STE WILLIAMS

Disaster recovery protection level self-assessment

British spooks have been ordered to keep a closer eye on the Huawei employees who inspect Blighty’s critical networking hardware for vulns and backdoors.

From now on, GCHQ will take a “leading and directing role” in choosing the staff who work at the Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury, Oxfordshire.

This base is known as The Cell and part of its role is to audit the security of the hardware which makes up Blighty’s critical communications infrastructure. Its ultimate aim is to boost confidence among potential UK customers and stakeholders, such as telcos and politicians, by exposing vulns in kit used within the UK’s Critical National Infrastructure.

The Cell’s most important function is ensuring that equipment from foreign manufacturers cannot be clandestinely tapped into by foreign powers. With a Huawei-staffed cell inspecting Huawei gear, an obvious conflict of interest developed.

Kim Darroch, the UK’s National Security Advisor, commissioned a report into the facility after report from the Intelligence and Security Committee found the HCSEC was “under Huawei’s control, rather than the Government’s”.

Huawei has faced repeated accusations that it spies on behalf of the Chinese state.

Darroch’s latest report (PDF) said: “In essence, the review concluded that HCSEC staff should remain part of Huawei, primarily for reasons of full access to equipment, code, and design teams. But after discussions with the Chairman of the ISC, the review also concluded that oversight arrangements should be enhanced, and GCHQ should have a leading and directing role in senior-level HCSEC appointments, in consultation with Huawei.”

An oversight board staffed by GCHQ spooks, Whitehall civil servants and a a senior member of the National Security Secretariat will closely examine Huawei’s activities.

The cell will be able to maintain “operational independence”, but under the watchful gaze of GCHQ.

Currently, the intelligence agency has the power to veto appointments. It will now play a larger role in choosing senior staff to work at The Cell by chairing the selection panel.

Huawei’s relationships with third-party providers are shrouded in secrecy due to a complicated web of non-disclosure agreements, the report continued. With this in mind, there is a clear need for Huawei staff to work at The Cell, despite the fact this “appeared to create conflicts of interest”.

The report highlighted an “apparent shortage of individuals in the UK employment market with the necessary technical expertise and skills to fill all the available posts in HCSEC, GCHQ and the relevant parts of Whitehall”, which made drafting in Huawei’s workers a necessary evil.

It also warned the “fast moving nature of the telecommunications industry” required a constant reappraisal of government collaboration with the private sector.

In a statement, Huawei said: “We are pleased that the model of the UK Government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK. We also support the review’s recommendations to optimise the management of the HCSEC and will continue to work with stakeholders to improve its capabilities.

“As we stated in our recent Cyber Security White Paper, Huawei believes it is only by working together internationally, as vendors, customers, policy and law makers, that the challenge of global cyber security can be met. Huawei shares the same goal as the UK Government and our customers in raising the standards of cyber security in the UK and ensuring that network technology benefits consumers.”

In September, Huawei exec Professor Sanqi Li told us there was “no substance” to claims his firm was a threat to Blighty’s national security. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/gchq_spooks_told_break_huaweis_grip_on_critical_uk_antivuln_cell/

Let’s say that, mid-oversharing, I thought better about writing a Facebook post about how the rash has now spread to my … (cue the backspacing, the select all/delete, hitting cancel or whatever it takes to avoid telling the world about that itch).

If that text were a Facebook status update (or a Twitter tweet, a Yahoo email, a comment on a blog or any other typing on a web page), cancelling it doesn’t, theoretically, really matter: what I wrote could still have been recorded, even if I decided not to post it.

That’s a point brought up on Friday by Jennifer Golbeck, director of the Human-Computer Interaction Lab and an associate professor at the University of Maryland.

Slate published an article Golbeck wrote up about a paper, titled Self-Censorship on Facebook (PDF), that describes a study conducted by two Facebook researchers: Sauvik Das, a PhD student at Carnegie Mellon and summer software engineer intern at Facebook, and Adam Kramer, a Facebook data scientist.

Over the course of 17 days in July 2012, the two researchers collected self-censorship data from a random sample of about 5 million English-speaking Facebook users in the US or UK.

How did they know when one of the Facebook users under their microscope had decided to back out of a post?

That’s simple as pie, really: they used code they had embedded in the web pages to determine if anything had been typed into the forms in which we compose status updates or comment on people’s posts.

To protect users’ privacy the researchers decided to record “only the presence or absence of text entered, not the keystrokes or content”. A quote that serves as a helpful reminder that they could have tracked your keystrokes if they had wanted to.

(Note: logging keystrokes is no super secret, privacy-sucking vampire sauce. It’s plain old Web 1.0. This is not news, but it’s certainly worth repeating: anybody with a website can capture what you type, as you type it, if they want to.)

The researchers tracked that a user had started writing content only if a Facebook user typed at least five characters into a compose or comment box. If the content wasn’t shared within 10 minutes, it was marked as self-censored.

Why in the world would Facebook, Twitter, or similar care so much about my rash and subsequent decision not to tell the world about it?

While second thoughts come in handy to stop people who might otherwise post truly embarrassing Facebook or other social media content, as far as the social networks themselves are concerned, self-censoring users just starve sites of the content they otherwise feed upon.

From the paper:

Users and their audience could fail to achieve potential social value from not sharing certain content, and the [social network] loses value from the lack of content generation…

… Understanding the conditions under which censorship occurs presents an opportunity to gain further insight into both how users use social media and how to improve [social networks] to better minimize use-cases where present solutions might unknowingly promote value diminishing self-censorship

In her Slate article, Golbeck interprets Facebook’s 17-day collection of self-censorship data for this research to be an invasion of privacy in that, as she writes, “the things you explicitly choose not to share aren’t entirely private.”

The problem with this thinking is that it conflates two things: 1) Facebook’s ability to capture data about users who started typing something but then didn’t publish it, and 2) the incorrect notion that Facebook tracked the content of what users typed.

Could Facebook have captured my need for salve? Absolutely. As I said above, anybody with a website can capture what we type into their website as we type it. It’s the nature of the web.

But the researchers took pains to state that while they did track the presence or absence of text entered, they explicitly did not listen in on the abandoned content; indeed, they tracked neither the keystrokes nor the content entered.

From the paper:

All instrumentation was done on the client side. In other words, the content of self-censored posts and comments was not sent back to Facebook’s servers. Only a binary value that content was entered at all.

That said, Facebook was still looking over its users’ shoulders in a fashion that would likely come as an unpleasant surprise to many of them.

Golbeck’s conflation isn’t surprising. Particularly given NSA-gate and the heightened awareness about pervasive surveillance it’s bestowed upon us, we’re ready to see eavesdropping governments and their corporate lackeys lurking in every corner of the internet.

But there’s a yawning gap between what people think can and cannot be monitored and what is actually possible.

The reality is that JavaScript, the language that makes this kind of monitoring possible, is both powerful and ubiquitous.

It’s a fully featured programming language that can be embedded in web pages and all browsers support it. It’s been around almost since the beginning of the web, and the web would be hurting without it, given the things it makes happen.

Among the many features of the language are the abilities to track the position of your cursor, track your keystrokes and call ‘home’ without refreshing the page or making any kind of visual display.

Those aren’t intrinsically bad things. In fact they’re enormously useful. Without those sort of capabilities sites like Facebook and Gmail would be almost unusable, searches wouldn’t auto-suggest and Google Docs wouldn’t save our bacon in the background.

There are countless examples of useful, harmless things this (very old) functionality enables.

But yes, it also provides the foundation for any sufficiently motivated website owner to track more or less everything that happens on their web pages.

This is the same old web we’ve been using since forever but a lot of people don’t realize. When they find out, they’re often horrified.

This was illustrated by a recent news piece about Facebook mulling the tracking of cursor movements (actually, technically, it would be tracking the movement of users’ pointers on the screen) to see which ads we like best.

The comments on that story make clear that many people are utterly creeped out by the idea that websites can track their pointers. One commenter likened pointer tracking to keylogging.

But as Naked Security’s Mark Stockley pointed out in a subsequent comment on that article, none of this is new, and the capability is certainly not confined to Facebook:

If Facebook [wants] to do key logging then [it] can – so long as you’re browsing one of their pages they can capture everywhere your cursor goes and everything you type. I’m not saying they do, I’ve no idea, I’m just saying it’s possible – any website can do it and it’s very easy.

In fact, as Mark noted in his comment on the pointer-tracking story, if he had decided to ditch the comment he was writing halfway through, the Naked Security site could still have captured everything he typed, even if he’d never hit submit (it didn’t by the way, we don’t do that).

In sum: Facebook spent 17 days tracking abandoned posts in a manner that some might find discomforting and readers are reminded that the internet allows website owners to be far, far more invasive.

If you want to be sure that nobody is tracking your mouse pointer or what you type then you’ll have to turn off JavaScript or use a browser plugin like NoScript that will allow you to choose which scripts you run or which websites you trust.

Follow @LisaVaas

Follow @NakedSecurity

Image of backspace key courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/7sYs6tDJ7DE/

Email delivery: Hate phishing emails? You’ll love DMARC

Android users expecting Windows levels of performance from Android-specific antivirus packages are likely to be disappointed because only Google can automatically delete dodgy apps on Android devices, say malware experts.

Anti-malware bods agree that antivirus programs on Android can’t remove viruses automatically, meaning that the process needs to be carried out manually by the user in each and every case.

“Android antimalware applications can block URLs, scan downloads and identify malware that the user may have installed, but they cannot remove malicious applications that are installed by the user,” explained Simon Edwards, technical director at Dennis Technology Labs, an experienced antivirus tester and chairman of the Anti-Malware Testing Standards Organization.

“They have to alert the user and hope that the user is able to uninstall them manually, using the usual Android uninstall routine.”

Andreas Marx, chief exec of AV-Test, confirmed Edwards’ prognosis that Android security applications could only warn about maliciously installed apps, rather than shunting them into quarantine (the norm for equivalent Windows security software).

“The mobile security apps are all running in a sandbox, just like any other app,” Marx told El Reg. “Therefore, they are not able to remove malicious apps at their own.”

Chocolate factory controls Google malware ‘kill switch’

This existing but under-reported behaviour is not inherent to the architecture of Android smartphones and tablets.

Edwards told El Reg: “There actually is a way to remove malware from infected devices automatically. Google has a kill switch that can do it. But only Google has that power currently.”

Marx confirmed: “Only Google has the power to use it [the ‘kill switch’], as far as we know, but in past they only focused on disabling malicious apps which made it into the Google Play store. It looks like that they don’t really care about any third party marketplaces, but leave this field to the AV [antivirus] companies.”

We invited Google to explain the design rationale for this treatment of malicious apps on Android devices but are yet to hear back from them.

Security apps on rooted devices might be able to get around these restrictions. However Marx reckons the security drawbacks outweigh this modest advantage.

“If you have a rooted device, some anti-malware apps offer additional features, but rooted devices usually have other kind of security issues, therefore we wouldn’t recommend this step,” he explained.

Marx reckoned the warning feature of Android anti-malware scanners meets the practical needs of consumers and enterprise users.

“Besides this, the majority of security apps offer to run an on-demand scan from time to time to check for other potential harmful stuff on your device. The security app can warn you, so you can uninstall the potential malicious app later,” Marx said, adding that “however, the on-installation check is the most important anti-malware feature.”

Scores on the doors

The effectiveness of on-demand and on-access detection of malware by Android antivirus scanners were the main two areas covered by in tests by AV-Test, published last week.

AV-Test put 28 Android security apps through their paces, discovering improved results from previous comparable exercises. Only two products (Zoner Mobile Security and SPAMFighter VirusFighter Android) failed in AV-Test’s latest real-world review against 2,124 malicious apps. All the paid-for products from mainstream vendors (Kaspersky, Trend. McAfee, Sophos, etc.) passed, as did freebie scanners from Avast and others.

The malware protection rate during tests run in November and December 2013 was in the range of 42.3 per cent to 100 per cent, with an average detection of 96.6 per cent (6 percentage points better than the testing house’s last Android security software review, which was put together in October). Only a few programs created false positives on AV-Test’s test systems during the latest review.

An overview of the results can be found here.

The German testing house found that the main difference between free and paid-for Android security apps came from the features they offered rather than in detection of malign apps. Premium security features included functions such as anti-theft, backup and encryption.

The favourable results are welcome given that Android malware is becoming a growing nuisance. In total, AV-Test has already registered more than 1.5 million Android-related malware samples in 2013, and we have more than 1.8 million total in its database. During November 2013, for example, AV-Test was receiving about 6,000 additional unique samples per day. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/android_anti_malware/

Email delivery: Hate phishing emails? You’ll love DMARC

Cybercrooks have brewed up a botnet that uses a bogus Firefox add-on to scan the web for hackable websites.

The so-called Advanced Power botnet runs SQL injection attacks on websites visited from infected machines. The malware, disguised as a legitimate add-on for Mozilla Firefox, found its way onto 12,500 systems, reports investigative security journalist Brian Krebs.

The malware is essentially designed to carry out the time-consuming task of searching websites for exploitable vulnerabilities while obscuring who might be behind this scanning malfeasance. SQL injection is a prevalent class of website vuln that’s frequently used to attack unguarded sites.

In response to the discovery, Mozilla disabled the fraudulent Microsoft .NET Framework Assistant add-on behind the ruse. The bogus extension was added to the Firefox developers’ block list on Monday.

Michael Coates, a one-time director of security assurance at Mozilla, now director of product security at Shape Security, said the target of the attack was vulnerable websites rather than consumers whose machines were infected by the malware.

“Advanced Power is ultimately a technique for compromising websites. The plugins doesn’t necessarily harm the infected user; it uses them for the larger goal of finding websites that can be compromised and used to host malware.

“Malicious actors will always turn to easy attack vectors such as malicious plugins to build networks of unsuspecting endpoints to carry out their ill will,” he added. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/fake_firefox_addon_target_hunting_botnet/

Email delivery: Hate phishing emails? You’ll love DMARC

Security researchers have discovered an Android botnet that masquerades as a benign settings app for carrying out administrative tasks on mobile devices.

Once authorised by the user, the malicious app surreptitiously steals SMS messages from the infected device and emails them to a command-and-control (CC) infrastructure hosted in China, operated by unknown cybercrooks.

The so-called MisoSMS has cropped up in 64 spyware campaigns, according to security researchers at net security firm FireEye. Each of the campaigns uses webmail as its primary CC infrastructure.

MisoSMS’s overall aim is to “intercept online banking or e-commerce details” before using this information in various criminal scams, a FireEye spokeswoman explained.

Attackers logged in from Korea and mainland China, among other locations, to periodically read the stolen SMS messages, which are siphoned off into 450 unique malicious email accounts.

FireEye reckons the majority of infected devices are in South Korea. The security firm is working with Korean law enforcement and the Chinese webmail vendor to mitigate the active threat, including helping to co-ordinate attempts to take down the CC infrastructure behind the botnet.

More details on the workings of MisoSMS can be found in a blog post by FireEye here. The malicious app presents itself as “Google Vx”, a “vaccine killer” supposedly copyrighted and developed by “google.org”. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/android_botnet/

Email delivery: Hate phishing emails? You’ll love DMARC

A UK-based payday loans firm has received a £175,000 fine after it was found to have sent millions of spam text messages that provoked thousands of complaints.

First Financial violated The Privacy and Electronic Communications Regulations governing electronic marketing by sending SMS messages without consent. The messages included some falsely claiming to be from the recipient’s friends, included SMS messages such as “Hi Mate hows u? I’m still out in town, just got £850 in my account from these guys www.firstpaydayloanuk.co.uk”.

The tactics provoked thousands of complaints to data privacy watchdogs at the UK’s Information Commissioner’s Office (ICO), as well as a separate regulatory action from the Advertising Standards Authority, which upheld three topics of complaint against the firm in June, ordering it not to repeat the offending behaviour.

An ICO investigation traced 4,031 of the offending messages that became the subject of complaints back to First Financial.

The spam texts were sent using unregistered SIM cards, a common method used to avoid detection. However the content of the message was similar on each occasion and referred recipients to a website belonging to firstpaydayloanuk.co.uk, a trading name used by First Financial.

The fine against First financial is not the heaviest ever levied by the ICO (Sony received a fine of £250,000 for the 2011 breach of the PlayStation Network) but it is the among the most severe ever imposed by the data protection watchdogs.

The bumper penalty comes after First Financial’s former sole director, Hamed Shabani, was prosecuted in October and fined £1,180 over failure to notify the ICO that the firm was processing personal information with the ICO, a legal requirement under the Data Protection Act. Before the hearing before City of London Magistrates Court Shabani had attempted to remove his name from the company’s registration at Companies House in order to avoid prosecution.

Anyone who receives an unsolicited text message is advised to avoid replying and report the message using forms available on the ICO website. Over 200,000 responses have been sent in since the reporting system was setup early last year. The information provided is being used to help identify those companies responsible from bombarding the public with annoying and frequently misleading SMS spam.

UK consumers can also report offending spam texts to your network operator by sending them to shortcode “7726”. Mobile networks are working to block the “worst offenders”, according to the ICO.   ICO Director of Operations, Simon Entwisle, said that data privacy watchdogs will continue to aggressively pursue text message spammers.   “People are fed up with this menace and they are not willing to be bombarded with nuisance calls and text messages at all times of the day trying to get them to sign up to high interest loans,” Entwisle said in a statement. “The fact that this individual tried to distance himself from the unlawful activities of his company shows the kind of individuals we’re dealing with here.”

“We will continue to target these companies that continue to blight the daily lives of people across the UK. We are also currently speaking with the government to get the legal bar lowered, allowing us to take action at a much earlier stage.”

Any monetary penalty collected from First Financial as a result of the ICO’s latest enforcement action will be paid into the Treasury’s Consolidated Fund.

The ICO has published detailed guidance (PDF) for direct marketers explaining their legal requirements under the Data Protection Act and Privacy and Electronic Communications Regulations. The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/pay_day_loan_sms_spam_fine/

Email delivery: Hate phishing emails? You’ll love DMARC

British spooks have been ordered to keep a closer eye on the Huawei employees who inspect Blighty’s critical networking hardware for vulns and backdoors.

From now on, GCHQ will take a “leading and directing role” in choosing the staff who work at the Huawei Cyber Security Evaluation Centre (HCSEC) in Banbury, Oxfordshire.

This base is known as The Cell and part of its role is to audit the security of the hardware which makes up Blighty’s critical communications infrastructure. Its ultimate aim is to boost confidence among potential UK customers and stakeholders, such as telcos and politicians, by exposing vulns in kit used within the UK’s Critical National Infrastructure.

The Cell’s most important function is ensuring that equipment from foreign manufacturers cannot be clandestinely tapped into by foreign powers. With a Huawei-staffed cell inspecting Huawei gear, an obvious conflict of interest developed.

Kim Darroch, the UK’s National Security Advisor, commissioned a report into the facility after report from the Intelligence and Security Committee found the HCSEC was “under Huawei’s control, rather than the Government’s”.

Huawei has faced repeated accusations that it spies on behalf of the Chinese state.

Darroch’s latest report (PDF) said: “In essence, the review concluded that HCSEC staff should remain part of Huawei, primarily for reasons of full access to equipment, code, and design teams. But after discussions with the Chairman of the ISC, the review also concluded that oversight arrangements should be enhanced, and GCHQ should have a leading and directing role in senior-level HCSEC appointments, in consultation with Huawei.”

An oversight board staffed by GCHQ spooks, Whitehall civil servants and a a senior member of the National Security Secretariat will closely examine Huawei’s activities.

The cell will be able to maintain “operational independence”, but under the watchful gaze of GCHQ.

Currently, the intelligence agency has the power to veto appointments. It will now play a larger role in choosing senior staff to work at The Cell by chairing the selection panel.

Huawei’s relationships with third-party providers are shrouded in secrecy due to a complicated web of non-disclosure agreements, the report continued. With this in mind, there is a clear need for Huawei staff to work at The Cell, despite the fact this “appeared to create conflicts of interest”.

The report highlighted an “apparent shortage of individuals in the UK employment market with the necessary technical expertise and skills to fill all the available posts in HCSEC, GCHQ and the relevant parts of Whitehall”, which made drafting in Huawei’s workers a necessary evil.

It also warned the “fast moving nature of the telecommunications industry” required a constant reappraisal of government collaboration with the private sector.

In a statement, Huawei said: “We are pleased that the model of the UK Government, the telecom operators and Huawei working together in an open and transparent way has been recognised as the best approach for providing reassurance on the security of products and solutions deployed in the UK. We also support the review’s recommendations to optimise the management of the HCSEC and will continue to work with stakeholders to improve its capabilities.

“As we stated in our recent Cyber Security White Paper, Huawei believes it is only by working together internationally, as vendors, customers, policy and law makers, that the challenge of global cyber security can be met. Huawei shares the same goal as the UK Government and our customers in raising the standards of cyber security in the UK and ensuring that network technology benefits consumers.”

In September, Huawei exec Professor Sanqi Li told us there was “no substance” to claims his firm was a threat to Blighty’s national security. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/17/gchq_spooks_told_break_huaweis_grip_on_critical_uk_antivuln_cell/

Beware a malicious Firefox browser add-on that infects PCs and makes them scan websites for known exploitable vulnerabilities.

The Firefox plugin, which has infected more than 12,500 systems to date, ties into what its developers have dubbed the “Advanced Power” botnet, according to security reporter Brian Krebs, who first reported on the attack campaign.

The add-on has been in circulation since at least May 31, 2013, according to malware analysis service Malwr. When the malware was first spotted, only two out of 47 antivirus engines were recognizing it as malicious code, according to Virus Total. By August 2013, however, 29 out of 45 antivirus scanning engines were flagging the code as malicious.

Read the full article here.

Have a comment on this story? Please click “Discuss” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/advanced-power-botnet-firefox-users-bewa/240164812

MINNEAPOLIS and DALLAS–(Dec. 17, 2013)–Datacard Group, the industry’s best-selling brand of secure identification and card personalization solutions, has entered into an agreement to acquire Entrust, Inc., a leader in securing digital identities and information and a Thoma Bravo LLC portfolio company. The acquisition builds on the strengths of each company to enable its customers and partners to deliver better services in highly connected environments. The acquisition is expected to close on December 31, 2013, subject to regulatory approval and customary closing conditions.

“Today, we are pleased to announce the proposed combination of two market pioneers with one ambitious goal – helping our customers and partners reduce complexity while strengthening trust,” said Todd Wilkinson, president and CEO of Datacard Group. “Connectivity is redefining physical and digital boundaries. For our customers and partners, this means opportunity, but also significant complexity. For years the paths of our companies have intertwined as we served customers – often the same financial and government customers – from different points within the technology spectrum. Those paths now converge to bring powerful new innovations in secure identity to enable trust while reducing complexity in deployment, management, and use.”

The acquisition will reinforce the company’s commitment and relationships with customers and partners by:

Providing a robust platform for integrated offerings designed to serve the payments and identity ecosystems

Reinforcing the strategy of providing flexible solutions that enable customers to choose deployment and management models

Leveraging complementary competencies to serve market applications including: ecommerce and financial transactions, secure communications (web, social, messaging), critical infrastructure, access control, and citizen identification and services

Utilizing Datacard Group’s global presence and resources along with Entrust’s best-in-class services to bring localized support closer to partners and customers

“Entrust is firmly established as a leader in identity-based security. We take this position very seriously, and because of that it was important that we find the right partner,” said Bill Conner, president and CEO of Entrust. “As a result of our deliberate shift to a SaaS-based business model, a significant portion of Entrust’s revenue is recurring, positioning it well for growth. I’m confident both Entrust and Datacard customers will realize value from our companies’ combined expertise. Simply put – this is a win-win scenario.”

The combined entity will employ nearly 2,000 professionals, leveraging hundreds of channel partners to serve tens of thousands of customers. Together the company will enable its customers to issue over 10 million physical identities daily, handle over 200 billion transactions a year, and manage billions of identities, including the majority of payment cards and identification solutions in more than 100 countries.

Importantly, the company will accelerate investments in personalization, identity and credentialing solutions. These include Secure Issuance Anywheretrade technologies from centrally managed bureaus to instant issuance and mobile environments; authentication and credential management offerings that support a wide array of form factors, such as payment cards and identity documents, certificates, mobile, and tokens; and delivery models ranging from on-premise to cloud. These innovations will further enhance support of third party payment, identification, benefit, proofing and device management systems to streamline connectivity into today’s more integrated environments.

Chertoff Capital, a wholly-owned subsidiary of The Chertoff Group, and Centerview Partners acted as financial advisors to Entrust.

About Entrust

A trusted provider of identity-based security solutions, Entrust secures governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL.

About Datacard Group

Datacard Group empowers financial institutions, government agencies and other enterprises in more than 150 countries to securely issue and personalize financial cards, passports, national IDs, employee badges, mobile payment applications and other credentials. Our flexible solutions enable Secure Issuance Anywheretrade, which helps both public and private enterprises succeed in a global, digital and increasingly connected marketplace. Datacard is the world’s best-selling brand of secure issuance solutions.

For more information, visit http://www.datacardentrust.com/.

Article source: http://www.darkreading.com/privacy/datacard-announces-agreement-to-acquire/240164813

5 ways to reduce advertising network latency

A US federal judge has ordered the NSA to stop collecting the mobile phone records of innocent American citizens – and to destroy the files already amassed.

Whistleblower Edward Snowden revealed in June that the controversy-hit spy agency harvests call metadata from telco giant Verizon – sparking a lawsuit by lawyer Larry Klayman and fellow campaigners against the Obama administration.

The plaintiffs claimed the widespread gathering of phone records is unconstitutional.

In today’s bombshell ruling in the case, district of Columbia Judge Richard J Leon described the mass surveillance as “almost Orwellian”, indiscriminate and an “arbitrary invasion”. He agreed to put in place an injunction that will halt the collection of bulk mobile phone data by intelligence agencies. The US government was granted time to appeal to a higher court, if it so desires.

The case centers on the millions of private customer records that the NSA slurps from US carriers. The spy agency – supposedly operating under a secret oversight court The Reg discussed in 2006 – said it stores the information just in case it is needed in a hurry in future investigations. This data includes when a call was made and to whom.

“I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen,” Judge Leon noted in his judgment before granting the injunction.

“I am not convinced at this point in the litigation that the NSA’s database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations.

“The government, in its understandable zeal to protect our homeland, has crafted a counterterrorism program with respect to telephone metadata that strikes the balance based in large part on a thirty-four-year-old Supreme Court precedent, the relevance of which has been eclipsed by technological advances and a cell-phone-centric lifestyle heretofore inconceivable.

“In the months ahead, other courts, no doubt, will wrestle to find the proper balance consistent with our constitutional system.”

The decision is an early victory for the civil rights groups that have come together to challenge the NSA-led surveillance programs. The agency pressures mobile carriers and web companies to hand over customers’ private records in large batches, or simply taps into global communications links to collect data.

Ex-NSA contractor Snowden, today living in exile in Russia, hailed the judge’s decision to issue the injunction.

“I acted on my belief that the NSA’s mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts,” Snowden said in a statement distributed to The New York Times.

“Today, a secret program authorized by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”

The case is among the many challenges being lobbed at the NSA for operating planet-wide electronic dragnets. Critics allege that the collection of data is violating the privacy of billions of innocent people around the world and is amounting to intimidation of many religious and advocacy groups. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/16/judge_puts_nsa_mobile_record_collection_on_ice/