Archive for July, 2009

iPhone 3GS and BlackBerry (In)securities..

July 27, 2009 1 comment

This weeks (potential) major fail goes to Apple for the iPhone 3GS security. As reported by Wired and others, it seems the new 3GS encryption touted by Apple in their “iPhone Security Overview” isn’t so secure after all.

The offical description of the new feature sounds pretty good:

iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses
AES 256 bit encoding to protect all data on the device. Encryption is always enabled,
and cannot be disabled by users.

iPhone 3GS offers hardware-based encryption. iPhone 3GS hardware encryption uses AES 256 bit encoding to protect all data on the device. Encryption is always enabled, and cannot be disabled by users.

But this excellent 2nd video demonstration by Jonathan Zdziarski shows plainly that there could be something very flawed about it. Read more…


FSA Fines HSBC Companies $7,500,000 for data security issues

July 23, 2009 Leave a comment

Following on from my recent posts regarding fines and the cost of data leakage (TJX and Cornell), I thought I’d also bring to your attention the latest initiated by the FSA (Financial Services Authority of UK) against HSBC – On 22nd July A tidy penalty of £4,550,000 ($7.5m) for two failures to protect personal information. HSBC will get a nice 30% discount on this for early payment, leaving them with a bill for £3,185,000 ($5.26m) plus their own internal costs.

Read more…

AES-256 and Reputational Risk

July 21, 2009 Leave a comment

I came across this excellent article while looking for something different. Dr O’Connor succinctly sums up the idea of impossible, and more impossible when talking about the relative key lengths of encryption algorithms.

Reputational risk is something that everyone understands, particularly businesses who regard their brand as one of their most critical assets. There is considerable trust in the security of AES-256, both in the public and commercial sectors. Reputational risk to AES-256 has a very high impact, and we therefore hope, a very low likelihood of occurrence.

AES-256 and Reputational Risk

About Language and Keyboard Settings in SafeBoot…

July 20, 2009 Leave a comment

I just uploaded a page explaining some of the finer details of the language and keyboard routines in the McAfee Endpoint Encryption for PCs and SafeBoot Device Encryption for PC’s (v5) products. I hope it helps some people iron out some implementation questions.

About Keyboard and Language Settings in McAfee/SafeBoot Encryption

Evesdropping in airports…

July 15, 2009 1 comment

I was flying this week between offices, and being travel-bored and a nosy so-and-so I zeroed in on an extremely loud conversation taking place between a fellow traveler and what must had been his Bangalore helpdesk.

A typical situation, middle aged gent in a sports jacket and slacks, reasonable shoes though needing cleaning, expensive watch etc. Blackberry glued to the side of his face, Glass of airport Merlot on the table. Read more…

Guy Kawasaki sums up Innovation…

July 13, 2009 3 comments

Guy KawasakiI find it hard to add further comment to Guy Kawasaki’s presentation at Cisco Live. He sums up the difference between delivering a product to market, and delivering the product. For those who don’t know of Guy, he’s an ex Apple fellow, and an author of books such as The Macintosh Way and How to Drive Your Competition Crazy. You can find his Blog online where he comments widely on Apple, social media, energy and all kinds of interesting things. He’s now involved in matchmaking entrepreneurs and angel investors, and public speaking. For Guy, innovation means deep, intelligent, complete and elegant (DICE).

The take away I want to highlight is his message that you have anticipated what people need before they known they need it. Something that in my opinion is best served by gut feeling, industry experience and deep thought – not by asking an analyst what you should do.

To be truly great, and to be truly innivotive, you need to take some chances and push the envelope..

What makes innovation? First quality of innovation is that the product is deep, lots of features, does lots of stuff. You have anticipated what people need before they know they need it. They will not run out of power. Great products, great services are deep. Read more…

Google ChromeOS – Browser wars spill over into the OS world..

By now you’d have to be living in a cave not to have heard the press from Google re their new Chrome OS. First mentioned by Sundar Pichai on the GoogleBlog, news has been spreading like wildfire with even sites like BBC News picking up the story.

Why is this so important? Well, it’s one of those rare occasions when someone releases or announces something which could really change the way we use computers, and of course it’s also something that could really compete with Microsoft. Whether you accept Chrome OS will be a completely new OS, or whether you’re one who believes that Chrome OS is just going to be a user friendly redistribution of a *nix platform with a cool UI and application load, it’s still very interesting news. Read more…

Changes to PII and PCI regulations in Nevada

This week Linda McGlasson talked on BankInfo security about some changes to Nevada’s data protection stance. Nevada’s laws are no less complex than other states, but interestingly they have a few which, when combined, give a tighter than usual position.

The interesting bills are CHAPTER 603A – SECURITY OF PERSONAL INFORMATION, which deals with the regulations of Business Practices. This law puts the state teeth behind the PCI regulations, enforcing things which the payment card industry require as part of PCI compliance with state-driven criminal and financial penalties. Read more…

Founder and CEO of EBank steals 200bn to fund a downpayment on a house.

Ok, if you’re worried this is another Madoff story calm down – the likelihood is that your greens are still safe.

Following on from my recent post on Gold Farming, I thought I’d mention the case in early June of the CEO of the on line bank EBank in the game “Eve Online” – now, before you hit back in frustration about another irrelevant “game” article, think about this – CEO Ricdic cashed out some 200 billion credits of stolen virtual money from the bank he founded, and used the resulting  US$6000 hard cash to pay medical bills and put a down payment on a house – yes, a REAL house, in the REAL world. Read more…

China takes steps to criminalize “Gold Farming”

July 2, 2009 1 comment

Gold Farmers (apparently)

This week the Ministry of Commerce for The Peoples Republic Of China joins Korea in announcing a new initiative to implement controls on the conversion of virtual to physical currency. The press release on the MOFCOM site highlights the scope of the problem:

According to media reports, the virtual money trade topped several billion yuan (¥1B=US$146M)  last year after rising around 20 percent annually.

Though this move seems to be targeted towards individuals bypassing tax payments by transacting online money for real goods and services, it also touches on the greater problems of CyberLaudering and Gold Farming. Read more…