Security News Curated from across the world
“Herding kittens is sometimes easier than getting something like this done,” Kimball said.
The tag data routing code stored at the beginning of the active RFID tag, which requires a power source to transmit the data signal, will identify the country of origin.
Kimball said unless someone has access to the host nation’s database that connects the tag number with the manifest.
http://www.securitypipeline.com/news/180207572;jsessionid=SWKNKAMWZQMGSQSNDBCSKHSCJUMEKJVN
Currently, it’s possible to package updates in SMS format, but it’s cumbersome, Microsoft said. Giving customers access to numerous catalogs from within the SMS console will slash the time it takes to find updates, repackage them and then deploy and manage them, the company said.
“The news that SMS will support non-Microsoft products is long overdue,” said Paul Freeman, CEO of Coast Solutions Group, an Irvine, Calif.-based solution provider. “This has always been a major selling point against SMS. Customers will be very interested in this, as will [ISV competitor] Altiris, since [heterogeneous support] is something that they have used to differentiate themselves from SMS in the market.”
SMS 2003 R2 also includes an Enterprise Scan Tool for Vulnerability Assessment, which checks desktops and servers for software configuration errors and other vulnerabilities, Microsoft said.
Also on Monday, Microsoft announced that it released SMS 2003 Service Pack 2 earlier this month. SP2 offers enhanced virtualization support and enables Microsoft SQL Server 2005 to function as the database engine for SMS.
Microsoft also kicked off a promotion that enables SMS 2.0 customers to upgrade to SMS 2003 at a 30 percent discount on the license price if purchased with Software Assurance. The support life cycle for SMS 2.0 ends in March.
Many partners are focused on the SMS 2003 R2 release and its ITCU tool, which will enable IT administrators and partners to simply point and click to bring important patches and updates from ISVs and partners into the SMS console. Citrix Systems, for instance, has pledged to support ITCU.
“Many customers do not just use Windows. They have other platforms–thousands of Windows systems and just as many Unix or derivatives of Unix like Linux. They want to streamline administration and want the same administrators to manage all platforms,” said Bob Tedesco, CTO of Resolute, a Microsoft partner in Bellevue, Wash. “So having the same Microsoft tools do it all is in line with that.”
http://www.informationweek.com/windows/showArticle.jhtml?articleID=180205417
And on the surface it appears that forcing banks to add a second factor of authentication could improve the well-documented, rapidly deteriorating state of online security. It’s not clear, for example, that a second factor will significantly reduce “modern” risks; we could be preparing for the next war by planning for the last one.
It’s also unclear if financial companies can balance the cost of scaling two-factor authentication for the masses versus the benefit of whatever risk reduction it might provide.
The FFIEC guidance is the latest incarnation of a security truism: Threats don’t disappear, they migrate, or else over time they mutate to overcome the defenses deployed against them.
http://www.csoonline.com/read/020106/second_thoughts.html
Sponsored by the PGP Corporation, the study also focused on how recent data breaches might be influencing the use of encryption and how various state and federal security and privacy regulations might affect the adoption and implementation of encryption technologies. Other issues covered in thesurvey included: The functional area responsible for procuring and implementing encryption.
Common uses and reasons for using encryption.
The types of data elements most likely to be protected by encryption (such as Social Security numbers, credit cards and so forth). Respondents’ level of confidence respondents that encryption will safeguard personal and sensitive information.
Types of data encrypted: The most important types of data that should be encrypted for storage and/or transmission are: business confidential documents (57 percent), records containing intellectual property (56 percent), only sensitive customer information (56 percent), accounting and financial information (41 percent) and employee information (35 percent). Interesting to note that customer and consumer information scored a low 8 percent and 6 percent, respectively.
The top five types of personal information about a customer, consumer or employee that should be encrypted are health information (72 percent), sexual orientation (69 percent), Social Security number (67 percent), family members (66 percent) and work history (57 percent).
Encryption Increases Confidence in Security
The report found that information security and privacy professionals have the most confidence in their organization’s security program when it uses encryption as part of an enterprisewide implementation plan.
As shown, the highest confidence level (.82) is achieved for the group of respondents who report that their companies deploy encryption and have an enterprise implementation plan.
Freq Average Confidence Score* We have an overall encryption plan or strategy that is applied consistently across the entire enterprise.
The primary person most report to is the chief information officer (36 percent) followed by the chief technology officer (30 percent).
http://www.csoonline.com/read/020106/ponemon.html
In 2006, the problem seems hardly any better, with one newspaper company accidentally wrapping people’s Sunday editions with a list of 202,000 subscribers’ social security numbers and Seattle-based Providence Home Services acknowledging that backup tapes containing 365,000 patient records in the states of Washington and Oregon had been stolen from an employee’s car. Over the last decade, while the Internet has boomed and busted, online identity has remained a binary proposition to most businesses: Users either fully identify themselves to a Web site or hide behind an anonymous handle. Because commerce sites believe anonymity means less security, online businesses have increasingly asked customers to more fully identify themselves, a choice highlighted by many companies difficulty in keeping the data safe.
“Often times the topic of the level of authentication to create these models (of commerce) deteriorates into a presumption that there is an extreme choice to be made between true proof of personal identity and anonymity,” said Art Coviello, CEO of RSA Security. Coviello argued that companies should adopt technology that allows consumers to present trusted credentials for specific attributes, such as the visitor to the Web site is over 18 years old.
During the keynote kicking off the conference, Microsoft’s chief software architect Bill Gates told attendees that the company’s next operating system will support just such a system. “You will have different cards: Cards that just give your location, cards that more secure that give your credit card (information), cards that you would protect very carefully and you would have a PIN for every use of it where you might authorize access your medical information.”
Businesses can gain by having less information stored on their servers. Moreover, putting fewer barriers in the way of the customer will mean more business, said Rob Shenk, vice president of online financial giant E*TRADE Bank during a panel on consumer authentication for the financial industry.
http://www.securityfocus.com/news/11377?ref=rss
This prevents organisations from using equipment from several vendors in creating interoperable networks such as a global network of airports using a single database with iris scan information.
Common applications base authentication on finger prints, iris, face and voice and vein scans.
The panel conceeded finger print scanners are readily available with many notebook makers offering such technology as an option with their business models. However, it was argued that availability of hardware was not enough to guarantee adoption of biometrics.
“But just because you have the hardware, that doesn’t mean that each person who uses it will use it in such a way that you get value for the organisation,” warned Samir Nanavati, a partner with Biometric Group (IBG), an independent consultancy organisation.
The technology is mainly struggling to cross over from government applications to the public sector, they argued, as vendors remain primarily focused on selling to governments.
http://www.vnunet.com/2150496