Archive for the ‘Information Security’ Category

h1

More Demands on Cell Carriers

July 13, 2012

In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.

The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.

While the cell companies did not break down the types of law enforcement agencies collecting the data, they made clear that the widened cell surveillance cut across all levels of government — from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.

AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena. That is roughly triple the number it fielded in 2007, the company said. Law enforcement requests of all kinds have been rising among the other carriers as well, with annual increases of between 12 percent and 16 percent in the last five years. Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.

With the rapid expansion of cell surveillance have come rising concerns — including among carriers — about what legal safeguards are in place to balance law enforcement agencies’ needs for quick data against the privacy rights of consumers.  Source

Advertisements
h1

Cloud Computing: Managing File Transfers in the Cloud: 10 Points to Demystify the Process

May 14, 2012

Managed file transfer is a well-accepted way for organizations to share business files point-to-point, quickly, reliably and securely. This is a subject that requires attention, especially when it comes to thorny issues, such as enterprise security and compliance. MFT uses different types of applications to securely transfer data from one computer to another. This small but important area of IT management earned attention in recent years after IBM bought Sterling Commerce for more than a $1 billion, and MFT specialist Ipswitch merged with Message Way. Over the years, despite having lost a bit of its novel cachet, MFT is as effective as ever. But now, due to greater demands for the secure transfer of data through cloud systems, MFT is being refreshed as it morphs and expands to play a critical role in moving large data sets (the so-called big data)—as well as traditional business files—through the cloud. Here, eWEEK offers some key data points about MFT, the cloud, and big data. Our expert source is Robert Fox, director of B2B/EAI Software Development at Liaison Technologies in Alpharetta, Ga. Liaison Technologies cleanses and validates business data for master data management purposes and securely integrates and manages complex business information on-premise or in the cloud. Read More

h1

Google Drive Wants a Piece of the File Sharing and Storage Pie – But It Might Not Taste So Sweet for Businesses

May 1, 2012

This week Google announced its newest offering, Google Drive. The launch of Google Drive, a cloud-based file storage and synchronization tool, places Google’s hat in the ring with other file sharing services. In response, Vice President of Sales and Client Services at FilesAnywhere, Shayne Mehringer, gave this statement:

“Google is king when it comes to Internet searching, and websites around the world count on them for outstanding targeted advertising abilities. However, this doesn’t necessarily make them right for the business and consumer file storage market. Oversaturation in the online storage and collaboration market is actually a good thing for us. Smart, professional consumers and corporations will now be forced to do their homework. Source 

h1

The Winners of WSJ’s Data Transparency Weekend

April 17, 2012

magine installing a service on your cellphone that lets you see all the data – from location to address book info – transmitted by your phone. Or a simple website where you and your friends could have private chats that couldn’t be read by the most aggressive spying agencies. Or a service that lets you know how many tracking codes are on a site before you clicked on it.

Lam Thuy Vo
One of the coders at the Data Transparency Weekend models the official T-shirt from the event.

Over the weekend, more than 100 computer programmers built those tools and many more at the Wall Street Journal’s first-ever Data Transparency Weekend in New York.

The event was an outgrowth of the Journal’s extensive reporting about how companies and government’s are increasingly using technology to collect personal data. The event was designed to promote the creation of tools that let people see and control their personal data.

After a weekend of coding, nearly 20 projects were submitted for judging on Sunday. The entries were judged by Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon, Sid Stamm, Web security and privacy strategist at Mozilla and Andrew McLaughlin, former deputy chief technologist at the White House and vice president at Tumblr.

Danny Weitzner, the deputy chief technologist at the White House, handed out the certificates to the winning teams. The winners were:

Outstanding Scanning Project: TOSBack2 – a project to scan the Web to build a “living archive” of all privacy policies online.

Outstanding Education Project: PrivacyBucket – software that lets users of the Chrome Web browser view the type of demographic estimates that Web tracking companies make about them based on their Web browsing history.

Outstanding Control Project: Cryptocat – an instant messaging service that lets people engage in encrypted chats inside their Web browsers or on their phones. Extra bonus: the program lets people generate random numbers (which are needed for encryption) by shaking their phone – allowing the creators to say that their program is powered by dance moves.

Judge’s Choice Award: Site Scoper – a website that scans for tracking files and sensitive content on websites before you visit it.

“Ready for Primetime” Award: MobileScope – a service that lets people see what data is being transmitted without their knowledge by their cellphone. It also offers ad-blocking and do-not-track services for cellphones.

The judges also dreamed up their own three award categories:

The Zuckerberg/Systrom Memorial Award for Opportunistic Optimism Award: Pestagram, for its blatantly commercial mashup of hot Web technologies Instagram and Pinterest.

Best Listener Award: The Price of Free, for the fact that the project was generated by Professor Acquisti’s speech kicking off the weekend, in which he challenged participants to find ways to quantify how much people are paying with their data for free services.

And, finally, The Soup Cans and String Winner: Ostel, for its work on technology that allows people to make encrypted cellphone calls using voice-over-the-Internet technology.

Source: The Winners of WSJ’s Data Transparency Weekend

h1

Top 10 managed file transfer considerations

April 11, 2012

 1. Platform Openness – To reduce the points of connection to sensitive data and reduce the risk of exposure to those without a need-to-know the MFT solution should be installed on the server operating system where the sensitive data and applications reside. If your corporate data mostly resides on the IBM X, then it would make sense to get a MFT solution that runs on the IBM X.

2. Authorization Controls – To meet many compliance regulations, the MFT solution must provide role based access to limit user access to certain servers or MFT functions based on user credentials.

 3. Secure FTP – Plain FTP is not secure. The MFT solution must support both SFTP (FTP over SSH) and FTPS (FTP over SSL) protocols for secure FTP transfers.

 4. Encryption Standards – At minimum, the solution should support the industry standard encryption standards: AES, Open PGP, AS2, SSH, SSL, TLS and S/MIME.

5. Database Integration – The MFT should readily connect to DB2, SQL Server, Oracle, MySQL and other popular database servers for extracting and inserting data.

6. Data Transformation – Is the ability to translate data between popular data formats including XML, CSV, Excel and fixed-width text formats.

7. Data Compression – Compresses and packages data using popular standards such as ZIP, GZIP and TAR to reduce transmission times.

8. Application Integration – The MFT should provide commands and APIs for interfacing with your applications.

 9. Scheduling – Allows transfers and other MFT functions to be scheduled for future dates and times.

10. Key Management – Does the MFT include management tools for creating, importing and exporting keys and certificates?

h1

Apple holds the master decryption key when it comes to iCloud security, privacy

April 5, 2012

Apple can potentially decrypt and access all data stored on iCloud servers. This includes contacts, notes, unencrypted e-mails, application preferences, Safari bookmarks, calendars, and reminders.

This was recently confirmed by a source speaking to Ars, and security researcher and forensic data analysis expert Jonathan Zdziarski agreed. “I can tell you that the iCloud terms and conditions are pretty telling about what the capabilities are at Apple with respect to iCloud, and suggests they can view any and all content,” Zdziarski told Ars.

In particular, Zdziarski cited particular clauses of iCloud Terms and Conditions that state that Apple can “pre-screen, move, refuse, modify and/or remove Content at any time” if the content is deemed “objectionable” or otherwise in violation of the terms of service. Furthermore, Apple can “access, use, preserve and/or disclose your Account information and Content to law enforcement authorities” whenever required or permitted by law. Apple further says that it will review content reportedly in violation of copyright under DMCA statutes.

“If iCloud data was fully encrypted, they wouldn’t be able to review content, provide content to law enforcement, or attempt to identify DMCA violations,” Zdziarski told Ars.

Source

h1

New EU Data Laws: Cloud Brings Increased Risk Of Massive Fines

April 4, 2012

That was the warning delivered by Vinod Bange, a top London-based IT lawyer, as the EU proposes new laws to penalise data breaches.

Bange said: “Regulatory sanctions have gone way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover. That’s big news and a big change.

“Organisations have moved on so much since the original legislation in 1995. In this globalised, outsourced, social media, cloud driven environment, you could end up with a third tier fine.”

The EU is proposing three tiers of fines, the first of which runs up to £209,000 or 0.5 per cent of turnover, the second up to £418,000 or 1 per cent of turnover. The top tier allows for a fine of up to £837,000 or 2 per cent of turnover.

The latter could be a potentially massive fine to the tune of hundreds of millions, with tier three penalties relating to international data transfers. Businesses using the cloud, and data centres across the globe, could be more vulnerable to this massive whack of a fine.

Currently, the ICO’s maximum imposition for those who aren’t careful with their data is a £500,000 penalty.

Source: Computerworld

Read more: http://www.itproportal.com/2012/04/02/new-eu-data-laws-cloud-brings-increased-risk-of-massive-fines/#ixzz1r2Ox2ptx