Senetas on Deciphering Information Security Blog

Will Australia forfeit the leadership position in the physical world due to a “blind spot” in the digital world?

Mon, 12 Dec 2011 00:39:00 GMT

By Stuart Bell

For the past decade Australia has enjoyed a sustained period of economic prosperity off the back of its very traditional roots in mining and agriculture coupled with a unique financial services structure.

Many people continue to focus on the leverage provided by the growth in our Asia based trading partners. Commentators trumpet how fortuitous the move away from reliance on Europe and America was. We may just be missing some important future economic activity that is growing in the traditional economic partners.

This could threaten our continued prosperity! There are clear examples of how leadership can create structure and a clear way forward and this is explained in "What should be done?”

What is the cause of this?
Many traditional economies have endured a decade of economic pain. This has been caused by a number of factors but one that is undeniable is the reshaping of the economy due to the internet. Coupled with the removal of commercial boundaries that used to be physical and perceived as immovable, growth in traditional economies is gathering pace at our expense.

The traditional economic powerhouses of Europe and America have spent the past three years looking at how they transition to the economy of the future. In that time our focus continues to be on the hard asset economy – mining and logistics, moving materials to value adding trading partners in Asia.

Debate in Australia is mired in the merits of NBN public debate about the strategy to survive and thrive in the emerging the global economy. No perspective exists on the economic risk posed by the retooling in the new business platform – Cyberspace.

Meanwhile, the Australian public continues to drive retail activity towards the new economy. A clear example that “ordinary” Australians are embracing the Cyberspace economy but the government is failing in its duty to lead in the areas of governance and security.

Why has this happened?
Perhaps the debate about investment in NBN was the incorrect focus. Too much focus on how, not why and what the new platform will enable in terms of wealth creation.

Interestingly this assertion is supported by international data that shows:

“Real GDP per capita has risen by $500 over the last 15 years in mature countries enabled by the internet. By comparison, it took 50 years for the industrial revolution to have the same effect.”

McKinsey Global Institute, Internet Matters, 2011

While Australia continues to fixate on creating the backbone, the mature countries are already well advanced with not only reforming infrastructure but also ensuring the environment is secure. This results in economic growth that is protected appropriately and not just a fishing ground for the global criminals that the internet has also spawned at breathtaking speed.

What should be done?
The UK has an excellent vision published in November 2011 – “The UK Cyber Security Strategy: Protecting and promoting the UK in a digital world.”

In summary, the strategy outlines:
1. Vision for UK 2015 Cyber space adoption
2. How UK will be one of the most secure
3. Be resilient to cyber attacks
4. Support open society
5. Outline skills needed

Businesses and private individuals should be demanding the government create a business backbone that facilitates us holding our ground with those of the leaders in the new economy, such as UK.

Serious consideration to securing all data using encryption should be mandated as part of the total solution. If we miss this opportunity to “build in” security sufficient evidence is available to show it will NEVER be retrofitted as it is too costly once a complex web of networks exist, it is also too difficult to gain agreement as to how.

Hot tip – Engineer the solution in – it’s faster, cheaper and safer.

Remember!
Unless actively promoted by the government security will be the new safety challenge in a decade – how hard is it to reduce the road toll? Well the best start was to publish it!

Business losses through fraud and theft via internet or commercially insecure businesses are not known, they are built in to the cost of doing business. Would we accept that with the road toll and injury? If not, why should we accept the cost of security from here forward in the new economy?

Speak up. Demand your representatives make all business leaders accountable for telling you what is going on.
Do something about securing the future to preserve growth and strengthening our society.

Stuart

Scale of data breach consequences increases - community at risk NOT business assets

Fri, 02 Dec 2011 00:48:00 GMT

By Stuart Bell

Well time goes on and so do reports of increasingly sophisticated breaches in data security. The potential consequences escalate and the ease with which an attack can be planned and executed is more pervasive and personal.

The latest report out of the US which appears it may or may not have happened is neatly explored in this article which confirms the potential to affect whole communities and, in turn, every individual –

“Did an Illinois Water Utility Come Under a Cyberattack?

And why was it connected to the Internet, anyway?”

Market focus is rapidly moving from securing information network infrastructure to securing data used to manage and control infrastructure at utilities – gas, water, power grids…most are controlled remotely over various data networks.

What does this mean?
Many businesses operate with the most modern commercial business solutions and overlook the risk posed by 20 year old plant systems that rely on historically poor or non-existent security.

The breach outlined in the article was discovered after a pump burnt out even though there was no interruption to the service. It is clear that hackers - reported by Illinois State-wide Terrorism and Intelligence Center as emanating from Russia - were testing to either prove they could break in or were waiting for all the pieces of the jigsaw to be in place before activating their plan.

Either way people are now beginning to wake to the fact that there are oodles of infrastructure in the world that is not secure and many have the potential to seriously impact on our quality of life.

“Your Majesty – the moat has failed again!” Perimeter security has passed its use-by date.

What should be done?
Assess the level of risk your organisation (or you as its leader) really face, by seeking professional independent advice. Act on the advice in a manner appropriate to the real risk after evaluating the effectiveness of existing controls.

Consider whether it is most effective to protect by securing the data, establishing a physical barrier or a combination. Perhaps you are one of the few who are adequately protected – congratulations!

Give serious consideration to securing all data using encryption, assess the point of presence in your network where encryption is deployed and review as part of business risk processes.

Remember!
Business owns the data and process control data is a critical business item. It’s a business issue not a technology one!

The “Circle of Trust” should be examined from the perspective of zero trust:

Draw a line in the sand by developing a plan of action
Assess the risks
Act accordingly
Accept that whilst you are doing this you may be required to operate two networks in parallel – the old un-trusted unsecure one and the new appropriately protected one; and
Ensure your review includes process control systems and operational systems that you may wish to embrace for complete operational management in the future.

Stuart.

Cyber Security for Government Conference 2011: Security Practitioners Overwhelmed

Wed, 23 Nov 2011 01:52:00 GMT

By Stuart Bell

At the recent Cyber Security for Government 2011 conference held at Cockle Bay Wharf in Sydney, where ideas were freely exchanged between presenters and attendees, the general theme from the floor was surprisingly honest: security practitioners felt overwhelmed by customer expectations.

The IQPC-produced event, at which Senetas was a major sponsor, was quite illuminating. Key issues raised during the two-day conference were:

There are 9 billion devices active on the internet at any one time yet the maximum number of users is 2 billion – there is a lot of automated activity and while that adds to the stress of managing information security, it remains invisible to line management who retain unrealistic expectations
Business managers react and don’t lead
Legislative change lags reality by years
The bad guys out-muscle the good guys in investment dollars, collaboration and willingness to publicise

Whilst introducing my presentation “Circle of Trust”, I did a quick poll of attendees about who would NOT get support to meet the desired Quality and Safety Standards within their organisation. The participants were unanimous – they would all get support. When challenged on the same approach to Security, the participants were unanimous – they felt this would not be supported to the same extent that Quality or Safety would achieve.

I explained in the Senetas presentation how Quality started over 60 years ago, “but it was not until the 70’s where it moved from a cost-based approach to a business differentiator and then matured into just how you do business”.
Safety followed where it was about meeting minimum standards until the business leaders embraced it and used it to differentiate. This quickly drove broad-based adoption that safety was good for business, good for employees and the business community.

Clearly Security is the next wave – and Senetas has a simple twist on an old concept: KISS = Keep It Simply Secure.

In our role working with international governments and their agencies we are well aware of the latest cyber threats; we fully understand how overwhelming this could be to those charged with managing the transmission of confidential and sensitive corporate or personal information around the enterprise, or around the world.

Organisations must now draw a line in the sand, adopt a zero trust approach and create the future secure environment then migrate trust participants into it. You need to act now whilst your business is still in motion – or it may be too late.

The Senetas position:

Learn from other enterprise-wide, business and community approaches where organisations had to persist through long periods of change as Quality and Safety became mainstream business enablers.
Engage the business leaders in setting an objective that is specific, measurable, actionable, realistic and time-bound.
If a breach occurs – act, publish and retain confidence of business partners that operational policy and actions cover this as a normal business event
A complete approach must embrace people, data and tools – not just the tools.

It’s a business issue not a technology one.

Stuart

Cybercrime Targets Employees

Wed, 23 Nov 2011 01:53:00 GMT

By John DuBois

Issues in advance of the annual global security conference, RSA San Francisco, the RSA2011 cybercrime trends report makes chilling reading for business as the new threats target their employees.

Cybercrime shows no signs of diminishing, rather the report says increasingly sophisticated new threats once targeting consumers now have enterprise employees in the cross-hairs.

The largest threat is to mobile data. Cybercriminals know how to follow the money. Analysts IDC expect nearly 25 billion mobile apps to be downloaded in 2011, up from just over 10 billion in 2010. So it is no surprise the new cyber-targets are smartphones and tablets with their potential to store and transmit Gigabytes of corporate information: email contacts, customer data, business plans or personally identifiable information such as mobile banking or online payment authentication data.

In fact the report suggests it is the very effort to secure mobile banking transactions by the use of SMS authentication that has led cybercriminals to target phones with the latest mobile malware. Denial of service attacks now hit mobiles and the tools to conduct these scams are sold for as little as $25. Man-in-the-middle attacks once targeting corporate networks now look for a bank’s one-time passcode sent by SMS to authenticate an individual’s mobile banking transaction and then the SMS is forwarded directly to the cybercriminals phone.

Smishing, or SMS Phishing is the new scam where an SMS is sent to a mobile customer apparently from a nationwide bank seeking personal information. SMS Bombing is a service offered by cybercriminals to bombard thousands of mobile users by SMS, even spoofing the sender ID so it looks legitimate. The RSA report suggests mobile users are three times more likely to enter their personal information in response to Smishing that desktop users.

We have heard the stories of attacks on Governments and their agencies, some of them State-sponsored. These coordinated arracks, described as “advanced persistent threats” (APTs), are now hitting enterprises. An example of an APT was Ghost Net which in 2008/09 infected high value computers in government ministries and embassies in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados, Bhutan, India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan as well as the ASEAN Secretariat and Asian Development Bank. Now the APTs are a problem for businesses whose executives have mobile devices that link to the corporate network – a potential entry point for Trojans that can capture identity and authentication details to enable access to email, CRM, even HR records.

The RSA report found that 88 per cent of Fortune 500 companies “had botnet activity associated with their domains and 60 % had email addresses compromised by malware”.

Keeping ahead of the increasingly sophisticated cybercriminals is a full-time job. And reports of a new variation of the Zeus Trojan, responsible for 90% of worldwide banking fraud, effectively a super Trojan, have cybercrime fighters concerned. Trojans like Stuxnet, which target systems that operate critical infrastructure are a real concern as they could potentially cripple power or water supplies. And there’s evidence that industrial espionage might be the next focus with new malware, Lamp Trojan, designed specifically to grab Microsoft Office documents, spreadsheets and presentation files.

There is no one single fix for the plethora of cybercriminal phishing, but our approach at Senetas is a simple one: if your corporate and personal data is properly encrypted at rest and in motion, we can show you that any data cybercrims capture is absolutely worthless.

John

Wakeup Call for National Broadband Network

Wed, 23 Nov 2011 02:06:00 GMT

The recent report by the Kokoda foundation (National Broadband Network at risk from spies and hackers, The Australian, 4th January 2011) is a wakeup call to the builder's of the National Broadband Network, NBN co said Senetas CTO Julian Fay.

Mr Fay said that the report highlights the security "vulnerabilities" of the new network and the serious threats posed to national security and the economy.

In the report the foundation points out that to date cyber security has not been part of the debate on the NBN, despite the recognition that without counter measures the high speed optical network is vulnerable to attacks ranging from local criminals to foreign spys.

"Senetas concurs with the Kokoda foundation's findings which echo our own submission to the Senate Select committee to the NBN in 2009" said Mr Fay.

"In August 2009 we argued strongly to the Select Committee that before the NBN was built it was critical to take stock of how information sent across the network should be protected to prevent serious breaches.

In setting the foundation for this historic project we have an opportunity to address the critical issue of security from the beginning by having the foresight to design it into the core fabric of the NBN rather than trying to bolt it on as an afterthought. Security needs to be thought of as a part of the infrastructure of the NBN which is going to be the heart of communications for this and future generations of Australians."

Mr Fay urged the NBN co to adopt a "privacy by design" approach to the network architecture which will deliver high speed broadband services over fiber-optic cable to an estimated 93% of the population.

"Recognising that it is not possible to prevent physical access to an entire optical fibre network a sensible risk mitigation strategy should accept that information will be stolen and adopt mechanisms to render that data unusable after theft".

Mr Fay stated that "Modern countermeasures such as the Senetas CN1000 high performance encryption product renders information unintelligible in transmission without degrading network performance even across optical networks running up to 10Gbps".

"It is our belief" he said "and the Kokoda report reinforces this, that an investment now, spent thinking deeply about long term security problems will pay large dividends for the future."

What’s The Cost of Data Breach Disclosure?

Wed, 23 Nov 2011 02:07:00 GMT

By John DuBois

My attention was drawn recently to a statement by the US company that suffered a massive data breach in 2008, affecting 100 million customer records. Heartland Payment Systems in the US has offered to pay $US 60 million to issuers of affected Visa-branded credit cards.

The total cost of this breach continues to escalate. Heartland processes credit and debit card payments for more than 250,000 American businesses. Both Visa and MasterCard were apparently affected by the breach, so perhaps another multi-million dollar settlement is still to be negotiated, while a class action lawsuit is also underway.

Certainly this will mount up to cost many dollars per lost record, but what price do you put on the loss of reputation incurred by this organisation? It is ironic that one credit card company uses the word “priceless” in advertising.

Heartland CEO, Robert Carr was quick to point the finger at the payment card industry, explaining the breach was caused by someone placing a listener program in the stream where data in motion was not encrypted (my emphasis).

Just how much data is at risk? Well, data networks running at 10 Gigabits per second can handle 208,000 records a second, 1 million every 5 seconds, or 12 million records a minute (at 6Kb average record size).

In a story reported in PC World on May 8, 2009, Heartland was said to be developing a true end-to-end (E2E) encryption system for its merchants. And the reason why: “Currently, processors must unencrypt customer credit card data on the last step due to legacy systems in place (at) the card companies…”

Last year at a gathering of card issuers, Carr reportedly handed out USB drives containing the malware code found on the Heartland system at the time of the breach, so that other payment processors could look for malware on their own systems.

It is a bit late after the horse has bolted to shut the stable door. So isn’t it time consumers (both business and home consumers of credit and debit card services) got proactive? We need to press regulators to mandate that the industry must encrypt all records in transmission from the point of sale through the production network and also when they go to be archived in the data storage network?

John

Dissecting the Underground Ecosystem

Wed, 23 Nov 2011 02:10:00 GMT

By Julian Fay

LONDON - Dissecting the underground economy has almost become a sport at the RSA Conference with numerous speakers attempting to explain the complex cybercrime ecosystem described as being “larger than Microsoft”.

At a special press briefing (“no cameras, no video”), Uri Rivner, head of new technologies for the vendor, RSA, described it as the dark cloud where criminals use your resources to promote their business, where crime forums abound with sale items: “40,000 CVVs (credit card records), 20 UK banks in stock, 150 Gb UK logs”, and where banner advertisements offer fast cars, premium hotels and women as incentives to deal with a particular malware vendor.

Rivner said his organisation shut down 10,000 fishing attacks every month and at any one time there were 120 live attacks on government portals, banks and online games.

Also speaking today with a ban on “any form of recording” were Andy Auld of UK’s Serious Organised Crime Agency and FBI cybercrime unit supervisory special agent, Keith Mularski. CDN assumes their names can be mentioned and their presentation summarised since media were present.

The agents said that in May this year they had evidence of 4700 legitimate websites, including www.paulmccartney.com , that were infected by drive-by downloads, but now more than 6500 are infected. Forums, or hacking boards, discovered by FBI and SOCA had up to 8000 members with a peer-review system to verify that vendors of stolen data were legitimate.

The agents detailed the inner workings of the famed Russian Business Network, which provided pay per view child porn to a third of the globe from St Petersburg, saying:“…we strongly believe this group had local police, judiciary and the St Petersburg government in their pockets…when we tried to investigate we met very significant hurdles.” Surveillance showed Network bosses drove around in “an armour-plated Audi A8, escorted by a shiny Range Rover”.

Mularski said the Russians even had a business continuity plan ready when things “got too hot” and they morphed into the Taiwan Industrial Network, however authorities shut them down before they could get their new network operational. Before the takedown in November 2007 Mularski said a list of 10 nick-named affiliates each earned from $US58,000 to $US158,000 every month, “and this was their 10% fee, so the bosses were making millions”.

They explained how cybercrims would never accept credit cards, instead setting up digital currency through WebMoney, Liberty Reserve and Pecunix to enable anonymity, instant irrevocable payments and cheaper-than-bank fees for money laundering between fraudsters in UK and USA and malware vendors in Russia and Vietnam.

Conference delegates were shown a professional job website designed only to recruit mules - often innocent money transfer agents. It attracted 1925 applicants, but only 33 were recruited and the rest of the detailed applicant data was sold off to spammers.

Also detailed: a rogue anti-virus software company in Kiev had 400 employees selling infected fake AV software for $49.99 – one million Americans bought it, but 990,000 then complained to a call centre in USA before it was shut by the FBI.

RSA’s Rivner said the cybercriminals had their own dynamic currency market with stolen data values fluctuating on forums: the most popular Trojan, Zeus, now fetches $US1000 while stolen US data sells for only half the value of UK business information.

They warned: only check the mccartney website if you have up-to-date AV software, but a legitimate website to see if you’re being scammed is FBI’s www.lookstoogoodtobetrue.com

Cracking EFTPOS

Wed, 23 Nov 2011 02:11:00 GMT

By Julian Fay

London - The RSA Conference was told today that russian gangs were now guaranteeing to extract the symmetric encryption keys that secure EFTPOS devices, also known as swipe card readers, within 3 months for $US250,000.

Cybercriminals are having to find ways to be more inventive after the global financial crisis drastically slashed the going rate for stolen credit card records from $10-$15 oer record 18 months ago, to only 50 cents today. So once they crack the EFTPOS device they then swap it in a restaurant or hotel, at the same time stealing those business cards patrons sometimes place in the "kucky draw" glass fish bowl. Next they data match your card detail against your business details and commence to hack.

Verizon Business forensics expert, Matt van der Wel, was discussing his company’s 2009 analysis of data breaches resulting in actual loss. They found 285 million records breached in 90 confirmed cases, which is more compromised data in one year than in the previous four years (230 million).

Although he would not put a dollar value on losses, van der Wel confirmed the trend was towards stealing money from the financial sector.

“I just finished a really large case where criminals were active in a very large network for over a year and when they finally hit they really did steal a lot of money…but it is much harder to steal than information,” he said.

Only a third of the cases investigated were in United States with the rest in Canada, Europe, Brazil, Indonesia, Philippines, Japan, and Australia.

In summary Verizon found:

99.6% of records were compromised from servers and applications
74% resulted from external sources, 20% internal
69% were discovered by a 3rd party
67% were aided by significant errors
32% implicated business partners

Restaurant and retail swipe card machines were the softest target, he said, helped by the Russian gang's guarantee, so van der Wel recommends against ever putting your card in the fish bowl.

Global Data Breach Laws Needed

Wed, 23 Nov 2011 02:14:00 GMT

By Julian Fay

London - A former US Presiddential cyber security adviser today called for an international standard for data breach notification laws.

With many US and foreign jurisdictions now implementing quite different data breach notification regulations, Professor Howard Schmidt, now President of the Informatio0n Security Forum in London, said it was one area where federal governments must work together. After the 9/11 attacks he was appointed Vice-Chairman of the President’s Critical Infrastructure Board by President Bush to help create the US national strategy to secure cyberspace.

“Just because there’s a database sitting in the middle of the US doesn’t mean that data is not transiting Eastern Europe or South East Asia. As a consequence, having consistency worldwide is a bigger priority to worry about than trying to do it at a nation state level,” he said.

Prof Schmidt said that while governments should not generally try to legislate for technology solutions to cybercrime, he believed mandating encryption of data in transit would work.

“The value to these criminals is the data – it is the gold, the silver and the diamonds of the world we live in today, so if you take the value out of the data by encrypting it in transit and at rest, then it becomes useless to them.”

Speaking at an RSA session on Governments and Cybersecurity, he said a "cyber Pearl Harbour" was less lilkely than 10 years ago, but obviously still possible in places like Estonia and Georgia, "but we now have the ability to recover better than ever before".

Executive Director of the European Association for E-identity and Security (EEMA), Roger Dean, told the forum "network terrorists are organised, don't need a country to operate from...but at the moment they are focused on getting financial gain," adding that Estonia showed how a country could be brought to its knees , "and probably we will see some more of that."

Once B2B, now C2C

Wed, 23 Nov 2011 02:14:00 GMT

By Julian Fay

LONDON – Once the hot acronym was B2B (business to business), but talk at this annual security conference abounds with a new acronym, C2C (criminal to criminal) as the industry comes to terms with increasing online cybercrime.

Details were revealed not of “Software-as-a Service”, but “Crimeware-as-a-Service” with ready availability of online toolkits to steal balance sheets & stock movements, payroll information, company bank statements with enough information to enable money transfers, as well as budgets, product roadmaps, even R&D plans.

The criminal enterprise even has version 2.0 of its software with the latest “NeoSploits” (new exploits) software designed to deliver Trojans and malicious code packets that enable would-be crims to grab the money and run.

High Speed Heist

Wed, 23 Nov 2011 02:26:00 GMT

By John DuBois

If you don’t believe cybercrime can affect you, think again. Released at RSA Europe is evidence that the criminals are not only extremely well organised, but willing and able to operate at high speed.

In a data benchmarking report of online fraud in 2009, it was reported that online processing organisation RBS WorldPay's debit card payroll system was last year the victim of a hacking ring compromising over one million personal records. However the speed with which cybercrims grabbed US $9 million was the point of difference about this hack – they were able to clone cards with the stolen personal information in 49 cities in the US, Canada, Russia and Hong Kong and grab the cash in only 30 minutes!

The survey suggested data breaches were increasing (nobody surveyed thought they were decreasing) and that current regulations were not working:

In summary:

Over a third (35%) of respondents said their organizations had experienced a data breach in the last 12 months, while 21% didn’t know if they had been breached.
Half of those surveyed want revised legislation and another 28% want more regulation. Only 11% felt current regulations worked.
50% of participants said their cybercrime fighting budgets have increased; 38% said their budgets are staying the same and only 11% said they are decreasing.

While it was not a large sample, those surveyed were companies willing to share information and they confirmed that they had suffered the usual bouts of phishing, social engineering and Nigerian scams, but more worrying was that more than 25% had been subject to man-in-the-middle and man-in-the-browser attacks. These are where cybercriminals tap into communications between two parties (such as a corporate treasury department online with its bank), impersonating one or the other with sophisticated, but fake, websites often netting millions in minutes.

Conference Code

Wed, 23 Nov 2011 02:23:00 GMT

LONDON - What do Edgar Allan Poe and Dan Brown have in common? Not much it would appear at first glance: Poe was writer, poet, editor and literary critic, famous for 'The Gold Bug' and 'The Raven', among other works; Dan Brown, also an American author, wrote thriller fiction, mlost notably 'The Da Vinci Code'.

Both authors were cleatly fascinated by cryptography and gripped public imagination with their treasure hunts for meaning hidden in their writing: Poe's “The Gold Bug”, about solving a cipher, includes a hidden treasure map, while Brown more recently has had millions of readers looking for clues to his hidden meanings. As if to prove cryptography is not a modern art form, it was back in 1839 that Poe challenged readers in 'Alexander's Weekly Messenger' to submit cryptographs to him and he promised to solve them. About 100 ciphers were submitted and he did solve them. Two later submitted by a reader remained unsolved, but it is believed Poe actually wrote them.

Poe is celebrated this year at the world's major information security conference which is themed after him and starts Tuesday here in London.

Far from fiction, we expect the latest catalogue of facts on recent cybercriminal activity to be detailed in a presentation, titled The Underground Economy, by Andy Auld of the Serious Organised Crime Agency and FBI special agent, Keith Mularski. Many and many are intruiged by the title: Knowing Me, Knowing You – How to Steal an Identity Using Google, to be presented by consultant Brian Honan.

And the president of the International Security Advisors Group, Ira winkler will draw a large crowd to hear Target Europe: The Reality About Cyberwar in which he will discuss what information warfare really is, the potential attack vectors, potential results of such an attack and ways to proactively mitigate or prevent them

However, in light of the conference theme, there's no doubt that among the most eagerly anticipated keynote speeches is probably less about ciphers and more about fiction. Titled Rogue, Retrospection and Lessons for Today, it will be given by Nick Leeson, whose own website describes him as "...the infamous trader whose unchecked risk-taking caused the collapse of Barings Bank."

Julian

Nick Leeson

Thu, 03 Nov 2011 02:21:00 GMT

"What can Nick Leeson teach us about information security?"

www.nickleeson.com

Early Warning Cyberattack System Unveiled

Wed, 23 Nov 2011 02:25:00 GMT

By John DuBois

GENEVA — The Malaysia-based global response centre, IMPACT (the International Multilateral Partnership against Cyber Threats), has revealed what it describes as “ the world’s most advanced system against global cyberattacks” at ITU World 2009.

Demonstrating its ability to proactively track and defend against cyberthreats, it includes a military-style early warning system that enables IMPACT members to de-fuse potential and imminent attacks before their payloads damage networks.

Live data inputs from major IT vendors enable the real-time analysis, aggregation, and dissemination of global cyberthreat information.

The ITU wants its 191 member States to join the collaboration, but so far only 37 have signed-up with another 15 “in advanced discussion”.

Latest to sign is Italy through Poste Italiane which is touting its network of partners from government, private sector and academia to secure digital communications.

ITU Secretary-General Dr Hamadoun Touré commenting on the collaboration said: "Every country is now critically dependent on technology for commerce, finance, healthcare, emergency services, food distribution and more. Loss of vital networks would quickly cripple any nation – and none is immune to cyberattack."

Senetas On Show at Swiss Quantum Project

Thu, 03 Nov 2011 01:34:00 GMT

GENEVA - Senetas was showcased here last night as part of the Swiss Quantum project, which includes Senetas CypherNet encryptors as part of a quantum encryption solution.

It was deployed last April and always intended to be presented to the world’s telecommunications experts at this very forum – ITU World 2009.

Almost 200 people gathered to hear presentations from participants, including Professor Nicolas Gisin of the University of Geneva and Gregoire Ribordy the CEO of idQuantique, with whom Senetas partnered two years ago to produce the world’s first commercial quantum encryptor.

Professor Gisin who has had a long, distinguished and much-awarded career in the field of quantum physics and photonics, outlined to the audience last night a range of exciting future quantum investigations which could see current limits to the length of quantum networks (“currently a hard wall of 400 km”) extended well beyond. He is still pursuing the dream of a quantum repeater that would enable the photons to be held in a memory state so they could be forwarded to another network node without disturbance.

Meanwhile a visit to his lab in downtown Geneva today confirmed that Professor Gisin and his team are actively pushing the boundaries. You can expect to see a video report on him shortly on this website.