GEF - The Network Security Source for Executives, VCs, Procurement Managers and Engineers

For Visibility Edge over Your Competitors, contact advertising@globalexecutiveforum.net

Note: For Security news after 10/01/06, please go to OSS & Security

Security News (Before 10/01/06)

Telefonica Empresas implements Crossbeam security solutions
Telefonica Empresas, the leading Spanish telecom company, has implemented the security solutions of Crossbeam Systems, Inc., a leader in managed security and UTM (Unified Threat Management) for the largest networks in the world, to offer Clean Traffic Internet services.
These services offer companies the option of browsing the Internet efficiently and securely on a platform offering significant scalability and managed by Telefónica Empresas. The architecture also enables incorporation of the most prestigious programs on the market for the management of Internet browsing, reliable Internet access, access control, user management and protection against viruses and malicious codes, among others.
Clean Internet Traffic security services provide various benefits, savings, flexibility and important functionalities for companies seeking solutions to their security problems. The main characteristics of the MCI (Internet Connection Module) security solution developed by Telefónica Empresas are:
- Reliability through use of the Telefónica Empresas Multi-services network.
- Permanent network management. SLAs.
- Service quality commitments.
- Customer reports with comparable and quantifiable service data.
- Cutting edge technology, high performance and service levels.
- Architecture with total redundancy and scalability.
"We are proud to have provided the equipment to support security solutions for Clean Internet Traffic for a leading global company such as Telefónica," stated Peter George, president and CEO of Crossbeam Systems.
Related Channels: Security

Sprint Mobile Security offers unmatched seamless end-user security for mobile workforce
Sprint launched Sprint Mobile Security, which is powered by Mobile Armor and is the only security solution from any carrier that allows complete end-to-end security management for laptops and mobile handheld devices. It is a new service available in the Sprint Mobility Management portfolio, which also includes billing and device management services and is the only integrated package designed to work across multiple carriers and device and operating system (OS) platforms.
"Wireless security issues concern enterprise customers looking to expand wireless access to a broader range of corporate applications," said Rena Bhattacharyya, industry analyst at IDC. "Sprint Mobile Security addresses these concerns by bundling services that mitigate security risks and threats into a pre-packaged solution designed to be easy to install, use and pay for."
Sprint Mobile Security is designed to meet three major needs: data protection, threat prevention and compliance.
Data Protection
Sprint Mobile Security protects data by enforcing password policies across all devices with fixed, PIN or color-coded credentials. It also allows companies to encrypt individual files or an entire device and memory card using AES or 3DES, and the mobile VPN allows users to securely connect to the corporate intranet while on the go.
Threat Prevention
Sprint Mobile Security protects mobile devices from viruses, worms and Trojans that can infect devices and spread malware via text messages or Bluetooth connectivity. It scans, identifies and removes these malicious codes, and its firewall blocks "denial of service" attacks and restricts network traffic based on source, destination, IP ports and applications. Sprint Mobile Security can also lock and delete data on a device if the device is lost or stolen.
Compliance
Sprint Mobile Security enables companies to enforce policies to ensure that only corporate-sanctioned applications are on their devices and that government and industry regulations are being met. It can enforce more than 150 policies from a single online portal. Sprint Mobile Security also offers automatic remediation, which will update non-compliant programs or profiles automatically, without requiring user intervention. This feature simplifies the user experience and enhances productivity so that users are not locked out of applications or services.
"With Sprint Mobile Security, companies have access to the highest level of security expertise, tools and customer service to ensure complete protection for their unique and evolving enterprise security needs," said Barry Tishgart, director of product marketing for Sprint. "Companies can have confidence knowing that their assets are secure and proprietary data is protected and compliant with corporate policy."
Related Channels: Wireless, Security

Unilever selects BT for global managed firewall service
Unilever has awarded BT a contract for the provision of a managed firewall service. The 10.5m pounds ($19.7 million) global agreement will run over a six and a half year period and follows the recent extension to its original seven-year service contract with Unilever.
The new deal will involve BT taking over full management responsibilities for Unilever's existing estate of 256 firewalls spread across 68 countries. BT will transform Unilever's regionally managed firewall model into a single, consolidated global management structure in line with the rest of its networked IT services. BT's dedicated global managed firewall service team will remotely manage the consolidated system, enhancing security against virus and other network- based attacks by applying a standard set of processes and reporting procedures to each of the firewalls.
Ray Stanton, global head of BT's business continuity, security and governance practice, said: "This contract underlines the ongoing strength and success of our relationship with Unilever, extending our value added outsourcing services to cover the vital area of security. BT's skills and expertise in the global IT security market are shown to maximum effect by consolidating the monitoring and management of such a large number of dispersed firewalls under one team with a single set of operating procedures. BT is committed to supporting Unilever in developing all aspects of its IT infrastructure to protect its assets world wide."
Related Channels: Security

China Mobile's website attacked by hacker
China Mobile's website was attacked by hacker on September 11.
Instead of the usual rants that hackers place on their cracked websites, this time the company's homepage simply displayed a request from the hacker who asked for lowering the calling rates. The website resumed to normal at 8:36am, but the website of China Mobile's affiliate M-zone did not recover until 11am.
In response to the attack, some users posted online expressions of admiration for the hacker's humor, while others said they were concerned about the safety of China Mobile's network now that it was vulnerable to crackers and hackers.
Related Channels: China, Security

RSA Security stockholders adopt merger agreement with EMC Corporation
RSA Security Inc., the expert in protecting online identities and digital assets, Friday announced that RSA Security stockholders voted to adopt the agreement and plan of merger pursuant to which EMC Corporation, the leader in information management and storage, will acquire RSA Security. At the special meeting of stockholders held yesterday, the holders of a majority of RSA Security's common stock outstanding and entitled to vote at the meeting voted to adopt the merger agreement. Pursuant to the merger agreement, the acquisition is expected to be completed within two business days.
Related Channels: Security, Mergers & Acquisitions

6WIND supports Cavium's OCTEON processors for security and triple play OEMs
6WIND, leader in advanced embedded networking software, announced, expanded 6WINDGate™ support for the OCTEON MIPS64 Multicore processor family to include its single and dual core OCTEON CN30xx and CN31xx. OEM vendors are now able to use the same 6WINDGate™ software to produce a larger range of feature-rich access and triple-play gateways, and from lower-end CPEs to 10Gbps multi-services network security equipment.
OEMs looking to build a complete range of scalable high-performing appliances for networking across-the-board, can take advantage of the OCTEON-compatible 6WINDGate™ software which matches in price and performance, reducing significant risks and costs. 6WINDGate™ provides OEMs using OCTEON with a comprehensive management and control application, which has been optimized to include tight interfaces with the OCTEON SDK (software development kit), enabling seamless integration. Any customization done on the 6WINDGate™ software, for example a UNIX application add-on, is automatically applicable on other OCTEON processors if required.
“Tight integration of the 6WIND software with Cavium's OCTEON SDK will tremendously help our mutual customers in achieving faster time to market and optimized performance. 6WIND's breadth of software solutions on the full range of OCTEON processors highlights the performance, scalability and software compatibility of the Cavium product line, which is a critical requirement for next generation networking systems,” said Rajiv Khemani, Vice President of Marketing, Cavium Networks.
Related Channels: Security, Chipsets

Security Alert: McAfee unveils paper on adware and spyware -- A Key Finding: Celebrities are a bigger lure than sex
California-based McAfee announced the availability of a paper from McAfee Avert Labs entitled, 'Adware and Spyware: Unraveling the Financial Web'
McAfee, Inc. announced the availability of a paper from McAfee(R) Avert(R) Labs entitled, "Adware and Spyware: Unraveling the Financial Web." The paper highlights the financial incentives fueling the rise of adware and spyware, the prevalence of adware and spyware, and culprits behind the problem.
McAfee research shows that adware and spyware distributors abuse the affiliate marketing programs of legitimate companies. In addition, adware distributors use front companies and Web sites to reach unsuspecting users and intermediaries, meaning that legitimate sites are finding themselves tied to known spyware distributors. Programs then install themselves on a user's machine, often as the trade-off for a piece of "free" software, and are used to collect marketing data and distribute targeted advertising.
Key research findings from the paper include:
* Celebrities are a bigger lure than sex. The most prolific distributors of adware are star/celebrity Web sites -- not the commonly believed adult and pornography Web sites, according to McAfee SiteAdvisor(TM).
* The prevalence of adware and spyware is increasing at an exponential rate. By August 2006, there were approximately 450 adware families with more than 4,000 variants.
* A recent survey by McAfee SiteAdvisor found that 97% of Internet users could not differentiate safe from unsafe sites, meaning that the majority of users are just one click away from downloading potentially unwanted programs.
* The adware business model is lucrative. A recent criminal indictment alleged that Jeanson James Ancheta, a convicted bot-herder, received $150 per each 1,000 infected computers.
"The emergence of lucrative online affiliate-marketing business models and the widespread ease with which adware and spyware can be spread have made them prominent features in the threat landscape," said Jeff Green, senior vice president of product development, McAfee, Inc. "Since 2003, when adware and spyware emerged as dominant threats in the security environment, to 2006, we have seen the number of adware families rise by more than 1,000%, demonstrating a sharp increase over the last several years."
Related Channels: Security

Sandia fingerprinting technique demos wireless device driver vulnerabilities
By role-playing the position of an adversary (also known as red teaming), Sandia researchers have demonstrated a unique "fingerprinting" technique that allows hackers with ill intent to identify a wireless driver without modification to or cooperation from a wireless device. Revealing this technique publicly, Sandia researchers hope, can aid in improving the security of wireless communications for devices that employ 802.11 networking.
Sandia is a National Nuclear Security Administration laboratory.
Device drivers, according to Sandia security researcher Jamie Van Randwyk, are becoming a primary source of security holes in modern operating systems. Through a laboratory-directed research grant, Sandia security researcher Jamie Van Randwyk and a team of college interns set out last year to design, implement, and evaluate a technique that has proved capable of passively identifying a wireless driver used by 802.11 wireless devices without specialized equipment and in realistic network conditions. Van Randwyk presented his team's findings last month at the USENIX Security Symposium in Vancouver, B.C.
Video and keyboard drivers are generally not exploited because of the difficulty in attaining physical access to those systems, leading some to believe that device drivers are immune to vulnerabilities. However, Van Randwyk points out, physical access is not necessary with some classes of drivers, including wireless cards, Ethernet cards, and modems.
"Wireless network drivers, in particular, are easy to interact with and potentially exploit if the attacker is within transmission range of the wireless device," says Van Randwyk. Because the IEEE 802.11 standard is the most common among today's wireless devices, he and his team chose to evaluate the ability of an attacker to launch a driver-specific exploit by first fingerprinting the device driver. Fingerprinting is a process by which a device or the software it is running is identified by its externally observable characteristics.
Related Channels: Wireless, Security

IBM intros encryption technology to ensure customer data privacy
IBM announced the introduction of first-of-its-kind encryption technology and services that deliver the world's first enterprise-class solutions for securing consumer and corporate data privacy.
Today's announcement will help businesses address virtually every element of the data security chain and is highlighted by the introduction of the industry's first fully encrypting data drive, bringing unsurpassed levels of security to small, medium and large businesses alike. This history-making, open-standards-based drive is designed to protect the data in the event that it is lost or stolen, rendering it unreadable to anyone who finds it. With this option, customers can encrypt the large files intended for remote recovery sites, or for data archiving, at tape hardware speeds. It will also provide customers with the ability to share encrypted tapes with their business partners.
IBM's Security and Privacy Services practice within IBM Global Technology Services will provide the necessary framework, architecture and support to execute a comprehensive enterprise security program and leverage IBM's encryption solution to resolve data security issues.
"Demand for the new data encryption drive has been off the charts, with IBM already exceeding its internal goals," said Andy Monshaw, general manager, IBM System Storage. "The reason for the demand is simple -- data loss and identity theft continue to plague corporations and consumers alike. Today, a new level of security is available to corporations that want to ensure their data will never be accessed if it is ever found in the wrong hands. In the case of stolen or lost records saved to tape or disk, encrypting data renders the records totally unreadable."
Encryption comes standard on all newly ordered TS1120 tape drives and clients with installed TS1120 drives can upgrade to include this feature for a fee. The IBM Encryption Key Manager for the Java platform -- free as part of IBM's Java software development kit -- can help generate and communicate encryption keys for tape drives across the enterprise. Finally, key management software supports the encryption tape drive on a wide variety of configurations, such as z/OS, i5/OS, AIX, HP, Sun, Linux and Windows.
The TS1120 drives support three different encryption management methods: Application, System, or Library Managed. For System or Library managed encryption, the IBM Encryption Key Manager for the Java platform -- included, at no additional charge, as part of IBM's Java Virtual Machine -- will generate and communicate encryption keys for tape drives across the enterprise. This encryption capability is supported when the TS1120 Tape Drive is integrated or attaches in the IBM System Storage TS3500 Tape Library, IBM System Storage TS1120 Tape Controller Model C06, IBM TotalStorage® 3592 Tape Controller Model J70, IBM TotalStorage 3494 Tape Libraries, IBM TotalStorage C20 Silo Attach frame, and stand-alone environments.
Related Channels: Security, Storage

Verano acquires Managed Security Services Division of E-DMZ
Verano, Inc., the SCADA security company, announced the acquisition of the Managed Security Services Division of e-DMZ Security LLC. As a result of this acquisition, Verano is launching Industrial Defender Co-Managed Security, the market's only co-managed security service for the real-time SCADA and control environment. Industrial Defender Co-Managed Security is the latest component of Verano's full security life-cycle solution for real-time SCADA and control environment, which also includes SCADA security professional services, through Plant Data Technologies, Inc., and technology deployment with Verano's Industrial Defender.
The services division of e-DMZ's in-depth expertise in real-time SCADA and control security co-management, combined with Verano's 15 years of mission-critical SCADA and security protection, enables the market's first full security life-cycle solution unique to the challenging real-time SCADA and control environment. Specific markets which benefit from this complete offering include power transmission and distribution, water distribution and treatment, gas and liquid pipelines, mass transit systems and power generation industries, as well as the chemical and pharmaceutical sectors. e-DMZ Security service engineers have helped secure more than 100 process control networks across the globe for customers in these markets.
Related Channels: Security, Mergers & Acquisitions

Content security gateway sales to soar 169% between 2005 and 2009
The content security gateway market is primed to take off as established and upstart vendors of all types invest capital and development resources into new solutions according to Infonetics Research.
Worldwide content security gateway sales grew 8% between the first and second quarter of 2006, reaching $270 million, and are forecast to grow 43% by the second quarter of 2007. Annual worldwide sales are expected to hit $2.3 billion in 2009. Appliances are growing at a much faster rate than software, with the appliance market forecast to surge at a 44% compound annual growth rate from 2005 to 2009.
Related Channels: Security

StrikeForce inks deal with Shanghai W-Ibeda
StrikeForce Technologies has inked a deal with China's Shanghai W-Ibeda High Tech Development Corporation Ltd, for the distribution rights of MPAS, a new Mobile Phone Authentication System to be distributed through China's largest telephone carriers to help prevent identity theft.
China has over 420 million mobile phone users. StrikeForce and W-Ibeda already have plans in place to begin the project immediately. MPAS will be used for strong authentication for online banking, online gaming, and to authorize online ecommerce transactions.
China's Mobile giants will be offering these value-added services to consumers and corporations, leveraging the convenience of the mobile phone with secured, fast and user-friendly identity authentication services that helps prevent identity theft, at a competitive price.
"China's mobile phone industry is exploding with opportunities, especially in regards to leveraging the Internet for consumer transactions. StrikeForce's innovative technology provides the market with a user-friendly and highly secured means to conduct authentication over the internet. We are confident and optimistic that MPAS will be a widely accepted solution for the prevention of Identity theft by China's expanding user population," says Li Yin, CEO of W-Ibeda.
Related Channels: China, Security, Wireless

Cavium intros Nitrox PX Security Processor family for IPsec, SSL, and Wireless security applications
California-based Cavium Networks, a world leader in security, network services and embedded processor solutions, announced the NITROX PX Security Processor family with 8 new products targeted at next-generation IP Security (IPsec), Secure Sockets Layer (SSL) and Wireless security applications. The NITROX PX Family addresses requirements for new and essential security algorithms and product interfaces by including hardware acceleration for SHA-2, AES-GCM and KASUMI algorithms, and PCI-Express interface in a single chip. The NITROX PX security processors feature the GigaCipher v2 cores with increased code store and enhanced hardware queuing, which enables richer protocol processing and multi-protocol performance. All products are fully software compatible with Cavium Networks market-leading NITROX family of security processors and are offered with either a PCI-X 64/133 interface that is NITROX family pin-compatible or PCI-Express x4 interface. The NITROX PX Family delivers the industry's most scalable symmetric encryption performance, ranging from 500 Mbps to 2.5 Gbps, and asymmetric performance from 4000 to 17,000 RSA operations per second. Existing customers of Cavium Networks' NITROX Lite products can seamlessly upgrade to the NITROX PX PCI-X version and get the benefits of new algorithms, higher performance and new features. The PCI Express version enables customers to upgrade to new generation motherboards with PCI-Express interfaces. The NITROX PX Security Processors are being adopted by Tier-1 vendors for security and networking appliances, routing, L3+ switching, storage and wireless products. Cavium Networks will present details on the NITROX PX security processor family on Sept 21st at the Linley Group's Embedded Network Security Design Seminar, being held in San Jose, California.
NITROX PX Offload Supports the Latest IPsec and SSL Security Algorithms
Existing secure networking equipment is being upgraded to incorporate new security algorithms that will be deployed in the market by 2008. These new algorithms include SHA-2 and AES-GCM. SHA-2, which consists of the SHA-256, SHA-384 and SHA-512 algorithms, offers increased and robust security protection over the currently deployed SHA-1 algorithm for hashing and digital signature applications. Rapid adoption of SHA-2 is being encouraged by the US National Institute of Standards and Technology (NIST). AES-GCM is expected to replace the existing 3DES and AES-CTR encryption algorithms used for IPsec VPN applications as it provides an efficient implementation for confidentiality and data origin authenticity. The NITROX PX family offers unmatched hardware acceleration capability for these two algorithms. Additionally, NITROX PX integrates RSA acceleration required for secure session setups with up to 4096-bit key length support.
The NITROX PX Family of Security Processors provides customers with unique features that include:
- Full IPsec, SSL, and WLAN protocol processing offload
- Patented macro processing for SSL handshake acceleration
- Simultaneous protocol processing with dynamic adaptability and bandwidth allocation
NITROX PX Includes the Fastest Security Acceleration for Next Gen Mobile Networks
Next-generation CDMA and GSM mobile networking equipment require the KASUMI algorithm and its variants for confidentiality, integrity and encryption, as mandated by the International Mobile Telecommunications (IMT-2000). Additionally, performance requirements are increasing rapidly to support the wireless transmission of voice and data at high data rates of 384 kbps -- 2 Mbps per user. The NITROX PX security processors support up to 2.5Gbps of KASUMI performance.
Related Channels: Security, Chipsets, Wireless, Storage, Switching & Routing

Singapore to open Cyber-Watch Center (CWC) by March next year
Singapore's ICT regulator announced plans to open a security monitoring center by March next year to beef up online security across the country's government agencies and e-services.
According to Singapore Infocomm Development Authority (IDA), the Cyber-Watch Center (CWC) will provide real-time response to cyber threats, "boost the security" of the government's IT systems and networks, and ensure its e-services are "always available and secure".
The Singapore government currently offers businesses and consumers over 1,600 services online, ranging from the payment of road taxes, filing of income taxes and application of licenses. It also unveiled in May this year a US$1.3 billion initiative to further drive its e-services offering.
"The CWC will monitor cyber threats to government networks round-the-clock, and provide early warning of impending cyber threats," IDA said, in a statement. In events of malicious attacks and access, such as stolen confidential data, the center will immediately inform the relevant government agency to take the necessary steps to rectify the situation.
Manned by a team of 12 IT security professionals, comprising security analysts and engineers, the CWC will also rely on new security tools such as security events correlation, to detect sophisticated attacks and separate false alarms from genuine security incidents, according to IDA.
Operations of the center, including staff members, have been outsourced to Singapore-based security vendor e-Cop, in a contract worth S$18 million (US$11.3 million) over five years.
The CWC is part of the Singapore government's US$23.8 million investment to boost the country's IT security infrastructure, first announced in February 2005 and which had included a National Cyber Threat Monitoring Center (NCMC).
The NCMC will comprise the new CWC as well as plans for a Threat Analysis Center.
Related Channels: Security

Entrust to showcase at Security Standard conference in Boston
As the threat of unauthorized access to corporate desktops and networks continues to grow, organizations must protect themselves against unauthorized access to laptops, corporate networks or systems locally or over the Internet. Strong authentication can help secure the identities of users inside the enterprise and can add security to the corporate networks and resources. To discuss how organizations can help protect these networks through strong authentication, Entrust, Inc. has released the "Finally ... Affordable Enterprise Authentication" podcast with its Director of Identity Products and Solutions Steve Neville.
"A compromised laptop, desktop or corporate network may not only contain highly sensitive data that relates to the employee or customer information or company secrets, it also can provide unauthorized access to the entire organization," said Steve Neville. "The security of the laptop, desktop and of the network itself is only as strong as the authentication methods used to identify the users logging onto devices and granting access".
To date, Entrust IdentityGuard, Entrust's strong authentication platform offering a range of authentication choices, has sold over three million user licenses. For enterprise authentication, Entrust's customers include Xerox, Eurogiro, Goteborg University, Tokyo Institute of Technology, the Alaska Law Enforcement Information Sharing System, a top fashion retailer and a number of enterprises both large and small.
This week, Entrust will showcase its enterprise authentication platform at The Security Standard conference September 6 and 7 in Boston, Massachusetts sponsored by Cisco Systems and Microsoft. Entrust IdentityGuard also has been certified to be interoperable with both SAP and Oracle software.
Neville draws on more than nine years of hi-tech marketing and product management experience to drive the strategic direction of both products and solutions for Entrust.
Related Channels: Security

SafeNet to exhibit at Security Standard Conference in Boston
SafeNet will exhibit at the inaugural Security Standard Conference, held at Boston's Hynes Convention on September 6 and September 7. SafeNet's booth (# 100) will be open during exhibit hours on September 6 from 12:30-2:00 p.m. and 5:45-7:00 p.m. and on September 7 from 12:00-1:45 p.m. and 4:25-5:30 p.m.
During exhibit hours, SafeNet will offer demonstrations of its ProtectDrive encryption software for protecting sensitive data on laptops, workstations and servers. The solution offers removable media protection for USB sticks and portable hard drives, which gives users a flexible approach to removable media with password-based access combined with centrally managed policies. ProtectDrive is a valuable tool for helping companies comply with regulations and legislation requiring such protection and reporting. Data secured by the software meets FIPS 140-2, Level 2-certification.
The company will also feature its newly upgraded version of the Luna SP version 1.5 HSM, which allows developers to securely deploy Web applications, Web services and other Java applications in a hardened security appliance. The FIPS-certified HSM offers hardware key management and ensures that cryptographic keys and processes. With tamper-resistant hardware, network connectivity, and secure remote administration, Luna SP makes it easy to deploy high-assurance Java Web service applications with confidence.
Related Channels: Security

Worldwide network security appliance and software sales to reach $5.1 billion in 2009
Worldwide network security appliance and software sales are up 2% to $1.1 billion between the first and second quarter of 2006, and is forecast to grow 30% between 2005 and 2009, when it will reach $5.1 billion, according to Infonetics Research's latest Network Security Appliances and Software report.
"It was a quiet quarter for the network security market once again, with most of the major players showing no or single-digit growth or small declines," said Jeff Wilson, principal analyst for network security at Infonetics Research. "Cisco had a down quarter overall, but posted gains in the secure router segment, which impacted their results in the price-banded appliance categories and in the intrusion detection and prevention categories. The market continues to commoditize as new vendors bring creative, affordable solutions to the table, driving costs down and competition up."
Related Channels: Security

Mark Canepa joins Extreme Networks as CEO
California-based Extreme Networks, Inc. announced that Mark Canepa has joined the Company as president and chief executive officer. Canepa is a seasoned executive who brings more than 23 years of experience to the company.
Prior to joining Extreme Networks, Canepa was with Sun Microsystems where he served as executive vice president of the Network Storage Products Group. Before that, he served in multiple vice president and general manager roles at Sun, after joining the company in 1996. Canepa's previous experience also includes several general manager positions at Hewlett-Packard Company, including development and marketing of the firm's workstation products.
"I am pleased to be joining Extreme Networks, where I can lead an experienced team with a history of delivering innovative networking solutions," said Canepa.
"Mark brings a wealth of experience in delivering strong business results over many years in a global environment," said Gordon Stitt, outgoing president and CEO of Extreme Networks. "He is a great cultural fit with Extreme – he really understands how product and business innovation combined can deliver growth."
Related Channels: Switching & Routing, Ethernet, Security, VoIP, Appointments

Security Alert: Hackers steal AT&T customer information through breaching AT&T's Web store
Personal data, including credit card information, of thousands of AT&T customers was stolen by hackers over the weekend, the company reported late Tuesday.
The breach, which affected customers who purchased DSL equipment through AT&T's Web store was discovered within hours and the online store was shut down immediately, said AT&T in a press release.
AT&T said it was sending notifications to nearly 19,000 customers, and that it would pay for credit monitoring services for the affected customers.
"We recognize that there is an active market for illegally obtained personal information. We are committed to both protecting our customers' privacy and to weeding out and punishing the violators," said Priscilla Hill-Ardoin, chief privacy officer for AT&T, in a statement.
"We deeply regret this incident and we intend to pay for credit monitoring services for customers whose accounts have been impacted. We will work closely with law enforcement to bring these data thieves to account."
More Hacker Watch: Security, Hacker, FBI & Lawsuits: Trojan horse leads to porn convictions
Related Channels: Security

Security, Hacker, FBI & Lawsuits: Trojan horse leads to porn convictions
Related Channels: Security

3Com's TippingPoint unveils disclosure pipeline
TippingPoint, a division of 3Com and the leader in intrusion prevention, marked the one year anniversary of the Zero Day Initiative (ZDI) inception by announcing it will begin publishing statistics on all vulnerabilities pending public disclosure on the Zero Day Initiative website. These 29 unresolved issues have been reported to the Zero Day Initiative, and are currently being addressed by the affected vendors.
Since launching the Zero Day Initiative portal last August, 30 zero day threats have been addressed by ensuring details regarding unknown or undisclosed vulnerabilities remained confidential until the issue could be disclosed with the affected vendor's solution or patch. Of these 30 issues, seven involve widely used Microsoft software products. Other Zero Day Initiative vulnerabilities over the last year have also affected vendors including Mozilla, Symantec, Novell, Adobe, and Apple to name a few.
Over 400 security researchers are now signed up to the ZDI program, in addition to the original research being performed by the TippingPoint security research team (TSRT).
"Over the past year, the most resounding suggestion from our Zero Day Initiative researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities," said David Endler, director of security research for TippingPoint. "We've been pleased with the progress we have made acting as an intermediary between security vendors and researchers, ultimately working together to help protect the vendor's customers from emerging zero-day exploits while appropriately rewarding the researcher."
Related Channels: Security

Nearly 2/3 of security executives believe they have no way to prevent a data breach
Nearly two-thirds of security executives believe they have no way to prevent a data breach, according to the latest industry research by privacy and information management research firm the Ponemon Institute. What’s more, most respondents believe their organizations lack the accountability and resources necessary to enforce data security policy compliance.
These results were derived from a national survey on information security professionals’ experiences in detecting and preventing the leakage of sensitive or confidential information to unauthorized parties, both outside and inside an organization. Announced by the Ponemon Institute and PortAuthority Technologies, Inc., the leader in Information Leak Prevention (ILP), the National Survey on the Detection and Prevention of Data Breaches examines the responses of 853 randomly selected, U.S.-based information security professionals to questions related to data protection and prevention within their organizations.
An analysis of the study suggests that, in spite of increased attention and intense media and public scrutiny, the state of data security within U.S. corporations remains a serious challenge. Key findings of the study include:
59 percent of companies surveyed believe they can effectively detect a data breach, but a staggering 63 percent believe they cannot prevent a data breach. High false positive rates of up to 35 percent affect an organization’s ability to detect a breach. 41 percent of companies surveyed do not believe they are effective at enforcing data security policy. The top reason given for failed enforcement is lack of resources. Companies report a 68 percent probability of detecting a large data breach (more than 10,000 data files), while small data breaches (fewer than 100 files) are likely to be detected only 51 percent of the time. 16 percent of companies surveyed believe they are invulnerable to a data breach. Excessive cost was cited as the primary reason organizations do not use leak prevention technologies, with 35 percent stating that leak prevention technologies are too expensive.
Related Channels: Security

88% of new malware in 2Q06 related to cyber-crime
Eighty-eight percent of the new malware detected by PandaLabs in the second quarter of 2006 was related to cyber-crime. This is one of the conclusions of the newly published PandaLabs report, which offers a global vision of malware activity over this period. The report offers a day by day analysis of the most important events related to malware and IT security.
One of the conclusions of this report is the confirmation of the new malware dynamic, based on the main objective of obtaining financial returns. The statistics leave no room for doubt: of all the new examples of malware detected by PandaLabs, over 54 percent were Trojans, compared to 47 percent in the previous quarter. This type of malicious code is highly versatile and can be used to take a series of actions on infected computers (stealing confidential data such as bank details, downloading other malicious applications, etc.). Bots on the other hand, a type of malicious code used to build networks which are then sold or rented to the highest bidder, were in second place, representing 16 percent of the total, a four point increase on the previous quarter. New backdoor Trojans accounted for 12 percent, while dialers represented just 3.8 percent of all malware.
According to Luis Corrons, director of PandaLabs: “the results show how malware creators are concentrating on profiting from their efforts, creating increasing numbers of Trojans and bots. The greatest danger lies in the fact that they are installed and operate silently without users noticing any of the typical symptoms of infection and therefore victims are unaware that their computers are being used to steal from them or even from third-parties. This false sense of security works in favor of the attackers.”
Related Channels: Security

Juniper enhances its ScreenOS with UTM security features
Juniper Networks, Inc. announced enhancements to its ScreenOS, the real-time, security-specific operating system for its firewall (FW) and IPSec Virtual Private Network (VPN) appliances. The new ScreenOS 5.4 enhancements give customers new tools to battle emerging content security threats. Tools include best-in-class Unified Threat Management (UTM) security features, captive redirect and policy-based routing.
'We are very excited to offer customers a complete set of UTM security features, including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering, for the SSG Family of products to help protect their networks against all manner of attacks. Combined with the proven stateful firewall and IPSec VPN, this complete set of UTM features will greatly increase network attack detection and prevention at branch offices,' said Hitesh Sheth, VP of Security Products at Juniper Networks. 'Juniper Networks continues to provide the most secure FW/VPN solutions with integrated UTM security features to meet the heightened security and technology needs of organizations.'
Related Channels: Security, VPN

MTS Allstream picks Siemens Home and Office Communication Devices
Siemens Home and Office Communication Devices, a wholly-owned subsidiary of Siemens AG, announced MTS Allstream Inc. out of Manitoba, Canada, is deploying tango ™ Subscriber Manager software to centralize and automate the deployment, installation, management and support of its broadband service. Automation simplifies the broadband service lifecycle leading to increased customer satisfaction and loyalty, as well as cost savings for MTS Allstream.
As competition for broadband subscribers grows increasingly intense, automation becomes a vital necessity. Without it, procedures necessary for provisioning services and applying policy changes must be undertaken manually, which leads to an increase in cost. As deployments and customer bases increase in size, the process of establishing value-added services for expanding numbers of subscribers becomes more cumbersome and time consuming.
Siemens’ tango Subscriber Manager speeds up the broadband deployment process by automating the delivery of services such
as VPN networks and advanced firewall controls, as well as automating repetitive administrative tasks through its powerful scripting and policy-based operations.
“The comprehensive control offered by tango Subscriber Manager enables customers such as MTS Allstream to take control of their broadband service infrastructure,” said Jochen Eickholt, CEO of Siemens Home and Office Communication Devices. “Maintaining control of the services offered in today’s digital home is important to stay ahead of the competition.”
Related Channels: OSS/BSS, Security, VPN

IBM leads in web access management software
IBM Friday announced that analyst firm Gartner, Inc. has ranked IBM as the worldwide market share leader in the Web access management marketplace based on total software revenue for 2005. This is the first Gartner report on this market since 2002.
According to the independent report, IBM was the leading market share vendor in total Web access management software revenue worldwide with 41.4 percent market share in 2005. According to Gartner, total worldwide revenue for Web access management grew nearly 10 percent to $513 million in 2005.
As defined by Gartner, Web access management offers integrated identity and access management for Web-based applications, such as email and online databases. The analyst firm observed that while initial software implementations by customers were focused on managing external user access, the growing use of company portals for employee access is also driving demand for Web access management solutions to manage internal user access.
"We have seen an increased interest in identity and access management software from customers seeking to boost security around valuable company data," said Al Zollar, general manager, IBM Tivoli software. "IBM security software helps to defend against many of the top internal and external security threats facing enterprises today such as insider attacks and identity theft."
IBM's Tivoli security software helps prevent unauthorized access to valuable customer, employee and business data and facilitates compliance with corporate security policy and regulatory requirements. It is part of IBM's portfolio of IT service management (ITSM) software, which automates some of the most challenging processes associated with managing a complex IT environment. These include managing storage devices, addressing IT failures and deploying new software releases and patches. The software helps customers fight rising IT costs, manage constant change and meet the demand to stay competitive in the marketplace. IBM is combining its ITSM software with business consulting and IT services to develop repeatable tools that help customers optimize their business operations.
Related Channels: OSS/BSS, Security

HP advised to acquire a security software vendor such as Symantec or McAfee to compete with IBM
In view of IBM's Wednesday announcement that it would buy a security software company, Hewlett-Packard should be looking to buy a security software vendor such as Symantec or McAfee, according to a Thursday research report from the Cowen securities firm.
IBM, HP's big competitor, said Wednesday it would pay $1.3 billion to purchase Internet Security Systems, giving it a presence in the security business. "Larger systems software companies have been aggressively acquiring security software vendors and point technology," said Walter Pritchard, an analyst at Cowen, adding that Hewlett-Packard "is notably absent."
Walter Pritchard said Santa Clara.-based MacAfee would make the most sense in filling the gap. Yet he added that "clearly an acquisition of Symantec would be a broader move than just filling in the security piece."
Symantec, which provides consumer products and computer management services, is the much bigger company.
Acquiring a security software vendor is a must for big hardware providers, according to Paul Stamp, an analyst for Forrester Research. "It's something very hard to grow organically," he said. "Every large IT vendor has realized you can't have a traditional revenue base without security."
Related Channels: Security, Mergers & Acquisitions

Credit Union deploys Comodo's solution against phishing and pharming
Jersey City, N.J.-based Comodo, a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions, announced that Indiana based FORUM Credit Union is deploying Comodo's S.A.F.E. solution (Safe and Authenticated Financial Engagements) to protect members from phishing and pharming attacks. FORUM will utilize key elements in Comodo's S.A.F.E. Solution including VerificationEngine, High Assurance SSL certificates, email certificates and HackerGuardian. Together, this suite provides FORUM members with increased verification of site identity and security in online banking. Comodo was chosen by FORUM because Comodo's credentials and expertise as a Certification Authority can deliver to FORUM members new technology to ensure safe banking within a platform that is one of the easiest to deploy and proven to be very user friendly.
Related Channels: Security

IPass granted continuation patent on network quality monitoring
California-based iPass Inc. has been granted a continuation patent (US Patent 6,985,945) on the network quality monitoring functionality of the iPass service. The continuation extends the protections previously granted to iPass in 2003 for the company's Service Quality Management (SQM) technology.
With more than 3,000 enterprise customers and the world's largest broadband roaming network, iPass is the global leader in providing software and network solutions that unify the management of remote and mobile connectivity, devices and security. iPass services allow organizations to keep users connected to the Internet and corporate networks and manage endpoint devices by distributing and updating software, removing out-of-date and rogue applications, and working to ensure that remote and mobile computers have the latest protection against viruses and other malicious threats.
Using SQM technology, the company manages more than 60,000 wireless (Wi-Fi and 3G) broadband and 40,000 dial up access points in 160 countries.
"Any Software-as-a-Service (SaaS) business must continually collect information on the quality of the user experience and adjust the network parameters accordingly to ensure high quality. iPass recognized this long ago and took the steps to protect it's unique approach," said Ken Denman, CEO of iPass.
Related Channels: Wireless, OSS/BSS, Security

Competition Alert for Microsoft, HP, Sun Microsystems, EMC, Oracle, SAP, CA, Wipro, BMC, Novell, BEA, McAfee, Citrix and other OSS, security software and storage vendors: IBM to speed up its China expansion after moving its Asia Pacific Headquarters to Shanghai from Tokyo this year
IBM will open four offices annually in second-tier Chinese cities in coming years to take advantage of robust growth and a deep talent pool.
“We set up four new offices last year,” Michael Cannon-Brookes, vice-president for business development in China and India, said on Wednesday. “And that pace is sustainable in the near term.”
IBM had 22 offices in China at the end of last year.
Any expansion would come after IBM's Asia-Pacific office completed its move to Shanghai from Tokyo this year, attracted by vibrant growth and deep talent pools in China.
“That’s why I’m in Shanghai,” said Cannon-Brookes.
Related Story: Top Story: IBM moves its Asia-Pacific HQ to Shanghai from Tokyo -- Shanghai, the most favorable city for multinationals (A reprint of our 05/12/2006 Top Story)
Related Channels: China

(A reprint of our 05/12/2006 Top Story) Top Story: IBM moves its Asia-Pacific HQ to Shanghai from Tokyo -- Shanghai, the most favorable city for multinationals
IBM has moved its Asia-Pacific headquarters from Tokyo to Shanghai, China's business hub. Since 2005, IBM has been relocating its relevant technical and R&D departments for Asia-Pacific headquarters to Shanghai.
Last month, IBM joined hands with Shanghai Jiaotong University in establishing an innovative academe, in an effort to establish IBM's R&D center as well as a procurement center in Shanghai.
The explosive growth of China market is a reason for IBM's relocation of Asia-Pacific headquarters. In 1993, IBM purchased USD 30 million worth of products in the country, while the procurement in 2000 exceeded USD 2 billion.
Related Top Story: China to surpass the United States to become the world's No.1 chip market this year (China)
Shanghai is the most favorable city for multinationals.
Related Stories on Shanghai
- Top Story: Shanghai is becoming the hot spot for global chip industry (China)
- Shanghai hosts IBM's IT Services Center (China)
- Shanghai hosts Samsung's international purchasing center (China)
- Top Story: Shanghai Information Park built by China Telecom with CNY 10 billion investment attracts telecom and IT companies -- China Telecom in transformation beyond traditional telecom business (China)
- Shanghai to host Virgin Mobile's MVNO service base (China)
- Shanghai to host AT&T's first Internet Data Centre in China (China)
- Shanghai to host STMicroelectronics' Greater China headquarters (China)
- Unisys to open office in Shanghai and invest more than $200M over the next five years (China)
- Siemens to establish its Eastern China HQ in Shanghai (China)
- Top Story: Intel Global R&D HQ in Shanghai started operation (China)
- BenQ to move Asia-Pacific HQ to Shanghai (China)
Related Channels: China

Microsoft and Citrix to expand partnership
Microsoft Corp. and Citrix Systems, Inc. plan to expand their existing partnership in access and end-to-end application delivery to make computing faster, more secure and more cost-effective for employees in branch office locations. The two companies will collaborate on developing and marketing a new multifunction Citrix branch office appliance based on the Microsoft(R) Windows Server(R) operating system and Microsoft Internet Security and Acceleration (ISA) Server and utilizing the recently announced Citrix(R) WANScaler(TM) solution.
The planned joint solution represents a new type of branch office appliance that combines advanced wide area network (WAN) optimization technologies with consolidated branch office services in a single, multifunction appliance that is easy to administer remotely. This combination helps solve a major problem for customers that cannot be solved today with traditional networking solutions or individual point products and that Microsoft and Citrix are uniquely able to address with their technologies, channel partners and customer reach.
"This is another major step in delivering on our overall access strategy and in meeting the needs of our customers in the branch office," said Ted Kummert, corporate vice president of the Security, Access and Solutions Division at Microsoft. "Citrix is a strong, trusted partner, and its technology and market success in application networking complements our expertise and leadership in server technologies and core networking services."
"As a market leader in end-to-end delivery infrastructure, Citrix is serious about pursuing strategic opportunities that help customers deliver any type of application to any user with the highest level of performance and security and the lowest possible cost," said Mark Templeton, president and CEO of Citrix. "By expanding our already close relationship with Microsoft, we have a unique opportunity to address the needs of enterprise branch offices in a way few other companies can."
Related Channels: Security, OSS/BSS

IBM to acquire Internet Security Systems (ISS) for $1.3 billion
IBM and Internet Security Systems, Inc. announced the two companies have entered into a definitive agreement for IBM to acquire Internet Security Systems, Inc., a publicly held company based in Atlanta, Ga., in an all-cash transaction at a price of approximately $1.3 billion, or $28 per share. The acquisition is subject to Internet Security Systems, Inc. shareholder and regulatory approvals and other customary closing conditions. The transaction is expected to close in the fourth quarter of 2006.
Internet Security Systems (ISS) provides security solutions to thousands of the world's leading companies and governments, helping to proactively protect against internet threats across networks, desktops and servers. ISS software, appliances and services monitor and manage network vulnerabilities and exploits and rapidly respond in advance of potential threats. This acquisition advances IBM's strategy to utilize IT services, software and consulting expertise to automate labor-based processes into standardized, software-based services that help clients optimize and transform their businesses.
This acquisition also reinforces IBM's position in the rapidly growing area of Managed Security Services. With concerns ranging from data theft to implementing and managing increasingly complex regulatory requirements, addressing IT security has become one of the most complex challenges companies are facing, regardless of size, location or industry.
Related Channels: Security, Mergers & Acquisitions

40% of fraud alerts are not set properly
Debix, the Identity Protection Network, announced new research showing 40% of fraud alerts are not set properly, leaving millions of victims unprotected from identity fraud. To address this problem, Debix is offering consumer tips and a free, automated service to set Fraud Alerts properly.
Congress enacted the FACT ACT of 2003; this law enables consumers to protect themselves by adding a Fraud Alert to their credit file. This alert provides the creditor a phone number to contact the consumer and verify they are opening a new account. The number one recommendation for consumers who have had their personal information stolen or breached is to set a Fraud Alert. This is what people are told by the FTC, Law Enforcement, and in almost every victim notification letter that has gone out to 90 million American consumers in the past year and a half.
The good news is once a Fraud Alert is set, creditors are complying by contacting consumers to get their approval prior to opening new credit accounts, said Julie Fergerson, VP of Emerging Technology for Debix and co-founder of the Merchant Risk Council. "The bad news is that in forty percent of the cases, Fraud Alerts are not set properly due to inaccuracies in credit bureau information. Even worse, the system consumers use to set their Fraud Alert does not notify them when failures occur. This leaves millions of consumers who think they have set their Fraud Alerts and believe they are protected, when they are not."
Related Channels: Security

IPLocks secures additional $4.4M
San Jose-based IPLocks, a leading provider of database security and compliance solutions that protect business critical information, has secured an additional $4.4 million in funding from institutional and individual investors as a result of over-subscription to its recent Series D round of funding.
"IPLocks was founded on the belief that protecting sensitive data in company databases is crucial for business survival," said Akio Sakamoto, President, CEO and Co-founder of IPLocks. "We are pleased to see that investors realize the value of the IPLocks offering and are validating the opportunity for this market by investing in IPLocks."
IPLocks is the only comprehensive database security solution that assesses for vulnerabilities, monitors user behavior and provides an independent audit trail to support regulatory compliance. The IPLocks solution also supports the widest range of database platforms including IBM DB2, Microsoft SQL Server, Oracle, Sybase and Teradata.
Related Channels: Security, Storage, Funding

Thales and Alcatel secure DWDM wavelengths
Thales Security and Alcatel announced a major breakthrough in the security of DWDM wavelengths for financial and government applications. The Thales SONET Datacryptor® has successfully demonstrated encryption of an aggregate SONET signal generated by an Alcatel 1677 SL provisioned with optional Dense Wavelength Division Multiplexing (DWDM) modules and Erbium Doped Fiber Amplifiers (EDFA). In addition to providing DWDM-based encryption, this testing validates that the Thales SONET Datacryptor does not introduce significant delays or impairments when used with ITU optics for SONET protection schemes, including Linear, Unidirectional Path-Switched Ring, and Bidirectional Line-Switched Ring.
DWDM technology allows network operators to increase the capacity of their existing fiber networks while avoiding costly installation of additional fiber infrastructure. EDFAs allow operators to extend the reach of their DWDM signals without the need for numerous, costly regeneration sites. As demand within the financial and government sector for high capacity transmission increases, this testing validates that the Thales SONET Datacryptor and the Alcatel 1677 SL, with the inclusion of DWDM optics, provides the increased capacity of DWDM while still offering secure transmission of mission-critical information.
New federal regulations mandate that large financial institutions and the U.S. Government encrypt their Wide Area Network links to improve overall security. While traditional DWDM-based encryption services have been limited to the entire fiber, Thales and Alcatel have demonstrated per-wavelength encryption. This solution allows these operators to cost effectively expand their effective bandwidth while securing their data in a more flexible and efficient manner.
"Information security, via encryption, is rapidly becoming an essential component of doing business," said Steven Pickett, senior vice president and general manager of Alcatel's optical networking activities in North America. "As the world leader in optical networking, Alcatel is committed to meeting the needs of our customers. By working with Thales to prove the effectiveness of the SONET Datacryptor, Alcatel continues to provide and support the latest technologies and applications required by the market."
Related Channels: WDM, Photonics, Security, SDH/SONET

Huawei-3Com provides wireless VPN, IPSec encryption and firewalls for 2006 FIBA Championship in Japan
The Federation of International Basketball Association (FIBA) will hold its World Championship 2006 from 19 August to 3 September in five cities across Japan: Saitama, Sapporo, Sendai, Hamamatsu and Hiroshima. Huawei-3Com is proud to be an equipment sponsor to FIBA 2006, providing the data communication platform for all five stadiums.
Huawei-3Com’s high performance networking solutions, including AR28-09, S3928, S3100 and S2008 routers and switches, will allow spectators in any of the five arenas to view real-time score updates and each player’s career and current statistics and records. Attending reporters can also file their stories and photos in real-time to destinations all over the world.
In addition to hardware, Huawei-3Com also supplied FIBA 2006 with wireless VPN services, IPSec encryption and firewalls for data security and PoE technologies to provide power over the WLAN AP.
Related Channels: Switching & Routing, Wireless, VPN, Security, Ethernet, China

Fiberlink manages mobile information protection
Blue Bell, Pa.-based Fiberlink Communications Corp., the trusted partner for enterprises that want to simplify and secure mobile working, announced Fiberlink Managed Information Protection, a new security service that protects corporate data in motion at the point of use by monitoring and controlling how the data is used by mobile and remote workers. Fiberlink leads the market in delivering this data protection as a managed service.
According to market research firm Current Analysis, Fiberlink is the first company of its kind to introduce managed services that secure remote and mobile workers against non-network based threats. In the past, Fiberlink's customers have turned to the company for integrated access solutions, but increasingly Fiberlink has expanded its solution set to deliver simple, security-centric mobility software and services to Global 2000 companies.
Fiberlink Managed Information Protection will integrate key technology from Verdasys to protect companies against insider threats to sensitive corporate data, theft of intellectual property and reputation risks, as well as hardware and software vulnerabilities. Fiberlink is delivering the new data protection solution as a managed service to simplify deployment and help ensure corporate data is being used in accordance with company, industry and government regulations.
Related Channels: Security, Wireless

Intellinx, Information Design tout insider threat protection
Intellinx Ltd. and Information Design Inc. (IDI) announced the launch of a joint-campaign to promote the Intellinx solution for insider threat protection. Close partners of IBM, the companies are focusing their efforts towards meeting the needs of the IBM install base of large and medium size corporations in the North East region. IDI has long been widely regarded for its expertise in IBM products and technologies including Tivoli security.
Many organizations now recognize that the foremost threat to corporate information security comes not from outside the company, but from dangers lurking within. Recent surveys show that approximately two-thirds of fraud and identity theft cases are perpetrated by authorized insiders using legitimate commands in internal business applications.
Intellinx is a critical part of the organization's security infrastructure for combating insider threat. It provides comprehensive recording and analysis of end-user activity across internal business applications. Configurable business rules analyze screen content, track user behavior patterns and trigger alerts on exceptions in real-time. Internal auditors can immediately zoom-in on specific suspects and replay their actions in a screen-by-screen, keystroke-by-keystroke manner. Intellinx tracks internal business processes in multiple applications across multiple platforms including mainframe, AS/400, client-server and web.
Related Channels: Security

SafeNet gets delisting notice
SafeNet Inc., a security software provider, said Friday it has been notified by the Nasdaq that its shares could be delisted because it has not filed its 10-Q report for the quarter ended June 30.
SafeNet said it plans in place to file the report by early October and to request a hearing before a Nasdaq panel to address the filing delay.
The company's shares will remain listed on the stock exchange pending the panel's decision.
SafeNet said in May that it received a subpoena from the office of the U.S. Attorney for the Southern District of New York. It also received a letter of informal inquiry from SEC requesting information related to the company's stock-option grants and certain accounting policies and practices.
The company said in July that it will restate earnings for 4Q02 to reflect expenses for options and that because of its internal review, its financial report for the second quarter of this year will be filed late.
Related Channels: Security

L-3 Communications announces corporate promotions
New York-based L-3 Communications announced that it has promoted four of its management executives. General (Retired) Jimmie V. Adams, vice president of Washington Operations, Robert W. Drewes, corporate vice president and president and chief operating officer of the L-3 Integrated Systems Group, General (Retired) Robert W. RisCassi, corporate vice president, and General (Retired) Carl E. Vuono, president and chief operating officer of L-3's Government Services Group, have each been promoted to the position of corporate senior vice president. They will also retain their current roles within L-3.
"I would like to congratulate each of these key members of the L-3 management team on their recent promotions to corporate senior vice president," said Michael T. Strianese, interim chief executive officer and chief financial officer of L-3 Communications. "These promotions recognize the outstanding contributions each of them have made to the growth and development of L-3 over the years, making the company into what it is today. Their promotions reinforce the company's confidence in their leadership and we look forward to their ongoing contributions as we continue to execute on our business strategy."
Headquartered in New York City, L-3 Communications is a leading provider of Intelligence, Surveillance and Reconnaissance (ISR) systems, secure communications systems, aircraft modernization, training and government services. Its customers include the Department of Defense, Department of Homeland Security, selected U.S. Government intelligence agencies and aerospace prime contractors.
Related Channels: Wireless, Security

Top Global intros 3G MobileBridge for mobile ITS
Top Global introduced the world‘s first 3G MobileBridge communications gateway for mobile intelligent transportation systems (ITS). The MobileBridge is a patented, mobile/portable wireless system. It is the world‘s first and the most integrated 3G mobile IP communications gateway. The MobileBridge currently supports all 3G standards including EDGE, UMTS, HSDPA, CDMA 1x, EVDO, and EVDO Rev. A. It will also support mobile WiMax and HSUPA. With EVDO Rev.A, the MobileBridge delivers up to 3.1Mbps download and 1.8Mbps peak upload speed, thus many innovative mobile and wireless applications can now be delivered.
The MobileBridge ITS supports the following features and applications:
1. GPS Tracking
2. Dynamic content filtering
3. Mobile Hot Spot with integrated Radius AAA (Airpath certified)
4. Supports walled garden, local & remote web portal.
5. Mobile wireless surveillance in motion
6. VPN and SSL for enhanced security
7. Remote Central Management, Real-time data traffic/bandwidth monitoring and management using SNMP protocol
8. Credit card, Smart card, RFID processing for payment and asset tracking in vehicle
9. Support VoIP over 3G Cellular for voice communication
10. Supports other M2M communication with sensors and controls
By connecting a GPS Mouse to the serial port of the MobileBridge, real-time GPS location information can be sent from a vehicle to a central Geographic Information System (GIS) server. The GPS Mouse can get position information from satellites through the MobileBridge and can transmit that info to GIS server via cellular network. The MobileBridge now offers both GPS tracking features as well as Internet access at the same time.
Top Global‘s MobileBridge communications gateway can be used by public transportation companies to offer "Mobile Hot Spot" service for passengers creating an entirely new revenue model. With embedded RADIUS module, the MobileBridge offers several AAA possibilities for the services including usage/traffic (Mbits), monthly, daily, and hourly fees, with credit card payment options. The MobileBridge is fully certified by Airpath Wireless, who provides the backend OSS for many commercial hot spot operators around the globe.
Related Channels: Wireless, Security, VPN, OSS/BSS, VoIP

Cisco settles shareholder lawsuit for $91.8 million
Cisco Systems said Friday it would pay $91.8 million to settle a shareholder lawsuit filed in 2001 against the company and management in the U.S. District Court for the Northern District of California.
"Given the expense and disruption associated with prolonged litigation, and the fact that this resolution is achieved with no additional cost to Cisco and with the consent of our insurance carriers, we believe this settlement is in the best interest of Cisco and its shareholders," Cisco said.
The original suit, filed April 20, 2001, claimed that Cisco made misleading statements, or omitted statements of material fact, that were relied on by purchasers of Cisco stock, the company said. The suit also alleged that the individual defendants sold Cisco stock while in possession of material, non-public information. The company denied all allegations in the suit.
Related Channels: Security

DeepNines sues McAfee for patent infringement
Dallas-based Deep Nines, Inc., a network security solutions provider, filed a lawsuit against McAfee, Inc. for infringement and false marking of its recently issued U.S. patent on a key network security technology.
The alleged infringement and false marking concerns U.S. patent number 7,058,976, issued to DeepNines on June 6, 2006, which involves combining a firewall and a signature-based intrusion detection/prevention solution (IDS/IPS) on a single, inline device that takes action in real-time.
DeepNines filed and won an interference against McAfee regarding this patent in March 2005, but McAfee has continued to mark and sell products that claim this patent as their own. DeepNines is asking the court for damages and a permanent injunction to prevent McAfee from marketing and selling the infringing products. DeepNines is being represented by the law firm Fish & Richardson P.C.
“DeepNines’ focus has always been on developing products that solve fundamental customer pain points. Customers are demanding integrated solutions because they are the most secure, efficient and easy to manage, and we are thrilled to hold the patent for innovating a solution that meets these requirements,” said Sue Dark, founder of DeepNines.
“We intend to protect our intellectual property, just as we respect the intellectual property rights of others” said Dan Jackson, president of DeepNines. “Although DeepNines continuously monitors the products of its competitors, at this point, our focus remains on McAfee for both infringing our patent and falsely marking its products with a patent that is invalid and purports to claim the same invention covered by our patent.”
Related Channels: Security

China Mobile deploys Array Networks' SSL VPN platform
California-based Array Networks, a leading provider of optimized and secure universal access solutions, announced that China Mobile, the world's largest mobile service provider, has deployed Array's SSL VPN platform to secure its internal Office Automation Intranet and Supplier Extranet.
After nearly a year of thoroughly evaluating potential solutions, China Mobile concluded that Array Networks' SPX SSL VPN solution offers unsurpassed security features for a large-scale deployment, and lowest total cost of ownership. While most general-purpose SSL VPN solutions provide acceptable security for less than a few hundred users, they lack extra security and operational benefits needed for large-scale, diverse user deployment.
A key factor in China Mobile's choice was Array's virtualization capabilities, which offer extra security by fully separating multiple intranet and extranet resources that control user access to specific applications. Virtualization also minimizes TCO by supporting diverse user intranet and extranet portals on a single hardware platform, thereby eliminating investment in extra hardware and software.
The Array SSL VPN provides China Mobile employees with remote access to its intranet and extranet applications, which streamlines business collaboration, improves efficiency and reduces costs. Array also offers granular security control and cost-effective management benefits. Additionally, the SSL VPN solution provides China Mobile with the lowest latency and highest scalability.
"We are delighted to be partnering with China Mobile to deliver best-in-class security and operational benefits for its business critical operations," said Michael Zhao, president and CEO, Array Networks. "China Mobile and Array both recognize the need to strengthen security while reducing costs. Array's solution shines in a number of areas including virtualization and multi-layer security with custom-built ArrayOS."
Related Channels: Security, VPN, China

China's Ministry of Public Security selects Alcatel for NGN
Alcatel has been awarded a contract by China's Ministry of Public Security to deploy a next generation network (NGN). It is the second nation-wide NGN network deployed by a government organization in China, following the one deployed by Alcatel for the China State Council Information Office in 2005.
Under the terms of the contract, Alcatel will provide an integrated IP communication solution to meet the large capacity needs of the Ministry and provide efficient and secure communications across 32 provinces and cities. In addition to rich telephony features, the network also supports a wide variety of advanced IP-based multimedia services, such as presence-enhanced phone book, which enables a user to see a contact's current availability, push-to-show, which enables a user to see a contact's agenda or video conference, push-to-talk and instant messaging.
Upon the completion of the project by the end of September 2006 , the staff of the Ministry of Public Security of China will be able to enjoy interactive and multimedia services including video telephony, video conferencing, Find-Me Follow-Me; which enables a user to receive calls anytime, anywhere through any device, voice virtual private network (VPN) and soft phone applications.
The new network, including the IMS-compliant Alcatel 5020 Softswitch and Alcatel OmniPCX Enterprise, will significantly enhance the organization's operating efficiency with assured quality and performance, while maintaining a seamless connection with the existing voice networks in the second-layer cities.
Ma Xiaodong, Chief Engineer, Information & Communication Department Ministry of Public Security of China said, "We are partnering with Alcatel to help us define the optimal way forward for our traditional voice networks. Not only will the quality and efficiency of our work be enhanced with reliable and advanced communications, but Alcatel's industry leading solutions will also support the development of our networks now and in the future."
"Reliability and confidentiality are of utmost importance for a governmental organizations. Leveraging Alcatel's leadership in both traditional and next-generation voice and data, we are confident to provide a comprehensive and tailor-made NGN solution that effectively meet these requirements," said Michel Rahier, President of Alcatel's fixed communications activities.
Related Channels: VoIP, Video, Security, VPN, China

Cisco completes acquisition of Meetinghouse Data Communications
Cisco Systems has completed the acquisition of privately-held Meetinghouse Data Communications, Inc. of Portsmouth, NH. On June 29, 2006, Cisco announced a definitive agreement to acquire Meetinghouse Data Communications, a provider of a client-side 802.1X supplicant security software that allows enterprise customers to restrict network access to only authorized users and/or host devices attempting to gain access to networked resources through both wired and wireless media.
With the close of the transaction, the Meetinghouse team and products have been integrated into Cisco's Wireless Networking Business Unit, reporting to vice president and general manager, Brett Galloway. The Meetinghouse products have been integrated into the Cisco product portfolio and are now available for order on the Cisco Global Price List.
Related Channels: Wireless, Security, Mergers & Acquisitions

Vodafone Italy picks Openwave's Anti-Virus software for mobile phones
Vodafone Italy has signed an agreement to deploy Openwave's Anti-Virus software suite for mobile phones. The security solution also features McAfee VirusScan Mobile, designed to protect mobile devices against threats that originate from mobile browsing, downloads, and multiple forms of mobile messaging including email, SMS and MMS.
Openwave's Security Suite features a secure content management (SCM) server and tools to help Vodafone Italy provide mobile data access safely and securely. The SCM server is designed to offer a flexible framework that can rapidly adapt as security threats and operator needs evolve.
"This partnership with Openwave demonstrates McAfee's commitment to providing multi-layered, mobile-specific protection across a variety of key protocols, and ensure customers like Vodafone can continue to provide cutting edge solutions for their subscribers in a safe environment," said Todd Gebhart, senior vice president of worldwide consumer and mobile sales, McAfee, Inc. "VirusScan Mobile, which supports more than 100 devices that are in the hands of over 28.5 million consumers worldwide, is the only product designed specifically for mobile protection without affecting mobile phone performance."
While other solutions feature a PC-based filter applied in a mobile environment, Openwave's Security Suite is a true mobile anti-virus solution, and comes with the dedicated support of McAfee's Avert Lab which is tasked with tracking and profiling mobile-specific viruses and threats.
Related Channels: Wireless, Security

Cavium OCTEON processors power Linux servers
California-based Cavium Networks, a world leader in security, network services and embedded processor solutions, announced the OCTEON Multi-core MIPS64® Processor family has been selected for use in network-centric Linux servers for Enterprise , Storage and Network Applications. The OCTEON based Linux servers are available from Movidis today and on display at the LinuxWorld Conference & Expo being held at the Moscone Center in San Francisco Aug 15 – 17 in booth #840. OCTEON has been adopted widely by Tier-1 and leading networking OEMs in networking, security, control plane and broadband gateway applications.
“We see a significant opportunity in providing high-performance, low-power networking servers for networked storage, secure Web transactions, databases and network centric applications running in the datacenter or at the edge of the network,” said Ken Goldsholl, CEO of Movidis. “We selected the OCTEON Processor for our next generation products because OCTEON provides integrated network, security and application layer acceleration in hardware with general purpose Linux programmability and dramatically lower power compared to other solutions. This type of processor configuration is not available from any other vendor.”
“We are excited to enable innovative companies like Movidis to bring disruptive technology to the market place”, said Amer Haider, Director of Strategic Marketing, Cavium Networks. “Using the OCTEON Processor technology in networking centric servers running Linux helps IT managers reduce their data center power costs while providing a scalable and compact high performance solution.”
Related Channels: Chipsets, Security

Juniper faces delisting due to delayed filing of Form 10-Q
Juniper received a Nasdaq Staff Determination letter indicating that it is not in compliance with Nasdaq's listing requirements
Juniper Networks, Inc., announced that, as anticipated, on August 14, 2006 it received a Nasdaq Staff Determination letter indicating that the Company is not currently in compliance with Nasdaq's listing requirements as set forth in Marketplace Rule 4310(c)(14) due to the delayed filing of the Company's Form 10-Q for the quarter ended June 30, 2006. The Company will initiate the appeal process by requesting a hearing before the Nasdaq Listing Qualifications Panel in response to the letter. Pending a decision by the panel, Juniper shares will remain listed on the Nasdaq Stock Market.
Related Channels: Switching & Routing, Security, VPN

Mexis deploys Juniper's firewall/IPSec VPN appliances
Juniper Networks, Inc. Tuesday announced that Mexis has deployed the Juniper Networks family of firewall/IPSec VPN appliances. The Juniper Networks firewall/VPN appliances will be used within Mexis' new managed service offering, SOC. Service Policy. In addition, Juniper Networks appliances will be offered to Mexis' customers through distributor ITStrap and its strategic partners. The Mexis SOC Service Policy is a managed network security service for companies in Mexico that need secure business communications without having to invest in internal security staff.
The Mexis SOC Service Policy is designed as an initiative to offer customers network solutions for the safekeeping of their infrastructure and equipment before possible intrusions or attacks. The Mexis SOC Service Policy is an integral service through the Mexis Security Operations Center that provides an end-to end managed service solution.
At the customer premises, the secure connectivity is supported by the Juniper Networks NetScreen-5GT, NetScreen-25, NetScreen-50, NetScreen-204 and NetScreen-208 firewall/IPSec VPN products, and the Mexis Service Operation Center will provide the vulnerabilities monitoring, management and detection and risk evaluation services.
'Managed security services are an increasingly attractive solution because they provide enterprises with the highest levels of protection, without requiring them to support a dedicated IT staff,' said Tim Lambie, Juniper Networks Sales VP Americas International. 'With this solution, customers can be assured that they are getting best-in-class security technology from Juniper, combined with superior technical support and monitoring capabilities from Mexis' expert Service Operations System.'
Related Channels: Security, VPN

US DOJ picks AppSecInc's vulnerability assessment scanner
New York-based Application Security, Inc. (AppSecInc), the leader in database security, announced that the United States Department of Justice (DOJ) is utilizing the company’s vulnerability assessment scanner, AppDetective™ to reduce and manage database vulnerabilities throughout the agency.
Speaking about the decision to deploy AppSecInc’s solution, Dennis Heretick, chief information security officer for the DOJ said, “Our philosophy is one of building security into the operational process and building our validation testing into the implementation process. Tools such as AppDetective allow us to identify vulnerabilities in the [database] application and then verify that we have corrected them.”
“AppSecInc enables the DOJ to ground compliance efforts in the database applications that ultimately house its regulated data,” said Jack Hembrough, president and CEO of AppSecInc. “By establishing database controls, documenting their status, and promptly identifying violations, AppSecInc helps government organizations define best practices, document continuous improvement, and ensure prompt incident response – the hallmarks of any demonstrable, repeatable and effective compliance effort.”
Related Channels: Security

AT&T study finds business continuity planning a priority for New York companies
On the third anniversary of the North American blackout that paralyzed New York businesses and left thousands of office workers stranded, AT&T Inc. announced that a recent study finds that 78% of New York City organizations that were surveyed have business-continuity plans in place, preparing them to face a disaster such as a blackout or terrorist attack.
In almost all the areas of business-continuity planning that were explored through this national survey, New York ranked in line with or above its municipal peers. However, there were certain regional differences, some of which were surprising given the city's position as a financial and commercial capital:
-- 76% of IT executives in the New York area (moderately more than the 70% national average) consider business-continuity planning a priority
-- New York City businesses have been more financially susceptible to disasters than those located in other markets surveyed; 41% of businesses impacted by a disaster in New York said it cost them more than $100,000 a day, including 17% which said it cost them $1 million to $5 million a day
-- In contrast, the survey found that among the markets AT&T surveyed, New York City ranks last in terms of the number of companies which have actually tested their business-continuity plan within the last six months
-- 86% of companies in New York that have suffered from a disaster said they've taken actions to reduce business interruptions in the future - more than any other market surveyed
"It's evident that for some companies, various events have been a real wake-up call," said Mark Keiffer, chief marketing officer-Business, AT&T Operations Inc. "That's the good news. But it's surprising how many companies are still putting their businesses and future at risk by not adequately planning for the next hurricane, earthquake or cyber security hit."
Related Channels: Security, Storage, Test, OSS/BSS

Core Security Technologies upgrades security testing software
Boston-based Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, announced CORE IMPACT 6, a new edition of the company's flagship software product designed to help companies easily and efficiently test their network security policies. This latest version of CORE IMPACT features a completely new framework to simplify client-side penetration testing. Client-side attacks are used to take control of end-user systems and thereby gain access to key corporate assets. This version also includes the next generation of CORE IMPACT's patent-pending agent technology, expanded support for new target platforms, and new data export capabilities for easily incorporating penetration testing results into other databases or products.
Related Channels: Test, Security

Guangzhou to build large government database backup and catastrophe recovery center
Following the hacking of three of its websites, Guangzhou municipal government has decided to choose a secret location in the surrounding cities to build a large government database backup and catastrophe recovery center to help prevent disasters from damaging the city's government platform.
The project is planned to cover an area of several thousand square meters and cost over RMB100 million. It will take at least two years to complete. The data backup center is like a "super brain" which collects all the data on government affairs in Guangzhou.
The center will not participate in the daily operations of the government. However, it will play a backup role if the e-government systems are destroyed by man-made or natural disasters.
So far, 50 government agencies in Guangzhou have placed their data online to give citizens better access to public information and the online data will be integrated into the new backup system.
Related Channels: China, Security, Storage

U.S. State Department plans to begin issuing smart chip-embedded passports to Americans
Despite ongoing privacy concerns and legal disputes involving companies bidding on the project, the U.S. State Department plans to begin issuing smart chip-embedded passports to Americans as planned Monday.
Not even the foiled terror plot that heightened security checks at airports nationwide threatens to delay the rollout, the agency said. Any hitches in getting the technology to work properly could add even longer waits to travelers already facing lengthy security lines at airports.
The new U.S. passports will include a chip that contains all the data contained in the paper version -- name, birthdate, gender, for example -- and can be read by electronic scanners at equipped airports. The State Department says they will speed up going through customs and help enhance border security.
Privacy groups continue to raise concerns about the security of the electronic information and a German computer security expert earlier this month demonstrated in Las Vegas how personal information stored on the documents could be copied and transferred to another device.
But electronic cloning does not constitute a threat because the information on the chips, including the photograph, is encrypted and cannot be changed, according to the Smart Card Alliance, a New Jersey-based not-for-profit made up of government agencies and industry players.
"It's no different than someone stealing your passport and trying to use it," Randy Vanderhoof, executive director of the alliance, said in a statement. "No one else can use it because your photo is on the chip and they're not you."
Yet the ability to clone the information on the chips may not be the sole threat, privacy advocates argue. A major concern is that hackers could pick up the electronic signal when the passport is being scanned, said Sherwin Siy, staff counsel at the Washington-based Electronic Privacy Information Center, a leading privacy group.
"Many of the advantages the industry is touting are eliminated by security concerns," Siy said.
After testing the passports in a pilot project over the past year, the government insists they're safe.
Numerous companies competed the last two years to provide the technology. One winner was San Jose-based Infineon Technologies North America Corp., a subsidiary of Germany's Infineon AG. Another was French firm Gemalto, which earlier this month announced that it had received its first production order from the Government Printing Office. It is producing the passports for the State Department, using the Infineon technology.
Another company, On Track Innovations Ltd., was notified July 31 that it had been eliminated from consideration and is appealing the decision, a spokeswoman for the Fort Lee, N.J. company said this week. On Track previously had been eliminated but appealed that decision in the U.S. Court of Federal Claims in Washington, D.C., which found in favor of the company and ordered it be reinstated.
Infineon has been approved for production-quantity orders but hasn't received any because of the unresolved legal dispute, said Veronica Meter, a spokeswoman for the Government Printing Office. The rollout that begins Monday will use technology built up during the pilot project.
Citizens who get new passports can expect to pay a lot more. New ones issued under this program will cost $97, which includes a $12 security surcharge added last year. Not all new passports will contain the technology until it's fully rolled out -- a process expected to take a year. Existing passports without the electronic chips will remain valid until their normal expiration date.
Related Story: Security Alert: Security flaw of RFID passports could allow criminals to enter Germany and the U.S. illegally
Related Channels: Security

Related Story: Security Alert: Security flaw of RFID passports could allow criminals to enter Germany and the U.S. illegally
RFID passports used in Germany and being introduced in the U.S. and other countries have a major vulnerability that could allow criminals to clone embedded secret code and enter countries illegally, German computer security expert Lukas Grunwald warned.
A demonstration at the Defcon conference in Las Vegas late Friday by Grunwald showed how personal information stored on the documents could be copied and transferred to another device, which appeared to contradict assurances by officials in government and private industry that the electronic information stored in passports could not be duplicated.
"If there is an automatic inspection system, I can use this card to enter any country," Grunwald said, holding up a computer chip containing electronic information he had copied from his German passport.
The research is the latest to raise concerns about the growing use of RFID, short for radio-frequency identification, which allows everyday objects such as livestock, store merchandise and security documents to beam electronic data to computers equipped with special antennas.
Countries such as Germany already use RFID in passports to help border officials guard against forgeries and automate the processing of international visitors. And U.S. officials plan to start embedding RFID in passports in October.
Related Channels: Security, Wireless

Security Alert: US Department of Homeland Security urges Windows users to apply Microsoft security patch MS06-040
The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights.
Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users.
Users can apply the Microsoft MS06-040 security patch at www.microsoft.com. Home user may prefer to go to Windows Update at update.microsoft.com and select “express” to install critical security updates, including the MS06-040 security patch.
The Department’s U.S. Computer Emergency Readiness Team (US-CERT) continues to work closely with Microsoft to minimize any impact from this vulnerability. US-CERT has issued an alert through the National Cyber Alert System and conducted a series of briefings with federal Chief Information Officers and Chief Information Security Officers, and critical infrastructure sectors through Information Sharing and Analysis Centers. Additionally, all federal agencies are required to provide US-CERT with regular updates on their patching status.
Related Channels: Security

Security Alert: The first Trojan to target BlackBerry device
Software exploiting how mail is transmitted could siphon confidential information from company computers. The software, BBProxy, first unveiled at the recent Defcon hacker convention by researcher Jesse D'Aguanno, bypasses normal network security, disguised as an innocent attachment.
"A malicious person could potentially use this back channel to move around inside an organization unabated and remove confidential information undetected or use the back channel to install malware on the network," warned security company Secure Computing..
Secure Computing suggests companies isolate their BlackBerry servers from the Internet.
D'Aguanno suggested to hackers attending the Defcon meeting that his program was the first Trojan to target the BlackBerry device.
Secure Computing's Paul Henry said the real security threat is an over-reliance on the encrypted connection between devices. Henry said companies are very casual in deploying BlackBerry servers.
Related Channels: Security, Wireless

Security Alert: Your phone number could be hijacked! -- Arias Hung reveals security flaw in Linksys' routers for VoIP calls
At the Defcon conference being held through Sunday in Las Vegas, Arias Hung, a security professional with Media Access Guard in Seattle, showed how people can have their phone numbers hijacked when using certain types of equipment that route calls over the Internet.
Hung's research showed how to control the inner workings of Internet phone routers made by Linksys, a division of Cisco Systems.
Once the routers are accessed, a person can change the device's so-called media access control address, which acts as a serial number that Internet phone providers such as Vonage Holdings Corp. use to verify the identity of customers. A person exploiting the flaw could intercept calls made to a legitimate Vonage user and make calls that would appear to come from the user's phone number.
"The service providers should be very concerned," Hung said. "The general consumer should stay away from this router," he said, referring to two models that Linksys designates the WRTP54G and the RTP300.
Related Channels: Security, VoIP

China Mobility Solutions to acquire control of Beijing Topbiz Technology Development Company
China Mobility Solutions has entered into an agreement to acquire control of Beijing Topbiz Technology Development Company, a Chinese company providing SMS services to banks in China.
China Mobility Solutions will directly acquire 49% of Topbiz and indirectly acquire control of an additional 11% of Topbiz, giving it effective control of 60% of the company. China Mobility Solutions will pay Topbiz US$3,700,000 in cash and issue 8,081,818 new shares in a Regulation S offering at the deemed price of US$0.46.
Topbiz generated US$2.67 million in revenue in 2005, and recorded US$590,000 of deferred revenue. It made a net profit of US$785,000 in 2005, and had US$1.25 million cash-on-hand as of December 31, 2005.
Topbiz develops and customizes SMS-based banking systems for banks in China. Through the SMS banking platform Topbiz offers, banks can provide a variety of customized financial information to their client base, dramatically increase the satisfaction of clients and become more appealing to new customers.
Topbiz's SMS banking system offers convenience, security and simplicity, and is becoming popular with banking clients in China.
Related Channels: China, Wireless, Security, Mergers & Acquisitions

Apple FCU picks Comodo as its authentication partner
Jersey City, N.J.-based Comodo, a global Certification Authority and leading provider of Identity and Trust Assurance Management solutions, announced that Apple Federal Credit Union, a not-for-profit member-owned cooperative serving more than 77,000 members in the Northern Virginia community has selected Comodo’s new technology, VerificationEngine (VE) to protect members from phishing and pharming attacks. In addition, Apple FCU will utilize other elements in Comodo’s flagship S.A.F.E. Solution (Secure and Authenticated Financial Engagements) including High Assurance SSL certificates, email certificates and HackerGuardian to ensure that Apple members can experience increased verification and security in online banking. Apple FCU chose Comodo as its authentication partner because Comod