|
|
August |
|
Newsletter | |
|
Issue 13 |
| Higher level security |
|
Government wants jail for illegal private-data traders |
The simple password, or pin number is now proving to be inadequate a defense against those people wishing to steal our identity, data or even money.
One of the main problems is the need to remember these words or numbers, one or two are fine, but often we are having to log in or enter these details in to many different places, your computer, your email, your bank, you credit card, your debit card as so on. One way to make it harder for users wishing to compromise your password is to make them longer and more complicated and also not to duplicate pin codes and passwords between all these different services. It then becomes almost impossible to remember them all. To make things worse no matter how long or complicated the password, its still not guaranteed secure. To tackle this problem institutions such as Banks are looking to deploy what's called Biometric passwords. This relies on using a pass code and then something unique about the individual such as a finger print, retina scans or voice prints. Dutch Bank ABN AMRO are looking to deploy a voice scanning system for telephone banking. The Voicevault system, supplied by Biometric Security, takes 177 biometric measurements from voices, which it uses to calculate the physical characteristics of the speaker, including trachea and size of nasal cavity. Another system that can be installed on computers measures speed and rhythm styles of the user as they type their password. This requires the system to learn how you type by taking samples of the user typing the password, you then set a threshold of how strict the system is with these patterns. I have only covered a very small area of what is a very large and important subject but one thing I am sure of is we will be seeing more and more biometric security measures being adopted over the next few years. By Grant Peck |
The government has proposed jail sentences of up to two years for people who illegally trade in private data. The move follows a call for prison terms made by information commissioner Richard Thomas in a report presented to parliament in May using special powers under the Data Protection Act. The report, What Price Privacy, revealed evidence of a “pervasive and widespread” industry, in which personal data is bought and sold. Constitutional affairs secretary Lord Falcolner has now launched a public consultation on plans to beef up the penalties for trading in personal information, which are currently limited to fines under the Data Protection Act. The Information Commissioner welcomed the consultation. “Tougher penalties should not be seen as a barrier to data sharing in the public and private sector. Electronic government initiatives which improve public services show that information can be shared in entirely acceptable ways. However, it is important that the government and other public bodies retain public trust and confidence. “People’s personal information must be kept securely. These proposals will help by ensuring that anyone who might be tempted to misuse personal information for private gain knows that they could go to prison if they do so.” |
|
|
| ||
|
Don't be caught by licence to print money |
Beware of ransomware, firm warns |
|
|
As profit targets, and therefore sales targets, become harder to achieve, so the companies selling software licences are becoming more inventive on how to secure income from unsuspecting or naive purchasers. The old adage “read the small print” is just as applicable now as it has ever been. Some of the old tricks are coming to light again, alongside some new ones. One that is prevalent currently is the “annual licence”. Why would anyone want to keep paying every year for the same product, when after three years they could have paid the same amount for a perpetual licence? A perpetual licence has the added benefit of paying for maintenance and support as an option rather than being mandatory. Perpetual licences are the only secure way of ensuring you are licensed at a known cost. While an annual licence may seem a more flexible model with greater customer choice, how flexible is this really? It can be difficult to predict the future needs of your business, and it is often best to buy what you actually need now and negotiate future growth or shrinkage. It is much easier to buy than sell. Annual maintenance is another area for suppliers to ensure ongoing revenue. What does this include? Does it mean an annual release of improved software or do you have to pay for new releases? What does support mean? Appropriate fixes quickly or 9-5 Monday to Friday and “reasonable endeavors” to fix software? One of the recent changes in licensing is the pressure to take on annual maintenance even when it does not include upgrades. Not checking the small print to see if upgrades are included, how often they are released and how long you can stay on an unsupported version leads to nasty surprises. Another potential catch is the sale, sometimes compulsory, of installation support and training. When costed out, these can greatly increase the cost of the project and the return on investment. Of course, there is also the often forgotten hardware and its annual maintenance. Putting the source code for software in escrow is another important part of the deal, particularly when purchasing software that is business critical. What happens if the software company goes bust? Are you legally allowed to support and develop the software? And in what timeframe? Mergers and acquisitions can present another area where it is necessary to read the small print. To whom is the software actually licensed? And post sale or merger, do you need to novate the agreement? This scenario also applies to outsourcing and insourcing when the cost of novation could be high. So is the market place becoming riddled with more and more ways to increase licence fees? Certainly this is true in some cases, but there are still some big, honest brokers out there, who value working with customers, and it is up to them and those who buy the software to keep the market fair and equitable. In the meantime, we need to keep reading the small print. by Jane Kimberlin |
Hackers are using sophisticated ransomware, which is malicious code, to hijack a company's user files, encrypt them and then demand payment in exchange for the decryption key, Kaspersky Labs said on Monday. The security specialist said that the encryption algorithms used by cybercriminals are becoming increasingly complicated, foxing antivirus companies. "There's a potential situation where antivirus companies won't be able to decrypt the files," said David Emm, senior technology consultant at Kaspersky U.K. "Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses (without IT departments) and individuals." Trojan horse programs can be sent out as spam or hidden on malicious sites. Once a machine is infected, files are either encrypted individually or grouped together and locked in a password-encrypted folder. Strong algorithms such as RSA public key encryption, one of the most popular technologies, are increasingly being used by criminals to foil the decryption techniques used by antivirus companies. Since January, Kaspersky has seen an increase in the strength, from 56-bit to 660-bit keys, of the encryption being used by hackers to lock files. "Virus writers' attitude to date is that encryption only needs to be strong enough. It's alarming that we're now getting onto the level of serious encryption," Emm said. have been escalating, but it's just one weapon within their arsenal,"
|
|
|
| ||
|
Slashing office-based mobile costs |
Microsoft's Zune to rival Apple's iPod |
|
|
Ofcom recently confirmed that it has awarded 12 new licences for the wireless spectrum to be used on a low-power basis. The licences are technology-neutral, which allows licensees to use the spectrum for any purpose, within specified technical limits. A number of licensees are looking to exploit the spectrum for private GSM mobile telephone networks in office buildings or campuses. One such licensee, TeleWare, has set up a new subsidiary, Private Mobile Networks, to provide fixed and GSM mobile integrated networks fully supported by TeleWare products. The spectrum allocation allows the company to extend its services to enterprise customers, with key clients having commenced beta trials. The system enables companies to integrate cellular telephony with the enterprise PBX or IP-PBX infrastructure. At the heart of the offering is a private mobile exchange (PMX) that utilises existing mobile handsets to support an integrated IP, wireless system for employees in the office environment, avoiding the need to utilise a wireless Lan (WLan) infrastructure and telephones with multi-wireless technology. When an employee is within the private GSM network range the mobile telephone becomes an extension of the company’s telephone exchange. This is a simple, secure process, with only registered mobile telephones able to access the network. Once registered, the functionality of office telephones becomes available on the mobile handset. There are a number of ways a user can be associated with the private network. The mobile telephone can be provided with a Sim card that enables the telephone to connect to the private network and allows the handset to work in a similar way to a digital enhanced cordless telecoms-style phone. Where connectivity is required to both the private and cellular networks the user can choose to have a roaming agreement with a mobile network operator, dual Sim cards, or to manually select the operator from the telephone’s menu. Each option has its own advantages and deployment will depend on specific business needs for flexibility, security, cost and control. The implementation of private GSM networks will significantly lower the cost of using mobile telephones in the campus-based environment. Additionally, organisations with multiple sites will be able to route calls from each private GSM network telephone across an IP network, further reducing expense. Before adopting a combination of WLan and cellular technologies to lower on-campus mobile telephone costs, Butler Group strongly recommends that organisations consider the use of private GSM networks as an alternative, which can exploit existing mobile telephones and use GSM, a technology specifically designed for voice usage. by Mark Blowers |
After trying for years to compete with the iPod through an array of partners, Microsoft confirmed Friday that it plans to directly go after Apple Computer with its own rival, Zune. "Today we confirmed a new music and entertainment project called Zune," Chris Stephenson, a general manager of marketing for the software maker, said in a statement. "Under the Zune brand, we will deliver a family of hardware and software products, the first of which will be available this year." "We see a great opportunity to bring together technology and community to allow consumers to explore and discover music together," Stephenson said. A Microsoft representative declined to offer further details, although Stephenson told Billboard magazine that other Zune devices, including a video player, are in the works. |
|
|
|
|
