third, it aids the implementation of company security policies through Active Directory integrated features," David Vella, Director of Product Management at GFI said.

"We are offering excellent performance, benefits and functionality at a price that is affordable for SMBs. At the same time, the product is easy to use and requires the administrator to spend less time configuring and maintaining the system," he added.

A free trial of the three editions of GFI WebMonitor is available for download from http://www.gfi.com/downloads/downloads.aspx?pid=webmon&lid=en. Clients who would like to purchase either edition can do so through any of GFI's authorized resellers. Full pricing details can be found at http://www.gfi.com/pricing/pricelist.aspx?product=webmon.

Yoggie Security Systems™ launches online knowledge base

2007-08-20T22:34:00.000+02:00

20 August, 2007, Beth Halevy, Israel. Yoggie Security Systems™ today announced that it has launched an online Knowledge Base system to provide additional technical support and product information for users, distributors and resellers. The Knowledge Base is accessible from the home page (http://www.yoggie.com) and also the support section on the Yoggie website (http://www.yoggie.com/docs) or via direct link (http://kb.yoggie.com/).

The Yoggie Knowledge Base will support Yoggie’s award-winning Gatekeeper and Pico personal security appliances – USB-based miniature computers that provide 13 layers of integrated defense for laptop and PC users. The Knowledge Base has an FAQ structure that includes general product and corporate information as well as specific questions and answers generated from technical support calls and emails. The knowledge base has been specifically designed to allow channel partners and users to add and share content.

Shlomo Touboul, Founder and CEO of Yoggie Security Systems said, "We take the question of support very seriously at Yoggie and want to make it as easy as possible for our customers and partners to increase their knowledge of the Yoggie range and to have access to a full range of potential support issues. The Yoggie Knowledge Base represents the latest in our drive to provide the very best in support.”

Tsinghua Mao Wu: TianJin Polytechnic University – cashless payment system and energy saving

2007-08-14T15:30:00.000+02:00

14. August,
Built in 1912, TianJin Polytechnic University is a well established full-time tertiary educational institution in China with 14 colleges, about 25,000 students, 1,300 lecturers and tutors. The University has a spacious and harmonious campus equipped with top-notch educational equipments and is further expanding and constructing a new campus session of around two million square meters.

Saving resource and energy, improving management efficiency and providing a comfortable learning environment are all major policies of TianJin Polytechnic University. To implement these policies, the University decided to deploy a cashless payment system for facilities in the new campus session. In order to ensure that the system is secure, absolutely reliable and user-friendly, the University chose the state-of-the-art LEGIC contactless technology from Tsinghua Mao Wu.

One of the major applications of the cashless payment system is for controlling water supply facilities in bathrooms and other area with hot water supplies. When the students or staffs use these facilities, they can simply insert the smart card into the LEGIC card reader and their water consumption quantity can be measured and recorded.

The same payment system is used for payments in restaurants, canteens and mini-stores in the University. All transactions are processed by LEGIC smart cards with stored-value feature. This system significantly facilitated the University in improving management efficiency and realized a total cashless system for all activities within the campus.

1,730 units of LEGIC card readers were deployed for the new campus session. 180 units of these readers are used in vending machines at the food plaza, 1,440 units are installed in water supply facilities, 55 units are used for processing water supply transactions and the rest are used in the campus’s access control system with multimedia central monitoring capability. The above system was officially in service in August 2006.

With successful experiences in implementing such a large scale cashless payment system based on LEGIC technology in the new campus session, the University is moving on to modification of the water supply system for the old campus session by installing LEGIC readers and will further expand applications of the cashless payment system in other facilities in the old campus.

Electronic guardian angel protects children from online threats during summer holidays

2007-08-14T15:26:00.000+02:00

London, 14. August
The summer holidays are in full swing and the British weather is typically changeable. Many children are therefore indoors and spending time surfing the Internet, which is unfortunately often the haunt of cyber bullies and paedophiles looking to groom children through chatrooms or social networking websites. It is little wonder that many parents are concerned about their children's online safety and welfare.

Responding to the online threats of child grooming and cyber-bullying, Manchester-based Global Security One (GSEC1) has developed the pioneering XGate which, rather like an electronic guardian angel, has the potential to significantly reduce any harmful online communication, without parents having to permanently pry at their children's activity. The XGate monitors real time children's online activity and alerts parents if relevant by email or sms on their mobile phone to inappropriate material and/or behaviour in terms of website content, chat room activity and emails and their attachments. This should be especially welcome in the light of a recent children's charity survey which uncovered that children who were subjected to cyber bullying did not inform their parents because they thought their mobiles may be confiscated or PCs be off limits.

Mark Brooks, International Marketing Manager of GSEC1, says: "Parents face the problem of it being impractical to constantly oversee their children's online activities. And potentially damaging online material can take many guises, including websites, chat rooms where grooming can take place, blogs, bullying emails sent by other schoolchildren, and even videos of children fighting or children being bullied by others taken on their mobile phones - so called happy slapping - and then posted on the Internet."

The XGate will:
- flash an alert page (which reads 'This page has been blocked under the category of pornography, please contact your guardian') on the PC screen should a user try to access a website with pornographic content; the page will stay on the screen until the child decides to navigate away from the site
- email or sms the website address to parents' mobile phones to advise them so they can discuss with their children later
- block emails with pornographic or bullying content and attachments via its intelligent email filter
- email or sms to parents' mobile phones if inappropriate or 'trigger' language occurs while their children are in chat rooms and at risk of being groomed; grooming language includes phrases such as 'sex', 'secret', 'meet', 'mobile phone number', 'age', 'webcam', 'are you alone' etc
- allow the parent to remotely control their child's computer by using simple replies to any email or sms alerts they receive, including the ability to remotely shutdown the child's computer
- control access to specific websites at pre-agreed times to children, e.g. education websites only between 18:00 and 20:00 for support with school assignments

Mark explains how GSEC1's XGate offers this level of control: "The XGate features an intelligent web filter, which is a dynamic solution checking against a centralised database containing millions of websites that are constantly updated, categorised and rated according to their content. The XGate comes with a control centre and parents can select categories of websites and email content which is to be off-limits, for example sites with pornographic or bullying content. Should a child then attempt to access such a site the XGate cross reference with the dynamic database, identify that it is prohibited material, block the site, generate the alert page and inform the parents. These restrictions can be applied on a permanent basis or can be restricted based on the time, allowing children the flexibility to browse the Internet whilst also concentrating on their studies at the same time"

In the unlikely event that a particular website requested does not currently appear within the categories listed in the database, the web filter intelligently uses a 'smart' algorithm to rate the website and will block or allow the website accordingly, and also update the central database - all in real time. Access to the control centre is via password chosen and known only by the parents and GSEC1 so that children cannot override it and change the categorisation.

Unlike traditional security solutions for home PC users, XGate is not a piece of software that sits on the PC and slows it down. It is a hardware device which plugs into the PC and includes an ADSL modem, enabling the user to safely browse the internet as fast as the connection allows.

There is no other device in the world today able to offer such peace of mind to a parent. Mark adds '"The issue of child security while on the Internet is an ever changing landscape and we believe that it is right that leading organizations in computer security, such as GSEC1, should play their part. We believe that the XGate enables parents to be in charge of their children without being afraid of technology and the Internet which, used safely, is a wonderful tool."

Key benefits of the XGate approach include:
- it is a unified approach to home Internet security so doing away with the need for the user to buy disparate pieces of software or worry about integration, compatibility and licensing issues.
- A single XGate meets all home broadband Internet security needs and allows up to 4 computers to be connected
- A single renewal relieves the user from tracking multiple software subscriptions
- It's a stand alone device which stops threats before they reach the computer. Unlike conventional security software which will only identify threats when they have actually infiltrated the computer system

The XGate retails at £99.95 and is available via Amazon while visitors to www.xgate.com can find details of other outlets. The XGate is currently ADSL compatible as GSEC1's research highlights that the greater proportion of the country has that type of Internet access and so it can offer a wider population of children the protection they need. The next iteration of the XGate will be compatible with cable Internet, wireless and ADSL.

GSEC 1, which has over 100 employees, was founded in 2000. It has a facility in Manchester and an office in Birmingham in addition to offices in Godalming, India and Taiwan. XGate is based on GSEC1's Prodigy range of business-class products. These were the first products to offer protection against blended threats and incorporate all aspects of business security including Anti-Virus protection, comprehensive spam filtering, secure banking and web filtering in addition to an impenetrable firewall.

SiNSYS Implements Fair Isaac Falcon Fraud Manager to Enhance Debit and Credit Card Processing in Ten European Countries

2007-07-30T20:56:00.000+02:00

LONDON, UK - July 30, 2007 - Fair Isaac Corporation (NYSE:FIC), the leading provider of analytics and decision management technology, today announced that European payment card processor SiNSYS has successfully implemented Fair Isaac's Falcon(tm) Fraud Manager to help payment card issuers protect their customers and their portfolios from fraudulent transactions.

The implementation follows SiNSYS' selection last year of proven Fair Isaac solutions for Enterprise Decision Management (EDM) to provide card issuers with enhanced fraud detection, credit risk management and account management decisioning capabilities. With a presence in Belgium, the Czech Republic, Germany, Hungary, Italy, the Netherlands, Poland, Slovakia, Russia and Ukraine, SiNSYS currently has a portfolio of more than 21 million debit and credit cards that generate more than one billion transactions each year.

A leading Dutch card issuer is the first SiNSYS client to take advantage of Fair Isaac's leading fraud detection system, which currently protects
85 percent of the credit card transactions in the U.S. and 65 percent of credit card transactions worldwide.

"The integration of Fair Isaac's Falcon solution with our leading European card management systems offers our clients high-quality, secure and reliable account processing solutions for growing their businesses,"
said Nicola Cordone, Chief Executive Officer at SiNSYS.

"Falcon Fraud Manager will provide issuers with the ability to improve their fraud detection capabilities while conveniently managing and processing every credit card account through one system."

To analyse payment card transactions for the most subtle signs of fraud, Falcon Fraud Manager combines sophisticated neural network models with patented account profiling technologies, case management, and flexible, user-definable rules. As a result, financial institutions can take immediate measures to stop fraudulent transactions. The solution's extensive rule writing capabilities give issuers the opportunity to create their own rules and customise the service to meet their unique business requirements.

"Working together, Fair Isaac and SiNSYS bring a unique kind of value to continental European issuers," said Doug Clare, vice president of processor relationships at Fair Isaac. "The combination of SiNSYS'
strong local European presence and our global experience enables us to deliver powerful services based on the local needs of payment card issuers. These services help issuers improve bottom line results, enhance operations and achieve true competitive advantages in today's global marketplace."

Fair Isaac also is currently integrating its latest TRIAD(tm) adaptive control technology with SiNSYS' processing platform. This solution will help European card issuers more effectively manage risk, as well as design and execute more profitable account-level strategies in credit line management, authorizations, collections, reissue, marketing, and pricing. Implementation is expected to be completed by October 2007.

Wyse Extends High-Speed Wireless Capabilities And Smart Card Support For Enterprise Thin Computing And Desktop Virtualization Users

2007-07-23T22:06:00.000+02:00

New Features Offer Greater Flexibility, Mobility and Security

Twyford, UK. - July 23, 2007 - Wyse Technology, the global leader in thin computing, today announced secure high-speed Wi-Fi capabilities and smart card support for its entire V and S classes of thin clients as well as its new Wyse V class L product line. Now the company's entire product line offers users multiple modes of high-speed Wi-Fi and smart card support (either as a built-in or external add-on solution), bringing new levels of flexibility, mobility and security to today's businesses and enterprise users.

The new Wyse thin clients are fully compatible with Microsoft Terminal Services, Citrix Presentation Server, VMware VDI and Wyse Device Manager. These thin clients offer customers a broad range of deployment options including support for leading operating systems including Wyse Thin OS, Microsoft Windows CE, Windows XP Embedded (XPe) and Linux. Wyse also announced the availability of Wyse Thin OS 5.3, which includes support for wireless and smart card options on the V10L and S10 thin clients.

Customers are demanding more versatility and features out of their desktop computing environments. This is why all Wyse thin clients are tailored to operate in enterprise desktop virtualization, application virtualization, and terminal services environments while offering users the latest wireless capabilities and smart card support. The end result, customers get a complete "PC experience" on a thin computing device at a fraction of the price.

"Although wireless came somewhat late to the thin-client market, we expect it to have solid adoption over the next few years," said Bob O'Donnell, Program Vice President, Clients and Displays at IDC. "Desktop PC adoption of Wi-Fi is expected to reach just under 10 percent in 2010 and with enterprise Wi-Fi installations available in about 80 percent of major businesses around the world, we expect wireless thin clients to grow even faster than desktops."

The new wireless thin clients are easy to install-all that is needed is a power source to turn them on. The units can securely connect to any supported wireless network, without requiring driver installation or assembly.

"We've taken enterprise thin computing to an entirely different level,"
said Jeff McNaught, Chief Marketing Officer for Wyse Technology. "The new wireless and smart card capabilities open up new applications for thin computing including kiosks, internet cafes, hospitals and school rooms. The simple, secure set-up of our Wyse wireless thin clients enables our customers to operate in places that can't be wired with traditional Ethernet."

The Wi-Fi enabled thin clients provide assurance of interoperability and authentication compatibility with support for WPA and WPA2, and for use with 802.1x authentication. The enhanced encryption and authentication mechanisms have been introduced to address enterprise WLAN security concerns. By combining Wyse Wi-Fi enabled thin clients and a centralized IT infrastructure, enterprises get a solution that meets the requirements of information access, security and manageability.

These Wyse thin clients provide users with secure sign-on access to hosted applications via an ICA/RDP session as well as meeting all relevant standards such as ISO 7816, Microsoft WHQL and PC/SC. Wyse V and S class thin clients with Wi-Fi capability and smart card support are available immediately, including the Wyse V10L, the company's fastest product line.

Cardiff University Secures The UK's Largest Wireless LAN Infrastructure With AirDefense & RM

2007-07-18T22:05:00.000+02:00

BASINGSTOKE, HANTS. UK. - July 18th 2007 - AirDefense today announced that its enterprise security product is being deployed by Cardiff University to secure the largest Wireless LAN so far built in the UK.
The contract to build this network was awarded to RM the leading supplier of ICT to the UK education market. Just like any wired network, a WLAN at requires a comprehensive security solution to guard against intruders and hackers and AirDefense was chosen to defend Cardiff's WLAN after rigorous testing.

The wireless network will cover 66 buildings across three square miles.
It will include over 1,300 Access Points and cater for 30,000 students, 5,000 staff and visiting guests. The goals of the University are to ensure maximum wireless coverage by expanding the existing wireless capability for the whole campus and outlying peripheral sites. In addition, it has to help realise the goals of the Modern Working Environment project that is the core of the university's Information Services Strategy for the future. "We want to enhance the wireless networking service as much as possible, to improve the users experience and to ensure the service is as robust, resilient and as secure as possible with the least amount of Man effort for ongoing management."
said Anthony Cope IT Manager Cardiff University. The required defenses for a WLAN's are different from a wired network because the vulnerabilities are in the air. The airwaves surrounding the Cardiff WLAN will be constantly monitored by AirDefense Enterprise to ensure the security of the network at the university.

"We are delighted to be working with the IT team at Cardiff University to provide a comprehensive networking solution" Said Brian Andrews of RM. "The complexity of the site means we had to design and build and secure a wireless network for buildings of diverse design and structure that would be world class and fully scalable and provide networking services to wireless devices of varying types".

The need for a university to plan for full capacity at times when the campus is densely populated and empty at others, as well as maintaining a high quality of service, by tailoring the network response to application requirements, means that the university had to deploy a centrally managed management platform that does not take up too much time for the IT staff. The platform chosen was Ringmaster from Trapeze because of the ease of use. The ease of support and troubleshooting were major consideration when designing the network.

"Being chosen to secure such a large wireless network demonstrates that AirDefense has become the technology of choice " said Anthnoy Perridge VP EMEA for Airdefense. "With limited time and resource availble to manage such a large network and thousands of devices in the air, accurate detection, and policy based threat mitigation is essential.
Delivering the lowest total cost of ownership means that the University can focus on delivering service to their users. "

Fargo Announces Lower Pricing, Aggressive Warranties on ID Card Printing Technology

2007-07-17T22:04:00.000+02:00

Minneapolis, MN (July 17, 2007) Fargo Electronics, Inc., a global leader in secure technologies for card identity systems, today announced a new manufacturer’s suggested retail price of $3,995 USD for its HDP5000 single-sided ID card printer/encoder (dual sided also available). Utilizing Fargo’s patented High Definition Printing™ (HDP®) technology, the HDP5000 is Fargo’s fourth-generation reverse image card printer/encoder.

“Reverse image printing has become the technology of choice for high-security, high-volume ID badge applications, with HDP leading the industry,” said Steve Blake, Fargo’s vice president of product marketing for systems and solutions. “With a breakthrough price like this, we will be able to offer this superior technology to a broader range of card programs. Customers who couldn’t previously afford the outstanding print quality of reverse image printing will now have a choice.

“Our continued emphasis on quality, process improvement, component sourcing and customer-focused design has resulted in a lower cost of manufacturing. This allows us to respond to the demands of the market for the durability, ease of use and security of High Definition card printing at prices that are competitive with other technologies.”

In addition, the HDP5000 now comes with the industry’s best warranty and service coverage available for a reverse image card printer. Included is:
• Two-year printer warranty
• Lifetime printhead warranty
Extended warranties are also available.

The HDP5000’s warranty coverage is based on proven reliability. Cartridge-based consumables load literally in a snap and a simplified design makes it easier to install and operate. Utilizing fewer moving parts, the HDP5000 is the most compact reverse-transfer printer on the market.

“We have unreserved confidence in the reliability of High Definition Printing and the design of the HDP5000,” continued Blake. “As one of the earliest developers of reverse image technology, Fargo has unmatched experience in designing advanced card printing solutions that work reliably. And our warranties will give our customers the peace of mind they need when producing ID cards.”

The HDP5000 prints ID cards with the highest image quality available. By printing a reverse image on the underside of HDP Film, then fusing the film to the card surface, the HDP5000 creates an image quality that looks more like a crisp glossy photo than an ordinary ID badge.

“When an organization’s image is critical, as in retail, corporate, membership and loyalty applications, the HDP5000 delivers exceptional print quality,” continued Blake. “In these situations, the quality of the card is paramount – their brands and logos are critical to building loyalty with their cardholders. The HDP5000 produces vibrant, crisp colors and over-the-edge printing. People are proud to carry attractive plastic cards such as these that identify them as an important customer.”

The HDP5000 features a modular design that can be upgraded in the factory or field with dual-sided printing, dual-sided lamination, and encoding for magnetic stripes and three types of smart card technology. Complete details are available at www.fargo.com/hdp.

Simplified Access To Paradial's Award Winning RealTunnel Firewall NAT Traversal Solution

2007-07-16T22:14:00.000+02:00

Paradial offers automated distribution and simplified licensing model for comprehensive firewall NAT traversal solution - includes STUN, TURN/STUN Relay and ICE support

Oslo, Norway, July 16, 2007: Paradial, the leader in IP connectivity solutions, today announced simplified licensing and easy access to the RealTunnel firewall NAT traversal SDK client. SDK library, programming examples and documentation is available for non-commercial use and evaluation purposes on Paradial's web site:
http://www.paradial.com/download. For commercial usage, a cost efficient licensing model is offered.

The award winning standards compliant RealTunnel product supports SIP,
H.323 and XMPP through SOCKS. Paradial can also assist in tailoring connectivity solutions for other IP-protocols facing connectivity challenges.

"We believe IP media solution providers will appreciate simplified access to a standards compliant, feature rich and stable firewall and NAT traversal client. We are working hard at solving all IP-media challenges for our customers and partners, and believe simplified access to RealTunnel will make the product even more attractive to organizations seeking a proven connectivity solution that maximises call completion. ", says Kevin Kliland, Product Director, Paradial.

Availability and platforms

RealTunnel(tm) is available on Windows, Linux, MacOS and Windows Mobile.

- - -

Key Product Facts
* Maximum call completion rate
* Supporting any SIP and H.323 client and as well as any SIP Registrar and Gatekeeper
* The customers can use existing network infrastructure firewalls
* No network or firewall modification is required
* Secure (can be setup as a VoIP SSL VPN)
* Supports all major platforms
* Can be deployed as standalone application or embedded
* Optimal voice and video quality

Supported network protocols:
* UDP
* TCP
* HTTPS
* RTP/SRTP
* RTCP

Supported standards:
* SIP (RFC3261)
* STUN (RFC3489)
* STUN Relay (TURN)
* ICE
* Symmetric Response (RFC3581)
* Extension Header Field for Registering Non-Adjacent Contacts (RFC
3327)
* Locating SIP Server (SIP DNS)
* H.323
* H.460.18/19
* XMPP through SOCKS

The most common HTTP proxy authentication schemes are supported:
* Basic authentication
* Digest authentication
* NTLM authentication
* Proxy pac scripts

Fair Isaac Reaffirms Commitment to Detection and Prevention of Payment Card Fraud in UK

2007-07-11T22:13:00.000+02:00

During Falcon User Group Forum in London, leading provider of analytics and decision technology announces category sponsorship of The Card Awards 2008

LONDON - July 11, 2007 - Fair Isaac Corporation (NYSE:FIC), the leading provider of analytics and decision management technology, today announced its category sponsorship of The Card Awards 2008 at the company's EMEA Falcon User Group in London.

The Card Awards, which launched the Call for Entries this week, recognise innovation, best practice and customer excellence in the card payment industry in the United Kingdom and Republic of Ireland. Fair Isaac is sponsoring the "Best Security or Anti-Fraud Development"
category and will present a trophy to the winner at the Awards Ceremony on 31st January 2008 at The Grosvenor House Hotel in London. For this category, an independent judging panel will review entries from issuers of credit, debit, pre-paid or charge cards and banking acquirers who have developed innovative solutions that either have improved the security of customers' transactions at any stage of the payment process, or have protected the customer from internet and other customer-not-present fraud, identity theft, and card interception.

"The UK and Irish card markets have become more challenging than ever before, and the emergence of new technology and its application is providing fresh opportunities to all sides of the payment card industry," said Martin Fielding, CEO of The Card Awards. "The Card Awards give the industry the opportunity to showcase examples of responsible practices and outstanding performance. Category support from industry leaders such as Fair Isaac demonstrates the industry's desire to recognise these achievements within one of the most dynamic sectors in Europe."

Fair Isaac has worked with leading card issuers throughout the UK to help them achieve the full potential of their fraud management programs.
The company's global fraud detection products and services include advanced analytic technologies, consulting services and fraud reduction partnerships. As the leading global fraud detection solution, Fair Isaac's Falcon(tm) Fraud Manager minimises fraud losses by predicting the likelihood that a transaction is fraudulent. It analyses transactions in real time and generates recommendations for immediate action, which is critical to stopping fraud at an early stage, often before the cardholder knows that a card has been compromised. Falcon currently protects nearly 900 million payment cards worldwide from fraud.

Today Fair Isaac kicked off its biannual EMEA Falcon User Group Forum for organisations that utilise Falcon to detect and prevent fraud and deliver fraud protection to their customers. The two-day forum at the Hilton London Tower Bridge Hotel provides attendees with valuable insight into how they can derive full value of their investment in Falcon and make the best use of strategies to improve performance. Fair Isaac experts also will share best practices for fraud management and the company's latest innovations to the Falcon system.

"We welcome the chance to share our experiences of Falcon with Fair Isaac and with fellow users, and to learn more about Fair Isaac's future product development," said Gordon McFadyen, Manager, Fraud Prevention at HBOS Card Services.

"Leading financial institutions in the UK realize that implementing industry best practices and proven solutions will substantially curb fraud and allow them to significantly reduce their losses," said Tony Zarrella, vice president of Global Fraud Solutions at Fair Isaac. "Fair Isaac is deeply committed to providing card issuers with the most innovative and advanced fraud detection solutions available. We look forward to empowering our clients with deeper knowledge of Falcon to help them drive competitively superior results. And we are delighted to be associated with a prestigious industry event such as The Card Awards that helps shape the future of fraud risk management."

More information on the categories, eligibility and entry procedure for The Card Awards 2008 can be found at www.thecardawards.com.

Dalian Modern Hi-Tech Development signs LEGIC® License in China

2007-07-10T21:37:00.000+02:00

Zurich/Switzerland, Dalian/China. LEGIC Identsystems Ltd, the world-leading supplier of contactless smart card technology for personal identification applications, and Dalian Modern Hi-Tech Development Co. Ltd., developer of high tech software and hardware and provider of smart card solutions for public transport and electronic payment in China, have agreed on a license partnership. This agreement strengthens Modern's position in the fast growing market for all-in-one cards in China and provides LEGIC with a renowned partner in the area.
Modern Hi-Tech Development was established in Dalian, Northern China, in 1992. Since then, the company has grown its assets to twenty times its founding capital and currently employs over 200 people. Their highly qualified staff guarantees sound technical know-how and outstanding experience. The company has gained a reputation for a broad scope of projects in the areas of electronic payment systems for public transportation, software and hardware research and development, digital radiotherapy, broadband networks, E-commerce platforms and education & training services. Working with their subsidiaries in China, Hong Kong and Japan, as well as Germany, Dalian Modern has a reliable network of resources to serve clients in Asia, the US and Europe. The company is committed to and certified in top-quality standards and process management.

Since 1999, when Dalian Modern first introduced their contactless card application, the company has completed a series of smart card projects, mainly in the public transport sector. Increasing security, reliability and multi-functionality requirements in the densely populated cities in China have lead to fast growing demands for smart cards and personalised identification systems in transportation and e-payment. Contactless identification technology is an inevitable trend and LEGIC’s renowned all-in-one multi-functional smart cards bear nearly unlimited opportunities for Modern to exploit this market.
Hang Xu at Dalian Modern Hi-Tech Development Co. Ltd., comments on the new partnership: “Through our successful local and international projects and contacts, as well as our continuous growth in the past, we have become one of the leading providers of smart card applications in the area. We foresee a continuously growing demand and are keen on providing state-of-the-art technology. Our license partnership with LEGIC guarantees such cutting-edge technology and makes sure, we are in a position to meet today’s and future customers’ needs.”
“We are happy to gain such a reputed and well experienced partner who has proven its potential for growth and innovation in a fast developing market. LEGIC’s contactless all-in-one card technology meets the changing demands for personal identification in China’s transportation sector. We are convinced that this new license agreement will translate into great and successful projects,” welcomes Klaus U. Klosa, Managing Director of LEGIC Identsystems Ltd, the new partner in China.

Leading Security Firm Recognizes Outstanding Women in Investigations

2007-07-02T22:44:00.000+02:00

SSC Announces Promotion and Award

Shelton, Conn., July 2, 2007. Committed to recognizing outstanding women in investigations, SSC, Inc. (SSC), the leader in security in the tri-state region, today announced a promotion and award for two female employees.

Jennifer Cludinski, who began her career at SSC, Inc. in 1996 as a uniformed guard, was promoted to Senior Investigator, effective immediately. Cludinski will oversee SSC's pre-employment screening programs. SSC Chief Investigator Bonnie Tuskowski was awarded the Outstanding Investigator Award for her high-level of achievement in corporate due diligence investigations. Tuskowski is a member of SSC's investigative services unit.

SSC’s recognition of women is part of an ongoing trend of an increase in women in investigations.
“In a decade, our graduate level investigative programs have gone from mostly male to 95 percent female,” said Dr. Al Harper, Director of the Dr. Henry Lee Institute of Forensic Science at the University of New Haven. “This demographic shift is having a major impact on the investigations field. No longer are our graduates going into the police force, but these highly trained women are bringing their unique mix of scientific and intuitive skills into investigative work with private industry.”
The number of female private investigators is on a continuing rise, representing an estimated 15% of the approximate 60,000 private investigators in the United States, according to Private Investigator magazine.
For more information about Jennifer Cludinski and Bonnie Tuskowski, as well as more information on women in investigations, please read the rest at the release at http://www.securessc.com/ourpeople.asp#releases.

Published by Security Press – Security-related Press Releases, News and Resources

Gemalto Rolls Out Unprecedented Nationwide Over-The-Air Campaign For Thailand’s Largest Mobile Operator, AIS

2007-07-02T22:38:00.000+02:00

AIS updates nearly 8 million subscribers’ SIM cards across all of Thailand in record time thanks to Gemalto’s LinqUs* Over The Air Service

Amsterdam, Bangkok, July 2 2007 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announces the successful completion of an unprecedented campaign for Advanced Info Service Plc. (AIS), Thailand’s largest mobile operator, to update Over-The-Air (OTA) the information contained in the SIM cards of nearly 8 million AIS subscribers. By updating the cards over the air, there was no need for the operator to mail out replacement cards or ask customers to come into an AIS point of sale. The entire campaign, which otherwise would have taken many months, was completed in less than 40 days. This record deployment time translated into major benefits for AIS, including customer satisfaction, ARPU (Average Revenue Per User) maintenance and cost savings.

The OTA campaign was rolled out on the back of a decision from the National Telecommunication Commission (NTC) in Thailand to shift from a 9-digit, to a 10-digit dialing system so as to meet the telecommunications needs of the country for the next 30 years. A deadline of three months was set for all mobile operators to address the replacement or updating of the SIM cards for their subscriber base, without which subscribers would have become unable to use the very popular SMS (Short Message Service).

Continuing the strong revenue and profit generating SMS service after the cut-off date from the NTC meant that AIS needed to change the SMS Centre address in all its subscribers SIM cards. Updating the SIM cards over-the-air and without consumer intervention meant big savings for AIS in cost, time and resources it would ordinarily have needed to spend in updating or replacing cards physically at AIS point of sales. It also guaranteed maintenance of their ARPU as subscribers were able to continue to use the SMS service after the cut-off date without interruption. Being seamless in operation, subscribers did not notice the change taking place and were spared any frustration.

“After careful consideration of deployment costs, potential impact on ARPU from our SMS service, and customer satisfaction, we selected Gemalto’s OTA solution which we felt could help us reach out to a significant proportion of our customer base within a very short time frame,” said Mr. Pornsak Hanvoravongchai, AIS SIM technology manager.

“Operators are reluctant to ask customers to come into the shop just to update their SIM card,” added Dr Martin McCourt, President, South Asia, Gemalto. “In addition to the annoyance factor, there is the risk that subscribers might choose to churn to another operator at that point. Using Gemalto’s advanced LinqUs over-the-air service we were able to update all AIS’ cards without customers even noticing. As displayed by AIS, SIM cards are a valuable active asset for operators especially when coupled together with a central OTA administration platform. AIS has shown that this combination is the perfect way to massively update populations of SIM cards at record speeds of up to 1.5 million subscribers per day, irrespective of the mobile phone used.

For more information please visit http://www.ais.co.th/thai/intro_yellow.htm

Published by Security Press – Security-related Press Releases, News and Resources

FINO Adopts Gemalto Smartcards To Accelerate Microbanking Deployment In India

2007-06-25T15:37:00.000+02:00

Smartcard for microbanking promises to simplify access to funds and facilitate trade amongst under-banked in India

Amsterdam - Mumbai, 25 June, 2007 - Gemalto (Euronext NL0000400653 GTO), the world leader in digital security, today announced the successful introduction of smartcard technology with biometric authentication for Financial Information Network & Operations Ltd. (FINO) in India. The Gemalto solution conveniently and securely stores transaction records inside the smart card to enable microbanking and simplifies access to financial services for the under-banked population in rural India.

FINO provides end-to-end core banking technology solutions including smart cards to microfinance partners, banks and Non-Governmental Organisations (NGO) involved in serving low-income households in the urban and rural regions in India as business correspondents of large institutions. Currently, an estimated 500 million people in these areas are either not served or are underserved by the finance sector (source: Ananth Bindu, et. al – A blueprint for the delivery of Comprehensive Financial Service to the poor in India, www.icicisocialinitiatives.org, Dec 2004).

Each FINO card developed by Gemalto can hold up to 15 different types of secure applications that facilitate financial services such as deposit remittances, savings, loans, insurance and e-purses.

In addition, the card acts as an electronic statement to log all transactions with the ability to store the last 150 transactions (up to 10 transactions per service). Transactions are validated using biometric authentication, which provides one of the highest degree of digital security available today. End-user transaction is approved after fingerprint information is read using low-cost readers and then verified by the card microcomputer at business correspondents facilities and at selected retail outlets and partner premises.

“One of the biggest challenges in the microbanking industry is the huge amount of paperwork and human effort traditionally involved in supporting micro-transactions and credit-scoring potential customers. High costs coupled with low returns did not make microfinance viable beyond a certain threshold, thus hampering growth,” said Manish Khera, chief executive officer of FINO. “This one-card-does-all solution resolves these barriers to growth by providing end-users with an easy-to-use and highly secure mode to conduct financial transactions, and for us to supervise transactions electronically.”

“Digital security is usually associated with developed markets,” added Dr Martin McCourt, President, South Asia, Gemalto. “This FINO deployment is a great example of how smart card technology can be used to bring banking services to the world’s unbanked, helping them to help themselves. We are proud at Gemalto to be part of this initiative that will effectively contribute towards developing poorer urban and rural areas in India.”

Published by Security Press – Security-related Press Releases, News and Resources

nCipher completes successful airport biometric security trials

2007-06-19T23:31:00.000+02:00

Biometric Technology gets thumbs up from Airport Passengers

Cambridge, UK - 19 June 2007 The miSense biometric airport security trials at Heathrow Airport that used nCipher (LSE: NCH) encryption and database security technology have received a positive response from passengers. According to a report released today, the vast majority of people who participated in the miSense trials would recommend the service to their fellow travellers.

The comprehensive report evaluates the experiences and feedback of the 3,166 passengers who took part in the voluntary trials in Heathrow's Terminal 3 during a sixteen week period. It is widely regarded as one of the largest and most comprehensive trials of biometrically-enabled access control ever to be conducted in an operational transport environment.

The report finds that passengers not only accept the need for biometric technology as a means of providing increased levels of security, but also believe that it can significantly improve their journey through the airport. The quantitative and qualitative research found that passengers thought that the miSense biometric technology was easy to use and reduced waiting times at security screening and passport control.

nCipher's Hardware Security Modules (HSMs) were deployed in the miSense system to generate and protect the unique cryptographic keys that were used to identify and validate each traveller based on their biometric information. In addition, nCipher's database encryption solution was used to protect stored passenger information and passport details in order to ensure compliance with data protection legislation.

"People want better airport security, but also want to avoid the long delays that might result from increased scrutiny of passengers," says Alex van Someren, chief executive officer at nCipher. "The miSense trials have shown that an effective and well implemented biometric solution can increase protection and also improve the passenger experience. Protecting the integrity of stored passenger information underpins the security of miSense and we are delighted that nCipher technology has played an important role in the success of the trials."

Highlights of the report include:

How easy was the enrolment process? - 87% easy or very easy How long did it take to use the gate? - 66% less than 15 seconds What is the most important benefit? - 72% faster journey times Overall, what did you think of the miSense plus service? - 81% good or excellent Would you recommend the service to a fellow traveller? - 89% would recommend the service

The miSense project was launched in November 2006 and uses the latest biometric technologies to simplify a passenger's journey through the airport while maintaining high levels of security and identity management. The trial is part of IATA's Simplifying Passenger Travel Programme, and involves a number of key airport, airline, government and technology partners, including Accenture, BAA, Cathay Pacific, Emirates, the Home Office, IER, Raytheon Systems Limited, Sagem Défense Sécurité and SITA.

Copies of the report are available at www.miSense.org

Published by Security Press – Security-related Press Releases, News and Resources

Wick Hill Appointed By Yoggie To Distribute Revolutionary Security System On A USB Stick

2007-06-18T23:32:00.000+02:00

Secure computer on a USB stick, with 13 built-in security applications, delivers gateway security for laptop and remote users.
Woking, Surrey: 18th June 07 - Wick Hill has been appointed distributor for Yoggie Security Systems(tm), makers of the revolutionary new Yoggie Pico ProTM, a multi-functional security system on a USB stick. As well as selling through existing channel partners, the distributor will be looking for more resellers to take this groundbreaking new solution into the UK business market.

The Yoggie Pico ProTM really is a breakthrough in security appliances for laptops and PCs. For the first time corporate users can benefit from
13 security applications on a miniature computer contained in a USB stick which simply slips into a PC or laptop's USB port. Uniquely, the Yoggie, Pico ProTM which is actually a full and robust Linux based computer, offloads all security applications onto the USB stick, allowing Internet traffic to be screened before it executes on the laptop or PC; and only once Internet traffic (including, for example, all email content and any respective attachments) has been cleansed, is it allowed to enter the computer.

No bigger than your thumb, the new Yoggie Pico ProTM manages the 13 security applications, including updates. It is also the most powerful computer to be placed into a USB stick and is an Intel Pentium level 520 MHz platform. Through the combination of offloading security onto a piece of dedicated hardware and its patent pending technologies the Yoggie Pico ProTM is not exposed to PC-related vulnerabilities as its software-only counterparts are. The security applications contained on the Yoggie Pico ProTM are:

- Anti Virus
- Anti Spam
- Anti Phishing
- Anti Spyware
- Intrusion Detection (IDS)
- Intrusion Prevention (IPS)
- Web and Mail Proxies
- Firewall (stateful inspection)
- Web Filtering
- Adaptive Security PolicyTM
- Multi-Layer Security AgentTM
- Layer-8 Security Engine TM
- VPN Client

Centralized security for the travelling and remote workforce via the Yoggie Management Server(tm).
The Yoggie Pico Pro(tm) allows IT managers to extend control to their travelling workforces by enforcing policies using the Yoggie Management Server(tm), which monitors and manages the fleet of travelling Yoggie Pico Pro(tm) devices. Installed in the IT server room, it provides security policy updates, signatures, and rule-base updates, while obtaining local logs and events for complete visibility. Finally, IT Security managers can protect their organisations' mobile and remote platforms in a non-intrusive, yet consistent manner.

The Yoggie Pico ProTM also offers:

1. A hassle free hardware-based security solution - does not
require complicated installation and configuration - just plug into the USB port where it immediately begins cleaning all of the Internet traffic running to and from the computer

2. The elimination of the conflict between the user's desire for
freedom and the IT manager's concern for security.

3. Increases laptop/PC performance by offloading 13 security
applications onto one piece of dedicated hardware

4. No need to install heavy software products that pop up with
confusing messages

5. Internet updates on an hourly basis, without disturbing the user
or hampering laptop or PC resources

6. Prevents unprotected or unauthorized Internet access. By
removing the Yoggie Pico ProTM from the computer all network connections are stopped

7. Protection from Web and Mail threats via one simple to use
appliance

Ian Kilpatrick, chairman of Wick Hill Group, commented: "This is a very exciting product which fills a gap in the market with the growing concern about security on laptops out of the office. Resellers can give their customers the same level of security on their travelling laptops that they have on their office networks, by simply using the Yoggie USB stick. It provides a standard of security that was previously only available to organisations like banks and government intelligence services. We anticipate a huge demand and it's a great opportunity for our channel partners."

Shlomo Touboul, Founder and CEO of Yoggie Security Systems, said: "We are proud to be working with Wick Hill and believe that with their expertise and successful relationships with multiple resellers, we will be able to extend our reach to corporate users quickly and effectively."

Price and availability
Yoggie Pico ProTM and Yoggie Management Server(tm) are available from Wick Hill resellers. Pricing from under GBP 100 SRP and at GBP 2,665 SRP, respectively.

GFI releases software suite for PCI DSS compliance

2007-06-13T23:15:00.000+02:00

Deadline looms for companies to become PCI DSS compliant or they risk fines of up to $500,000 or a ban on handling cardholder data

London, UK, 13 June, 2007 - GFI Software, a leading developer of network security, content security and messaging software, today announced the release of the GFI PCI Suite, a package aimed at helping companies meet the strict requirements and tight deadlines imposed by the Payment Card Industry Data Security Standards (PCI DSS) and comply with the majority of automated processes required for compliance.

The GFI PCI Suite provides a centralized management console through which systems administrators can deploy the PCI DSS enhanced versions of GFI EventsManager and GFI LANguard N.S.S. - two solutions that are vital to network security and essential to meet the directives imposed by PCI DSS. GFI EventsManager boosts PCI DSS compliancy efforts by alerting administrators on key events occurring on the network while GFI LANguard N.S.S. allows IT professionals to proactively identify network security weaknesses and fix them before these are exploited.

Credit card fraud was the most common form of identity theft at 25% of all reported occurrences in 2006, with more than USD 48 billion lost by financial institutions and businesses in that year and USD 5 billion lost by individuals. E-commerce fraud is also on the rise, reaching $3 billion in 2006 with an increment of 7% over 2005. In order to reduce credit/debit card fraud, the 5 major card industries created a set of security best practices PCI DSS with which payment card industry businesses must comply. Merchants processing over 6 million credit card transactions must become PCI DSS compliant by September 30, 2007 while those processing between 1 and 6 million credit card transactions have until December 31, 2007. Non-compliant companies are liable to various sanctions including hefty fines of up to USD 500,000 per security breach and restrictions on card processing privileges.

Specialized PCI suite
"The theft of over 45 million credit card details from TJX Inc. earlier this year has put increased pressure on companies that store, process or transmit cardholder data. No company is immune to credit/debit card fraud so they must protect cardholder data and become PCI DSS compliant by the end of this year," Simon Reed, VP Product Engineering at GFI said. "To help companies speed up their compliance process we are providing them with a single, specialized PCI suite that will allow them to satisfy the majority of automatable requirements imposed by this industry directive."

Apart from log management and vulnerability management solutions, GFI's PCI Suite also ships with enhanced reporting mechanisms. The GFI EventsManager ReportPack has eight new reports specifically designed to provide more granular information on the activity of network users and components. The GFI LANguard Network Security Scanner ReportPack features a new report which presents the status of antivirus solutions deployed on the network and new data filters which provide even more granular control over the information presented in the reports.

Apart from the services and hands-on information provided in the GFI PCI Suite, companies purchasing this product will also benefit from a complimentary two-year Software Maintenance Agreement (SMA). The GFI PCI Suite is available for download from http://www.gfi.com/downloads/downloads.aspx?pid=pci&lid=en. Clients who would like to purchase this PCI DSS suite can do so through any of the authorized resellers listed on: http://www.gfi.com/pages/resellers.asp.
For more information on the GFI PCI Suite and its components visit:
http://www.gfi.com/pci/.

AT&T Survey Reveals That Business-Continuity Planning Is A Priority For London Businesses

2007-06-12T23:14:00.000+02:00

Eight out of 10 London-based IT executives say that business-continuity plans are in place, cybersecurity is top of mind

LONDON, 12 June 2007 - AT&T Inc. (NYSE:T) announced today that business- continuity planning is seen as a priority by 76 percent of IT executives in London, according to the results of a survey of London-based IT executives, which was conducted by AT&T.

Key findings show that:

* More than eight out of 10 (83 percent) London executives
indicate that their company has a business plan in place.

* The majority (72 percent) of companies have had these plans
updated in the past 12 months, and more than half (52 percent) have had them tested during the same time.

* More than three out of four (79 percent) indicate that
cybersecurity is part of their company's overall business-continuity plan, and a majority (51 percent) view cybersecurity as a key concern.

* Sixty-two percent of surveyed IT executives say that viruses and
worms are the most significant perceived threats to cybersecurity, followed by hackers (39 percent).

Detailed results of the AT&T 2007 Business-Continuity Study show that
business- continuity planning has always been a priority for almost half
(46 percent) of the companies interviewed. Nearly one-third (30 percent) indicate that business-continuity planning has become a priority in recent years because of natural disasters, security and terrorist threats.

The types of business-continuity measures that companies have already taken in London include having implemented Internet security measures
(81 percent), established backup and restore procedures (80 percent), educated employees (76 percent), established procedures for off-site storage and recovery of backup data (76 percent), established redundant servers and/or backup sites (67 percent), implemented protection against DDOS (Distributed Denial of Service) (67 percent) and used a service provider for outsourcing (49 percent).

Actions that London companies have taken when it comes to cybersecurity include educating employees (69 percent), defining corporate security policies (67 percent) and contracting with an outside service provider to manage security (31 percent).

When asked what would keep IT executives up at night, one-third (34
percent) answered security breaches, followed by viruses/worms (22 percent), man-made disasters (17 percent), corporate/e-commerce sites crashing (9 percent) and natural disasters (9 percent).
"It is extremely encouraging to learn that the majority of organisations that we talked to in London have business-continuity plans in place and review and test them," said John Slamecka, vice president of, AT&T Europe, Middle East & Africa. "I am not that surprised to see that cybersecurity is top of mind. We find that this is a common concern for our customers around the world, and AT&T continues to work closely with our customers to provide comprehensive and robust network and IT security solutions."

AT&T conducted the business-continuity study ahead of a Networking Leaders Forum, where AT&T specialists will educate customers about business-continuity planning, best practices and how recent innovations in network security can protect organisations from cyber- attacks. The company brings its own business-continuity and disaster-recovery expertise in running and managing some of the world's largest and most complex networks - including its own - to businesses worldwide.

Over the past 10 years, AT&T has invested more than $500 million in its Network Disaster Recovery programme, which is designed to provide enterprises with business-impact analysis, risk assessments, a full continuum of storage solutions, high availability network solutions, and network and IT security solutions.

Second annual MAST (MAritime Systems and Technology) unites worldwide maritime security leaders

2007-06-11T23:13:00.000+02:00

Boasting an international line-up of the leading authorities in maritime security and defence, MAST 2007 (14th to 16th November, Genoa, Italy), offers delegates exclusive insights to future capabilities and concepts.

Already established as the first-in-class event of its kind, MAST unites the most diverse audience of security and defence decision makers from around the world in three days of keynote and plenary 'briefings', operations/policy and technical conference session and a comprehensive international trade-show.

Because MAST's planning committee represents the most senior-level event working group of its kind, the unparalleled level of presentations and participation at MAST is assured.

This year's event will be opened by Italian Chief of Defence Staff, Admiral Giampaolo di Paola, and the conference programme is positively peppered with senior level (four star admiral and below) presentations from the world-leading authorities.

Alongside the trade-show, there will be ship visits and tours organised by MAST committee member Admiral Lolli (Director of Harbour Master’s Office and Port of Genoa).

If you need to get the complete perspective on maritime security issues, MAST is a MUST! Visit: www.mastconfex.com

Paradial Announces Release Of RealTunnel 3.0

2007-06-07T23:11:00.000+02:00

RealTunnel now with unified support for SIP,H.323 and H.460 Firewall, NAT and web proxy traversal for all IP-based multi-media providers

Oslo, Norway, June 7, 2007: Paradial, the leader in IP connectivity solutions, today announced RealTunnel 3.0 adding full support for H.323 and H.460.18/19 firewall, NAT and web proxy traversal. The award winning RealTunnel product is probably the most comprehensive firewall NAT traversal product available. By adding support for H.323 and
H.460.18/19 to the existing SIP and protocol agnostic capabilities, Paradial offers a truly unique product in the market space.

As H.460 provides limited connectivity for H.323 communication, Paradial has extended the H.323 firewall NAT traversal capabilities to also include support for TCP and HTTPS relaying when needed in order for calls to be placed and received. This way maximum call completion rates can be achieved for both H.323 and SIP clients independent of location, including when on strict corporate networks. RealTunnel automatically detects the optimal transport mechanism for each call and achieves the best possible audio and video quality for the call at hand.

In addition to support for SIP and H.323, XMPP is supported through a SOCKS interface. Other protocols may be supported through the protocol independent media SDK.

"IP telephony manufactures, video conferencing vendors and telcos no longer have to use different firewall and NAT traversal solutions for various protocols and market segments. RealTunnel delivers connectivity for any IP telephony client on any network without any configuration or equipment replacement required. RealTunnel is ideal for residential and corporate services and always provides maximum call completion", says Kevin Kliland, Product Director, Paradial.

Availability and platforms

RealTunnel(tm) is available on Windows, Linux, MAC and Windows Mobile.

Key Product Facts
* Maximum call completion rate
* Supporting any SIP and H.323 client and as well as any SIP Registrar and Gatekeeper
* The customers can use existing network infrastructure firewalls
* No network or firewall modification is required
* Secure (can be setup as a VoIP SSL VPN)
* Supports all major platforms
* Can be deployed as standalone application or embedded
* Optimal voice and video quality

Supported network protocols:
* UDP
* TCP
* HTTPS
* RTP/SRTP
* RTCP

Supported standards:
* SIP (RFC3261)
* STUN (RFC3489)
* STUN Relay (TURN)
* ICE
* Symmetric Response (RFC3581)
* Extension Header Field for Registering Non-Adjacent Contacts (RFC
3327)
* Locating SIP Server (SIP DNS)
* H.323
* H.460.18/19
* XMPP through SOCKS

The most common HTTP proxy authentication schemes are supported:
* Basic authentication
* Digest authentication
* NTLM authentication
* Proxy pac scripts

First Future-Proof Industrial Remote Service Device Launched

2007-06-07T23:09:00.000+02:00

New Innominate mGuard industrial RS is the only device enabling both Ethernet and dial-up connections, cutting manufacturing costs

Berlin, 07 June 2007 - Innominate Security Technologies AG today launched its new security device, the mGuard industrial RS, which is set to cut the cost for manufacturers who will have to upgrade to broadband connections for remote maintenance in the near future.

By including both dial-up and Ethernet connections, the robust appliance lowers the cost of migration when a manufacturing plant's networks are upgraded. The device, which features a redundant power supply and compact industrial casing, can be mounted on DIN rails and is based on the highly regarded Innominate mGuard firmware.

The mGuard industrial RS serves as a firewall and VPN appliance for industrial network security and secure remote maintenance via the Internet. It also acts as a secure "1:1 NAT"-capable router for the efficient link-up of production cells. Like all mGuard appliances, it can be centrally managed using the Innominate Device Manager (IDM).

Hybrid firewall / VPN appliance for Ethernet and analogue / ISDN connections

The mGuard industrial RS contains a universal socket for the optional integration of an analogue modem or ISDN terminal adapter. This makes it suitable for use as a firewall / VPN router via Ethernet or serial dial-up connections. As indicated by the abbreviation, "RS", the appliance is particularly suitable for secure remote service, remote diagnosis, and remote maintenance.

"The remote maintenance of industrial machines and plants is currently undergoing a transition phase from traditional modem connections to modern Internet / VPN-based technology. The mGuard industrial RS appliance offers machine and plant manufacturers a universal, future-proof remote service application for its products, which are usually characterised by longer life cycles," said Torsten Rössel, Director Business Development at Innominate. "Once all machines have been equipped with this device, the costs can be recouped instantly as the industrial RS device will eliminate on-site visits of engineers needed to replace or upgrade the existing modem."

The serial dial-up connections of the device also act as a fail safe solution should there be any infiltration to the Ethernet-based connection, increasing remote access availability. For the first time with the mGuard industrial RS, the VPN connections used for remote services can be activated and deactivated using an electronic switch, with their status indicated via an electronic diode. This eliminates the need for the implementation of software for these functions in the plant, providing the operator with control over the remote maintenance connection. Due to the Quality of Service (QoS) functions of the mGuard 5.0.0 firmware, the mGuard industrial RS is equipped for most modern services, including voice/video over IP with bandwidth management and data traffic prioritisation.

The mGuard industrial RS appliance will be available in four variations from the third quarter of 2007.

Product photos are available for download at: http://www.innominate.com/content/view/120/120/lang,en/