STE WILLIAMS

Google Executive Chairman Eric Schmidt said recently that encrypting everything can end government censorship in a decade.

To hell with 10 years, says anti-censorship group GreatFire.org – Google could do it in 10 days, and the group is happy to show how.

GreatFire knows whereof it speaks.

It recently threw bricks through the Great Firewall of China, the world’s most censored state.

It did it by putting up copies of censored sites – known as mirror sites – hosted by Amazon Web Services.

The mirrors successfully unblocked Reuters’ Chinese website (blocked since 15 November) and the China Digital Times website (blocked for years after having once created mirrors for GreatFire’s FreeWeibo project, which offers uncensored and anonymous Sina Weibo search).

The mirrors didn’t take 10 years to work; they were effectively “almost immediately,” GreatFire writes, so it’s a no-brainer that Google could get it done quickly:

Almost immediately, these mirrors got thousands of visits a day from China. But we are just a small team of activists with very limited resources. If anyone has the power to implement this technology widely it’s Google.

It takes two simple steps, GreatFire says.

From its post:

1. Google needs to first switch its China search engine (google.com.hk) to HTTPS by default. It has already done this in the US and in other markets but not in China. What this essentially means is that for Chinese netizens using Google, they will be taken to https://www.google.com.hk, the encrypted version of the search engine. By using the encrypted version, the great firewall of China cannot selectively block search results on thousands of sensitive terms.

2. While we provide a pretty comprehensive list of websites that are blocked in China, Google holds the best list of blocked websites, everywhere in the world. If the website that a user tries to visit from the search results on Google is blocked in the country that the user is in, Google should redirect the user to a mirrored version of the same website hosted by Google.

Perhaps it is as easy as that.

But as Naked Security’s John Hawes notes, treating mirrored sites as the real thing has its dangers.

Websites that look right but have fishy URLs are a traditional warning sign that crooks might be luring web surfers onto a dangerous site where they could be in store for malware infection or other cyber attacks.

Neither option is optimal: we have on one hand a state of censorship that cuts Chinese netizens off from the world, and on the other hand we have the possibility of proliferating mirrored sites that could be traps set by criminals.

What do you think? Is mirroring the answer, and should Google take on the onus, as GreatFire suggests?

Follow @LisaVaas

Follow @NakedSecurity

Image of Great Wall of China courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CE4cbhi_YKA/

Email delivery: 4 steps to get more email to the inbox

Europe – via ENISA, the EU network and information security agency – is setting its shoulder to the Sisyphean task of trying to align its various national Computer Emergency Response Teams (CERTs).

The problem, the agency says in a new paper published here, is that there’s a lack of cross-border coordination of Computer Emergency Response Team actions.

It hopes to create interoperability of things like information feeds and ticketing systems between the CERTs, NATO, and the private sector.

The high points, the paper says, are to:

• promote continuity of incident feeds, “which are often changed without prior notice”;
• get interoperability between existing tools; and
• improve the functionality of tools, including correlation engines, threat intelligence, analytics and visualisation, and automatic prioritisation.

In the paper, ENISA said CERTs had told it that as well as arbitrary changes to information feeds, “many feed publishers do not adhere to the standardised feed formats and create their own feed templates,” and would prefer that publishers stick to standard XML or even CSV formats.

ENISA says it will initiate a cross-border information-sharing project in 2014 to help national CERTs in Europe. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/27/euro_certs_need_better_support_says_enisa/

Email delivery: 4 steps to get more email to the inbox

The NSA spied on the porn-surfing habits of firebrand Muslims as part of a plan to discredit “radicalisers”, it has emerged.

A top-secret NSA document, leaked by fugitive whistleblower Edward Snowden, identifies six Muslim targets as examples of how personal proclivities determined through electronic surveillance can be used to undermine a target’s credibility and reputation by uncovering evidence of hypocrisy. The details are revealed by journo Glenn Greenwald, Snowden’s initial media contact, who has moved from working with the Guardian to the The Huffington Post blogswarm on this occasion.

“Assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the October 2012 document argues.

Activities by the targets (whose names and locations have been redacted by HuffPo) included “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls”. Revealing this sort of behaviour is among the most fruitful means to discredit targets among their own community, according to the leaked strategy document which was put together by the NSA director’s office and circulated to officials within the Departments of Justice and Commerce and the Drug Enforcement Administration.

Intelligence officials acknowledged the tactic was in their counter-jihadist playbook. None of the six individuals targeted by the NSA is accused in the document (at least) of direct involvement in terrorist plots. The document suggests that, based on separate signals intelligence data, the six targets only have varying levels of loose affiliation or contact with any extremist or militant Jihadist group. The targets are instead allegedly involved in helping to recruit young Muslims to the terrorist cause via YouTube, Facebook and other social media websites.

Embarrassing sexually explicit information was gleaned through online surveillance of two of the suspects, according to the leaked document.

“Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence,” Shawn Turner, director of public affairs for National Intelligence, told HuffPo in an email.

An appendix to the leaked document lists the radical arguments advanced by each surveillance target alongside personal “vulnerabilities” that might undermine their credibility if exposed.

One target’s radical argument is that “Non-Muslims are a threat to Islam,” and a vulnerability listed against him is “online promiscuity.” Another target, a foreign citizen the NSA describes as a “respected academic,” holds the offending view that “offensive jihad is justified,” and his vulnerabilities are listed as “online promiscuity” and “publishes articles without checking facts.”

A third targeted radical is described as a “well-known media celebrity” based in the Middle East who argues that “the U.S. perpetrated the 9/11 attack.” Under vulnerabilities, he is said to lead “a glamorous lifestyle.” A fourth target, who argues that “the U.S. brought the 9/11 attacks on itself” is said to be vulnerable to accusations of “deceitful use of funds.”

The document expresses the hope that revealing damaging information about the individuals could undermine their perceived “devotion to the jihadist cause.”

It’s unclear whether the potentially embarrassing information was ever leaked or used to apply pressure on the persons of interest targeted by the snooping – perhaps with the intent of getting them to flip as informants rather than publicly to discredit them.

The tactic of using potentially embarrassing information to undermine targets is not new or surprising. It was used in part as justification for federal surveillance against targets such as civil rights leaders such as Malcolm X and Martin Luther King, labor movement activists and others back in the 60s and 70s – as HuffPo also notes. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/27/nsa_smut_surfing_snooping_against_radicals/

Email delivery: 4 steps to get more email to the inbox

The European Commission is calling for better protection of its citizens’ data, against intrusion by American agencies like the NSA.

According to Reuters, the commission wants European citizens to have the right to sue in America over misuse of their data – something the US has promised but not yet implemented.

The report quotes EU justice commissioner Viviane Reding as saying “I have … made clear that Europe expects to see the necessary legislative change in the U.S. sooner rather than later, and in any case before summer 2014”.

Reuters has been given a look at a draft report which points out that “EU citizens do not enjoy the same rights and procedural safeguards as Americans” (something which El Reg would remark could just as easily be said of Australians, except that our government seems to lack interest in the issue, being more distracted by the discovery that its spooks spied on Indonesia’s president and his wife).

Dutch European parliamentary member Sophie in’t Veld complained, however, that the commission is still taking too soft a stance.

The European Parliament’s civil liberties committee wants data privacy laws updated to require consent for data collection, the right for citizens to ask for their data to be deleted, and new regulations covering data sharing with non-EU countries. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/27/euro_commissioners_to_us_snoop_off/

When a coalition of companies used sinkhole servers to wrest control of the Kelihos.B botnet and shut it down, it took less than a day for the botnet to be replaced by a strikingly similar malware network. Security firms debated whether the botnet had escaped destruction, but in the end, the takedown appeared to do little more than inconvenience the operators.

In a recent series of blog posts, Brian Foster, chief technology officer of network-security vendor Damballa criticized the companies that have endeavored to shut down botnets for missing their collective marks. Foster criticized takedown efforts for being haphazard, missing secondary communication methods, and failing to lead to the arrest of the operator.

“If security researchers and their organizations are doing takedowns for marketing reasons, then it doesn’t matter how they go about it,” he wrote. “But if they are doing takedowns to truly limit Internet abuse and protect end users, then there needs to be a more thoughtful approach than what has typically been used by the industry.”

In a follow-up interview, Foster stressed that takedowns can be done right, but need to be done in a more systematic manner that catches backup communication channels, speeds takedowns and allows for the gathering of evidence that can be used against the operators.

Yet, companies that have done botnet takedowns counter that the approach has indeed been effective. Microsoft, for example, has disrupted seven botnets, using civil complaints to allow it to seize servers and gather evidence on the botnets and their operators. In its latest takedown, Microsoft partnered financial firms and law enforcement agencies worldwide to disrupt the Citadel botnet, which the company claims has infected 5 million systems and caused more than a half billion dollars in damages. While the botnet may be resurrected by its operators, the effort has still had a net positive effect, argues Richard Boscovich, assistant general counsel of Microsoft’s Digital Crimes Unit.

“If you look at the benefits of the takedown in a very specific way–whether the number of botnets has gone down–then you could say the jury is still out,” he says. “But that is not a complete, nor holistic, way of looking at the actions.”

The number of people whose systems have been cleaned by industry, academic and government partners is a large benefit. The increase in public awareness is another great benefit. And, the partnerships established between researchers, industry and law enforcement will serve the industry well in the future.

“How can you argue that there is no value in that?” he says.

[Botnet hunters debate whether Kelihos/Hlux operators can reclaim rescued bots. See It’s (Already) Baaack: Kelihos Botnet Rebounds With New Variant.]

Security firm FireEye, which has participated in five botnet takedowns, points to the continued reduction in spam following the shut down of McColo as an indication that the strategy can succeed. The California-based Internet service provider hosted the command-and-control networks for a number of botnets, and was shut down in 2008, leading to a permanent decrease in spam.

“These botnets are no longer sending any spam at all, and that shows the success of the botnet takedown,” says Atif Mushtaf, senior staff scientist with FireEye.

Industry efforts to take down botnets have always been controversial. In many ways, botnet takedowns are a result of the high level of frustration with the seemingly endless attacks on the networks and computer systems of businesses, governments and individuals. Yet, in pursuing takedowns, companies and researchers need to analyze the impact of their actions to make sure they are not crossing ethical lines, David Dittrich, an information security engineer at the University of Washington, told attendees at the North American Network Operators Group conference in October.

“You need to be capable of justifying what it is that you are doing, because what you are doing might be illegal, in your country or in the country where the computer is that you are dealing with,” Dittrich said during his talk. “And you should try to go through this in a progressive way, working as much as you can toward cooperation, reporting to people and making sure that they are doing their thing, and not just jumping to strikeback or counterstrike.”

Researchers and companies need to come up with better definitions to describe botnets and associated malware and infrastructure, and a more scientific way of counting them to avoid confusion and inflated estimates of botnet size. Taking a more measured approach to botnet takedowns can help head off criticisms of grandstanding, he says.

In addition, companies need to work better with other researchers and find ways to scale the efforts so that more companies, and not just technology firms, can lead takedown efforts, says Microsoft’s Boscovich.

“You have to scale,” he say. “We should not be the only companies doing this or leading this. There has to be more people out there doing more of these.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/botnet-takedowns-spur-debate-over-effect/240164316

If you’ve got your wallet handy, take out a banknote – pretty much any banknote will do, in any currency – and find the serial number.

You shouldn’t have much difficulty – most central banks consider the serial number important enough that they print it more than once, sometimes in different colours and orientations.

Now write the serial number down on a piece of paper.

Chances are, for most of you, that’ll be the first time you’ve ever done anything that actively involves a banknote serial number. (There was no point in asking you to write it down, other than to make that point.)

For some of you, perhaps, it may even be the first time you’ve noticed that each banknote is uniquely labelled .

But I bet you one thing: if real banknotes didn’t exist, and all you had was a list of serial numbers like the one you just copied down, you’d look after that list pretty carefully.

You certainly wouldn’t hand the list to a stranger on the street and say, “Be a good chap, won’t you, and keep this in your pocket until I see you next week,” any more than you’d hand him your wallet full of cash to store for you.

But Bitcoins – the unregulated digital currency that has been hugely in the news lately, both for its soaring street value and its usefulness in paying the CryptoLocker malware ransom – are, very loosely speaking, stored and traded like our imaginary list of banknote serial numbers.

There are no offical Bitcoin banknotes or coins; just strings of digital data that act as cryptographic serial numbers, denoting which Bitcoins (or fractional parts of Bitcoins) are yours.

So, if you’re into Bitcoins, you want to watch that digital Bitcoin wallet of yours pretty closely, especially given the steepling surge in the cryptocurrency’s value in the past month.

→ Even the crooks behind CryptoLocker, who seem to have found that $300 is the sort of price point at which victims will pay up, while, say, $2000 is too high, have been forced to drop the Bitcoin cost of their extortion. What cost BTC2 a month ago is “only” BTC 0.5 now.

Nevertheless, many Bitcoiners seem to be big on risk, entrusting their precious Bitcoin assets to a wide range of online wallet services, where they are firmly in the sights of cybercrooks.

Bad luck if it all goes wrong, of course, because you’re not likely to get your money back.

Without any financial operators’ rules or consumer protection laws to help you out, things don’t end like they usually do with disputed credit card transactions. (In those, the bank takes the disputed amount back from the merchant and gives it to you. The merchant wears the loss.)

Sadly, a number of boutique Bitcoin merchants and wallet services have been cleaned out by hackers in the past month, including:

• Australia-based Inputs.io.
• China-based GBL.
• Denmark-based BIPS.

Each of these companies had been operating officially for only a few months, yet already had entrusted to them millions of dollars that are now in the hands of cybercrooks.

Just over a year ago, we wrote about the regrettable story of a youngster named Roman Shtylman, whose security lapse during a server upgrade led to unecrypted backups being stolen, costing his sideline Bitcoin business some $250,000 overnight.

That was back when Bitcoins were worth just over $10 each, compared to nearly $800 today.

So, you can see why hackers are more than merely interested in online Bitcoin repositories – and why you need more than just a hunch about a repository’s trustworthiness before you hand over your Bitcoin data.

Remember, you don’t have to keep your Bitcoins online with someone else: you can store your Bitcoins yourself, encrypted and offline.

In fact, you can do that with any and all of your digital possesions.

There was life before cloud storage, and there will be life after it!

Follow @duckblog

Bitcoin banknote image from bitcointalk.org.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1IDLI7v9aDM/

The Wickr team is brought together by the strong belief that private correspondence is a universal human right that is extremely important to a free society. Each day, the team works hard to bring this right to everyone, for free.

To bring private correspondence to the entire populace, it is going to take a team of world-class cryptographers, privacy advocates, policy experts, peace negotiators, internet rights activists, technologists and business geniuses. So that is exactly what we have assembled.

Wickr is supported by a powerhouse of advisors dedicated to defending this basic human right, including:

• Brian Behlendorf – Apache, WEF, Mozilla, EFF

• Ambassador Joseph DeTrani – Peace Negotiator, State, CIA

• Whitfield Diffie – Cryptography God

• Jerry Dixon – Former CyberCzar, DHS

• Cory Doctorow – Sci-Fi Author, BoingBoing

• Sue Dorf – IMG, Olympics

• Lauren Gelman – Former Stanford, EFF

• Lesley Gold – Former CNN, DNC

• Dan Kaminsky – Saved the Internet

• Paul Kocher – Cryptography God

“Just as diplomats frequently insist that they must have privacy in order to negotiate, making public only the results of their negotiations and not the path by which they were reached, individuals must be able to communicate privately with their friends and associates in order to form the views that will inform their actions,” said Whitfield Diffie, a Wickr advisor and inventor of the concept of public-key cryptography — the technology that underlies the security of internet commerce.

“The only way to get good at stuff is to make mistakes. Without the privacy to screw up in front of a friendly audience, many of us would never be able to develop our ideas to the point where they were fit for the wider world,” said Cory Doctorow, a Wickr advisor and best-selling author, privacy activist, journalist and blogger.

Brian Behlendorf

Brian is a Managing Director at Mithril Capital Management, a growth equity investment firm based in San Francisco. For 20 years he has been at the intersection of open technology, innovation, and public policy: as founder or co-founder of a series of companies (Hotwired, Organic, CollabNet); co-founder of the Apache Software Foundation, board member at the Electronic Frontier Foundation, the Mozilla Foundation, and Benetech; CTO at the World Economic Forum; and advisor to the White House Office of Science and Technology Policy and Department of Health and Human Services.

Ambassador Joseph DeTrani

Joseph DeTrani is the President of the Intelligence and National Security Alliance. He has served an impressive thirty-year public service career, including his roles as Special Envoy for Six Party Talks with North Korea and former Director of the National Counter Proliferation Center (NCPC) for the Office of the Director of National Intelligence (ODNI). In the past, he has worked in numerous roles for the CIA, including Director of East Asia Operations, Director for European Operations, Director of Technical Services, Director of Public Affairs, Director of the Crime and Narcotics Center, and Executive Assistant to the Director of Central Intelligence.

Whitfield Diffie

Whitfield Diffie is the inventor of the concept of public-key cryptography — the technology that underlies the security of internet commerce — which he developed along with Martin Hellman at Stanford University in the mid 1970s. Diffie spent the 1980s as manager of secure systems research at Bell-Northern Research, the laboratory of the Canadian telephone system. Subsequently, he went to Sun Microsystems where he devoted the 1990s to the politics of internet security and retired as Chief Security Officer in 2009. Diffie holds the positions of Consulting Professor in the Center for International Security and Cooperation at Stanford University and Visit Professor at Royal Holloway College of the University of London and is a participant in several startups. Academically, Diffie holds a bachelor of science degree from MIT and an honorary doctorate from the Swiss Federal Institute of Technology, which was given for the work done at Stanford University a decade earlier. The success of public-key cryptography has provoked numerous awards. Diffie is a Fellow of the Marconi Society, Laureate of the Franklin Institute, and recipient of the IEEE Hamming Prize. He particularly values the 1996 National Computer Systems Security Award which was given to him by NIST and NSA, with whom he was engaged in a political battle of the freedom to use cryptography. Recently, Diffie has more recently been elected as fellow of the National Inventors Hall of Fame, fellow of the Computer History Museum, and Cybersecurity Fellow.

Jerry Dixon

Former Director of National Cyber Security Division (NCSD) and US-CERT, Department of Homeland Security, Dixon now serves as Director of Analysis for Team Cymru and continues to advise partners on national cybersecurity threats. In this role, he aides organizations in preparing for cyberattacks, and assists with the development of cybersecurity policies for a variety of organizations. During his time at the DoH, Jerry led the national effort to protect America’s cyber infrastructure and identify threats. Before joining NCSD, Mr. Dixon was the founding director of the Internal Revenue Service’s (IRS) Computer Security Incident Response Capability.

Cory Doctorow

Science fiction author, activist, journalist and blogger, Doctorow authored Tor Teens/HarperCollins UK novels like “For the Win” and the bestselling “Little Brother.” He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Some common themes of his work include digital rights management, file sharing, and post-scarcity economics.

Sue Dorf

Sue Dorf has represented over a dozen professional and Olympic athletes during her 16 year career as an Olympic athlete agent and sports marketing consultant. Sue rose to Vice President of Winter Sports for IMG, the leader in athlete development and sports marketing. Her athletes compete at the highest levels, and have won a combined 11 Olympic medals, 17 World Championships, and innumerable World Cup level events. Her brand development, marketing skills and relationships with the media have enabled athletes to achieve top earnings within their respective fields. Additionally, Sue has negotiated and executed event sponsorship rights deals and licensing programs within skiing and figure skating. Sue’s current focus lies with World Cup Skiing and co-managing its top superstar, Lindsey Vonn, the most decorated US skier of all time.

Lauren Gelman

Lauren Gelman has been a leader in the field of cyberlaw and policy since 1995. She founded BlurryEdge Strategies and until June 2009, Lauren served as the Executive Director of Stanford Law School’s Center for Internet and Society (CIS). She also spent six years in Washington, DC as the Public Policy Director for the Electronic Frontier Foundation (EFF), and as the Associate Director of Public Policy for ACM. Lauren is the co-editor of “Securing Privacy in the Internet Age” the author of “Privacy, Free Speech and Blurry-Edged Social Networks” published by the Boston College Law Review as well as dozens of other expert editorial pieces on the issue of privacy.

Lesley Gold

Before founding SutherlandGold, Lesley served as Vice President for Blanc Otus, the global technology practice of Hill Knowlton, where she led breakthrough campaigns for TiVo and Sony PlayStation, among other top consumer technology brands, and created positioning and strategy to maintain their leadership in the face of competition from Microsoft. Lesley’s career has taken her from the nation’s top political offices to the world’s leading cable network. As a network television producer at CNN, Lesley built a reputation for compelling stories that captivate key audiences. At the Democratic National Committee (DNC), where she served as director of radio services, Lesley’s issues management savvy came to the forefront, and led to positions as a campaign strategist and press secretary for former U.S. Labor Secretary Robert B. Reich.

Dan Kaminsky

Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft. Dan spent three years working on the Microsoft Vista, Server 2008, and Windows 7 releases. Kaminsky is best known for his work in finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure to date. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Kaminsky is the American representative. Currently, he is developing systems to reduce the cost and complexity of securing critical infrastructure.

Paul Kocher

Paul Kocher, known for designing many cryptology apps and protocols, is also credited with the discovery of timing attacks and techniques for preventing vulnerabilities. He is the creator the SSL 3.0 standard and DES Key Search machine – essential tools in internet security. In 2009, Kocher was elected to the Academy of Engineering. His recent focus has shifted to anti-piracy technologies for securing digital content.

About Wickr

The Internet is forever. Your private communications dont need to be. The Wickr team is made up of top security and privacy experts who strongly believe online communications should be ephemeral. Wickr offers free worldwide text, audio, picture and video messages that self-destruct by being private, secure and anonymous.

We take our privacy policy seriously. Compare ours to every other messenger app. Privacy policies can tell you a lot about what an app is doing. We are the only ones not to collect any personal data.

Since the launch in June 2012, Wickr has seen an exponential growth and 5-star reviews. As a top ranked free social app in the U.S., China, India, Israel, Spain, South Africa and Brazil, we have served millions of secure messages. Wickr is the future of messaging. Join us if you haven’t already. It’s free!

Wickr is headquartered in San Francisco, CA. More information is available at https:www.mywickr.com. To get further detail about how the app works, please visit the App link on our website at www.mywickr.com. Feedback and reviews are much appreciated.

Article source: http://www.darkreading.com/mobile/wickr-announces-new-interface-app-and-ad/240164298

PLAYA VISTA, CA – Belkin, a trusted leader of technology solutions for office, classroom, IT infrastructure, and mobile environments, today announced its release of the Belkin Secure Headset Adapter, the newest in the company’s line of award-winning secure products. The adapter is designed to securely connect analog audio devices to computers in a secure environment with ease and simplicity.

For Internet-connected computers located inside high security zones where classified calls and meetings take place, using audio devices may cause a security breach if not properly protected. Such computers are often used with headphones, speakers, or microphones to enable conference calls. These Internet-connected computers can be compromised by hackers to remotely enable their microphones or headsets, using them to “listen” in to surrounding environment.

To avoid these problems, Luis Artiz, director of product management, Business Division, Belkin International, said that the Belkin Secure Headset Adapter is the only solution available today that enables the use of analog audio devices in a secure environment. “It is the perfect security solution where classified discussions are held in an environment where computers are present,” said Artiz. “It should be used whenever analog audio devices are used–in boardrooms, offices, defense, the military, and other areas where sensitive conversations take place.”

The Belkin Secure Headset Adapter works by using an audio diode to assure unidirectional audio flow, preventing the headphones from being used as a microphone. A time-limited activation button disconnects the microphone when it is not in active use, making it impossible to keep the microphone open when a call is not in progress. The user must periodically press the button to extend the audio call if needed.

The Belkin Secure Headset Adapter also includes many additional security features:

• An anti-tampering mechanism, which permanently disables the audio adapter upon detecting any tampering

• OTP protected firmware stored on a non-programmable ROM

• Complete isolation of the audio switch from the computer

• High-quality audio via active diode circuitry, which assures audio passes in the required direction with no distortion or attenuation

• Easy integration and operation, with no USB Interface, no changes to existing audio equipment, and no use of unsecured USB audio interface.

The adapter, which weighs just over half a pound, supports all AC’97 CODECS on-board or audio cards, and HD Audio Codecs. It also supports a wide range of Belkin Secure desktop products, including KVM and KM switches.

Belkin delivers the necessary components for workstation security, as well as every essential accessory and peripheral device to provide a complete, efficient, productive workstation that meets the demands of government use. For more information visit: Belkin Government.

Tweet this: @belkinbusiness releases secure headset adapter for analog devices to thwart #cyberattacks and #securitybreaches

About Belkin Business

Belkin Business, a division of Belkin International, offers technology solutions for office, classroom, IT infrastructure, and mobile environments. A proven technology leader for more than 30 years, organizations worldwide trust Belkin for its unwavering commitment to product quality, and expertise in creating solutions designed to address customer requirements in business, government and education. With a global supply chain and broad provider network, Belkin commands a purchasing power that delivers greater value and unparalleled execution advantages to customers. The company’s line of commercial products are available through Belkin’s global network of distributors and resellers. Headquartered in Playa Vista, California, the company is represented in more than 25 countries and can be found on the Web at http://www.belkin.com/us/business/enterprise.

Article source: http://www.darkreading.com/end-user/preventing-security-breaches-caused-by-a/240164287

WORCESTER, Mass., Nov. 25, 2013 /PRNewswire/ — The holiday shopping season brings more shopping activities and, unfortunately, also the increased risk of identity theft. In 2012 alone, $21 billion was stolen through identity theft.

With this in mind, The Hanover Insurance Group, Inc. (NYSE: THG) offers tips to help shoppers keep their identities and wallets safe this holiday shopping season, both at the mall and online.

“We see the threat of identity theft grows as consumers do more shopping, and making it worse is identity thieves who are increasingly savvy and aggressive targeting holiday shoppers,” said Mark R. Desrochers, president, personal lines insurance at The Hanover. “Identity thieves seek to take advantage of the hustle and bustle of the holidays. But, with a few important steps, people can protect their identity and wallets from thieves who prey on unsuspecting holiday shoppers.”

While Shopping At the Mall

— Don’t carry your Social Security card in your wallet or write it on your checks. Only give out your Social Security number when absolutely necessary and required.

— Protect your PIN. Never write a PIN on a credit/debit card or on a slip of paper kept in your wallet.

— Watch out for “shoulder surfers”. Use your free hand to shield the keypad when using checkout key pads and ATMs.

— Don’t leave your credit card visible for extended time. ID thieves can quickly write down your card number, or may even try to take pictures of it with their mobile devices.

— Keep your receipts. Promptly compare receipts with account statements.

Watch for unauthorized transactions.

When Shopping Online:

— Think before you act. Be wary of emails that offer deals that sound too good to be true, and implore you to act immediately.

— When in doubt, throw it out. If an e-mail looks suspicious, it’s best to simply delete it or mark it as junk, and do not reply.

— Make sure the websites you visit are legitimate. This includes a closed padlock on your web browser or a URL address that begins with shttp or https.

— Protect your personal information. Make sure the information requested of you is limited to only what is needed to complete the transaction.

— Check the site’s privacy policy. When you make purchases through a website, ensure you understand how your information will be protected.

— Keep a clean machine. All the devices you use for shopping including smartphones and tablets should have up-to-date software including security software, operating systems, programs and apps.

— Be savvy about Wi-Fi hotspots. Don’t share personal or financial information over an unsecured Wi-Fi network, which could be a haven for ID thieves. Secure networks require a password for access.

— Use safe payment options. Credit cards are generally the safest option.

— Keep a paper trail. Save records of your online transactions. Read your credit card statements as soon as you get them and, if there is a discrepancy, report it immediately.

These tips will help minimize the risk of ID theft when shopping, but they do not guarantee you won’t encounter ID theft.

In addition to these prevention tips, The Hanover offers the Identity Protection Program to their home, condo and tenant policyholders. The program offers a variety of proactive and resolution services, reimbursement coverage and more, all for customers’ identity protection needs.

For more information about how to keep your identity safe, please talk to your local independent agent and view our “Protecting Against Identify Theft”

Infographic at www.hanover.com.

ABOUT THE HANOVER

The Hanover Insurance Group, Inc., based in Worcester, Mass., is one of the top

25 property and casualty insurers in the United States. For more than 160 years, The Hanover has provided a wide range of property and casualty products and services to businesses, individuals, and families. The Hanover distributes its products through a select group of agents and brokers. Through its international member company, Chaucer, The Hanover also underwrites business at Lloyd’s of London in several major insurance and reinsurance classes including political risk, marine, aviation and energy. For more information, please visit hanover.com.

Article source: http://www.darkreading.com/end-user/as-holiday-shopping-rises-so-does-threat/240164299

GOTHENBURG, Sweden and PALO ALTO, California, November 26, 2013 /PRNewswire/ —

Fingerprint Cards (FPC) and Nok Nok Labs today announced an end-to-end infrastructure solution for strong and simple online authentication using fingerprint sensors on smartphones and tablets.

“Through this partnership, we offer mobile and tablet OEMs the ability to quickly integrate FPC’s swipe and touch-based fingerprint sensors that are now also enabled for strong online authentication,” said J rgen Lantto, Executive Vice President, CTO and Head of Strategy and Product Management at FPC. “This solution is the first result of our collaborative efforts to support the FIDO Alliance and is intended to help the alliance achieve its mission to transform the nature of online authentication, and to enable our customers to be part of its ecosystem.”

“Nok Nok Labs’ Multifactor Authentication Server allows any company to rapidly integrate smartphones and tablets using FPC’s fingerprint sensors into their online authentication experience and minimize their reliance on weak passwords,”

said Phillip Dunkelberger, President and CEO, Nok Nok Labs. “Companies can now use fingerprint-based authentication as an ‘ignition key’ to create new classes of innovative and unique mobile experiences. Services such as mobile payments and user personalization can be implemented in ways that are more natural, faster and secure than before.”

The two companies have initially implemented the joint solution utilizing the

FPC1080 fingerprint sensor, Nok Nok Labs’ client and server technology, and commercially available Android smartphones using the FPC1080 fingerprint sensor in order to demonstrate readiness to support the emerging FIDO-based ecosystem.

As members of the FIDO Alliance, FPC and Nok Nok Labs are helping to define the FIDO Alliance’s standards for universal strong authentication and are committed to supporting market adoption of the FIDO standard.

“We saw a tremendous opportunity to work with Nok Nok Labs to enable a rich and powerful ecosystem that will support FIDO standards and help realize the vision of the FIDO Alliance,” said Mr. Lantto. Mr. Dunkelberger observed, “As a founding member of the FIDO Alliance, Nok Nok Labs appreciates the commitment of FPC to the FIDO Alliance. We expect that our collaboration will drive future innovation that will accelerate adoption of our joint commercial solution.”

About Fingerprint Cards AB (publ)

Fingerprint Cards AB (FPC) develops, produces and markets biometric components that through the analysis and matching of an individual’s unique fingerprint verify the person’s identity. The technology consists of biometric sensors, processors, algorithms and modules that can be used separately or in combination with each other. The competitive advantages offered by the FPC’s technology include unique image quality, extreme robustness, low power consumption and complete biometric systems.

With these advantages and the ability to achieve extremely low manufacturing costs, the technology can be implemented in volume products such as smart cards and mobile phones, where extremely rigorous demands are placed on such characteristics. The company’s technology can also be used in IT and Internet security, access control, etc. Fingerprint Cards AB (FPC) is listed on the Nasdaq OMX Stockholm (FING B) and has its head office in Gothenburg.

About Nok Nok Labs

Nok Nok Labs, Inc., based in Palo Alto, CA, was founded to transform online authentication for modern computing. The company is backed by a team of security industry veterans from PGP, Netscape, PayPal Phoenix, and have deep experience in building Internet scale security protocols and products. The company’s ambition is to enable end-to-end trust across the web using authentication methods that are natural to end-users and provide strong proof of identity. For more information, visit http://www.noknok.com.

Article source: http://www.darkreading.com/mobile/fpc-and-nok-nok-labs-deliver-infrastruct/240164289