Sunday, January 28, 2007

Analysts worry about growing IT threats from Skype, GSM networks

Things can always get worse, our crotchety uncle Julius used to moan whenever anyone would ask about his health. So, too, say those charged with carefully analyzing the IT security environment. A number of new legal requirements and potential threats, says Crispin Pikes of Image Analyzer, pose problems that require immediate attention from IT security officials. These include the growing threat from VoIP systems such as Skype and new federal rules of civil procedure requiring companies to maintain the capabilities of storing and recovering instant message conversations related to legal actions. This latter issue, many say, will have an effect on companies similar to that imposed by Sarbanes-Oxley, with many being forced to adopt new procedures and hire new staff to manage them. The rise of private GSM networks, which allow organizations to manage their own internal mobile phone system, also present a major area of concern.


London Olympics to sport photometric stereo facial recognition technology

All eyes will be on London in 2012 when the city by the Thames hosts the Olympics. And just as China began its security preparations years ahead of its forthcoming 2008 games, city planners in London are already putting together what promises to be the most sophisticated security operation to date -- an effort made all the more critical due to the city's own recent and very real problems with terrorism. There are many things to look for in 2012 security-wise, but one thing that caught our eye was a new facial recognition software under development at Imperial College London in coordination with General Dynamic and Identity Solutions.

Of course, facial recognition technology is not new, but the Imperial College approach distinguishes itself by the use of photometric stereo, a technique that vastly improves the accuracy of facial mapping and identification by creating what the researchers call a "facial skin signature." How does it work? The photometric stereo uses a series of lights and a fixed camera to generate an image. "When you have light coming from an angle on to a rough surface it creates shadows," said professor Maria Petrou. "The position of the light determines where the shadow falls -- and more lights means more images. You can then combine the shadow information with software to infer the 3D shape of the object." By attaching a camera to a series of sequential flashes from multiple sources -- done so quickly that the delays are unnoticeable -- the images can be combined to produce a 3D image.

This is a superior approach to existing systems for a number of reasons. First, conventional stereo imaging uses images from a number of different cameras which must then be matched. Fair enough, but then software is needed to accurately match each pixel from each individual image -- an effort that can lead to inaccuracy and ambiguity, especially when pixels can match in different areas of the image. The photometric stereo approach relies on only one camera with a single angle, thereby sidestepping the pixel matching program, and because the image stays the same but the lighting source changes (due to the flashing), only the shadows differ. In addition, the multiple lights can also provide information about skin tone and color, something normal facial recognition software cannot accomplish.


HP involved in another spying lawsuit

Judge orders counterclaim refiled; HP denies charges

Robert Mullins   

January 25, 2007 (IDG News Service) -- A suit filed against Hewlett-Packard Co. by a former executive alleging that the company resorted to corporate spying over Dell Inc.'s plans to develop a line of printers must be resubmitted under a court seal, a federal judge ruled.

Karl Kamb Jr., who is being sued by HP on separate claims, accused HP of paying off a former Dell executive in Japan to reveal trade secrets on Dell's plans to enter the printer business. Dell had been a reseller of HP printers until it launched its own line of printers a few years ago. Printing and Imaging is one of HP's biggest and most profitable lines of business.

U.S. District Court Judge Michael Schneider yesterday ordered Kamb to withdraw his counterclaim against HP and to resubmit it under seal so that the contents would not be made public. The judge also issued a restraining order barring any parties to the case from discussing it with the media.

The message, "you do not have permission to view this document," popped up today when the link was clicked for the counterclaim on the Web site for access to federal court filings. The lawsuit was filed in the U.S. District Court for the Eastern District of Texas.

But news reports about the counterclaim said that Kamb accused HP of spying on him, including using pretexting to obtain his phone records.

Kamb is one of four former HP executives sued in 2005 by HP for conspiring to start a business to make and sell flat-panel TVs while they were supposed to be developing a flat-panel TV business for HP. HP's suit asks for $100 million in damages from the defendants.

"This counterclaim is wholly without merit," said HP in a prepared statement. "It's a blatant attempt to delay the prosecution of the original case against the persons filing the counterclaim. We intend to vigorously pursue our original claim and to defend ourselves against this action with equal vigor."

HP's statement continued: "The claim that pretexting was involved in this investigation is, to the best of our knowledge, patently untrue. Furthermore, as we've said in the past, HP strongly rejects such methods of investigation and has said that those methods will not again be employed on behalf of the company."

Kamb's attorney did not return a call seeking comment.

The allegation that HP spied on Kamb comes amid continued legal jeopardy for former HP executives and others in a pretexting scandal. In that case, former HP Chairman Patricia Dunn is among five defendants facing felony charges in California for conducting an investigation to identify the source of leaks from HP's board to the media. Private investigators hired by HP allegedly used false pretenses to get phone companies to reveal the calling records of people who were targets of the investigation.

One of the defendants in the state case, private investigator Bryan Wagner, pleaded guilty Jan. 12 in Federal District Court in San Jose to similar charges. His attorney is going to petition in State Superior Court in San Jose Friday for the state charges against Wagner to be dismissed.

The other defendants, including former HP attorney Kevin Hunsaker and two other detectives, have not responded publicly to reports that the state has offered a plea bargain in which five felony charges, including conspiracy, would be withdrawn, if they plead guilty to one misdemeanor count each.


Data breach at TJX leads to fraudulent card use

The company has not said how many credit and debit card numbers were exposed

Jaikumar Vijayan   Today’s Top Stories    or  Other Security Stories  

CommentsComments (0)Recommendations Recommendations: 52  —  Recommend this article




January 25, 2007 (Computerworld) -- Credit and debit cards that were compromised in the recently disclosed security breach at TJX Companies Inc. are being fraudulently used in several states in the U.S. and even overseas, the Massachusetts Bankers Association (MBA) said today.

The association, which represents 205 banks in the commonwealth, said that the compromised cards have so far been used to make fraudulent purchases in Georgia, Florida, Louisiana, Hong Kong and Sweden.

"TJX has not made clear the number of cards involved in the breach, but Massachusetts banks continue to receive information from the card companies about cards that have been exposed," the MBA said in a statement. To date, about 60 banks have reported on cards that were compromised in the breach. The number is expected to rise because fewer than half of the member banks have reported in so far.

TJX last week disclosed that somebody had illegally accessed one of its systems and made off with card data belonging to an unspecified number of customers in the U.S., Canada, Puerto Rico, the U.K. and Ireland. The retailer, which owns chains such as TJ Maxx, Marshalls and Bob's Stores, didn't disclose the number of shoppers that may have been affected by the breach, which took place in May 2006 but wasn't discovered until last month.

In its statement today, the MBA said that it is "strongly supporting" legislation that would require credit card companies, such as MasterCard International Inc. and Visa U.S.A. Inc., to quickly disclose the source of a retail breach. Typically, credit card companies have not disclosed this information to card-issuing banks when informing them of a security incident.

"By not disclosing which firm caused the breach, or quickly disclosing it, consumers are needlessly troubled and might feel compelled to take unwarranted action if they're left in the dark," MBA CEO Daniel Forte said in the statement. As a result, it is crucial for credit card companies to identify the source of a breach and whether they should be held liable -- especially if the retailer was storing information in violation of the Payment Card Industry data security standard, he said.

TJX itself has not disclosed specifically what sort of information was compromised. But the company appears to have been storing so-called Track 2 data taken from the magnetic stripe on the back of cards. Track 2 data includes account numbers, expiration dates and encrypted personal identification numbers, plus other information that card-issuing banks can include at their discretion.

The storing of such data by retailers is specifically forbidden under PCI.

Both MasterCard and Visa refused to comment on the MBA reports that the cards compromised in the TJX incident are being fraudulently used.


Made4biz Security Translating real-world security knowhow into state of the art security systems.
Made4biz Security

Turn on Sound for Demos:
Bill Gates Demo (Location-based)
Elvis Demo (Location/Context-based)
Clint Eastwood Demo (Temporal-based)

Powered by Blogger

Subscribe to
Posts [Atom]

Technorati Profile

RSS Syndication

Made4Biz Security Inc