Friday, January 12, 2007

Bloggers gain access to Libby trial

CNET "Internet bloggers will be allowed to cover the criminal trial of former White House staffer Lewis 'Scooter' Libby alongside reporters from traditional media outlets, a court representative said Thursday.
Members of a bloggers' association will share at least two seats during the high-profile trial in which Libby's former boss, Vice President Dick Cheney, is expected to testify, said Sheldon Snook, a spokesman for the U.S. District Court in Washington. "

Network Neutrality Critics Say If Net Ain't Broke, Don't Fix It - News by InformationWeek

Network Neutrality Critics Say If Net Ain't Broke, Don't Fix It - News by InformationWeek: "Opponents of network neutrality are criticizing a bill introduced this week by Senators Olympia Snowe, (R-Maine) and Byron Dorgan (D-N.D.).
The Internet Freedom Preservation Act of 2007 would prevent broadband service providers from prioritizing some Internet content, applications, or services over other content, applications, or services.
Hands Off the Internet co-chairs Mike McCurry and Christopher Wolf issued a joint statement saying the bill would benefit large content companies like Google, eBay, and Amazon, while forcing consumers to bear the burden of the cost of upgrading U.S. communications networks. Verizon and other network providers are also critical of the bill.
'It's disappointing that Senators Snowe and Dorgan would introduce essentially the same bill to regulate the Internet that went down to such decisive defeat in Congress last June,' they said. 'With America lagging many of our economic competitors in broadband deployment, Congress' focus should instead be on spurring affordable high-speed deployment. And, as numerous opponents of neutrality regulations, including the Communications Workers of America, have correctly noted, promoting deployment, not cumbersome new regulation, is the key to economic growth and job creation.' "

A quest for 'more info' on bank fees - The Red Tape Chronicles -

A quest for 'more info' on bank fees - The Red Tape Chronicles - "If you saw this line on your online banking statement -- 'Service fee: $3 (more info)' -- What would expect to see when you clicked on the hyperlinked words 'more info”?
More information, I would suspect. But that’s not what you would get.
At Wachovia Bank, clicking on those words doesn't shed any light on the fee. The window that pops up reads merely 'Service Fee. Quantity: 1. Total $3.'
The other day, colleague Andy Gallagher showed me his fee-laden Wachovia checking account statement, his blood boiling from unintelligible fees. But it was the 'more info' thing that really stuck in his craw. You can see why by looking at the graphic below. "

Wednesday, January 10, 2007

Extended Validation (EV) SSL Server Certificates

Entrust EV SSL Certificates: "What is an Extended Validation (EV) SSL Certificate?
An Extended Validation (EV) SSL Server Certificate is a new category of SSL certificate created by an industry consortium called the CA/Browser forum. This new category of certificate was conceived in response to the growing threat of phishing attacks with a goal of increasing consumer confidence in online transactions.

EV certificates will be issued to websites only after rigorous validation of their identity. Web browsers will reflect this higher level of identity assurance with prominent and distinct trust indicators, such as the green address bar used by Internet Explorer 7."

For more information on Entrust Extended Validation (EV) SSL Server Certificates please visit

NSA offers Vista installation tips

"Microsoft got input from the National Security Agency for a document with tips on how to use the Windows Vista operating system in larger organizations.
The National Security Agency Information Assurance Directorate reviewed the Windows Vista Security Guide and provided comments that were incorporated in the published version, according to Microsoft. The U.S. Department of Commerce's National Institute of Standards and Technology, NIST, had a similar role, Microsoft said."
NSA offers Vista installation tips CNET

Microsoft leaves Word zero-day holes unpatched

"Microsoft on Tuesday released fixes for vulnerabilities in its Windows and Office software, but left several known Word zero-day flaws without a patch.
As part of its monthly patch cycle, Microsoft published four security bulletins with fixes for 10 vulnerabilities. Three of the bulletins are deemed 'critical,' the company's most serious rating; the fourth is tagged 'important,' a notch lower. All bulletins, however, address flaws that could allow an attacker to commandeer a PC. "
Microsoft leaves Word zero-day holes unpatched CNET

Digital Resolve Reports Record Online Fraud and Identify Theft Solution Deployments in December 2006

Digital Resolve Reports Record Online Fraud and Identify Theft Solution Deployments in December 2006: "Digital Resolve, the authority in transparent risk-based authentication, today reported in the month of December 2006 more than 100 new financial institutions are now safeguarding their online banking customers with the strong, yet seamless protection offered by the company’s Fraud Analyst® risk-based authentication solution, which has been protecting online users against fraud and identity theft since 2003.
Driven by a year-end deadline to expedite deployments of risk-based authentication solutions and seeking to work with technology vendors with exceptional customer service as well as easy-to-deploy solutions, banks, credits unions and technology partners are relying on Digital Resolve’s Fraud Analyst solution to reduce online fraud by as much as 90 percent. In addition to the success of its risk-based authentication platform among financial institutions, Digital Resolve is helping as a data provider to Microsoft's Phishing Filter service for Windows Internet Explorer 7 and Windows Live Toolbar to help protect online users from phishing attacks, as announced in September 2006. "

IndustryWeek : RFID Strategy -- RFID Privacy And Security Issues

IndustryWeek : RFID Strategy -- RFID Privacy And Security Issues: "Jan. 9, 2007 -- RFID tag security and data privacy was a popular topic in 2006, so I am beginning 2007 with a review of the issues and a look ahead at some anticipated developments."

Vista flaw discovered, risk believed low - Security -

Vista flaw discovered, risk believed low - Security - "NEW YORK - Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.
(MSNBC is a joint Microsoft-NBC Universal venture.)
Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was disclosed on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.
Story continues below ↓

advertisement "

Why Attend? - RSA Conference 2007

Why Attend? - RSA Conference 2007: "Why Attend?
Access. Knowledge. Connections.
In an industry that changes daily and a profession that demands lightning fast response, staying informed, engaged and one step ahead is critical. RSA® Conference delivers knowledge, best practices, insight, perspective and unequalled opportunities to connect and collaborate. It is the most respected, highly attended, and eagerly anticipated information security event in the industry.
Choose from 19 class tracks and more than 220"

Tuesday, January 09, 2007

Half-baked bloggers...

Regarding this story on a blog by Scott Ventura, called Half-Factor Authentication ... he's obviously just firing on a couple of cylinders. Tokens are perceived to be the cadillac of authentication mechanisms, but at $30-$40 a pop along with the increase in help desk calls, it's just not realistic for most organizations to implement. Entrust's grid card has been taking off around the world because of its simplicity for end users. I heard that one bank in Asia-Pacific actually saw no uptake in help desk calls after launching Entrust's grid authentication method. Users feel safe... is a grid card going to be the 'end all be all' of authentication... of course not... neither are tokens. That's why organizations need a layered security approach that both has a back end fraud detection tool that end users don't see, as well as something that is obvious to the end user. Since implementing something to interrupt the end-user experience also serves the dual purpose of bolstering their confidence, it doesn't need to be complicated to give that assurance. Since just about any authentication method can be thwarted by clever fraudsters, 'one size fits all' just opens Pandora's box for the bad guys.

Mr. Ventura... obviously, you need a little more insight into how organizations are effectively defending their customers online. It's definitely not just with tokens!

A shifting landscape for e-mail security

"Cisco Systems' purchase of e-mail security specialist IronPort Systems is another sign that big-name vendors are taking over the spam fight, analysts say.
Upon completion of the $830 million cash and stock deal, networking giant Cisco will join Symantec and Microsoft as a leader in the e-mail security arena. Those other companies entered the market via acquisitions and product development of their own. "
A shifting landscape for e-mail security CNET

Monday, January 08, 2007

Start Your Engines! Extended Validation is now live for Vista | Trust Me!

Start Your Engines! Extended Validation is now live for Vista Trust Me!

EV is live folks! At least partly live…
The good folks at Microsoft have pushed the button to publish Extended Validation trust list metadata for Vista machines.
The updates for XP machines are expected before the end of the month.
What does that mean? It means Vista users can now see the new trust features in Internet Explorer 7. It probably also means CA/Browser Forum members are high-fiving each other. Nice work!
If you got Vista for Christmas then you’re welcome to click over to our site to see a green address bar live in the comfort of your own browser (as long as it’s Internet Explorer 7…). If not, I’ll treat you to a screen shot here.Just imagine how great your site would look in green! Check us out if you’re in the market for Extended Validation SSL Certificates.

HM Revenue phish surfaces | The Register

HM Revenue phish surfaces The Register

Death-Defying Acts

Can a discredited software vendor come back to life? Sure, if its software is unique.
Michael McGrath had planned to stay only a short while when he became chief executive of I2 Technologies in February 2005. He's still there, though the time hasn't been particularly fun. The Dallas software firm was a shambles. It had lost 99% of its market value since the tech peak and two-thirds of its sales volume, in part to software titans SAP and Oracle. The Securities & Exchange Commission filed suit against three of its former executives for falsely booking $360 million in revenue over four years. (Two cases have been settled, and one is ongoing.) Also, $315 million in debt was coming due, with only $285 million in cash on hand.
McGrath, who had been on I2's board since August 2004, said it was "like [when] you go by a burning house and say, 'I gotta do something.' I couldn't stand on the sidelines anymore. The problems were solvable, and I knew how to solve them."
Today I2 is still struggling to grow, but at least it's profitable, with its balance sheet in decent shape and its salesmen back on the streets selling the sophisticated production-planning software that the company's founders developed in the early 1990s. If McGrath can win back the respect of corporate software buyers, he will be one of the few ever to revive a fallen technology brand.
Until I2 came along in 1988, big manufacturers had scheduled their purchasing and production lines using crude spreadsheets backed up by basic inventory software. Sanjiv Sidhu and the late Kanna Sharma left jobs at Texas Instruments to start I2 as a test bed for using artificial intelligence to sort through hundreds of thousands of possible outcomes to solve complex production schemes. Their software could simulate manufacturing operations, incorporating constraints like factory capacity, availability of materials and space for inventory. Companies used I2 to find the optimal number of parts to buy, how long to run an assembly plant and what orders they could fill. Between 1996, the year I2 went public, and 2000, sales went from $100 million to $1.1 billion, with big customers such as Caterpillar and 3M.
Then came the tech crash. Oracle and SAP, previously content to resell I2's products, entered the supply-chain software field. Some big customers began to fume at I2 for overselling product features, especially how easy it was to customize the code. In February 2001 Nike publicly blamed I2 for causing it to miss quarterly earnings by one-third. I2's demand-planning software reportedly told Nike to make too many Air Garnetts and not enough Air Jordans, leading to $100 million in lost sales. Then, in 2003, I2 dropped a bombshell when it announced it would have to rewrite four years of P&L statements to retract false revenues.
"I2 grew so quickly it never had time to establish the management fundamentals," says McGrath, who had spent 28 years at the consulting firm he cofounded, Pittiglio Rabin Todd & McGrath. "We didn't even know where our cash was."
In 2004, I2 issued $100 million in preferred stock, convertible to an 18% stake in the company, to a fund run by Geoffrey Raynor, a distressed-tech investor in Fort Worth, Tex. Raynor helped bring McGrath in to shore things up. McGrath raised $43 million more by selling some businesses, reduced debt by $210 million and cut $100 million in annual costs by firing staff, closing offices and curtailing employee travel and use of cell phones and BlackBerrys. In one year I2's operating margin (in the sense of income before interest, taxes, depreciation and amortization) went from 13% to 30%. In 2005, I2 earned $43 million on sales of $337 million, its first profit in seven years. The income statement is a lot cleaner, as I2 now recognizes many sales only when each component of a contract is fulfilled, instead of booking all of it the moment a contract is signed.
I2 has to start growing again--not an easy task. Sales still appear to be falling, and the supply-chain software market is stagnant, expected to rise only 2.4% a year through 2010. But McGrath thinks he can wring more dollars from existing customers and attract new ones--at least those who haven't standardized with Oracle or SAP--by selling them new software that will tightly weave together I2's older applications with programs from other vendors, used to plan production, purchasing, sales automation and bid-tendering.
Currently these applications talk to one another only if a programmer sits down and writes the code that tells them how. That can cost millions of dollars. Little changes can ripple through every one of those program-to-program interfaces. So most companies simply don't do it, opting instead to make limited use of I2's programs.
I2's new product line comes with a library of standard software components that data-processing managers can plug in more easily. It allows I2 to build up a client's capability gradually, which pleases frugal buyers burned by massive investments years back.
ON Semiconductor likes I2's new software so far. A chipmaker with plants and suppliers in the U.S., Europe and Asia, on ships 300 million parts a week and has used I2's full suite of products since 2000, improving on-time delivery rates from 65% to 90%. Production simulations used to require weeks of tweaking one variable at a time. Using I2's new scenario planner, ON can spit out what-if results hourly, getting a view of its whole supply chain, says Charlotte Diener, a vice president at ON. The company plans to upgrade to I2's new demand manager this year.
VF Corp., the world's largest apparel company (which claims the title of the I2 customer with the most complex supply chain), is waiting to see how the new software works before committing. The company, which has 800,000 different products (counting sizes and styles) coming from 1,400 factories in Latin America and Asia, already spent the time and money to stitch its planning programs together manually, so it's in no rush to add another layer of software.
Ellen Martin, who runs the VF supply operation, says that if I2's new software cuts the customization needed in half, it will attract business.
"If I was a new customer, I think it would be a big selling point," she says.
At a recent $21, I2's shares are up 100% since McGrath took over, versus 18% for the S&P 500. But that's still only 12.5 times trailing earnings. Outside investor Geoffrey Raynor has sold 3.2 million common shares, but he still owns all the preferreds, convertible to common shares at $23. Raynor made a name for himself buying shares of Continental Airlines and XO Communications near their lows. Raynor is likely to make his third big killing here.

Phishing tactics exposed by Google blacklist

Nearly two-thirds of active phishing sites target users of eBay, PayPal and Bank of America websites, according to research by a security expert.
Work carried out by Michael Sutton, found that in Google's blacklist of phishing sites, used by the company in its anti-phishing toolbar for Firefox, 63 per cent of sites targeted these three websites. Online auction website eBay was the most targeted with 23.46 per cent of fake sites, followed by online payments site PayPal with 23.17 per cent. Third was Bank of America with 16.42 per cent.
Sutton said on his blog that he was surprised to find that these three targets accounted for nearly two-thirds of phishing sites.
"I was somewhat surprised to find virtually all sites using straight social engineering attacks," said Sutton. "One amusing finding was that Yahoo! commonly hosts pages that phish, wait for it, Yahoo! credentials."
"My hope was that this exercise would provide some insight into current phishing attacks and it certainly did," he said.
Sutton added that the blacklist was continuously updated and specific versions can be requested by including the required major:minor version in the GET request. The full listing (1:1) contained primarily outdated URLs as 86 per cent of the pages or sites were no longer available.
"While I would like to think that the existence of Google's blacklist had contributed to the demise of these sites, phishing sites tend to emerge and disappear quickly, so I suspect that this is just a natural part of the phishing cycle," he said.

Governors eyeing new Congress' tax measures

Jan 5, 2007 — WASHINGTON (Reuters) - U.S. state governors are keeping a close eye on the new Congress, which they expect could tackle tax and spending measures this year that may cut into local revenues, a top official with the National Governors Association said in an interview on Friday.
"We're hopeful that Congress, when it comes to tax issues, will leave state tax dollars in the hands of state-elected officials," said David Quam, federal relations director at the
For instance, three U.S. senators introduced a bill on Thursday to make permanent a 1998 Internet access tax moratorium, which is due to expire in November — a move that would deny states income from consumers' Web usage, Quam said.

Venezuelan teen detained in hacking case

CARACAS, Venezuela - A 17-year-old has been detained by Venezuelan authorities after hacking into multiple government Web sites and posting playful photos of President Hugo Chavez and his close ally, Cuba's Fidel Castro.
The boy modified 23 Web sites — including those of the vice president's office, the National Guard and the investigative police — in late December, said Oswaldo Guevara, the investigative police's head of computer-related crimes.
He appended his hacker name — "J41ber" — and home telephone number on the photo postings and other cosmetic changes made to the home pages, and the modifications included photomontages of Chavez and Castro, Guevara said.


Consumers don't lose every battle against sneaky fees. In the case of retail store gift card fees, it's time to claim victory -- just in time for holiday shopping. So-called dormancy fees -- where gift cards leak value over time if they’re not used -- have just about become a thing of the past. You can thank several consumer advocate agencies, along with widespread consumer disgust, and perhaps a pang of corporate consience, for the change. Most retail gift cards will never expire or lose their value now, a welcome change.

Of course, the fight against fees is far from over. Bank gift cards, like the ones available from Visa and MasterCard, are still a terrible deal. Later in this column, I’ll show you how a $50 bank card will cost you $60 and could easily be worth only $40 to the recipient.