|
IM World News
To search use Ctrl+F and
key in the word you are looking for.
31st January 2012 11:49
Avecto today predicted that 2012 is the year organisations
need to concentrate on getting their Microsoft migrations right, or
risk being out of the game. The leader in privilege management
warned, with Windows XP expected to have been phased out by 2014,
organisations must ‘get it right’ as they migrate across to Windows
7.
Avecto’s co-founder and chief technology officer, Mark Austin,
stated, “Today’s workforce is increasingly mobile, and demands
devices to facilitate this. With the Windows 7 – and even Windows 8
– operating systems, Microsoft is enabling this trend and most
enterprises are either in the process or planning to migrate across.
However it is a complex process, with many pitfalls, and getting it
wrong can be expensive and inherently risky.” Avecto’s advice is to,
“Act now, and invest in the right technology, to make your migration
secure, cost-effective and easy to manage.”
Avecto is also predicting an increased focus on endpoint security.
It believes corporates will need to re-embrace solutions that are
able to detect the criminals’ increasingly diverse arsenal of
threats, crucial in the battle against stealthy and persistent
malware. In fact, with many malware attacks mitigated and even
eliminated with better control over application execution and user
privileges, the adoption of application control and privilege
management solutions within the operating system will increase in
order to provide a more pro-active approach to endpoint security.
In its final prediction Avecto anticipates that compliance will be
the key differentiator for cloud based providers in 2012. Austin
concludes, “If cloud providers are to appeal to customers in highly
regulated industries then administrator access, and their actions on
servers in the data-centres, needs to be better controlled and
monitored. The security of servers in the data-centres of cloud
providers will drive more innovative security offerings at the
hypervisor level. This in turn will then allow the security software
to get a complete view of the hosted servers, especially when
dealing with stealthy attacks.”
More: www.avecto.com
31st January 2012 10:35
AlienVault, creator of OSSIM, the de-facto standard open
source SIEM (Security Information and Event Management) solution,
announced today that it has closed an $8 million Series B financing
led by new investor Trident Capital with participation from existing
investors Adara Venture Partners and Neotec. The company has named
Trident managing director J. Alberto Yepez Chairman of the Board.
Trident principal Michael Biggee also joins the AlienVault Board of
Directors. The funding will be used to accelerate research and
development and aggressively expand sales and marketing to meet
increasing demand for unified security management from around the
world. AlienVault also recently announced the appointment of a new
executive team, led by CEO Barmak Meftah and CTO Roger Thornton.
Trident Capital has an exceptional track record of building
successful cyber security companies including: AirTight Networks,
Arxan, BlueCat Networks, HyTrust, Neohapsis, Qualys, Solera
Networks, Voltage Security, Sygate (acquired by Symantec – NASDAQ:
SYMC), Tablus (acquired by EMC – NYSE: EMC), Thor Technologies
(acquired by Oracle – NASDAQ: ORCL), and Tricipher (acquired by
VMware – NYSE: VMW).
“The SIEM market is the fastest growing segment in information
security and AlienVault’s OSSIM is the leading open source SIEM,”
said Trident Capital managing director J. Alberto Yepez, AlienVault
Board Chairman. “AlienVault is uniquely positioned to expand its
leadership in a global market that wants proven, cost-effective
solutions that provide a unified management approach to their
security requirements. The combination of the OSSIM community, the
AlienVault team led by founders Julio Casal and Dominique Karg, and
the recent addition of the experienced Silicon Valley executive team
we helped recruit, will establish the company as the leader in the
rapidly growing unified security management market.”
More: www.alienvault.com
30th January 2012 15:06
AVAST Software has awarded its 190 millionth registered avast!
user – and her friend – with an expenses-paid trip to Prague.
“Getting to the 190 million mark is quite an achievement for any
company,” said Vince Steckler, CEO of AVAST Software. “And since
over 60% of new users come because of a friend, this time we are
also recognizing a recommender.”
The 190 millionth user is Julie, a British national living in Spain.
She chose avast! Free antivirus on the advice of Stephen, a retired
friend. And it was Stephen that downloaded and installed avast! on
her computer this January 12.
Both Julie and Stephen will receive an expenses-paid trip for two to
Prague, the historic capital of Prague and the home of AVAST
Software.
“As a recommender and IT helper, people like Stephen have a big
impact on AVAST,” said Mr. Steckler. “They have helped our user base
grow last year from 141 million to 190 million registered users.”
Recommending avast! comes naturally to Stephen. “I’ve probably
recommended avast! to at least a dozen friends,” said Stephen. An
avast! user for over six years, he describes himself as somewhat
knowledgeable, but not a computer geek. He’s the person that gets
asked to install games, add hardware, and show friends how to save
or send family pictures.
Stephen’s own avast! use has been uneventful – and he likes it that
way. Stephen likes the daily virus database update notices, he has
gotten warning pop-ups about malware and dodgy sites, but never had
an infection himself.
Helping his friends out with avast! and their IT issues is almost a
social event. “Yes I have been known to have a beer or two while
waiting for the machine to restart,” Stephen quipped. Neither he or
Julie had ever imagined they could win a trip to Prague before they
were contacted by AVAST.
More: www.avast.com
30th January 2012 14:00
Canon U.S.A., a leader in digital imaging solutions, unveiled
the imageFORMULA ScanFront 300/300P CAC/PIV, the latest additions to
its award-winning lineup of network scanners that combine Common
Access Card (CAC) and Personal Identification Verification (PIV)
card support with networked document scanner functionality. The
ScanFront 300/300P CAC/PIV network scanners are secure,
full-featured and compact devices designed to improve the security
of information being shared across federal government networks,
while maintaining information quality, increasing manageability and
lowering costs.
“With good reason, the government sets an extremely high bar
regarding the security, effectiveness and efficiency requirements
its image-processing solutions must meet,” said Sam Yoshida, vice
president and general manager, Business Imaging Solutions Group,
Canon U.S.A.” The ScanFront 300/300P CAC/PIV network scanners meet
and exceed those standards, with the ability to digitally send
documents without compromising the security of the documents and
information they are processing.”Common Access Cards (CACs), issued
by the Department of Defense (DoD), and other Personal
Identification Verification (PIV)-compliant cards are components of
the federal government’s initiative to control access to its
facilities and information systems. The ScanFront 300/300P CAC/PIV
scanners are designed to recognize these cards in order to comply
with this initiative. Secure network scanning can be useful in
federal government entities beyond the DoD, and regardless of the
environment, it is necessary to increase efficiency,
reduce fraud and protect private information.
More: www.usa.canon.com
30th January 2012 12:03
Swivel Secure's Deployment Range Highlighted in Gartner
User Authentication Magic Quadrant. Swivel Secure, the UK’s
specialist authentication vendor has been positioned in the 2012
Gartner Magic Quadrant for User Authentication as offering the
broadest range of deployment options of any vendor discussed in the
report.
The Gartner Magic Quadrant is an objective, in-depth review of all
the leading user authentication vendors in terms of product
features, functionality and market penetration based on vendor
submissions, extensive market research and direct customer
interviews. The annual report is used widely by major enterprises
and large public sector organisations as a reference tool for
identifying the right technologies for their own IT security
requirements.
Gartner is one of the world’s foremost and widely respected
technology analyst companies. The Magic Quadrant for User
Authentication was authored by Ant Allen who is a Gartner research
Vice President focussed on Identity and Access Management.
Swivel Secure is a UK company established in 2000 that has pioneered
the concept of tokenless, two-factor authentication. The company’s
flagship authentication platform and patented PINsafe OTP protocol
is used by leading global enterprises, public sector organisations
and SMBs as an integral part of their corporate remote network
access management systems, using a range of existing user devices to
confirm user identity.
More: www.swivelsecure.com
30th January 2012 10:52
SANS Institute offers free webcast series to help SME's
improve information security and reduce risk
Series covers a wide range of topics including IT security, risk
management, policy development, and business continuity
“Millions of small businesses assume that Information security is
just too complex,” explains Jim Herbeck, an instructor for the SANS
Institute. “But by breaking down the complete process into smaller,
bite sized chunks using the same best practice favoured by larger
organisations, SMEs (Small Medium Enterprises) should understand
that having good information security is a very realistic goal.”
SME managers need to be informed consumers. Because many information
security products and services are targeted for large,
multi-national organisations, they may not scale to the budgetary or
staffing constraints at SMEs. One of the goals of this webcast
series is to make SMEs aware of the many options they have for
managing information security risks, and empowering SMEs to make
good risk management decisions.
Herbeck’s approach to information security is very business-centric.
As part of his ongoing research at the
Business Information Security Competency Center at the Geneva School
of Business Administration, he developed a simplified version of the
ISO 27001 information security standard for SME’s to use. “The
Information Risk Framework is a combination of ISO 27001, ISO 27005,
and the SANS Institute 20 Critical Security Controls,” says Herbeck.
“The Framework includes 33 risk areas organised into eight common
business functions. While half the Framework covers IT-related risk
areas, the rest specifies non-IT-related risk. This underscores my
belief that information security is a business risk, not just an IT
risk.”
More: www.sans.org/webcasts
27th January 2012 09:43
Avecto, the world leader in Windows
Privilege Management, today announced that the increasing migration
of organizations to Windows 7, is a key driving factor for boosting
year end results upward by 200% on 2010.
Tony Bolland, CEO said “Organizations of all sizes, ranging from
SMEs to large corporations employing over 450,000 people, now rely
on Avecto’s Privilege Guard technology to empower users, reduce
operating costs, achieve compliance and strengthen security.
According to IDC research published in 2011, shipments of new
Windows 7 licences will rise to over 109M in 2012. With our
Privilege Guard technology we are enabling customers to deliver the
least risk, least cost Windows 7 desktop environment. These latest
year end results underpin our strategic plans for rapid growth as we
respond to increasing market demands.”
In 2010 Gartner research* predicted that with the approaching end of
Windows XP support in 2014, organizations should treat the rollout
of Windows 7 strategically to advance the security of managed
desktops and web browsing.
The impact of this adoption trend across North America, means that
this region alone now represents over 60% of the company’s turnover.
To both underpin and sustain this growth, during 2011 Avecto
invested heavily in product development with Privilege Guard 3.0,
scheduled to launch in early February. Additionally Avecto has
undertaken a substantial recruitment programme during 2011 in North
America, with key new hires now responsible for managing specific
industry verticals, and in Europe new regional offices are scheduled
to open in Germany during the first quarter of 2012.
Bolland continues, “Our strategy for growth is closely linked to the
escalating need to better secure Windows environments. Privilege
Guard continues to exceed market expectations, and our new, deeper
and more collaborative alliances with industry giants such as HP,
CSC, Citrix and McAfee, have helped propel us into a world leading
position for Windows Privilege Management.”
More: www.avecto.com
26th
January 2012 13:35
International information security expert Lieutenant Colonel (Ret’d)
William Hagestad II is today warning UK businesses could fall victim
to cyberattacks from China unless they improve their cybersecurity.
Speaking at Cyber Defence & Network Security 2012 in London,
Hagestad said: “The threat of Chinese cyberwarfare cannot be
ignored. Cyberattacks are a clear and present danger to the
experienced and innocent alike and will be economically, socially
and culturally damaging for the nations targeted.”
Hagestad continued: “China is using and will continue to use
state-sponsored cyberwarfare to promote the nation’s own
imperialistic national interests. The US has been a target for
Chinese cyberterrorists and the UK, as a long-term American ally,
will be next in the sights of the Chinese. The UK business community
will be a likely target because of the role businesses play in
supporting the country’s economy. Businesses should be putting
proper measures in place to protect employees, clients and internal
networks from attacks.
“Businesses throughout the country must improve their cybersecurity
and the government should be taking the lead on this objective,”
Hagestad added. “The UK government has been proactively researching
this particular issue and trying to encourage businesses to improve
their cybersecurity, given the number of businesses in the UK which
retain sensitive data relating to customers and internal plans,
procedures and projects. Through a combined public, private and
academic partnership, the UK and other countries can move towards
defending against an advanced persistent threat such as that of the
People’s Republic of China.”
More:
www.itgovernance.co.uk
26th
January 2012 08:24
Varonis Systems has welcomed news that a common set of
privacy standards are to be applied to organisations across the
entire European Union for the first time - as well as a gameplan
that includes immediate notification of breaches and other ‘data
misplacements’.
According to the data governance specialist, the new rules are an
excellent balance between the very real data privacy needs of
citizens against the practical issues of managing data within the
modern corporate environment.
“Notice I said practical issues. Many IT security professionals have
expressed concerns about the technical problems associated with
managing, protecting and auditing access to their growing data
stores. While these concerns are understandable, the reality is that
with the correct technology in place – these issues can easily be
solved,” said David Gibson, the firm’s director of strategy.
“Many organisations have been struggling with non-existent or
limited permissions management, classification, and auditing
capabilities included with their data stores, but new Metadata
framework technologies can provide intelligence, automation, and
control across multiple platforms to allow C-level executives to
sleep easy in their beds at night,” he added.
According to Gibson, whose firm specialises in providing
intelligence and control for the often-overlooked – and
often-unsecure - area of unstructured data, the introduction of a
single set of privacy standards for all EU territories is long
overdue, although he notes that the migration to the new rules may
be a complex process for some multinationals - and those firms who
are pushing into new countries for the first time.
More: www.varonis.com
26th January
2012 08:10
Imperva, a pioneer and leader of a new category of data
security solutions for high-value business data in the data center,
today announced the release of the second Imperva Web Application
Attack Report (WAAR), which revealed that web applications are
subject to business logic attacks. The WAAR, created as a part of
Imperva’s ongoing Hacker Intelligence Initiative, offers insight
into actual malicious web application attack traffic over a period
of six months, June 2011 through November 2011.
Imperva monitored and categorized attacks across the internet
targeting 40 different applications. The WAAR outlines the
frequency, type and geography of origin of each attack to help
security professionals better prioritize vulnerability remediation.
“Business logic attacks are attractive for hackers since they follow
a legitimate flow of interaction of a user with the application,”
said Amichai Shulman, Imperva’s CTO. “This interaction is guided by
an understanding of how specific sequences of operations affect the
application’s functionality. Therefore, the abuser can lead the
application to reveal private information for harvesting, skew
information shared with other users and much more — often bypassing
security controls.”
More: www.imperva.com
25th
January 2012 16:05
Protecting data and privacy in the digital part of our lives with
all its online activities has become a major aspect of “consumer
identity”. In 2012, the debate surrounding the protection of
personal data will intensify further; KuppingerCole expects
it to be the dominant subject in the coming years in this field of
IT, which focuses on the identities of customers and consumers and
affects all our personal online activities. Each new instance of
data misuse that comes to light prompts greater calls for change.
Companies and government organisations can already be certain of
unfavourable headlines if they do not meet information security
requirements, particularly where personal data are concerned, or
misuse is so much as suspected. The inevitable result is that
today’s business models for social networks, online advertising and
other approaches based on collecting as much data as possible about
as many users as possible will no longer function as they currently
do, even for businesses that today hold market-leading positions.
Dr. Ann Cavoukian, Privacy Commissioner of the Canadian province of
Ontario, will for the first time ever be presenting her Privacy by
Design concept in a webinar. In this concept, which she first
developed in 1990s, data protection and privacy form the core around
which business models and applications are planned and implemented
in such a way that data protection, information security and privacy
requirements are always met. In the coming issue of his monthly
webinar discussion panel, KuppingerCole Senior Analyst Dave Kearns
will be discussing Privacy by Design with Dr. Cavoukian and Michelle
Dennedy, Chief Privacy Officer at McAfee.
More: www.kuppingercole.com
25th
January 2012 15:26
Perceptive Software, creator of enterprise content management
(ECM) and business process management (BPM) solutions, announces the
general availability of its Perceptive Reflect process mining and
visualisation product. Perceptive Reflect allows users to quickly
visualise how applications and people are working in the business
environment, and most importantly, identifying resource-wasting
process breakdowns.
By performing historical workflow visualisation and analysis,
Perceptive Reflect can pinpoint bottlenecks and improve process
transparency to support continuous process improvement.
“Perceptive Reflect makes your processes transparent so that you can
address the true bottlenecks at a fundamental level, instead of
spending your time trying to discover and define them,” said Darren
Knipp, Chief Technology Officer, Perceptive Software. “The result is
an accurate, objective picture of how things are really working, and
more importantly, objective data for future decision-making. The
analytics and visualisations provided by Reflect are game-changing.”
More:
www.perceptivesoftware.com
25th
January 2012 14:51
m-hance, one of the fastest growing suppliers of business
software solutions to mid-sized organisations, has announced plans
to increase its investment in developing its own cloud, social and
mobile technology solutions at its inaugural customer conference.
The event, held at Chelsea football club, brought together over 300
customers and business partners for the first time since m-hance
unified seven UK business software companies under one brand.
Following its official brand launch on 1st November 2011, m-hance
has rapidly gone from strength-to-strength. A record 42 new customer
wins have been signed as well as several sizable project wins from
existing customers. m-hance is now working towards delivering
ongoing service and value enhancements to its customers, which
include significantly investing in cloud, social and mobile
technologies tailored to their needs.
Andrew Hayward, Managing Director of m-hance, comments, “By
combining seven businesses into one m-hance can now offer a wider
product portfolio, increased knowledge and improved services and
support capabilities provided by experienced staff. With over 2,000
customers, we have a very solid building block to embrace and drive
business innovation which will enable us to further invest in
developing a portfolio of innovative cloud, mobile and social ERP
solutions in response to market demand.”
Hayward continues, “It was great to see so many of our staff,
business partners and customers together in one room which
contributed to making our customer conference an overwhelming
success. Not only are we committed to investing money in order to
improve our solutions and services, we are also taking the time to
become closer to our customers. This will ensure we can better
understand their needs so we can help them to achieve greater
efficiencies, cut costs and gain competitive advantage.”
More: www.m-hance.com
24th
January 2012 13:35
Opengear, a leading provider of secure enterprise-grade
console servers and remote management solutions, today announced the
launch of its next-generation, customizable remote monitoring and
management (RMM) gateway product family, the Opengear ACM5500.
Opengear makes it easy for MSPs (Managed Service Providers) to
remotely monitor and manage their customers’ network infrastructure,
whether on the road, in an office, or at another customer site.
Customized alert thresholds proactively track device status, and can
fix problems before a customer is even aware of them, or before they
become a crisis.
Until now, tools to help monitor and manage a variety of application
software and both network and environmental devices have been
complex and expensive. With Opengear’s dedicated secure hardware
agent, MSPs have visibility into and the ability to monitor and
control customers’ network infrastructure devices even behind a
firewall - easily and affordably. Based on open standards, the
Opengear ACM5500 product family complements the tools currently used
to manage customers’ IT environments (i.e., Cisco, Juniper, Avaya,
F5, etc.), so there is no ‘rip and replace’.
Opengear expands RMM for network/IT devices (both SNMP-based and
non-SNMP based), environmental devices and software applications
(e.g., Microsoft Exchange Server, etc.). The ACM5500 provides serial
console-port connectivity, environmental monitoring, power
management and monitoring and remote site storage of offline logs
and running configuration files. The ACM5500 family also includes
environmental sensors, local 4GB storage, internal v.92 and cellular
modems that enable out-of-band access, auto response, power
management and security. With the Opengear ACM5500 family of RMM
gateways, secure in-band and out-of-band access to remote sites is
available from anywhere in the world, thereby providing better
control and visibility into a network and its physical environment.
Secure, Out-of-band RMM Gateways for MSPs
Opengear has seen incredible growth over the past few years from
MSPs who use Opengear remote management gateways to manage multiple
remote sites. Opengear provides out-of-band and cellular
connectivity to enable remote management of equipment including
servers, routers, switches, firewalls, telephony equipment, UPS and
remote power management solutions - even when the network is
offline. Additionally, the ability to monitor various environmental
conditions like vibration, water, temperature, humidity, door
opening, pressure sensors, IP surveillance cameras, and send
notifications of status or alerts provides MSPs with a complete
solution all in one small product.
More: www.opengear.com
23th
January 2012 15:00
Agfa HealthCare announces that Massachusetts General Hospital
(MGH), Boston, has expanded its relationship with the vendor, adding
the IMPAX Data Center solution family. A longstanding Agfa
HealthCare customer, MGH also intends to upgrade to IMPAX PACS
version 6.5, supporting the need for timely and informed decision
making through fast access and enhanced ability to share information
at the radiologist desktop.
ICIS makes imaging an integral part of the EHR
With extensive, global experience working with radiologists and
complex healthcare IT environments like MGH, Agfa HealthCare
understands the role of medical imaging in the enterprise and has
created an imaging clinical information system (ICIS) to address
clinical and IT requirements. The comprehensive solution, built upon
the IMPAX Data Center platform, allows clinicians to capture, store,
exchange, and access imaging information securely and independent of
location, on a variety of web-enabled devices.
Enhanced clinical information exchange
By upgrading to Agfa HealthCare's IMPAX version 6.5 and the IMPAX
Data Center, the solution's open Application Programming Interface
(API) and web services design will provide enhanced clinical
information exchange between radiologists and clinicians. IMPAX 6.5
delivers Agfa HealthCare's XERO viewer platform, a zero footprint
enterprise-wide application that provides access to healthcare data.
More:
www.agfa.com/healthcare
23th
January 2012 14:46
Commenting on reports that DreamHost, the US West Coast-based
hosting provider, has reset all of its many users passwords in the
wake of a hacker incursion into its systems, Avecto says the
hack could probably have been prevented through the effective
management of end user privileges.
According to Paul Kenyon, Chief Operating Officer with the Windows
privilege management specialist, by controlling exactly who has
access to specific applications on the hosting provider’s servers,
the company would have helped prevent hackers from even starting to
compromise the member’s credentials as they appear to have done.
“We know (http://bit.ly/xD16r2) that DreamHost's shared and
dedicated hosting network consists of a series of Web servers and
that the controlling software is a customised application that was
developed in-house. If the developers had integrated privilege
management software into their customised applications from the
ground up, then the user’s credentials would not have been
accessible from the public Internet,” he said.
“Privilege management software is all about empowering users to do
their job. By effectively managing access to the software to
specific users, and specific terminals, even if the hackers gained
access to the IT staff credentials, they could then only access the
relevant software from within the corporate network,” he added.
Putting it simply, the Avecto COO went on to say, this form of
software security means that the IT admin credentials would only
work from nominated terminals within DreamHost’s network. Hackers
coming from outside the network – and on the Internet – would have
been blocked.
More: www.avecto.com
19th January
2012 11:29
Avecto – the leader in Windows privilege management, today
announced that it is a finalist in three 2012 Global Excellence
Awards categories. Info Security Products Guide - the
industry's leading information security research and advisory guide,
has shortlisted Avecto as Best Overall Security Company, Best New
Security Start-Up Company and Innovative Company of the Year
(Security). These prestigious global awards recognize security and
IT vendors with advanced, ground-breaking products and solutions
that are helping set the bar higher for others in all areas of
technologies.
“Least privilege, as a concept, is not new but is yet to be adopted
by most organizations and we do so much more than just that. We
educate the security market on its importance and demonstrate how
vital an aspect this is of their whole security ethos,” explains
Paul Kenyon, Avecto’s COO. “While the threat from within may come
from people, we understand that not everyone’s intentions are
malicious. We’re constantly looking at ways of improving Privilege
Guard to enhance not just the core feature set but the user
experience as well, currently no other product come close to what
our capabilities are at the moment.”
The growing ecosystem of insider threats identifies excessive user
privileges as a significant security concern for organizations. As
requirements for compliance increase, securing data as it passes
through a personal computer system is crucial to satisfy auditors,
and ensuring security breaches don’t result in expensive data loss.
Whilst antivirus and firewalls provide some protection, these are
only effective as part of a defense-in-depth security strategy.
Avecto designed Privilege Guard specifically to plug the ‘Trusted
Insider’ security gap, allowing IT to selectively elevate rights of
individual applications and tasks, and eliminating the need to grant
users local admin rights.
More:
www.infosecurityproductsguide.com
19th January
2011 08:08
Survey finds almost half of SharePoint users disregard the
security within SharePoint, and copy sensitive or confidential
documents to insecure hard drives, USB keys or even email it to a
third party.
The results of a survey, released today, has found that Microsoft®
SharePoint users are aware of the risks that exposing sensitive data
can cause to their organization, yet unbelievably they are using the
collaboration tool as an excuse to turn a blind eye. The study,
sponsored by Cryptzone - the IT threat mitigation experts,
discovered that while 92% of respondents understood that taking data
out of SharePoint made it less secure, 30% were willing to take the
risk stating they were “Not bothered if it helps me get the job
done”. Thirty four percent confessed they never really thought about
the security implications of SharePoint, while incredibly 13%
believe protecting company data is not their responsibility. When
examining users’ handling of sensitive or confidential information,
a defiant 45% of SharePoint users said that they disregard the
security within SharePoint and copy sensitive or confidential
documents from the collaboration tool to their local hard drive, USB
device or even email it to a thirdparty.
The main reasons for copying documents from SharePoint were either
to work from home (43%) or share it with third parties who don’t
have access to the tool (over 55%). What this practice demonstrates
is that this new technology, while supposedly a business enabler, is
recognized by many employees as a barrier and doesn’t live up to its
full potential as an inclusive collaboration tool to enhance
productivity.
Daniel Nilsson, data loss prevention expert at Cryptzone said,
“Organizations recognize that today’s workforce needs to be able to
collaborate effectively, but if this new found access to data is
introducing lax security practices then the danger could quickly
outweigh the benefits. While some might consider it admirable that
their employees are so dedicated to getting the job done, the fact
remains that they’re circumventing procedures and security put in
place for good reason. Ignoring the consequences is a risky strategy
- is it any wonder then that we see so many data security breaches
as a result. Rather than ignoring what’s happening, steps need to be
taken that recognize the increasing porosity of the perimeter and
allow the workforce to harness the power SharePoint offers without
compromising security.”
More:
http://www.cryptzone.com/sharepoint-security-survey
18th
January 2011 10:15
Commenting on reports that the T-Mobile USA Web server has
been hacked by the TeaMp0isoN hacktivist group, Avecto says
that a multi-layered security strategy could have helped to prevent
the crack, as well as saving the troubled US cellular carrier
considerable embarrassment.
According to Paul Kenyon, Chief Operating Officer with the Windows
privilege management specialist, while T-Mobile USA almost certainly
had IT security defences protecting the Web server hosting the main
T-Mobile.com portal - and newsroom subset of the site - it is clear
that these defences have been found wanting.
“As well as being publicly hacked by the Anonymous-linked hacktivist
group, T-Mobile has just exited sales negotiation with AT&T and is
on the lookout for a suitor that will acquire its US operations. To
have its Web server data so publicly hacked could not have come at a
worse time,” he said.
“While early reports suggest that only a superficial level of data –
including low-grade passwords – has been posted on Pastebin by the
hacktivist group, this is a classic case of corporate embarrassment
over financial loss,” he added.
The Avecto COO went on to say that, while there has been no direct
financial loss to the US telco, there is still the danger of the
reputational fallout dissuading a potential suitor from opening
acquisition talks.
The underlying attack vector – which appears to centre on SQL
injection vulnerability exploitation – may be of passing interest to
technical analysts and reporters. However, Kenyon argues, the
reputational damage could result in the partial or complete closure
of T-Mobile USA’s network, which has not reached profitability
targets.
More: www.avecto.com
17th
January 2011 14:53
Commenting on suggestions in public sector journal UKAuthorITy that
staff – rather than the taxpayer – should be held liable for data
breach penalties from the Information Commissioner’s Office,
Cryptzone says that the move, whilst superficially attractive,
could have negative results in the medium-to-longer term.
According to Grant Taylor, UK VP of the European IT threat
mitigation specialist, if the suggestion were applied to the staff
of all government agencies, then – aside from a change in contracts
being required – we could end up reducing employees to being ‘scared
rabbits in the headlights’ as far as IT security is concerned,
seeking 110 per cent levels of data security at the expense of
operating efficiency.
“And if the penalties are applied to nominated senior managers in
the relevant NHS trust, council or other government agency – as is
the case with corporate responsibility, for example within
transportation authorities – then the public sector could be forced
into building liability insurance remuneration into management
salaries, as has been required by medical professionals for some
time,” he said.
“The irony here is that, as well as simply moving the cost of data
breach penalties across the government spreadsheet - with the
taxpayer continuing to foot the bill - operational efficiencies are
likely to suffer as well,” he said.
The Cryptzone VP went on to say that, despite this, there are some
aspects of the public sector editorial that are potentially positive
- since the mere discussion of this employee liability issue will
make at least some of the staff more security conscious and
responsible.
More: www.cryptzone.com
17th
January 2011 14:51
Newham College, a leading further education institution has
significantly streamlined its purchase-to-pay (P2P) processes with
Version One’s document imaging system, DbArchive, and automated
invoice processing solution, DbCapture. Newham College has also
implemented Version One’s recently developed DbCapture PDF solution
to further streamline P2P. DbCapture PDF is the latest addition to
Version One’s document management suite, enabling invoice
information to be captured and processed directly from a PDF
invoice.
Version One’s solutions, which are integrated into Newham College’s
Symmetry Financials accounting system, have significantly reduced
paper usage across the college and cut invoice approval times.
Version One’s software has also freed-up document storage space and
eliminated document archiving costs.
Purchase invoices received in paper format are now imaged using
DbArchive and key data on the invoices is automatically extracted
and verified against the accounting system using Version One’s
DbCapture solution. The imaged invoices are then automatically
linked to the appropriate records in Symmetry. Using Symmetry’s
integrated workflow functionality, invoice approvers are
automatically emailed with a link to the invoice enabling them to
approve, reject or query it on-screen with just a click of the
mouse. This replaces manual and time-consuming P2P processes
involving circulating paper invoices for approval.
Imaged documents can now be accessed directly from the Symmetry
system by authorised Newham College staff, significantly cutting
time-consuming administration. Version One’s software has also
reduced Newham College’s reliance on paper, supporting its
environmental agenda.
Ray Benn, Financial Account Manager from Newham College says, “With
seven sites spread across 15 learning centres, the finance
department was wasting both time and money by manually filing and
circulating paper invoices. Using Version One’s software, we have
significantly improved our purchase-to-pay efficiency by eliminating
the paper trail.”
More: www.versionone.co.uk
17th
January 2011 11:50
Following the news that a former NHS care assistant has been
convicted of obtaining the medical records of five members of her
ex-husband's family in order to obtain their new phone numbers,
Varonis Systems says this rogue employee incident shows why the
automation of IT security enforcement is critical to organisations
with large databases.
According to the data governance specialist - while the case
initially appears to be one of a rogue employee with access to the
medical records of the patients concerned - the Information
Commissioner's Office (ICO) has reported that the patients whose
details had been compromised were not under the worker's direct
care.
David Gibson, Varonis' director of technical services, said:“Put
simply, this means that she was accessing the medical records
without express or implied permission from her employer - and was
clearly committing an offence under section 55 of the Data
Protection Act. This is why she was fined £500 for the offence,
which was also a breach of her employer's trust.”
"What I am surprised about, however, is that the NHS trust did not
implement an automated data governance system that limited access to
only those medical records of patients under the care of the health
worker concerned. Automated security technology – especially for
large medical records systems in a hospital environment – helps by
optimising data access authorisations and detecting potential abuse
situations in real time,” he said.
Obviously, he went on to say, nominated staff in an Accident &
Emergency department would need blanket access to critical patient
data, but in a hospital ward situation - as this woman apparently
worked in - this would not be necessary.
Healthcare data, he explained, is some of the most dynamic in the IT
industry, with new patients coming in every day for lots of reasons,
then being treated and moving on, and with some returning for
further treatment.
The end result is that there are numerous digital files for every
patient treated, he says, adding that health records contain the
most personal of information, with phone numbers certainly being
private, as well as the medical issues those family members were
treated for. “And”, he noted, “who knows what other data was made
available to the staff member concerned?
It would be interesting to discover, Gibson says, to what extent
other NHS bodies use data governance technology when securing the
medical records and other data of patients.
“Given that this care worker was prosecuted on the basis of evidence
from the audit trails from her smart card ID – and the fact that the
smart card is a key authentication device that has multiple uses -
it is clear that automation is the only real way to adhere to the
principle of least privilege with present-day digital
collaboration,” he said.
“In a large hospital or health trust environment, even an army of
people couldn't keep up with the pace of database change. Automation
is clearly the only way to effectively monitor the use of the data
concerned, but the good news is that this technology is available in
the modern database marketplace, without resorting to untested
leading edge systems,” he added.
More: www.varonis.com
16th
January 2011 11:13
Today Fujitsu launch a new range of desktop scanners, ‘The
Z-Generation’, to join their flagship fi-series of desktop business
scanners. The Z-Generation consists of four new premium scanners:
fi-6130Z, fi-6230Z, fi-6140Z and fi-6240Z. The new range combines
the ultra-high performance and image quality of the fi-series with
the flexibility and convenience of the ScanSnap range.
With scan-to-process capabilities, one-button scanning, exceptional
performance and advanced administration tools, the Z-Generation
professional document scanners from Fujitsu deliver exceptional
productivity, flexibility and return on investment.
Z-Generation features include:
· Fast one-button operation - New ScanSnap mode sits alongside
traditional Scan-to-Process mode
· 50% faster capture - among the fastest in its class (60 sheets/120
images per minute)
· Integrates with business processes: scan-to-process, scan to
Microsoft SharePoint Server
· Ultra quiet operation
· Powerful new software - ScanALL PRO 2.0 and VRS Professional 5.0
image-processing technology for improved, intuitive operation,
automatic job separation and image enhancement
· Centralised Administration – Monitor running status, update
drivers and software of all units from the one location
· Safer scanning - New, innovative paper feed mechanism protects
valuable or sensitive documents
· Microsoft Office integration - Scan to Excel, Scan to Word, Scan
to PowerPoint, Scan to PDF Editor
· High-productivity functions: Intelligent multi-feed, Paper
protection, Auto page size and colour detection, Automatic job
separation
· Dual image processing engines: VRS 5.0 virtual rescan and IPC
(Image Processing Controls)
The Z-Generation of scanners from Fujitsu open up the fi-series to
all businesses, from those with only a handful of staff to large
corporations. Now, those businesses previously without the resources
to approach document management seriously can make document capture
and classification more productive, with documents readily routed
into agile business processes. Information retrieval is faster for
everyone; and cost-of-ownership is reduced through the Z-Generation
scanners' central management and administration.
More:
www.fujitsu.com/emea/products
16th January
2011 10:27
Commenting on reports that Anonymous has apparently published the
credentials of several Israeli SCADA system users, SecurEnvoy has
expressed surprise that the systems concerned were not also
protected by authentication technology.
According to Steve Watts, co-founder of the tokenless™ two-factor
authentication specialist, SCADA – Supervisory Control and Data
Acquisition – systems are often used for protecting critical
national infrastructure platforms such as energy and
telecommunications grids.
“These systems are typically based around an embedded and robust
version of Windows, which makes them resilient against most malware
and allied hacker attacks, but using user/password credentials on
their own to secure access is a bit puzzling, given the critical
nature of these types of systems,” he said.
“And whilst there is an argument that users are inconvenienced with
having to interact with a two-factor authentication device token
when logging, the fact that millions of online banking users are now
using this technology proves the case that 2FA systems really do
work,” he added.
The SecurEnvoy co-founder went on to say that, with the advent of
tokenless two-factor authentication that uses a mobile phone as the
authentication communications medium, there really is no excuse not
to use 2FA technology to secure logons more effectively.
This advice is especially appropriate, he explained, given the claim
that of the SCADA systems that Anonymous has posted were using a
default password, rather than a personal passphrase.
“Of course, if the SCADA systems were also protected using tokenless
two-factor authentication, then the possession of an ID and password
on their own would not have allowed access, no matter who was using
these credentials,” he said.
More: www.securenvoy.com
13th January
2011 10:06
AlienVault - the Unified Security Information and Event
Management (SIEM) solutions specialist – has found evidence of
Chinese-originated attacks against the US government agencies
including the US Department of Defense (DoD), which use a new strain
of the Sykipot malware to compromise DoD smart cards.
One of the original versions of Sykipot was a trojan horse
application that opened a backdoor into the infected PCs. According
to Jaime Blasco AlienVault’s Lab manager, this latest generation of
diversified attacks may have been occurring as far back as March of
last year, if not longer.
“This is the first report of Sykipot being used to compromise smart
cards, and this latest version of the malware has been designed
specifically to take advantage of smart card readers running
ActivClient - the client application of ActivIdentity, whose smart
cards are standardised at the DoD and a number of other US
government agencies,” he said.
“The smart cards are an important facet of security for the
Department of Defense – which manages the three main branches of the
military in the US, the Departments of the Army, the Navy and the
Air Force – and use the cards as a standard means of identifying
active duty military staff, selected reserve personnel, civilian
employees, and eligible contractor staff,” he added.
So far, the AlienVault researcher went on to say, he and his team
have seen attacks that compromise smart card readers running Windows
Native x509 software, which is reportedly in commonplace use amongst
a number of US government and allied agencies.
This new strain, he says, is thought to have originated from the
same Chinese authors that created a version of Sykipot late last
year that piped out a variety of spammed messages with the lure of
information on the next-generation unmanned `drones' developed by
the United States Air Force (http://bit.ly/z7hiU0)
In his malware investigation of late last year, Blasco suggested
that the team behind the Sykibot swarm were Chinese and working with
an information shopping list that included semiconductor and
aerospace technology, amongst other areas.
This time around, he explained, cybercriminals are using a version
of Sykipot that dates all the way back to March of last year, and
has been used in dozens of other attacks executed in the past year.
As with previous Sykipot strains, Blasco notes that that the
attackers use an email campaign to get specific targets to click on
a link and deposit the Sykipot malware onto their machines.
“From there - unlike previous strains - the malware then uses a
keylogger to steal PINs for the cards. When a card is inserted into
the reader, the malware acts as the authenticated user and can
access sensitive information. The malware is then controlled by the
attackers and then told what – and when - to steal the appropriate
data,” he said.
More: www.alienvault.com
12th
January 2011 21:05
Accusoft Pegasus, the leading provider of document viewers
and imaging software development kits (SDKs), announces the launch
of Prizm PDF Converter, a PDF conversion utility, enabling users to
reduce software licensing costs otherwise required to process a
variety of documents. Prizm PDF Converter creates Adobe® PDF files
from over 300 file formats including MS Office, AutoCAD, HTML, and
text files.
Standardizing on PDF can transform workflows from requiring several
points of entry (specific to each document type) into a single
management interface for any type of document. Prizm PDF Converter
is a java-based utility that can be embedded into any application or
linked from any page for single or batch document conversions. It is
a true multi-threaded application which can be easily integrated
into web applications and document management systems, boosting
productivity by allowing multiple conversions to occur
simultaneously.
"In order to streamline our customers processes, a PDF converter
must not only be multi-threaded, but also support online conversion
from over 300 file formats, without requiring file format support
software or print drivers to be loaded onto the desktop or a
distributed server," said Prateek Kathpal, Vice President, Viewing
Product Strategy at Accusoft Pegasus. "The Prizm PDF Converter not
only meets all of those requirements, but also creates high fidelity
PDFs that preserve all of the graphics and formatting from the
original documents."
Using Prizm PDF Converter, an organization can easily transform the
full range of its content into fully searchable and index-able PDF
formats using a common, robust framework. For example, organizations
that deal with multiple inbound file formats, such as insurance
claims processing, can embed Prizm PDF Converter into a scanning
application for incoming documents, enabling these documents to be
accessed as PDF files.
Using Prizm Content Connect™, Accusoft Pegasus' thin client AJAX
document viewer, in combination with Prizm PDF Converter, members
within an organization can easily collaborate, share, and secure
sensitive information contained in converted documents, with no
additional software required. Prizm PDF Converter with Prizm Content
Connect is ideal for businesses searching for a fully integrated,
secure solution for document conversion, viewing, and collaboration,
to make better use of their ECM system investment.
More:
www.accusoft.com
11th
January 2011 11:05
Commenting on the launch of the Victorinox one-terabyte Swiss
Army Knife - unveiled on Monday at the Consumer Electronics Show in
Las Vegas - Varonis Systems says that, with these levels of
data storage hidden in a humble pocket knife, organisations need to
take extra care when defending their corporate data.
For example, says David Gibson, the data governance specialist's
technical director, if staff can walk out of a building with such
dizzying volumes of data in their pockets, physical security staff
would have to be extraordinarily lucky to discover a member of staff
to detect a rogue employee looking to steal what - for many
corporates - would represent an image of their entire sales and
customer database.
"And with this fast USB drive-equipped Swiss Army Knife being
capable of 150 MB/s data write speeds, you really getting are into
‘Mission Impossible’ territory when it comes to defending your data
against such electronic heisting," he said.
"The problem facing many organisations, however, is the prospect of
stale, excessive permissions, and the absence of an audit trail--
who is doing what with their data - and when - and complying with
regulations that mandate that access controls are properly
maintained, and use of data is monitored," he added.
The Varonis technical director went on to say that one of the
problems with managing and protecting data on corporate IT systems
is that around two-thirds of the information is typically stored in
an unstructured and archival format.
Put simply, he explained, this unstructured data is notoriously
difficult to track, owing to the volume of data, the enormous number
of files, the complexity of the hierarchies and the permissions
structure, and the amount of access events that are generated each
day.
Gibson says that the problem facing IT security managers is that
permissions analysis and auditing now require sophisticated
automation. Manual authorization processes are simply too
inefficient to keep up with the pace of change, and native audit
functionality included with the unstructured platforms is resource
intensive, difficult to store, and difficult to analyse.
"USB drives are incredibly useful, and many companies are hesitant
to lock them down altogether. But with the prospect of someone being
able to transfer the many gigabytes of files onto a device they
carry around in their pocket or purse - and which bears absolutely
no resemblance to a portable hard drive - the chances of a rogue
member of staff being detected with this data are close to zero
without using automation to audit and analyse access activity," he
said.
"Against this backdrop, the arrival of the one-terabyte Swiss Army
Knife high-speed USB drive really needs to act as a wake-up call to
anyone who stores large volumes of data on their IT systems, and
does not have a comprehensive audit trail of activity on all their
data," he added.
More: www.varonis.com
10th
January 2011 15:37
Visioneer® and Xerox® have today announced the first
battery powered scanner that uses Wi-Fi to wirelessly transmit JPG
images and multipage PDF files from the scanner to computers, mobile
phones, pads and the cloud…the Xerox Mobile Scanner. Using a free
mobile app, the device is able to communicate wirelessly to a
PC, Android®,
Mac® iPhone®, iPad®, iPod® touch or the Cloud.
Your boss sends an urgent email from the road asking you to send
them an electronic copy of a
client proposal. The only copy you have is on paper, and you’re late
for your own meeting with the
sales team. Without needing a computer or even a power connection,
the new Xerox Mobile
Scanner lets you scan the document, create a PDF file and send it to
your manager’s mobile
phone, in seconds.
Priced at only £249.99, the Xerox Mobile Scanner is a small (293 x
70 x 51 mm) colour scanner that
includes a 4 GB Eye-Fi SD memory card, carrying case, rechargeable
battery and charger. Simple
to use, simply press the power button, select a file format (PDF or
JPG) and insert the document.
The scanner’s patented AutoLaunch technology senses the page and
begins scanning.
“The Mobile Scanner provides a quick, convenient way to scan and
share documents when you’re
on the go,” said Peter Trapmore, EMEA Sales Director at Visioneer, a
Xerox licensing partner.
“Untethering the scanner and adding Wi-Fi reflects Xerox’s drive to
make life easier for the mobile
worker.”
The maker of the world’s first wireless Memory Card, Eye-Fi (www.eye.fi)
was a collaborative
partner in the development of the scanner. Eye-Fi’s patented and
patent-pending technology works
with Wi-Fi networks to automatically send photos from a digital
camera to online, in-home and retail
destinations.
More:
www.xeroxscanners.co.uk
and
www.visioneer-europe.com
09th
January 2011 13:47
Talari Networks, Inc. today announced the addition of the
Mercury T510 appliance to its family of Adaptive Private Networking
(APN) products for WAN Virtualization, offering enterprise-grade
connectivity for small branch offices. The company also announced an
accompanying software release, APNware 2.3, which introduces
system-wide improvements that simultaneously boost WAN reliability
and provide accurate accounting on the availability of underlying
networks.
Talari’s newest entry-level appliance, the T510, offers enhanced
hardware within a 1U rack with integrated power supply (PSU) and 1
Gb Ethernet interfaces. Designed for SOHO and small remote branch
offices, the whisper-quiet model delivers up to 24 MB/second across
one to three WAN connections. Replacing the Mercury T200, the T510
complements Talari’s higher-capacity, rack-mountable Mercury T730,
T750 and T3000 models.
APNware 2.3 features easier integration into complex networks,
geographic redundancy for network control nodes, and enhanced
reporting at the network and application levels.
“While we were testing our geographic redundancy feature, there was
a major Internet blackout in North America,” said John Dickey, vice
president of Engineering at Talari Networks. “In spite of the fact
that two of our service providers were taken out, the new APNware
ensured that our network kept working.” The Internet outage was
caused by a router bug as reported in early November 2011.
Talari’s networking solutions are part of a new product class
developed to deliver a revolutionary approach to building corporate
WANs by increasing bandwidth using additional network resources from
various Internet Service Providers (ISPs), including both high-speed
Internet connections at customers’ central locations, and broadband
connections (DSL and cable where available) at branch locations.
WAN Virtualization provides reliable, cost-effective support for
business applications such as VoIP and virtual desktop
infrastructure, allowing organizations to take advantage of the
affordability of broadband without foregoing business quality,
reliability or availability.
“As the market more fully embraces WAN Virtualization and the use of
multiple network connections at each site, we are able to find more
ways to solve real networking problems for our customers, and this
maturity is now reflected in the depth of our product range,”
explained Keith Morris, VP of Marketing.
More: www.talari.com
09th
January 2011 09:09
MOBOTIX AG, a leading manufacturer of digital
high-resolution, network-based video security systems has released
details of a project at a new state of the art, multi million pound
data centre built by Oxford University that is benefiting from
advanced MOBOTIX CCTV technology to improve operational procedures.
Oxford University is one of the worlds leading academic and research
communities and at its heart is a complex and powerful IT
infrastructure. Although many of the colleges run their own
computing environments, Oxford University Computing Services (OUCS)
is tasked with providing many of the key shared facilities, services
and core networks reaching all departments and colleges.
With the growth of virtualisation technologies, the newest OUCS
facility built at its South Parks Road site has been designed to
allow IT to become a more fluid resource. As David Birds, Data
Centre Manager for OUCS explains; from its inception, the design
needed to be in-line with best practice in terms of remote
management, provisioning and security. “We had looked at how other
modern data centres were constructed and evaluated elements like
rack design, cooling, PDUs, monitoring and security. From day one,
we always envisioned the data centre to be effectively “lights-out”
but with a high level of automation and security to ensure the
safety of the site and any lone workers.”
Working closely with J Brand, an Advanced MOBOTIX Partner and
principal contractor for the data centre fit-out, Birds conducted a
comprehensive review of potential CCTV solutions. The system needs
to integrate alongside a range of security measures such as
biometric readers, RFID keycards and anti-tailgating doors.
“It was clear from early on that the MOBOTIX solution was
particularly well suited to our requirements as it offered high
quality images, proven reliability and hemispheric technology to
allow us to cover the widest areas with as fewest possible cameras,”
explains Birds, “the fact that the systems had scope to add
additional features such as integration with access devices and
audio also provided a strong case for the longevity of the
solution.”
Just 16 cameras including 14 x Q24 hemispheric models cover the
12,000 Sq/f facility. “The implementation was relatively straight
forward and like the entire facility, the cameras have access to
redundant power and battery backup,” Birds adds.
OUCS has opened the doors to the first University Department to make
use of the facility and the lights-out nature of the centre also
provides a significant operational benefit. “Having staff on site is
a waste of resources as 99% of all the provisioning, adds, moves and
changes that need to take place are all done remotely,” explains
Bird. “Any activity inside the centre now leaves a full video audit
trail which has significant advantages over a guard who, even if we
had one, would never be allowed to wander unsupervised around the
more critical parts of the facility.”
More: www.mobotix.com
06th
January 2011 10:47
Commenting on reports that Utah Valley University researchers have
analysed the many hundreds of thousands of Stratfor user account
credentials which were hacked by Anonymous late last year due to
weak passwords, SecurEnvoy says this proves the fact that the
human element in security is now the weakest link.
Steve Watts, co-founder of the tokenless™ two-factor authentication
specialist, says that, after crunching the data on its 120-strong
computer network, the University found that the users of Stratfor
Global Intelligence – many of whom are actively involved in the IT
security industry – were using weak passwords.
“Put simply, they really should have known better, as the user list
of the hacked accounts reportedly included US military personnel, IT
staff at the Bank of America and JP Morgan, as well as IT
professionals with IBM and Microsoft,” he said.
“And if these professionals cannot get their password security
sorted, then what hope is there for the rest of the Internet user
community? This revealing analysis proves our constant mantra that
conventional passwords are dead in the water on the security front -
especially with powerful password crunching technology so readily
available,” he added.
The SecurEnvoy co-founder went on to say that is interesting that
the Utah University researchers – who crunched their way through the
MD5 password hashes for the Stratfor user account credentials
revealed by the Anonymous hacktivists - were able to decode more
than 160,000 passwords for various users.
Through the use of freely available cracking software such as
John-the-Ripper and Oclhashcat-Plus, he explained, the researchers
were able to generate some eight million passwords per second, and
62 million passwords per second – respectively - using their network
of computers.
More: www.securenvoy.com
05th
January 2011 15:02
Canon today unveiled the latest addition to its
high-performance XEED projector range. The WUX5000 offers a high
5000 lumens brightness together with a range of Canon lens options
and features to make installation as easy as possible. The WUX5000
provides exceptionally high image quality, making it ideally suited
to a wide variety of corporate, education, leisure and retail
environments.
The WUX5000 is compatible with three different lenses: a standard
zoom lens for most typical installations, a telephoto zoom lens for
larger environments and a wide single focus lens, which can be used
for rear projection applications. All lenses are also
interchangeable with the WUX4000.
Benefiting from Canon’s 70-year heritage at the forefront of lens
design, the three lenses offer image sizes of between 40 inches and
600 inches, a maximum throw distance of 48.5 metres, and virtually
no reduction in brightness, even when using the long zoom or wide
single focus lens options. Offering 5000 lumens of true ‘colour
brightness’, colours are displayed with virtually the same intensity
as white, crucial for displaying the full impact of photographs and
video content.
As well as superior lens design, the WUX5000 also includes cutting
edge technology within the projector to deliver outstanding optical
quality. LCOS panels combined with WUXGA resolution provide seamless
images without the ‘rainbow’ and ‘lattice’ effects that are often
experienced with rival projection technologies. In addition, Canon’s
unique AISYS (Aspectual Illumination System) – an advanced optical
technology that maximises the performance of the LCOS panels –
delivers high levels of brightness and contrast simultaneously,
while Canon’s colour matching technology offers images that closely
resemble that of a professionally calibrated sRGB monitor.
The WUX5000 combines high performance with usability by offering
motorised lens shift, which allows the installer to reposition the
display using either the projector’s control panel or the remote
control handset. Images can be adjusted to within 0.5 pixels both
vertically and horizontally, essential in multi-projector
installations where images overlap, for example, 3D, stacked or
blended systems. It also means that one person can easily install
the projector and then make final adjustments from the ground using
the remote handset.
Providing maximum versatility, the WUX5000 offers 360 degree
projection, so that images can be projected onto the floor or
ceiling. This makes the device particularly suitable for bespoke
installations such as museums, visitor centres or theatre
auditoriums.
More: www.canon-europe.com
04th
January 2011 20:14
Accusoft Pegasus, the leading provider of imaging software
development kits (SDKs) and viewers, releases ImageGear Professional
v17 for Windows DLL, including full-page OCR support and support for
searchable compressed PDF creation.
"ImageGear Professional is a great one-stop shop, suite of imaging
functionality. Application developers can now use ImageGear
Professional to gain access to an even wider breadth of imaging
support, cleanup operations and OCR text recognition than ever
before," said Steve Wilson, Director, Native Core Imaging.
"Additional added value includes the ability to automatically redact
confidential and sensitive information, such as social security
numbers."
With ImageGear Professional v17, applications can perform OCR,
create smaller searchable PDF files from scanned document images,
and automatically compress individual regions of a page to produce
an optimized, searchable PDF. This new version of the ImageGear
Professional DLL edition includes full-page OCRsupport for over 120
languages including Traditional Chinese, Japanese and Korean
languages.
More:
www.accusoft.com/news_new-version-imagegear-professional.htm
04th
January 2011 14:09
Advanced Business Solutions (Advanced), a market leading business
applications and services provider, is a finalist in the Software
Provider of the Year category of the inaugural Pay & Benefits Awards
2012.
Advanced is one of five companies shortlisted for the award, with
the winner being announced during an awards ceremony on Thursday 9
February 2012 at 8 Northumberland Avenue, London. The Pay & Benefits
Awards recognise and reward the finest in the UK’s pay and benefits
industry.
The Software Provider of the Year category acknowledges those
payroll software providers that have shown a consistently high level
of customer service throughout the year. The winning provider will
be able to demonstrate that they have gone the extra mile in
ensuring customer satisfaction, including helping to deliver cost
savings, time efficiencies and improved services.
Simon Fowler, Managing Director of Advanced Business Solutions
(Commercial division) says, “Being shortlisted for the Software
Provider of the Year award recognises our consistently high levels
of customer service. Our functionality-rich HR and payroll
applications have been developed, and continue to be developed, with
the customer in mind whilst complying with industry and legislative
requirements.”
Advanced’s comprehensive software portfolio comprises core
accounting/financial management, procurement, human resource and
payroll systems, integrated with a range of collaborative, document
management and business intelligence solutions to extend the value
and effectiveness of the finance, human resource and payroll
departments.
More:
www.advancedcomputersoftware.com
03rd
January 2011 15:14
1.07 million sites compromised proves that SQL injection is most
pernicious vulnerability
Commenting on reports that the so-called `Lilupophilupop.com’ SQL
injection attack has now compromised more than a million sites, Imperva says the fact that the number of site comprises has soared
in just a few weeks highlights the issue that SQL attacks are still
a major problem for companies hosting Web sites and their users.
According to Rob Rachwald, Director of Security Strategy with the
data security specialist, SQL injection is now the most pernicious
vulnerability in human computer history.
“Over the last six year years, our research has shown that SQL
injection has been responsible for 83 per cent of successful
hacking-related data breaches and – as incidents like this confirm –
the trend is clearly rising. Perhaps worse, with hackers automating
their attacks, no-one who hosts a Web application is immune,” he
said.
“Our report of last September (http://bit.ly/vxB5uI) found that Web
applications suffered an average of 71 SQL injection attempts every
hour – that’s more than one a minute. Specific applications,
meanwhile, were found to occasionally be under aggressive attack,
with peaks of between 800 and 1,200 attacks an hour – i.e. one
attack every 3.0 to 4.5 seconds,” he added.
Rachwald explained that defending against SQL injection attacks is
no easy task, since databases are integral components of Web
applications.
“The bottom line here is that IT security professionals need to
understand there is – as the 1.07 million site compromises
identified by our colleagues at the SANS Institute so clearly shows
- a definite need for installing and using automated SQL injection
attack security software if you host and code your own Web site.”
More: www.imperva.com
03rd
January 2011 10:48
Commenting on reports that a researcher has discovered a gaping hole
in the security of the WiFi Protection Setup (WPS) method of
simplifying the pairing of a device with several brands of wireless
access point, Cryptzone says that WiFi users should be more
concerned with the fact that wireless passwords have been inherently
insecure for some time.
According to Anders Hansson, CTO of the IT Threat mitigation vendor,
the fact that the WEP and WPA wireless password systems have long
since been cracked, and - with suitable software and enough
processing power - WPA2 passwords can also be cracked in just a few
hours, the WPS loophole discovery is actually a minor security
issue.
"Using software such as Elcomsoft's Wireless Security Auditor (WSA -
http://bit.ly/uWNLC2) it's now possible to stage a high-powered
dictionary attack on a WPA2-passphrase protected wireless system and
generate results in just a few hours," he said.
"Against this backdrop, the fact that the WPS method of allowing
easy connection to a wireless network has been compromised is
actually something of an irrelevance, since there are several other
methods of cracking a WPA2 wireless passphrase," he added.
Hansson went on to say that the WiFi Alliance originally developed
WPS as a means of simplifying the connection of a device to a home
or office wireless network, with the router including a flag in the
EAP-NACK message that tells the user if the first half of the
passphrase they have typed is correct.
The security flaw, he explained, reduces the time it takes to crack
an average WPA2 passphrase down to 104x103 attempts - about 11,000
attempts in total.
Assuming you are using software capable of generating and using -
say - 10 passphrase attempts a second (600 a minute), it doesn't
take a mathematical genius to realise that a WPA2-WPS router
passphrase can be compromised in under 20 minutes.
More: www.cryptzone.com
Older news at: IDMi
News Archives
|
|
