This commenter is a Washington Post contributor. Post contributors aren’t staff, but may write articles or columns. In some cases, contributors are sources or experts quoted in a story.

More about badges | Request a badge

Article source: http://www.washingtonpost.com/world/africa/un-security-council-imposes-sanctions-on-guinea-bissau-coup-leaders-and-key-military-officers/2012/05/18/gIQAgv5EZU_story.html

ASSOCIATED PRESS

May 19, 2012 3:46AM

• Reprints

Article source: http://www.suntimes.com/news/world/12633838-418/car-bomb-explodes-near-security-agencies-in-syria.html

“CERT-In has observed that there is significant increase in the number of cyber security incidents in the country. A total of 8,266, 10,315 and 13,301 security incidents were reported to and handled by CERT-In during 2009, 2010 and 2011, respectively,” Minister of State for Communications and IT Sachin Pilot said in a written reply to the Rajya Sabha.

These security incidents include website intrusions, phishing, network probing, spread of malicious code like virus, worms and spam, he added.

Operational since 2004, CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.

As per information available with the National Crime Records Bureau (NCRB), a total 966 cases of cyber crime reported under Information Technology Act, 2000 in 2010, Pilot said.

The data showed that a total of 288, 420 and 966 cyber crime cases were registered under the IT Act during 2008, 2009 and 2010, respectively.

Under the Indian Penal Code (IPC), a total of 176, 276 and 356 cyber crimes were reported during 2008, 2009 and 2010, respectively, he said.

In response to a separate query, Pilot said 1,193 people were arrested in the country in 2010 under the IT Act.

The offences included tampering computer source documents, hacking, obscene publication in electronic form, unauthorised attempt to access protected computer systems, breach of confidentiality, publishing false digital signature certificate among others, he added

Article source: http://timesofindia.indiatimes.com/tech/enterprise-it/security/CERT-In-handled-13000-cyber-attacks-in-2011-Govt/articleshow/13296424.cms

The change, not only for Cisco but its rivals, reflects the fact that mobile workers are no longer focused simply on replacing an Ethernet cable with a Wi-Fi signal and being able to carry their corporate laptop to the conference room. The real question has become: what can they, and the company, and the company’s customers, now do once they’ve made that replacement?

“Connecting a device to my corporate network is just step one. The question is: what happens after that?”says Sujai Hajela, vice president/general manager of Cisco’s wireless networking business unit, who spoke with Network World this week regarding Cisco’s announcement of three new pre-tested bundles of products and services designed to cut through the confusing complexity of enterprise mobility.

The new Smart Solutions packages are by themselves not exactly new: they’re formed of existing Cisco hardware and software, third-party partnerships, and consulting services from Cisco or its partners. But Cisco says they represent a shift in the company’s thinking about how to deploy mobile technology for businesses. Instead of a grab bag of separate products, the new approach sees mobility, in effect, as a whole that’s greater than the sum of its many parts, including devices, operating systems, apps, Wi-Fi access points, VPNs, authentication and security. The overarching enterprise benefit, according to Cisco, is summed up in a new term, “Cisco Unified Workspace.”

BACKGROUND: Cisco mobility bundles target BYOD, mobile virtual desktop

SLIDESHOW: 15 more useful Cisco websites 

“Enterprises are looking at the next generation of users coming into their ranks,” says Tim Zimmerman, principal analyst for network services and infrastructure with market watcher Gartner. “Most of them don’t even know what an RJ-45 plug is. The iPad doesn’t even have one. There’s a presumption of wireless connectivity [being available anywhere, anytime]. That puts more responsibility on IT organizations to manage that.”

Cisco’s main challenge in the enterprise market, he says, is execution and optimization – in effect, turning PowerPoint slides of talking points into concrete capabilities that enterprises buy into and then buy to mobilize business.

Cisco still dominates the enterprise wireless LAN landscape, but its dominance is less complete than it was a few years ago. By revenues, Cisco’s share of the total worldwide market for enterprise WLAN equipment is now about 50%, down from the more than 60% it commanded for years, according to IDC. Its nearest rival, publicly held Aruba Networks, finally broke into a double-digit share of global revenues only last year, capturing 11.5% according to IDC.

Cisco continues to invest heavily in radio frequency technologies, leveraging its own Wi-Fi chip designs with Cisco-developed, on-chip code to boost signal reliability and consistency, and throughput. The focus is less on raw chip-level data rates, though that’s important, and more on optimizing the connection to provide the reliability, security and throughput of a wired Ethernet link.

Cisco’s Hajela, who formerly ran Motorola’s WLAN group and came over to his current job at Cisco in August 2011, sometimes sounds like a network version of Dr. Phil. “More and more of our messaging is about customer ‘care-abouts,’” he says at one point. And at another point, “The end user is looking for an uncompromised experience, regardless of the network” connectivity.

These bromides actually mean something, and Hajela becomes specific and insistent when pressed. “The network doesn’t matter to the user,” he says. “What he wants is to be able to use his app wherever he is.”

And that use must be optimal. “If my device and my network connection supports high-def video, then I should get high-def video,” he says. “And if I’m using a smartphone, I should get optimal battery life. These things should be handled by intelligence placed in the network.”

Cisco’s job is to cram more and more intelligence into the networks and applications and infrastructure that supports the enterprise’s mobile users and mobile business.

“What’s really resonating with enterprise IT is this: the system looks at who the user is, and what he’s trying to do, rather than how he’s connecting” by wire or wireless, Hajela says.

Cisco’s Identity Services Engine (ISE) is a key part of this approach, identifying and authenticating users regardless of how they connect, and adjusting their access and security privileges based on variables such as their location, connectivity, and time of day. [See "Cisco enterprise management tools take on new network realities".] Tightly integrated with ISE is Cisco Prime Network Control System (NCS), which replaced the standalone Wireless Control System management application for Cisco WLANs, and creates single console for managing both wired and wireless.

The need for such an approach “just plain makes sense,” commented Network World wireless blogger Craig Mathias in a post about NCS. “Along with [unified]security and integrity comes a fundamental need to handle the ever-increasing capacity demanded by an ever-growing population of wireless users with equally-demanding applications,” he wrote. “A single-pane management console adds convenience, lowers cost (Cisco points out that generalists with the right tools can be just as productive as more-expensive specialists), and just plain makes sense….”

Cisco isn’t the only WLAN supplier taking this unifying or converging approach, as Gartner’s Zimmerman points out. “We see this in HP, in Aruba, which is now offering a [LAN] switch ] along with end-to-end, multivendor support,” he says. “Vendors are addressing the multiple elements within this infrastructure layer.”

The reality is that Cisco faces a rapidly changing enterprise mobile environment, and enterprise customers have plenty of options. Earlier this month, Aruba announced that Texas AM University, a major Cisco shop, is replacing its existing Cisco WLAN with Aruba’s products, after extensive testing. The school will eventually install 6,000 to 7,000 Aruba 802.11n access points, along with Aruba’s AirWave wired/wireless network management application.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World’s Anti-malware section.

Article source: http://www.computerworld.com.au/article/425025/cisco_wireless_unit_shifts_emphasis_mobility_/?utm_medium=rss&utm_source=sectionfeed

CLAREMONT, N.H.–(BUSINESS WIRE)–

Red
River, a widely recognized national leader in providing IT products
and services to government and healthcare sectors, today announced that
it has met the criteria to achieve Advanced Borderless Network
Architecture Specialization from Cisco.

The Cisco
Borderless Network Architecture is the technical architecture that
allows organizations to connect anyone, anywhere, anytime and on any
device – securely, reliably and seamlessly, according to Cisco. It is
the foundation for the Cisco Intelligent Network, providing
optimization, scale and security to collaboration and virtualization.
The architecture is built on an infrastructure of scalable and resilient
hardware and software. Components of the architecture come together to
build network systems that span organizations, from network access to
the cloud.

“Before the emergence of cloud computing, a worker would interact with
his or her networks from one device in one location,” said Dave Levin,
Red River’s senior director, Partner Operations. “Today, workers are
using multiple devices from multiple locations, yet they still expect
the same responsiveness and security of traditional networks. Cisco
borderless networks are a response to that changing dynamic of
anytime-anywhere access.”

As part of this Cisco Specialization, Red River has fulfilled the
role-based training requirements and program prerequisites to sell,
design and deploy Cisco Borderless Networks Architecture solutions in
the U.S. Recognition of this achievement will be noted on the Cisco
Partner Locator site, at www.cisco.com/go/partnerlocator.

“Red River is now well-positioned to sell and implement Cisco borderless
networks,” Levin added. “However, the preparation and training we
engaged in to earn our new Cisco Specialization – which involved a
larger percentage of our technical staff – has made great strides to
prepare Red River more broadly as a company to offer borderless networks
solutions to our clients.”

About Red River

Red River was founded on the core values of hard work, honesty, modesty
and the desire to always lend a helping hand. Red River is proud to
serve the government and healthcare sectors by providing technology
products and services. We pride ourselves on our ability to help our
customers leverage the latest technologies to optimize business
processes and maximize the value of their IT investments. Combining an
uncommon work ethic with exceptional customer service enables Red River
to deliver performance beyond expectations to its customers and
suppliers. For more information please call 800-769-3060, or visit www.redriver.com.

Cisco and the Cisco logo are registered trademarks of Cisco Systems Inc.
in the United States and certain other countries.

Article source: http://finance.yahoo.com/news/red-river-achieves-advanced-borderless-135300288.html

The Start screen is the most obvious change to Windows 8, but some of the biggest changes are less apparent.

Antivirus Comes Preinstalled

For the first time in the history of Windows, you’ll enjoy protection from viruses, spyware, Trojan horses, rootkits, and other malware from the very first day you turn on your Windows PC–without spending a cent. Windows 8 comes with an updated version of Windows Defender that includes traditional antivirus functions in addition to the spyware protection and other security features that it has offered since Windows Vista. Windows Defender now provides similar protection–and a similar look and feel–to that of the free Microsoft Security Essentials antivirus program, which Microsoft has offered to users as an optional download since 2009.

The updated Windows Defender resembles Microsoft Security Essentials.

Since Windows Defender will provide at least basic virus and malware protection, purchasing yearly antivirus subscriptions (such as from McAfee or Norton) or downloading a free antivirus package (like AVG or Avast) is optional, whereas before it was pretty much required if you wanted to stay virus-free. Of course, you may disable Windows Defender and use another antivirus utility that promises better protection and more features, but at least everyone will have basic protection by default.

Better Download Screening

When Microsoft released Internet Explorer 9, it updated the browser’s SmartScreen Filter to help detect and block unknown and potentially malicious programs that you download; the function complements IE’s website filtering, which works to block phishing and malicious sites. Starting with Windows 8, the program-monitoring portion of the SmartScreen Filter is built into Windows itself, and it will work whether you’re using IE, Firefox, Chrome, or any other browser.

In Windows 8, the first time you run a program that you downloaded from the Internet, the SmartScreen Filter checks it against a list of known safe applications, and alerts you if it’s unknown and therefore has the potential to be malware. If the alert does pop up, you could then further investigate the program (and the source where you downloaded it) before running it.

SmartScreen produces an alert if you run an unknown program.

Since Microsoft is adding the SmartScreen feature, the company is removing the previous Security Warning alerts that appeared when you first opened a downloaded program (the old alert would show the verification status of the program publisher and warn you about running programs downloaded from the Internet).

This is a welcome change, as it cuts down on the number of alerts you have to click through–with Windows 8, you’ll see an alert only when something’s amiss.

Faster, More Secure Startup

Starting with Windows 8, Microsoft will begin to promote a new type of boot method, UEFI (Unified Extensible Firmware Interface), which improves upon and replaces the archaic BIOS boot system that most PCs have been using for decades. I won’t get into the technical details here, but UEFI offers better security, faster startup times, and a number of other benefits.

Thanks to this new boot method (and other system enhancements), your PC will start up more quickly–in as little as 8 seconds, from the time you press the power button to when Windows fully loads to the desktop. But you’re sure to appreciate the less noticeable improvements too. The Secure Boot feature of UEFI will prevent advanced malware (such as bootkits and rootkits) from causing damage, and it will stop other boot loader attacks (such as malware that loads unauthorized operating systems) as well.

Though Windows 8 will work on PCs with the old BIOS boot system, Microsoft will require new PCs that carry the Windows 8 Certification to use the UEFI boot system with the Secure Boot feature enabled by default. This Secure Boot requirement is causing some concern within the PC industry and among power users, as it could complicate the process of using Linux distributions or dual-booting multiple operating systems. However, Microsoft has promised to keep boot control in users’ hands, and the company requires system makers participating in Windows 8 Certification to offer a way for users to disable the Secure Boot feature on PCs (but not on tablets).

Two New Password Types

Windows 8 introduces two new password types that you can use when logging in to your Windows account: a four-digit PIN and a “picture password.”

For the picture password, you choose a photo or image and draw three gestures (a combination of circles, straight lines, or taps/clicks) in different places to create your “password.”

Even if you decide to use these new password types, you still must set up a regular password. A PIN offers a faster way to log in, and a picture password gives you a more creative and fun way to do so. Sometimes you’ll have to enter the regular password, such as when you need administrative approval for changing system settings as a standard user, but you can log in to your account using the PIN, the picture, or your regular password.

Other Noteworthy Defense Measures

The enhanced Windows Defender, SmartScreen, boot system, and password protection are the most noticeable security improvements in Windows 8. But the new OS has even more system enhancements that you won’t see at all. A few core Windows components (such as the Windows kernel, ASLR, and heap) have been updated to help reduce common attacks and exploits even further.

Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, which provides a cloud-based Wi-Fi security service for businesses, and On Spot Techs, which provides on-site computer services.

Article source: http://www.pcworld.com/article/255776/windows_8_security_whats_new.html

Article source: http://news.softpedia.com/news/Adoption-of-Microsoft-s-Security-Development-Lifecycle-SDL-Spreads-270248.shtml

The event, held 15 and 16 May at Washington’s Fairmont hotel included information for leaders in software engineering, process and business management who are responsible for implementing or accelerating the adoption and effectiveness of secure development practices in their organisations.

The 2012 conference was the first in what is to be an annual series of SDC events, Microsoft said.

Good To Talk

Keynote speakers included Scott Carney, corporate vice president for Trustworthy Computing at Microsoft; Richard A. Clarke, chairman of Good Harbor Consulting and former special advisor to the President for cyber security; and General Michael V. Hayden, principal at the Chertoff Group and former director of the Central Intelligence Agency and National Security Agency. Diamond sponsors of the SDC were Adobe, Cisco and Microsoft.

In a blog post about the event, Steve Lipner, partner director of program management for Trustworthy Computing at Microsoft, said:

“To see more and more private and public organisations recognize the value and importance of implementing secure development practices makes me cautiously optimistic that in the future software will be more secure than the software we’ve seen in the past. I remember when in 1997 I attended the RSA Security Conference held in the basement of the Mark Hopkins Hotel in San Francisco with a few hundred attendees. Today, the annual RSA Conference is a major industry event with more than 10,000 attendees. I’m not certain that the Security Development Conference will follow that sort of trajectory, but I do believe that secure development is of growing importance, and I also know that industry commitment can start small and grow.”

As part of the conference, Microsoft announced two new success stories – the Government of India and Itron have both integrated the SDL into their processes.

The Government of India has recognised the importance of a holistic integration of security and is promoting that key concept by including secure coding practices in their draft national economic five-year plan, Lipner said. “They believe this is a significant step that will help improve the security of all software and services produced in their programs. India’s Computer Emergency Response Team (CERT-In) which leads the country’s response to cyber threats has already taken steps to implement the five-year plan by leveraging Microsoft’s SDL as one of the core tenets for application security. In addition, the National Informatics Centre, part of the Central Government Office of India, requires training in SDL principles including the training of more than 10,000 of India’s cyber forensic investigators. The government of India is also encouraging domestic businesses to adopt similar processes, showcasing the significant role public-private partnerships play in making critical systems more secure. You can read more about the steps the Government of India is taking to secure its environment in the case study available for download here.”

Meanwhile, Itron, a provider of energy and water resource management solutions for nearly 8,000 utilities around the world, also has incorporated the SDL into their development process.

“With the increase in threats to critical infrastructures, Itron realized it needed to take proactive steps to protect its systems by building security in from the start,” Lipner said. “The company recently implemented Microsoft’s SDL, making it mandatory for the development of all of its software and hardware. Itron now has one of the most mature secure development programs in the Smart Grid space. You can read more about the steps Itron is taking to secure its systems through a case study we have published for download here.”

Security Drive

In addition to the keynote speakers, other speakers at the event included representatives from IBM, Symantec, Red Hat, the National Security Agency, Itron, Cisco, Adobe, the National Institute of Standards and Technology (NIST), Lockheed Martin, EMC, Salesforce.com and a host of others, including several other speakers from Microsoft.

To date, Microsoft’s free SDL tools and resources have been downloaded over 940,000 times reaching over 150 regions around the world.

Recent Microsoft research has demonstrated an overall decline in the exploitability of vulnerabilities in Microsoft products by greater than 30 percent when comparing the latest version of all Microsoft software to all supported previous versions over the past 18 months.

350 days after implementing the Microsoft SDL, MidAmerican Energy was the only business unit inside its parent holding company, MidAmerican Energy Holdings Company, that external auditors found to have no security vulnerabilities. And, MidAmerican realized an overall productivity gain of up to 20 percent using Microsoft SDL.

A recent study by the Aberdeen Group, found the total cost of remediating an actual application security-related incident at about $300K (£240,000) and that organisations who implemented an SDL realised four times their return on annual investments in security. Forrester reconfirms this by stating those practicing SDL specifically reported visibly better ROI results than the overall population.

How well do you know Internet security? Try our quiz and find out!

Article source: http://www.techweekeurope.co.uk/news/microsoft-security-conference-78559

Utah Governor Gary Herbert announced the resignation of Stephen Fletcher on Tuesday.

In a statement, Herbert also described various initiatives underway that aim to mitigate the risk of similar breaches in the future.

The State’s plan includes an independent audit of all IT security systems, the appointment of a new health data security ombudsman and a continuing investigation of the breach by law enforcement personnel.

“The people of Utah rightly believe that their government will protect them, their families and their personal data. As a state government, we failed to honor that commitment,” Herbert noted.

A report in the Salt Lake Tribune Tuesday quoted the governor as saying he had asked for Fletcher’s resignation because he lacked “oversight and leadership.”

The role of two other state IT employees in the breach is also under investigation, according to the Tribune report. A contractor has also been fired over the incident for providing software without encryption safeguards, according to the newspaper report.

The hackers, believed to be operating out of Eastern Europe, broke into a Medicaid server at the Utah Department of Health on March 30 by exploiting a default password on the user authentication layer of the system. The attackers were able to bypass multiple network, perimeter and application level security controls.

Initially, state officials said they believed the intruders had accessed about 24,000 health claims records that contained patient names, Social Security Numbers, birth dates, addresses, tax identification numbers and treatment codes.

Less than a week later, the Utah officials acknowledged that an investigation found that close to 280,000 social security numbers may have been exposed in the incident.

Less sensitive personal data, such as names, birth dates and addresses of another 500,000 people, may have also been exposed, officials said.

Some analysts have held up the breach as a classic example of the dangers weak or default passwords controlling access to critical systems and applications pose to enterprises.

Experts note the problem is quite common despite the fact that it’s easy to fix.

An independent security audit of Utah government systems by Deloitte Touche consultants is currently underway along with a parallel assessment of the State’s response to the incident, Herbert said in his statement on Tuesday.

Utah’s new health data security ombudsman, Sheila Walsh-McDonald, will oversee individual case management, public outreach and credit counseling.

The state has said it will offer free credit monitoring and identity theft insurance coverage of up to $1 million for victims of the breach.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar’s RSS feed . His e-mail address is jvijayan@computerworld.com.

More in Data Security

Read more about Security in Computerworld’s Security Topic Center.

Article source: http://www.computerworld.com/s/article/9227215/Utah_CTO_takes_fall_for_data_breach