Cost of Global Cybercrime is $114 Billion Annually: Norton says

For the first time a Norton study calculates the cost of global cybercrime: $114 billion annually.[i] Based on the value victims surveyed placed on time lost due to their cybercrime experiences, an additional $274 billion was lost.[ii] In India it is estimated that more than 29.9 million people fell victim to cybercrime last year, suffering $4 billion in direct financial losses and an additional $3.6 billion in time spent resolving the crime. With 431 million adult victims globally in the past year and at an annual price of $388 billion globally based on financial losses and time lost, cybercrime costs the world significantly more than the global black market in marijuana, cocaine and heroin combined ($288 billion).[iii]

According to the Norton Cybercrime Report 2011 more than two thirds of online adults (69 percent) have been a victim of cybercrime in their lifetime. Every second 14 adults become a victim of cybercrime, resulting in more than one million cybercrime victims every day.[iv] In India, four in five online adults (80 percent) have been a victim of cybercrime.

For the first time, the Norton Cybercrime Report reveals that 10 percent of adults online globally (17 percent in India) have experienced cybercrime on their mobile phone. In fact, the Symantec Internet Security Threat Report, Volume 16[v] reported there were 42 percent more mobile vulnerabilities in 2010 compared to 2009 – a sign that cybercriminals are starting to focus their efforts on the mobile space. The number of reported new mobile operating system vulnerabilities increased, from 115 in 2009 to 163 in 2010. In addition to threats on mobile devices, increased social networking and a lack of protection are likely to be some of the main culprits behind the growing number of cybercrime victims.

Male, Millennial, Mobile

The study identifies men between 18 and 31 years old who access the Internet from their mobile phone as even more likely victims: in this group four in five (80 percent) have fallen prey to cybercrime in their lifetime. Globally, the most common – and most preventable – type of cybercrime is computer viruses and malware with 54 percent of respondents saying they have experienced it in their lifetime. Viruses are followed by online scams (11 percent) and phishing messages (10 percent). Earlier this year the Symantec Internet Security Threat Report, Volume 16, found more than 286 million unique variations of malicious software (“malware”) compared to the 240 million reported in 2009, representing a 19 percent increase.[vi]

“There is a serious disconnect in how people view the threat of cybercrime,” said Gaurav Kanwal, Country Sales Manager for India and SAARC, Consumer Business Unit, Symantec. “Cybercrime is much more prevalent than people realize. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year. And while 89 percent of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cybercrime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety.”

The disconnect between awareness and action is further illustrated by the fact that while 74 percent of respondents say they are always aware of cybercrime, many are not taking the necessary precautions. Forty-one percent of adults indicated they don’t have an up to date security software suite to protect their personal information online. In addition, less than half review credit card statements regularly for fraud (47 percent), and 61 percent don’t use complex passwords or change them regularly. Among those who access the Internet via their mobile phone, only 16 percent install the most up to date mobile security.

Sony PlayStation Hack Leads to Credit Cards Insecurity

IT security and control firm, Sophos, is advising users of Sony’s PlayStation Network that they are at risk of identity theft after hackers broke into the system and accessed the personal data of videogame players.

The implications of the hack, which resulted in the service being offline since last week, are only now becoming clear as Sony has confirmed that the hackers, who broke into the system between April 17th and April 19th, were able to access the online gamers’ personal information. According to computer security firm Sophos, users should take immediate action to ensure that their online identities are secure, and that fraudsters cannot take advantage of stolen credit card information.

“If you’re a user of Sony’s PlayStation Network, now isn’t the time to sit back on your sofa and do nothing. The fraudsters won’t wait around – for them this is a treasure trove ripe for exploiting. You need to act now to minimize the chances that your identity and bank account become casualties following this hack,” said Graham Cluley, Senior Technology Consultant at Sophos. “That means, changing your online passwords (especially if you use the same password on other sites), and considering whether it would be prudent to inform your bank that as far as you’re concerned your credit card is now compromised.”

Sony has warned that hackers have been able to access a variety of personal information belonging to users including:
· Name
· Address (city, state, pin code)
· Country
· Email address
· Date of birth
· PlayStation Network/Priority password and login
· Handle/PSN online ID

In addition, Sony warns that profile information – such as history of past purchases and billing addresses, as well as “secret answers” given to Sony for password security may also have been obtained. Sony also admits that it cannot rule out the possibility that credit card information may also have been compromised.

“The fact that credit card details, used on the network to buy games, movies and music, may also have been stolen is very disturbing,” continued Cluley. “If Sony loses your credit card information, it’s no different from you losing your credit card – you should cancel that card immediately. Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format. All in all, this is a PR and security disaster for Sony.

TrustPort Antivirus successfully cleared comparative tests

TrustPort announced that following rigorous tests conducted by two major independent laboratories – VB100 and AV-Comparatives – its products have been rightly acclaimed as featuring the best antivirus technology in the industry.

The test set utilised by AV-Comparatives contained about 400,000 malware samples not older than six months. TrustPort Antivirus attained the top position in the test by detecting 99.2% of the samples, an outcome unrivalled by any of the competing products. The product has thus gained yet another AV- Comparatives Advanced+ award.

There were almost seventy vendors listed in the April comparative testing by Virus Bulletin. Their products were subject to a range of tests, focused on scanning both on-demand and on-access, evaluating reactive and proactive detection techniques, taking into account performance criteria as well.

TrustPort Antivirus won the first place with the success rate of 98% and with 0% of false alarms.

“TrustPort is one of the handful of multi-engine products that routinely vies for the highest set of scores in our tests, marking out the top right corner of our reactive and proactive quadrant as its own,” noted John Hawes, Technical Consultant at Virus Bulletin. “The company’s recent test record is excellent, with nine passes in the last dozen tests, the other three not entered; the last year shows four passes from four entries.”

Virus Bulletin report by John Hawes described the qualities of TrustPort
Antivirus in detail: “The set-up process is fairly speedy, with no deviations from standard practice, and all is done in a minute or so with no need to restart.” It went on by appreciating the excellent detection rates, which “barely dropped below 99% in most areas, with even the proactive week of the reactive and proactive sets showing a truly superb score. The WildList was brushed aside, and perhaps most importantly the clean set was handled admirably.”

Sanovi enhances it’s DRM Suite

Sanovi Technologies announced the launch of Sanovi DRM 4.0 product suite, a next generation DRM suite based on Agent-less technology and state-of-art UI technologies. The upgraded software aims to make business continuity processes easier for organizations and supports ‘Agent-less’ protocols, enhanced CIO dashboards and advanced automation.

Following the earlier version of the DRM Suite, the software upgrade delivers advanced applications and services for the datacenter, leverages virtualization to simplify business continuity planning & testing, and reduces the risk and complexity associated with executing disaster recovery workflows

“Sanovi is excited about the new release of its DRM suite. With the Agent-less technology, it will transform customer DR infrastructure into reliable DR services non-disruptively. This is huge, considering that enterprise customers do not have to plan for downtime of their critical infrastructure. It will empower the DR Managers and IT decisions makers more effectively in DR SLA management,” said Mr. Lakshman Narayanaswamy, Co-founder and Vice-President, Products at Sanovi Technologies. “This release also brings much needed support for several IBM customers who run their applications on DB2 database technology,” he added.

Sanovi DRMTM 4.0 is designed to make recovery readiness easier and supports broader customer infrastructure based on IBM DB2 technology. The new release features next generation dashboard architecture including the DR Manager Dashboard and Operational Dashboards for efficient analysis of DR readiness. Its Agent-less Technology will enable customers to deploy Sanovi software without the need for any additional software on their mission critical infrastructure. The release also extends its innovate workflow engine capability to enable advanced automation and enhanced audit logging. The new release is compatible with HP Continuous Access and IBM DB2.

“After the economic slowdown, a lot of SMEs have also realized the need for DRM while large enterprises are making it as one of their top three priorities,” said Mr. Chandra Sekhar Pulamarasetti, Co-founder and CEO, Sanovi Technologies. “In an IT environment, a disaster can cause extreme downtime, total interruption of processes, disruption in business operations, and loss of revenue. We believe that the new version of the Sanovi DRM suite will address these problems more effectively,” he added.

More than 50 large enterprises including several Fortune 500 companies are already using Sanovi’s DRM products. Sanovi solutions are available directly and through several partners including HP, HCL, and Wipro Technologies.

Kaspersky Ranked Among Top Three IT Security Vendors

Kaspersky Lab announces that Gartner has ranked the company as the third largest vendor of consumer IT security software worldwide in its annual “Market Share: Security Software, Worldwide, 2010” report published on March 30, 2011 by Ruggero Contu and Matthew Cheung.

According to Gartner, Kaspersky Lab’s share of the global consumer IT security market reached 9% in 2010, a 2 percentage points increase compared to the company’s 2009 results. Kaspersky Lab’s consumer security revenue grew 42% in 2010, compared to the results of previous year. Since 2008, Kaspersky Lab has seen a 7% increase in its share of the consumer IT security market, significantly outperforming the growth rates of its main competitors and in 2010, the company became the third largest vendor of consumer IT security software worldwide.

Kaspersky Lab is currently the fifth largest vendor of Enterprise Endpoint Protection, according to Gartner data. The company has demonstrated one of the highest revenue growth rates in 2010 (+30%) and is well-placed to further improve its market position in this sector.

“Consistent market growth relies on several crucial points – quality of products, better detection rates and better support.” – Said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab. – “By investing into these pivotal areas, Kaspersky Lab is constantly improving its market positions as confirmed by many of the world’s leading analytical agencies. Being the third largest vendor of consumer IT security products globally is a great achievement for us, but we will not rest on our laurels and plan to conquer the
market still further”

Facebook Scammers targeting Over 10 Million People: Sophos

IT security and data protection firm, Sophos, is warning Facebook users to be wary of bogus event invites that are currently circulating on the social network. Spammers have invited millions of Facebook users to fake events in an attempt to generate income from online survey scams.

One event, called “Who blocked you from his friend list?” has already tricked more than 165,000 people into signing-up, with a staggering 10.3 million users still debating whether to respond or not.

The scammers embed instructions into the ‘More info’ section of the event’s summary, which leads unsuspecting Facebook users into visiting webpage’s for online surveys or competitions, designed to earn commission for those behind the scheme. In some instances, users are also asked for a mobile phone number – which is then signed up to an expensive premium rate service.

“These spammed-out event invitations and links to survey scams are one of the biggest nuisances on Facebook right now, impacting millions of users every day,” said Graham Cluley, Senior Technology Consultant at Sophos. “It would be great if Facebook was being more proactive in shutting down these obviously bogus events, as currently it’s far too easy for the scammers to fill their pockets through schemes like this.”

Facebook users are reminded never to accept unsolicited invitations from suspicious events, and always think twice about clicking on links received via Facebook.

Kaspersky Internet Security 2011 Gets Top Marks in AV-Test.org

Kaspersky Lab announces that Kaspersky Internet Security 2011 has produced excellent results in tests carried out by the authoritative research center AV-Test.org.

In February 2011, the independent IT test organization AV-Test.org conducted a comprehensive test of 26 of the most popular antivirus solutions. All the solutions were subjected to ‘Real World’ testing that involved blocking infection attempts from malicious websites, as well as dynamic testing – detecting malware by analyzing its behavior as it launches. Additionally, the performance of each solution was tested, including its ability to unpack archives and to avoid false positives. All of the solutions tested were installed on computers running Microsoft Windows 7 32-bit.

Kaspersky Internet Security 2011 demonstrated excellent results, neutralizing 100% of the ‘Real World’ threats and detecting all of the threats in the dynamic and WildList categories. The Kaspersky Lab product was the only solution to detect, block and remove all of the dynamic threats in the test. Kaspersky Lab’s solution was also highly commended for its exceptional performance and success in unpacking all types of archives.

“We are especially delighted that our solutions have continued to demonstrate the highest levels of protection in the ‘Real World’ and Dynamic Malware Detection tests, which simulate everyday situations on users’ computers. Tests such as these are the most objective way to evaluate the capabilities of antivirus solutions. During the test, Kaspersky Internet Security 2011 neutralized all of the most recent threats, such as malicious scripts from infected web pages and new malware,” said Nikita Shvetsov, Head of Kaspersky Lab’s Anti-Malware Research Unit.

Sophos Reveals Increase in Security Threats from Social Networking

IT security and control firm, Sophos, has published its Security Threat Report 2011, analyzing cybercrime during the last year and looking at IT security trends to watch in 2011. A highlight of the report is the findings of Sophos’s latest ‘Social Security’ survey*, which polls computer users on their experiences of social networking security threats.

The survey charts user experience of social networking, particularly in the workplace.

By mid-2010, Facebook recorded half a billion active users, making it not only the largest social networking site, but also one of the most popular destinations on the web. Unsurprisingly, this massive and committed user base is heavily targeted by scammers and cybercriminals, with the number and diversity of attacks growing steadily throughout 2010 – malware, phishing and spam on social networks have all continued to rise in the past year, with the survey finding that-

· 40% of social networking users quizzed have been sent malware such as worms via social networking sites, a 90% increase since the summer of 2009

· Two thirds (67%) say they have been spammed via social networking sites, more than double the proportion less than two years ago

· 43% have been on the receiving end of phishing attacks, more than double the figure since 2009

“Rogue applications, click jacking, survey scams – all unheard of just a couple of years ago, are now popping up on a daily basis on social networks such as Facebook,” said Graham Cluley, Senior Technology Consultant at Sophos. “Why aren’t Facebook and other social networks doing more to prevent spam and scams in the first place? People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cybercriminals or infect innocent computers.”

Although results vary across the individual networks of Facebook, Twitter, MySpace and LinkedIn, the latest poll suggests that half of those surveyed have been given unrestricted access to social networks at work. Paradoxically, 59% believe employee behavior on social networking sites could endanger corporate network security, and 57% worry that colleagues are sharing too much information on social networks.

“Total bans on users accessing social networking sites are becoming rarer, as more firms recognize the value such sites can bring in raising brand awareness and delivering social media marketing campaigns,” explained Cluley. “If your business isn’t on Facebook, but your competitors are, you are going to be at a disadvantage. But you have to be aware of the risks and secure your users while they’re online.”

Although 82% of the survey’s respondents felt that Facebook posed the biggest risk to security, Sophos has labeled an attack on the Twitter micro-blogging network as the biggest single social networking security incident of 2010.

The infamous ‘onMouseOver’ Twitter worm hit the Twitter site in September 2010, and spread like wildfire. The cross-site-scripting (XSS) attack demonstrated how quickly vulnerability on a social network can affect a huge number of users. High-profile victims included ex-Prime Minister’s wife Sarah Brown, Lord Alan Sugar, and even Robert Gibbs, the press secretary to US President Barack Obama.

A YouTube video, which journalists can embed in their stories, of the Twitter worm attack is available at

Undoubtedly the most high profile IT security story of 2010 was the Wiki Leaks saga, which saw a number of Distributed Denial-of-Service (DDoS) attacks launched against companies withdrawing support for the controversial whistle blowing site. There was also the widely reported ‘Stuxnet’ worm, linked with targeting SCADA systems used for industrial applications, including nuclear facilities. These exemplify the development of cybercrime from the initial stages of proof-of-concept and mischievous virus-writing, through financially motivated, organized criminal activity – undoubtedly still the primary threat – and finally a third, political motivation – a trend predicted to continue.

In addition to increasingly prevalent social networking threats, tried and tested cybercrime tactics continue to plague internet users. Although some websites are created with the intention of infecting visitors, legitimate websites continue to be a popular target for attack, as hackers who compromise them can distribute malware to unsuspecting internet users. The USA continues to be the home of most infected WebPages. However, over the past six months alone, European countries have become a more abundant source of malicious pages, with France in particular displacing China from the second spot, increasing its contribution from 3.82 to 10.00 percent of global malware-hosting websites.

“Many computer users still don’t realize that you can wind up with something nasty on your machine simply by visiting a website,” continued Cluley. “Over the year, we saw an average of 30,000 new malicious URLs every day – that’s one every two-to-three seconds. More than 70 percent of these are legitimate websites that have been hacked – this means that businesses and website owners could inadvertently be infecting their patrons unintentionally and without knowledge.”

*Sophos online survey, 1273 respondents, December 2010

Microsoft Warns of Windows Security Vulnerability

Microsoft issues an advisory on a Windows security vulnerability after exploit code went public. The bug is not under attack, according to the company.

Exploit code for a new Windows security bug has gone public, prompting Microsoft today to issue an advisory to warn users.

So far, no attacks taking advantage of the bug have been seen in the wild, Microsoft reported. The vulnerability lies in the Windows Graphic Rendering Engine and, according to Microsoft, can be used by an attacker to run arbitrary code in the context of the logged-on user.

“Today we released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. … The vulnerability does not affect Windows 7 or Windows Server 2008 R2, the newest versions of our operating system,” blogged Angela Gunn, senior marketing communications manager of Trustworthy Computing at Microsoft.

“To target this vulnerability, an attacker must convince a user to visit a specially crafted malicious Web page, or to open a malicious Word or PowerPoint file,” Gunn added. “Furthermore, users whose accounts are configured to have fewer user rights on the system would be less affected by an attack than those running with administrative rights. The Advisory includes further mitigations and workarounds to protect our customers.”

According to HD Moore, chief security officer at Rapid7, the bug was first presented at a Korean security conference last month. Exploit code for it has been added to Rapid7’s Metasploit Framework, a penetration testing tool.

“The biggest challenge was working around DEP [data execution prevention] and ASLR [addresses space layout randomization], but the current exploit is reliable on XP SP3 and Windows 2000,” Moore said. “It should be possible to port this to Windows 7 and embed it in a variety of file types (DOC, PPT, etc.), but the current version has a somewhat limited use case.”

He explained the attacker must persuade the user to browse a directory containing the file in Thumbnails mode and that the exploit relies on a complicated return path using ROP (return-oriented programming) that may not work when a certain multimedia codec is updated.

“Until the exploit is ported to work within OLE containers (DOC/PPT/etc.), I don’t think we will see widespread exploitation for the reasons above,” he said.

Jerry Bryant, group manager of response communications for Microsoft, said the issue does not currently rise to the level where it would require an out-of-band patch, but the company is working on a fix. Microsoft’s first Patch Tuesday update of the year is scheduled for Jan. 11.

As a workaround, users can follow the directions in the advisory to modify the access control list on shimgvw.dll.

“The real danger this vulnerability poses is that it can be exploited simply by getting a user to view a malicious thumbnail image associated with a number of different document types, including Microsoft Word,” explained Joshua Talbot, security intelligence manager for Symantec Security Response.

“Although a fix for this issue is not currently available, Microsoft has provided a workaround to help mitigate the impact of this vulnerability until it is patched. Users of all the affected operating systems—which range from Windows 2000 to Windows Vista to Windows Server 2008—should use caution when handling untrusted files and avoid following untrusted links. Monitoring networks for unexpected traffic to file shares might also aid in detecting attempted attacks.”

Facebook’s New Automated Photo Tagging Feature Raises Privacy Concerns, Sophos Reports

IT security and control firm, Sophos, is reminding Facebook users to keep up-to-date with their privacy settings as Facebook announces its latest controversial feature. The social network is launching automated photo tagging initially in the US, but will roll out the feature across the rest of the world in coming months.

Facial recognition software will mean Facebook can match people’s faces in photos with other images where they appear. The tagging will not be completely automatic, as the tags will just be suggestions, but users will be identified by default unless they opt-out.

Once users have been identified to Facebook by one friend, they run the risk of being identified by Facebook to other friends. Even people who aren’t on Facebook, or who choose not to identify themselves openly in uploaded photos, may nevertheless end up easy to find in online photos.

“While this feature may be appealing for those Facebook users that are keen to share every detail of their social life with their online friends, it is alarming to those who wish to have a little more anonymity,” said Graham Cluley, Senior Technology Consultant at Sophos. “Rather than allowing users to opt-out of this feature, surely Facebook users should be given the option to opt-in? A recent Sophos poll showed that 90% of Facebook users think that all Facebook features should become totally opt-in. With this new feature, I’d say that this percentage is likely to rise.”

If users are not willing to be part of this feature, they need to make sure that they opt-out when the feature is live. Keeping on top of new features and ensuring that privacy settings are up-to-date on Facebook is essential for Facebook users to ensure that they’re not sharing too much personal information online.

Juniper Networks Expands Security Services for Small to Mid-Size Data Centers

Juniper Networks announced general availability the SRX1400, the newest member of its leading SRX product line. The SRX1400 is a consolidated security services gateway ideal for securing small to mid-size enterprise, service provider and mobile operator data center environments.

“Not only does the SRX1400 help companies migrate their mid-size data centers to 10Gbps, but it also helps them reduce costs in the process,” said Sridhar Sarathy, Vice President – India Operations, Juniper Networks India. “The SRX1400 consolidates multiple security functions, including our new AppSecure application security capabilities, on a single services gateway, providing the flexibility to scale bandwidth and services in the future.”

For mobile service providers, the SRX1400 is a cost-effective solution that delivers security at scale to their core networks and protects against a variety of attacks and unauthorized access on critical infrastructure including the internet connection on the Gi interface, roaming exchanges and signaling networks. With its separate control and data planes, the SRX 1400 combines carrier-class resiliency with advanced inspection and protection capabilities developed specifically for mobile networks and applications.

The SRX1400 simplifies management and configuration with an integrated, single security policy and device management system for multiple security services. With excellent 1 and 10 GbE port density built-in and room for expansion, the modular design of the SRX1400 uses interchangeable cards from the SRX3000 line providing investment protection and simplifying sparing logistics.

“We are excited to see the expansion of the data center SRX product line with the introduction of the SRX1400,” said Bryan Miles, director of networking at Station Casinos. “The security services scale in a small form factor is a great fit for our smaller data center deployments, and the common policy, OS and hardware modules with our installed base of SRX 3K’s simplifies our operations and lowers our cost.”

The SRX1400 consolidates multiple security services and functions into one compact system by tightly integrating the configuration, security policy and device management of these services within the Junos operating system. Data center, enterprise and service provider security services include: stateful inspection of IPv4, IPv6, Streams Control Transmission Protocol, IPsec VPN, SSL decryption, IP and GTP hardware assisted Quality of Service, dynamic and virtual routing, AppSecure, Network Address Translation and application level gateways for IPv4 and v6, SCTP and GTP protocols.

The SRX 1400 is available now and starts at $30K.

Millionaire Targeted in Computer Virus – Related Scam, Sophos Reports

IT security and control firm Sophos has today reported that, US court has heard a couple conned at least $6 million from the great-grandson of an oil industry tycoon after he brought his virus-infected computer in for repair.

Although the victim’s name has not been released by the authorities, media reports have named him as jazz pianist and composer Roger Davidson, an heir of oil tycoon Conrad Schlumberger. According to reports, prosecutors in Westchester (NY), have charged 36-year-old Vickram Bedi and his girlfriend Helga Invarsdottir. The couple are said to have tricked the composer into believing that, while investigating the virus, they had found evidence that his life was in danger – concocting a story that the virus had been tracked to a hard drive in Honduras, and that evidence had been found that the composer’s life was in danger.

“Stories don’t get much more farfetched and oddball than this, but they do underline the importance for all of us to be on guard against scams,” said Graham Cluley, Senior Technology Consultant at Sophos. “Savvy computer users may be clued-up enough to dismiss such a scam, but can they honestly say that the same is true of every member of their family or social circle? Could there be an elderly or vulnerable person close to you who uses the internet, and might easily be hoodwinked by merciless scammers?”

http://nakedsecurity.sophos.com/2010/11/09/pianist-bizarre

ICICI adopts ATM monitoring solution

ICICI Bank adopts Wincor Nixdorf’s ProView solution for ATM monitoring. ProView software will remotely monitor the bank’s ATM network to improve system availability

India’s largest private sector bank, ICICI has adopted an integrated ATM monitoring solution from Wincor Nixdorf.

Wincor Nixdorf’s ProView software would remotely monitor the ICICI Bank ATM network spread across vast geography of the country.

The bank has a large, geographically dispersed reliable self-service network comprising of ATMs and cash dispensers. Deploying tools capable of timely detection and proactive maintenance are key factors in the successful operation of such self-service networks. Implementation of the Proview software would enhance real-time monitoring of ATMs based on status obtained directly from the ATMs rather than intelligence gathered from intermediate layers such as an ATM switch.

With the rollout of Wincor Nixdorf’s ProView software, ICICI will have real-time access to status updates on the operating state of each device down to the component level (e.g. card reader, journal printer, dispenser) thereby expediting resolution of issues. These features would enhance capabilities to perform remote diagnostics and carry out repairs via electronic access from a central location and result in better uptimes and minimize site visits by technicians.

ProView also has the capability to manage software distribution and file transfers (like electronic journal, camera images) from self-service devices thus reducing time in rollout of new features and information retrieval.

“We expect ProView to help ICICI Bank improve efficiencies and increase the overall availability of the self-service network,” said Pravir Vohra, ICICI Bank’s Group Chief Technology Officer.

“It is important for a bank such as ICICI to ensure that consumers have access to their cash at the ATM at any time of the day. This is why is it important to monitor devices 24/7 using appropriate software to ensure a maximum level of uptime is achieved,” said Eckard Heidloff, Chief Executive Officer, Wincor Nixdorf AG.

Online Caution or Confidence?

How do computer users around the world view online security risks? A survey commissioned by F-Secure in Finland, Germany, Malaysia, Poland, Sweden, UK and United States reveals some interesting international variations in people’s experiences and perceptions of the threats.

Asked how concerned they are about their online privacy and data security, Germans (77%) and Malaysians (73%) express the most concern, while the Swedes (42%) and Finns (36%) appear to be the least concerned – or the most confident about their online life.

The survey was commissioned by F-Secure and conducted by Zoomerang in May 2010 in Finland, Germany, Malaysia, Poland, Sweden, UK and United States with 1450 respondents.

An average of 49% of respondents across the seven countries say they have been hit by malware in the past 12 months, but their security software had notified them and prevented infection. The most malware hits are reported by Poland (70%), Finland (60%) and Malaysia (54%), with Germany (32%) reporting the lowest figure. Poland (14%) and Malaysia (11%) have the most respondents without any anti-virus protection on their computers which have been infected by malware.

Chia Wing Fei, senior manager, security response at F-Secure, says, “Germany seems to combine a high level of worry with a low level of exposure to the actual threats. Caution is good when surfing the web but being overly concerned may also prevent people from experiencing the full benefits of the Web. There is also a learning curve – as people become exposed to threats, they also learn how to deal with new situations and become more confident and less concerned. ”

International variation

The survey results also show that many computer users around the world are still unsure about security issues. For example, many people do not know if their computers have been infected in Sweden (38%),
United States (34%), UK (33%), and Germany (32%).

There is also wide variation in how concerned people are about specific types of malware attacks. Germans (65%) and Malaysians (59%) are the most concerned about downloading malware from a website, compared to just 22% of respondents in Finland. The risk of poisoned search results, which criminals use to lead people to malicious websites, is taken most seriously by the Germans (62%) and the British (41%).

According to the survey, credit card crime is the most prevalent in the United States, where 32% of the respondents have personally experienced it or know someone who has been a victim. Malaysia (27%) and UK (27%) also report a relatively high level of credit card crime, while the lowest incidence is in Poland (11%) and Finland (12%).

Security terminology remains a mystery

An average of 7% of respondents in the seven countries do not know what malicious code or malware is, with the highest scores occurring in the UK (12%), United States (12%) and Malaysia (9%). A significant proportion of Americans (29%) and the British (28%) are not aware what poisoned search results are. Rogue ware, such as the bogus security products that take computers hostage and fool people into making payments to remove fictitious malware, is a term only understood in Sweden and Poland.

How safe are you, during surfing Internet?

TrustPort, provider of Internet Security software, warns parents against online threats, silently awaiting their children whilst surfing the Internet. Holidays are now coming to an end and this time it is the parents that have work to do: providing their children with all necessary tools for safe surfing at school and at home. Some will buy their child a new desktop or a laptop or maybe they are going to upgrade the existing home PC. What they may not consider to do is ensure the safety of their offspring whilst using that computer.

Online security always is the primary focus for TrustPort. According to a survey of Harris
Interactive, they have found that children spend approximately 40 hours a week on the Internet.
They also discovered that more than 60% of parents believe that their children are learning
valuable skills online and that they aren´t wasting time there. Nevertheless one third of polled
children say they would definitely change their behaviour, if they knew that their parents were
watching or taking control of the Internet content.

TrustPort is warning that there are dangerous websites, which may not necessarily include
malicious code, but yet could be undesirable because of their content. These websites could for
example include undesirable content such as sex, violence or gambling. Parents should take steps
to protect their children from visiting such websites by openly communicating with them about this
topic, as well as through implementing a simple and flexible technology solution such as parental
lock. This is included in all TrustPort products. The parental lock detects and blocks undesirable
websites reliably. This feature has 13 pre-defined categories. It is simple to turn on or off any
category individually. Furthermore, specific websites can be specifically blocked over and above
offered the specified categories. If the parental lock analyses websites to be ‘improper’, a web
browser shows an error message with information about the website and a reason why access to
such a website is blocked. Parents can take further steps to ensure the safety of their children by password locking the parental settings to avoid tampering.

TrustPort advises every parent that wants protect their children against online threats, to keep the following recommendations:

• Be open during communication with your children and warn them about possible threats and about improper content at some websites

• Don´t allow your children to make private data available to anyone either through e-mails, social networks, or completing web forms

• Install on your children´s PC appropriate security software, which includes parental lock, such as TrustPort PC Security

• Consider the parental lock settings. Ensure regularly updates of your security software such as TrustPort PC Security so that it can be prepared for the newest online threats

CSC Launches Global Strikeforce Security Assessment Suite

Solution Provides Businesses and Governments Cost-Effective Way to Understand and Mitigate Risk Against Proliferation of Cyber Threats

CSC announced that it launched its enhanced CSC Global StrikeForce Security Assessments, a suite of elite services performed by a highly skilled global team of certified and licensed cybersecurity experts. The CSC Global StrikeForce Security Assessments evaluate the technical controls associated with people, process and technology to provide visibility into current risk, threat and compliance profiles. It then identifies the gaps and delivers a remediation plan.

The enhanced solution suite provides organizations a quick, cost-effective way to understand cyber threats, prepare for compliance audits, enact a security incident investigation, understand architectural or technology changes and provide assurance regarding the threat profile. In addition, CSC’s Global StrikeForce Security Assessments provide a foundation for improved, risk-based decision making in order to achieve compliance and prioritize investments.

The solution suite includes:
· Vulnerability Assessment to help detect, identify and report on security weaknesses in an environment.
· Web Application Assessment that provides a comprehensive examination of both commercial and in-house applications for vulnerabilities and security threats within applications.
· Technology Compliance Assessment to help meet regulatory compliance and corporate policy requirements.
· Physical and Social Engineering Assessments that examine non-technical issues with the potential to impact sensitive information.

“Stricter legal, regulatory and compliance mandates, dynamic and complex operating environments, growing remote and mobile workforces, and an increasingly hostile threat environment are challenging organizations to manage information security risks more effectively,” said Gordon Archibald, chief technology officer for CSC’s Global Security Solutions. “CSC’s elite Global StrikeForce team knows how to treat client data without disrupting systems and help clients understand the vulnerabilities present in their environment.”

“Vulnerability reports that include recommendations for mitigation or remediation of vulnerable assets can improve the efficiency of IT operations, and risk-rated reports can help measure security effectiveness,” according to Gartner, Inc.’s “MarketScope for Vulnerability Assessment,” by Kelly Kavanagh, Mark Nicolett and John Pescatore. February 17, 2010.

Novell introduces Cloud Security Service

Novell Cloud Security Service provides provisioning, access, security and compliance solutions for computing in the cloud

Novell announced the general availability of Novell Cloud Security Service.  Part of Novells WorkloadIQ vision, Novell Cloud Security Service gives cloud providers the ability to deliver secure access and compliance in the cloud for their customers.   Novell Cloud Security Service is a critical part of Novells broader identity and security portfolio, which enables enterprises to have a consistent framework for managing identities across physical, virtual and cloud deployments.  Novell is the only vendor to offer this integrated capability, which helps organizations manage complex security and compliance requirements through a cost-effective and easy-to-use suite of products.

With Novell Cloud Security Service, enterprises can quickly and easily extend their identity infrastructure to any public cloud.  Any changes that are made to their users or permissions are immediately replicated in the cloud environment, thus ensuring one consistent identity and security framework for the enterprise, regardless of where the computing is actually taking place.

Security is the biggest hindrance to cloud adoption that service providers offering cloud services need to overcome, said Antonio Piraino, Vice President of Research, Tier 1 Research.  The ability to provide interoperable security solutions for and between an enterprises internal infrastructure and the cloud providers platform will alleviate the biggest assurance, vulnerability and SLA concerns enterprises have today.

As cloud computing vendors that offer software-, platform-, or infrastructure-as-a-service seek to differentiate themselves in the marketplace, value-added services like customized security become increasingly important.  Novell Cloud Security Service helps cloud service providers deliver trusted security assurance and compliance to their enterprise customers.  It is the first, and only multi-tenant identity and access management solution that provides just-in-time provisioning, authentication, authorization and support for compliance.

The Novell Cloud Security Service currently has several beta deployments globally.  With todays announcement of general availability, Novells cloud services team will target more than 200 IaaS, and 1,300 SaaS and PaaS vendors to get them started with this ground-breaking technology that is supported by more than 60 patents.

Novells ability to deliver a  complete set of provisioning, access, security and compliance solutions that  help both organizations and cloud providers control access, monitor activity  and provide compliance is yet another example of their leadership in this area, said Jim Reavis, co-founder and executive director of the Cloud Security Alliance.  The Cloud Security Alliance is working closely with Novell to address many of the trust concerns end-user organizations have with cloud computing, including issues that go beyond just technology solutions.

Novell Cloud Security Service is hosted in the cloud, either where the provider hosts its application or via a Novell hosting partner. A user can log on directly or via the enterprise identity system. The service first verifies the identity and, if successful, will generate an identity token in the format needed by the SaaS provider. The user is now authenticated to the SaaS service. Once inside the application, the application connectors that are provided with the service capture deep page-level user activity and provide the audit stream for compliance purposes.

NCSS expands Novells identity product portfolio in WorkloadIQ. WorkloadIQ is Novells vision to deliver products for the rapidly growing intelligent workload management market, which IDC estimates is more than $4.2B.  A key part of this vision is to deliver a spectrum of cloud-ready Identity and Security solutions to meet todays enterprise need for security in physical, virtual and cloud environments.

As cloud models mature and businesses look at cloud solutions, security questions such as protecting data in the cloud, providing audit reports for inspection and ensuring regulatory compliance are becoming increasingly important.   For enterprises looking at moving critical workloads to the cloud, the combination of Novell Identity Manager 4 and Novell Access Manager is the only solution that offers seamless provisioning and access in real-time.

Despite the speed with which organizations are deploying virtualized systems and moving to SaaS, they are blind when it comes to reporting on who has access to cloud-based resources, said NAME, TITLE, Huntington National Bank. We needed technologies that consistently enforce our identity and access policies securely with SaaS applications, like Salesforce.  Only Novell offers an intelligent identity framework that gives us policy-driven control of application access so we can consistently manage identities including provisioning and de-provisioning, workflow, entitlements and audit both within our organization and in the cloud.

For cloud service providers who want to deliver a secure, compliant computing environment for their customers, the Novell Cloud Security Service offers a multi-tenant environment with built-in metering, billing and auditing.

There is a tremendous market opportunity to help our customers with their cloud strategy, including deploying and managing cloud applications in a secure and compliant manner, said Kevin Nikkhoo, founder and president of CloudsID.com. Novell Cloud Security Service offers secure access management from the cloud and works with our customers existing identity infrastructure to enable us to offer our customers best-in-class solutions.

Many Novell customers today are seeking to move applications to the cloud in order to reduce costs and increase agility.

Todays enterprises are embracing cloud services while continuing their investment in their physical and virtual data centers.  To support these efforts, Novell offers the most complete and interoperable set of provisioning, access, security and compliance products for IT organizations and cloud providers.  Novell Cloud Security Service complements Novells comprehensive suite of Identity and Security solutions, said Jim Ebzery, senior vice president and general manager, Security, Management and Operating Platforms, Novell.  Our goal is to give our customers the ability to take advantage of the economic benefits of cloud computing while also mitigating risk and maintaining compliance.

Kaspersky Lab released their 2011 Internet Security & Anti-Virus Products in India

In order to secure the online activity of common Internet users, Kaspersky Lab, a leading developer of secure content management solutions, announced the release of the latest versions of their flagship consumer products Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011.

The new products take full advantage of the most innovative cutting-edge technologies to provide more accurate detection and an even faster response to any IT threats.

Kaspersky Lab India (KLI) started full-fledged operations from June 1, 2010 with marketing, sales and technology teams based out of Hyderabad. With an already established distribution network in India, KLI is focused on channel expansion and development to establish more committed partners here. The new launched Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011 will not just sit idle until the PC becomes infected, the new versions provide real-time proactive protection – constantly monitoring the system to detect any type of potential threats and prevent any destructive activity.

With Kaspersky Lab’s new products, users have everything they need to stay safe and secure while they surf the Internet. The solutions provide reliable isolation of untrusted Internet resources, giving the user full reassurance that their digital environment is clean, safe and free from digital threats and unwanted intrusion. But this does not limit what the user can do. On the contrary, it ensures protection for all types of data and communications. The system operates in background mode and does not make constant demands on the user in order to do its job efficiently.

Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011 incorporate a full range of new and improved technologies, many of which are unique to Kaspersky Lab products.

Present on the occasion were Ms. Suk Ling Gun, Managing Director (South Asia) Kaspersky Lab along with Mr. Jagannath; Director – Channel Sales – Kaspersky Lab India. “By releasing the new 2011 versions, our company has improved an already great product range still further, bringing the user a host of effective new technologies designed to protect their computers. It’s nice to see we have achieved our goals. Now, thanks to such modules

Ms. Suk Ling Gun MD Kaspersky Labs India with Mr. Jagannath Director Channels, Kaspersky Labs India

as System Watcher, Safe Surf and our fully redesigned Safe Run module, our customers will be provided with an unprecedented level of control over the processes running on their computers, providing them with the security they need while working with important personal data,” said Ms. Suk Ling Gun, Managing Director (South Asia) Kaspersky Lab.

She further added, “In India, we have introduced special value price offers and schemes so that people start going in for licensed versions. Our presence in India will help us reach out to consumers and enterprises alike with faster responses to address online security concerns, our aim is to ensure everyone with computer can effort to use Kaspersky Security solutions, thus, our price may not be cheaper and may not be the most expensive solutions. I believe Kaspersky Lab is moving fast in the India market. We would like to establish more in the Enterprise segment, thus, the Enterprise customers can count on Kaspersky support to them especially with Kaspersky Lab local presence.”

The newly-implemented System Watcher technology monitors all system events in full – creation and modification of files, system calls and changes to the system registry. Thanks to constant monitoring of a program’s behavior, Kaspersky Lab’s protection solutions detect any type of malicious programs, both known and new. The majority of unwanted changes to the system made by malicious programs can be rolled back with just a few mouse clicks.

The new solutions incorporate reputation rating services.  That means information about a known object is received in real-time without the need for it to be scanned locally. The information is sourced from Kaspersky Lab’s databases that are constantly updated by the Company’s experts.

Both products include improved proactive protection from new, as yet unknown threats based on scanning for typical threat symptoms. Importantly, all the main modules are updateable, which means that should completely new types of threats emerge, the products’ features can be updated without having to reinstall the solution from scratch.

Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011 incorporate the new Windows Gadget feature. This is an element of the interface located on the Windows Desktop in Windows Vista and Windows 7 that offers quick access to the product’s main features. Windows Gadget displays the computer’s security status, allows a file to be scanned with a single mouse click and enables an application to be launched in Safe Run mode.

One brand new feature is the ability to use the product installation disk as a rescue disk which contains a range of utilities for scanning or treating an infected computer without the necessity of downloading a bootable operating system. Another important and innovative feature of Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011 is their ability to be installed on a machine that has already been infected by such sophisticated threats as rootkits that generally try to combat the deployment of antivirus solutions.

Kaspersky Internet Security 2011 incorporates additional new and updated functions that allow a user to stay safe and secure while they surf the web.  It provides protection for applications and data and allows parental control over children’s Internet activities. The unique Safe Surf mode allows scanning of each Internet connection and will automatically block access to websites containing malicious links and codes.

The sandbox technology first introduced into the 2010 product line has been further developed.  Safe Run for Websites mode lets you run websites in a safe virtual browser while suspicious applications and websites can both be launched in Safe Run for Applications. Both modes provide restricted access to the computer’s resources. In the new version, the Safe Run for Applications feature allows users to create a separate Safe Desktop for all applications or run a specific application in Safe Run mode using the context menu.

Kaspersky Internet Security 2011 contains a significantly improved Parental Control module that restricts a child‘s access to social networking sites, instant messaging (ICQ, MSN) and specific programs on the computer. It can also control the downloading of files and the transfer of personal data.

Kaspersky Internet Security 2011 and Kaspersky Anti-Virus 2011 are fully compatible with the 32-bit and 64-bit versions of Microsoft’s operating systems, from XP up to Windows 7 versions.

The Products are priced at; Rs. 899 and Rs. 599 for Kaspersky Internet Security (KIS) 2011 and Kaspersky Anti-Virus (KAV) 2011 respectively for single user – 1 year. The price for KAV 3 user is Rs. 1199, and for KIS 3 user is Rs. 1799.

It’s national security versus user privacy

How good would that be a data, which you cannot even access? And similarly, how safe would that be a communication process, which you cannot even track? These are the two major questions which have made the Indian security agencies uncomfortable while looking at the BlackBerry services’ data encryption status for the Indian market. There is no doubt that Research In Motion (RIM) has created a great communication product in BlackBerry. This has ruled the smartphone category almost across the world. And this market dominance has been witnessed in India as well.

Like other countries, the problem has started taking shape in India as the security agencies have felt the need to access the BlackBerry communications data, which was found to be too safe or too secured to be accessed. The fact is that the encryption level of BlackBerry services is too high as it doesn’t allow any other agency, including Indian government to access the data. The main point of this entire issue, is to define a clear categorisation between BlackBerry’s user privacy and national security.

via http://www.financialexpress.com/news/its-national-security-versus-user-privacy/656069/.

NetApp Strengthens Integration with Symantec

NetApp announced that it has integrated its unified storage systems with Symantec’s Thin Reclamation API to help SAN customers automatically reclaim storage space and improve overall storage efficiency. This  solution gives customers the ability to manage, reduce, and reclaim storage space throughout the entire data lifecycle so they can improve planning and reduce their overall IT footprint and management costs.

NetApp unified storage helps customers store the maximum amount of data for the lowest possible cost by using several storage efficiency technologies inherent to the NetApp Data ONTAP^® operating system. These technologies help customers get more use out of the disk they have while improving manageability and performance. This efficiency, coupled with the simplicity and flexibility of Symantec’s Veritas^™ Storage Foundation, gives customers the ability to easily manage their SAN environments and reduce data center power, cooling, and space costs. With NetApp and Symantec, planning future storage use is easier, as are provisioning, reclaiming unused space, and reprovisioning.

“NetApp storage, with its built-in thin provisioning and deduplication, has given us the speed and flexibility we need to provide better service to our members,” said Jason Bane, vice president of Infrastructure Operations at Virginia Credit Union. “From test and development, disaster recovery, and member service, our SAN data requirements have dropped 80%. Most importantly, though, bank credit union tellers can now access member information immediately, which gives our members a much better experience.”

“Symantec offers the industry’s leading cross-platform thin optimization solution, enabling organizations to benefit from the true cost and efficiency advantages of thin provisioning,” said Don Angspatt, vice president of Product Management, Storage and Availability Management Group, Symantec. “The integration of Veritas Storage Foundation with NetApp’s market-leading storage solutions enables IT organizations to proactively plan their storage environment, improve storage utilization rates, and get the most value from their data center investments.”

“NetApp storage gives customers storage efficiency capabilities that go beyond thin provisioning, deduplication on primary storage, and default RAID-DP^®,” said Patrick Rogers, vice president of Solutions and Alliances at NetApp. “By working with Symantec and integrating our storage with Veritas Storage Foundation, we continue to break new ground in what is possible with IT efficiency. The principle is to provide leading efficiency without any compromise on flexibility, simplicity, and performance.”

Report: Online Ad Groups and Microsoft Watered Down IE Privacy Controls

Microsoft crippled online privacy protections in the latest version of its Internet Explorer browser, due to vigorous opposition from Microsoft’s advertising executives  and ad industry representatives, the Wall Street Journal reported.

IE8’s architects planned to build sophisticated, default tools into the IE8 browser to thwart online tracking and profiling by advertisers who track users to place targeted ads. These so-called third-party networks use those distributed web sites to place cookies, hidden tracking beacons, and Flash cookies in users’ browsers in order to create profiles of a user.

Those profiles, created by dozens of companies most users have never heard of, are used to upsell advertisers on targeted ads, which get a high premium for the ad networks and websites.

To cut down on the tracking, Microsoft engineers came up with the idea of what’s called InPrivate Filtering and Browsing, which stymie most online tracking by blocking some tracking beacons and deleting most cookies when a user closes their browser. By default, IE8 users would use this setting, unless they consciously chose to loosen it. Or so they thought, until the business side of Microsoft and the ad industry got wind of their plans.

As the WSJ’s Nick Wingfield reports:

When he heard of the ideas, Mr. Brian McAndrews, the executive involved with Microsoft’s Internet advertising business, was angry, according to several people familiar with the matter. Mr. McAndrews feared the Explorer group’s privacy plans would dramatically reduce the effectiveness of online advertising by curbing the data that could be collected about consumers.

The debate widened after executives from Microsoft’s advertising team informed outside advertising and online-publishing groups of Microsoft’s privacy plans for Explorer. Microsoft Chief Executive Steve Ballmer assigned two senior executives, chief research and strategy officer Craig Mundie and the general counsel, Mr. Smith, to help referee the debate, according to Peter Cullen, Microsoft’s chief privacy strategist.

Read More http://www.wired.com/epicenter/2010/08/ie8-waterdown-privacy/#ixzz0vVrX0RT0

McAfee Getting Aggresive Towards Mobile Security

McAfee has entered into a definitive agreement to acquire tenCube, in an effort to remotely control the mobile phones. Trust Digital’s enterprise mobility management and McAfee’s mobile security technology gives it the capabilities it needs to deliver the next-generation mobility platform. McAfee will now have a single platform, from the consumer to the enterprise, to address the management and security of all types of devices, to all markets and with the most robust feature set.

McAfee now has the technology needed for users and their families to locate, lock, encrypt, protect against malware, wipe, filter, manage, back up, restore and access their data online. It expands the addressable device market with mobile device platform support, including a wide range of mobile operating systems like Android, BlackBerry, Symbian, Windows Mobile, iPhone and Java-powered feature phones.

“Mobile devices have become an extension of our lives,” said Darius Cheung, Chief Executive Officer, tenCube. “Through this acquisition, McAfee can broaden its security capabilities and offer users protection and remote control of the phone whether it is in their possession or not. This means no more worries about the whereabouts of your phone or losing personal contacts, photos or messages.”

The Blackberry Encryption Controversy

Reporters Without Borders reported that several citizens of the United Arab Emirates has been arrested for allegedly using BlackBerry Messenger to coordinate a protest against the high price of gasoline. This news comes on the heels of several countries’ working to block or severely limit the use of BlackBerry Messenger in their respective countries. There have also been reports on RIM setting up a server in China under Chinese pressure, even though MobileActive.org could not directly verify these reports.

On July 25th, the United Arab Emirate’s Telecommunications Regulatory Authority said that they believed BlackBerrys could be used in a way that compromised national security, in April of 2010 Bahrain issued a ban against using the chat feature to share local news, and now India has joined the ranks of countries requesting access to data and information sent over BBM.

Reporters Without Borders has been covering the controversy in the Middle East. Regarding the arrests in the U.A.E., the organization reports:

The authorities were able to trace the organizer, known as “Saud,” because he included his BlackBerry PIN in a BBM message he sent calling for the protest. They held Saud for a week and used his phone to trace those he had been messaging. Accused of inciting opposition to the government, he has lost his job. At least five other members of the group have reportedly been summoned by the police or are still being sought.

So, what is this service that’s causing such a big controversy? Mobile Instant Messaging; in these cases BlackBerry Messenger is the BlackBerry-specific instant messaging program. Sending instant messages over mobile phones can be a great way for smartphone users to communicate – it’s often cheaper than SMS, messages are exchanged in real time, and there are fewer restrictions (such as no character limits and, most importantly, encrypted and more secure communication). BBM gives users a way to communicate more securely out of reach of network surveillance. Chats on BlackBerry Messenger are encrypted and stored on Canadian servers; governments that want access to messages must go through Research In Motion, the Canadian company that owns Blackberry. In short, BBM is more secure than SMS for users living in restrictive communications environments. Hossam Bahlool, director of platform product management for RIM explained in an email to MobileActive how BBM differs from SMS, and why it’s popular:

With BBM, you are sending messages using the data part wireless carrier’s network versus SMS which runs over the same part of the network that carries voice calls.  As a result, BBM is not constrained by the 160 character limit of SMS and therefore can send messages without a limit on length and can also attach pictures, videos and other files over BBM.  And there’s something about those little R and D’s. People look quickly and know the message has been delivered and whether or not it’s been read. Knowing that is huge. There’s also a very personal element to BBM – you’re not just sharing photos, videos, what-have-you, you’re sending out updates to your contacts, you’re changing up your avatar and status.

It’s easy to see the allure of BBM. In fact, it has sometimes been called “Blackberry’s killer app” – much beloved by its younger, non-business users who constitute a growing market for RIM. BBM operates on a BlackBerry PIN system, so users can only BBM with other BlackBerry owners (in comparison to non-system-specific chat applications like MXit or GoogleTalk). Also, it is ostensibly more private than SMS because information is encrypted and not stored by local telecoms. Now, this sense of privacy has led to some governments seeing BBM as a threat. An AP article reports:

Emirati officials have declared BlackBerry smartphones a potential threat to national security because users’ data is stored overseas, where local laws don’t apply and where analysts say it could be harder for authorities to monitor.

Indian authorities expressed similar thoughts. The Times of India reports:

India wants the Canadian company Research in Motion (RIM), makers of BlackBerry, to address its security concerns or face closure. Essentially, India wants the handset-maker to allow it to set up a monitoring facility here with Indian access to its encryption technology, which it needs for security reasons, a fact recently flagged by security agencies.

This is the second time that the government has threatened to block the operations of BlackBerry. In the earlier instance, tensions were defused after RIM agreed to provide its encryption code to security agencies burdened with having to monitor the chatter among increasingly tech-savvy terrorists. The fresh confrontation comes after reports that RIM was ready to set up a server in China to address Chinese security concerns.

While RIM so far has not complied with Indian demands at the time of this writing, the International Business TImes reported yesterday that,

BlackBerry uses high grade encryption for data transfers that internal security agencies have found hard to crack so far. Hence the Indian Home Ministry has reiterated its demand that RIM reconfigure its encryption format to comply with intelligence agencies’ requirements so that the messages could be monitored.

As governments put pressure on RIM for access to BBM data, the provider is put in a touchy position. The global smartphone market is highly competitive, and the BBM application is a strong selling point for RIM. The worldwide reach of BBM is also compelling – Blackberry users can chat with contacts in other countries free of charge. According to Bahlool, BBM usage spiked throughout this summer’s World Cup matches. In the United States, BlackBerry is currently running an advertising campaign that plays up the benefits of BlackBerry Messenger. The ads invite users to “express yourself – your way.”

Reference: http://mobileactive.org/blackberry-messenger-ban

Sonicwall Getting Closer to Government Customers

SonicWALL strengthens commitment to global government customers with common criteria Eal4+ Certification. This certification earned for SonicWALL’s current TZ and NSA firewall solutions.

SonicWALL, Inc. underscored its leadership position in intelligent network security and data protection solutions by announcing its TZ and Network Security Appliance (NSA) UTM firewall solutions have earned Common Criteria (CC) Evaluation Assurance Level 4+ (EAL4+) certification (ISO15408). The new EAL4+ certification builds upon its previous FIPS140-2 Level 2 certification. It affirms that SonicWALL’s TZ and NSA products meet rigorous government requirements mandated for commercial information security products purchased by the U.S. government for use in national security systems.

Government institutions can purchase and deploy SonicWALL’s TZ and NSA firewall solutions
to protect their networks and highly sensitive information. “Safeguarding critical data and intellectual property is one of the biggest concerns for governments, corporations and consumers alike,” said Patrick Sweeney, Vice President of Product Marketing, SonicWALL. “Our security solutions are designed to provide our public and private sector customers around the world with rigorous protection of their critical
information assets. With the trusted backing of EAL4+ certification, our customers gain the
third-party validation they require to take advantage of the unique capabilities of our TZ and
NSA solutions. As a result, we expect even stronger interest not just from governments, but
also enterprises and security-minded institutions.”

SonicWALL solutions provide vital Next Generation Firewall technologies such as:

• Deep Protection Security. SonicWALL’s Reassembly-Free Deep Packet Inspection engine to inspect every bit of all traffic to eliminate viruses, spyware, intrusion attempts and other malware from traffic before it enters the network.
• Application Intelligence and Control. Provides a configurable set of granular policies per user, application, schedule or IP subnet. These policies can be used to automate application bandwidth allocation, restrict transfer of specific files, scan attachments using user-configurable criteria, control and inspect both internal and external Web access and enable users to add custom signatures.
• Multi-Core Architecture. Applying the processing power of multiple cores in unison,
• SonicWALL’s multi-core performance architecture dramatically increases throughput and simultaneous inspection capabilities while keeping power consumption nearly Innovative SonicWALL Clean VPN™. SonicWALL’s Clean VPN deep packet inspection architecture, which provides decontamination of mobile user and branch office traffic, and attacks vulnerabilities and malicious code before being introduced into the corporate network.
• Award-winning SonicWALL Global Management System (GMS). Network administrators can manage every SonicWALL appliance using SonicWALL GMS, the award-winning management solution that provides administrators with the tools they need to easily configure, enforce and manage global security policies, VPNs and services from a central SonicWALL received its CC EAL4+ certification for its TZ UTM and NSA firewall lines with SonicOS 5.5.1 firmware.

SonicWALL’s achievement in obtaining this certification demonstrates the company’s commitment to providing the highest level of independently verified information assurance to its customers and partners.

Digitalisation to foray in India by 2013: TRAI

The Telecom Regulatory Authority of India (TRAI) Chairman J S Sarma announced complete switch over from analog to digital broadcast signals in the country in a phased manner by December 2013. Addressing industry leaders at the CII organized conference on Managing Digital Media and Entertainment Business in the Digital Era (in Mumbai via video conferencing), Sarma called for support from industry in one voice for the digital switch over. “We are forward looking and pro active on regulation on digitalisation.’’

The broadcast industry leaders welcomed the recommendation by TRAI as they were expecting digital switch over by 2017.  TRAI’s final consultation paper on digitalisation will be released next week, said Sarma. ` Emphasizing that human capital would ride technology, Mr Amit Khanna, Chairman, CII National Committee on Media & Entertainment and Chairman, Reliance Big Entertainment  maintained that media companies have to transform from products to  relationship with audience in the future. He said there is extreme polarization and predicted more event based (FIFA World Cup, Avatar, 3 Idiots) things in the emerging digital world. “We are moving away from economy of attention to economy of in attention and there is too much distractions.’’

The Telecom Regulatory Authority of India (TRAI) Chairman J S Sarma announced complete switch over from analog to digital broadcast signals in the country in a phased manner by December 2013. Addressing industry leaders at the CII organized conference on Managing Digital Media and Entertainment Business in the Digital Era (in Mumbai via video conferencing), Sarma called for support from industry in one voice for the digital switch over. “We are forward looking and pro active on regulation on digitalisation.’’

The broadcast industry leaders welcomed the recommendation by TRAI as they were expecting digital switch over by 2017.  TRAI’s final consultation paper on digitalisation will be released next week, said Sarma. ` Emphasizing that human capital would ride technology, Mr Amit Khanna, Chairman, CII National Committee on Media & Entertainment and Chairman, Reliance Big Entertainment  maintained that media companies have to transform from products to  relationship with audience in the future. He said there is extreme polarization and predicted more event based (FIFA World Cup, Avatar, 3 Idiots) things in the emerging digital world. “We are moving away from economy of attention to economy of in attention and there is too much distractions.’’

Mr Ronnie  Screwvala, Co-Chair, National Committee on Media & Entertainment and Chairman & CEO, UTV Software Communications said that with the spurt in the number of DTH households in India, the overall industry has witnessed a remarkable growth in the country.

The industry has witnessed tremendous growth on the DTH front and India will emerge as the world’s largest DTH subscribed nation when it surpasses (32 million US DTH subscribers) in the next 12 months. India has a DTH subscriber base of around 25 million in just four years.

Mr. Sam Balsara, Chairman & MD, Madison World cited that Digitisation and Advertising have a direct link to a considerable extent. He said, “Digitalisation holds the key to the rate at which advertising will grow. Earlier for the media the revenue model was 50:50 i.e. 50% revenue from readers and 50% from advertisements. However, today the ratio is 80:20 i.e. 80% revenue from advertisements and 20% revenue from the readers. This equation has tremendous debilitating effect as an increased load on advertising will reduce the rate of returns for the advertisers. The economic returns to Indian advertisers are not as high as compared to other countries due to the 80:20 ratio.

Digitalisation will help balance the ratio, efficiency and effectiveness and improve returns for advertisers.”

Speaking of digitalization of Pay TV, Mr. Vikram Kaushik, CEO, Tata Sky said, “Digitalisation today is inevitable and the scale and potential of the volume of this business in India is huge. However, the players in this sector with a focus on achieving this volume are adopting disastrous margin cuts which are leading to very low average revenue returns for the industry.”  He further stated, “The major challenge of digitalising is the fragmented economy, due to which the industry is losing large amounts of money. It is critical for proper implementation of digitalisation it has to be mandated.”

Throwing light on the business model for the social gaming industry, Mr. Vishal Gondal, Founder & CEO, UTV Indiagames, said, “In the social gaming industry business models are changing every day and content is becoming the game changer. Today users want everything free thus in this industry Freemium is the New premium!! Revenue generation in this scenario is challenging, however the industry has also monetized on this challenge. Although 85% are free users of the social gaming industry, they act as viral/marketing agents and popularize the platform and these users can be enticed to various advertisements and offerings.  12% users engage in micro transactions and 3% are premium subscribers. Thus ensuring that the industry earn revenue from users as well as from advertisers.”

Similar to CII’s series on Reel World and the Law, CII will continue our initiative in managing media and entertainment business in the digital era space. This is first of CII’s digital media series and will continue to bring IT and entertainment companies to deliberate on evolving best practices.