Posts Tagged ‘Cybersecurity’

h1

The Winners of WSJ’s Data Transparency Weekend

April 17, 2012

magine installing a service on your cellphone that lets you see all the data – from location to address book info – transmitted by your phone. Or a simple website where you and your friends could have private chats that couldn’t be read by the most aggressive spying agencies. Or a service that lets you know how many tracking codes are on a site before you clicked on it.

Lam Thuy Vo
One of the coders at the Data Transparency Weekend models the official T-shirt from the event.

Over the weekend, more than 100 computer programmers built those tools and many more at the Wall Street Journal’s first-ever Data Transparency Weekend in New York.

The event was an outgrowth of the Journal’s extensive reporting about how companies and government’s are increasingly using technology to collect personal data. The event was designed to promote the creation of tools that let people see and control their personal data.

After a weekend of coding, nearly 20 projects were submitted for judging on Sunday. The entries were judged by Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon, Sid Stamm, Web security and privacy strategist at Mozilla and Andrew McLaughlin, former deputy chief technologist at the White House and vice president at Tumblr.

Danny Weitzner, the deputy chief technologist at the White House, handed out the certificates to the winning teams. The winners were:

Outstanding Scanning Project: TOSBack2 – a project to scan the Web to build a “living archive” of all privacy policies online.

Outstanding Education Project: PrivacyBucket – software that lets users of the Chrome Web browser view the type of demographic estimates that Web tracking companies make about them based on their Web browsing history.

Outstanding Control Project: Cryptocat – an instant messaging service that lets people engage in encrypted chats inside their Web browsers or on their phones. Extra bonus: the program lets people generate random numbers (which are needed for encryption) by shaking their phone – allowing the creators to say that their program is powered by dance moves.

Judge’s Choice Award: Site Scoper – a website that scans for tracking files and sensitive content on websites before you visit it.

“Ready for Primetime” Award: MobileScope – a service that lets people see what data is being transmitted without their knowledge by their cellphone. It also offers ad-blocking and do-not-track services for cellphones.

The judges also dreamed up their own three award categories:

The Zuckerberg/Systrom Memorial Award for Opportunistic Optimism Award: Pestagram, for its blatantly commercial mashup of hot Web technologies Instagram and Pinterest.

Best Listener Award: The Price of Free, for the fact that the project was generated by Professor Acquisti’s speech kicking off the weekend, in which he challenged participants to find ways to quantify how much people are paying with their data for free services.

And, finally, The Soup Cans and String Winner: Ostel, for its work on technology that allows people to make encrypted cellphone calls using voice-over-the-Internet technology.

Source: The Winners of WSJ’s Data Transparency Weekend

h1

Top 10 managed file transfer considerations

April 11, 2012

 1. Platform Openness – To reduce the points of connection to sensitive data and reduce the risk of exposure to those without a need-to-know the MFT solution should be installed on the server operating system where the sensitive data and applications reside. If your corporate data mostly resides on the IBM X, then it would make sense to get a MFT solution that runs on the IBM X.

2. Authorization Controls – To meet many compliance regulations, the MFT solution must provide role based access to limit user access to certain servers or MFT functions based on user credentials.

 3. Secure FTP – Plain FTP is not secure. The MFT solution must support both SFTP (FTP over SSH) and FTPS (FTP over SSL) protocols for secure FTP transfers.

 4. Encryption Standards – At minimum, the solution should support the industry standard encryption standards: AES, Open PGP, AS2, SSH, SSL, TLS and S/MIME.

5. Database Integration – The MFT should readily connect to DB2, SQL Server, Oracle, MySQL and other popular database servers for extracting and inserting data.

6. Data Transformation – Is the ability to translate data between popular data formats including XML, CSV, Excel and fixed-width text formats.

7. Data Compression – Compresses and packages data using popular standards such as ZIP, GZIP and TAR to reduce transmission times.

8. Application Integration – The MFT should provide commands and APIs for interfacing with your applications.

 9. Scheduling – Allows transfers and other MFT functions to be scheduled for future dates and times.

10. Key Management – Does the MFT include management tools for creating, importing and exporting keys and certificates?

h1

Apple holds the master decryption key when it comes to iCloud security, privacy

April 5, 2012

Apple can potentially decrypt and access all data stored on iCloud servers. This includes contacts, notes, unencrypted e-mails, application preferences, Safari bookmarks, calendars, and reminders.

This was recently confirmed by a source speaking to Ars, and security researcher and forensic data analysis expert Jonathan Zdziarski agreed. “I can tell you that the iCloud terms and conditions are pretty telling about what the capabilities are at Apple with respect to iCloud, and suggests they can view any and all content,” Zdziarski told Ars.

In particular, Zdziarski cited particular clauses of iCloud Terms and Conditions that state that Apple can “pre-screen, move, refuse, modify and/or remove Content at any time” if the content is deemed “objectionable” or otherwise in violation of the terms of service. Furthermore, Apple can “access, use, preserve and/or disclose your Account information and Content to law enforcement authorities” whenever required or permitted by law. Apple further says that it will review content reportedly in violation of copyright under DMCA statutes.

“If iCloud data was fully encrypted, they wouldn’t be able to review content, provide content to law enforcement, or attempt to identify DMCA violations,” Zdziarski told Ars.

Source

h1

New EU Data Laws: Cloud Brings Increased Risk Of Massive Fines

April 4, 2012

That was the warning delivered by Vinod Bange, a top London-based IT lawyer, as the EU proposes new laws to penalise data breaches.

Bange said: “Regulatory sanctions have gone way off the scale in terms of what we are used to right now. The sting in the tail, which did not exist before, is that there is a provision to calculate a fine that is based on a percentage of annual global turnover. That’s big news and a big change.

“Organisations have moved on so much since the original legislation in 1995. In this globalised, outsourced, social media, cloud driven environment, you could end up with a third tier fine.”

The EU is proposing three tiers of fines, the first of which runs up to £209,000 or 0.5 per cent of turnover, the second up to £418,000 or 1 per cent of turnover. The top tier allows for a fine of up to £837,000 or 2 per cent of turnover.

The latter could be a potentially massive fine to the tune of hundreds of millions, with tier three penalties relating to international data transfers. Businesses using the cloud, and data centres across the globe, could be more vulnerable to this massive whack of a fine.

Currently, the ICO’s maximum imposition for those who aren’t careful with their data is a £500,000 penalty.

Source: Computerworld

Read more: http://www.itproportal.com/2012/04/02/new-eu-data-laws-cloud-brings-increased-risk-of-massive-fines/#ixzz1r2Ox2ptx

h1

Biometric market set to grow to $14.685 billion by 2019.

March 26, 2012

Frost & Sullivan has carried out a new assessment of the global biometrics market that predicts 2010 revenues of $4.49 billion will increase to $14.685 billion by 2019. Universal adoption of biometric passports will be the driving force in this growth as so-called eGates are implemented at borders around the world. Portable devices used by the police and the military will also become increasingly common in the fight against crime and terrorism, according to the report. Frost & Sullivan also suggests that biometrics will be almost universally adopted in the identification of citizens through IDs, driver’s licenses and healthcards complete with biometric capabilities. Research analyst Krzysztof Rutkowski explained: “The civil and military biometric market will be highly influenced by the universal adoption of biometric passports. This will pave the way for the adoption of other measures, such as eGates, that will enhance the biometric possession experience.”

h1

Google wants to serve you ads based on the background noise of your phone calls

March 23, 2012

Just when you think that we’re pretty tech savvy, companies like Google and Nokia file outlandish “forward-thinking” patents that make you feel like we’re all in a Star Trek episode. In the case of Google’s latest patent, it makes us feel like we’re in a police state.

The patent discusses the technology to analyze the background noise during your phone call and serve up ads for you based on the environmental conditions Google picks up on.

 

h1

Free cloud services compared

March 13, 2012

Not all cloud services are built alike. We take a look at some of the most popular options — what they’re for, how you can use them and, most importantly, what you get.