Friday, 31 July 2009

Russia not the first to see Skype as a security threat

In partnership with Prime Minister Vladimir Putin's political party, a Russian business lobby group wants to enact "legal safeguards" against foreign VoIP services like Skype and ICQ. Domestic telecom revenue is, of course, a factor, but Russia may be looking to join China in spying on Skype conversations.

VoIP services like Skype and Vonage radically changed the US communication landscape years ago and ignited a telecom race to catch up. The most powerful business lobbying group in Russia, partnering with Prime Minister Vladimir Putin's political party, is hoping to avoid the same fate with "legal safeguards" for home turf competition. Lobbyists also
cite national security concerns, hinting that Russia should join China by spying on conversations over Skype and similar services.

Called the Russian Union of Industrialists and Entrepreneurs (RUIE) the 1,000-member strong business lobby organization recently announced that it wants government restrictions on IP telephony services from foreign countries like Skype and ICQ. RUIE believes that the VoIP
market is now growing faster than traditional telecoms, estimating that by 2012, 40 percent of Russia’s voice conversations will travel through Internet tubes. Unsurprisingly, the group—composed of telecom executives and other members of private and state-run businesses—wants to "protect domestic producers in [the telecom market]," reads a loose Google translation of RUIE’s official statement.

RUIE also warns that "without control by the States, security concerns [will inevitably be riggered]." As Reuters reports, delegates at the meeting state that "it has been impossible
for police to spy on VoIP conversations." Perhaps these statements are red herrings intended to shift focus towards anything but the assault on Russian telecoms’ bottom lines. But these statements touch on the issue of Skype and spying on foreign consumers—after all, the company has done it before.

A server misconfiguration in October 2008 allowed researchers to discover that Skype was providing China with text communication logs. Created in a partnership between Skype and TOM Online, Skype's partner in China, the logs revealed typical things like the monitoring of
"sensitive" topics, but also that specific users were targeted for further monitoring. "Millions" of records found on publicly (and briefly) accessible servers contained IP addresses, usernames, and landline phone numbers, as well as details of users outside of China
who communicated with TOM/Skype users in China.

According to researchers, many of the leaked logs contained none of the typical hot-button topics like Taiwan independence or opposition to the Communist Party of China. Apparently, if you ever talked about flagged topics in China or with one of its residents, you qualify for
TOM/Skype's list of folks to spy on. At the time, an eBay representative would only talk about the
security breach that led to the leaked logs, stating that swift, ironic action will be taken to protect the privacy of these spy logs. When we asked about the RUIE's implications of working with Russia to spy on its citizens, a Skype representative would only say, "Where technically possible, we work with law enforcement."

Blogged with the Flock Browser

Tuesday, 28 July 2009

NeoAccel Offers Third Generation SSL VPN on VMware

NeoAccel recently announced the VMware version of SSL VPN-Plus -- its flagship product. The third generation SSL-VPN product is aimed at replacing IPSec (IP Security) and to address issues faced on conventional SSL VPNs which can suffer from the 'TCP-over-TCP meltdown' and degraded client-server application performance. According to a Gartner study in December 2008, even though IPsec VPNs are still popular for remote access, market innovations continue to center on the use of Secure Sockets Layer (SSL) VPNs as replacements or augmentations for legacy VPNs. SSL VPNs have emerged over IPSec VPNs due to the ease of implementation, policy and network access controls, with the ability to deliver security protections on demand. According to the Gartner study, SSL VPNs are also easy to set up in their default role as application portals, and offer respectable performance for tunneled Layer 3 traffic.

NeoAccel's offering of SSL VPN-Plus under VMware consists of three options:

SSL VPN-Plus and NAC-Plus running on an existing VMware Server platform
This offering is available online, at a price, as virtual appliances that will run on a VMware ESX Server. With these virtual appliances, network administrators can benefits from a virtualized infrastructure including on-demand replication, scalability, and backup of the VMware environment without the hassles of buying and maintaining hardware.
SSL VPN-Plus on VMware is ideal for disaster recovery (DR) situations by being able to replicate one SSL VPN-Plus image to many and provide hundred times the number of normal concurrent users on demand. Since virtualization ensures minimal downtime while making changes to the remote access infrastructure, administrators can upgrade and test a second SSL VPN-Plus gateway without disrupting the production gateway.

SSL VPN-Plus Evaluation Virtual Appliance for the VMware Player
This vitual appliance can be downloaded and tested using VMware player. The virtual appliance is an active version of SSL VPN-Plus. This will effectively turn a laptop or an under-utilized PC into an SSL VPN-Plus Gateway, in under fifteen minutes. The setup involves registration on the NeoAccel website, followed by e-mail verification, and an unrestricted 10 concurrent user license for 30-days.

Globally Managed SSL VPN-Plus Farm for ASPs/MSPs/ISPs
This offering is specifically meant for managed service providers/Internet service providers (MSP/ISP). NeoAccel will provide 10 Gbps SSL VPN performance on its SGX-5200 appliance which will enable service providers to take advantage of the VMware operating environment provisioning, cloning, and managing SSL VPN-Plus Gateways on the fly with a global manager.
The SGX-5200 supports up to 128 individual virtual machines, enabling MSPs/ISPs to offer customers 'compartmentalized', secured access with flexibility and scalability.

According to NeoAccel all versions of SSL VPN-Plus on VMware are fully functional SSL VPN-Plus gateways built as a zero-administration IPSec replacement. Standard features include clientless and full access clients, end point security, GUI-based administration, mobile VPN, secure desktop support and more.

VPN buyers can conveniently" download a virtual image of SSL VPN Plus. Network administrators can experience the user and management interfaces and observe how SSL VPN-Plus fits within their current network setup all without the logistics of a hardware appliance.

NeoAccel is a growing remote access solution company with a number of high-profile customers including Xerox, Alcatel, Deloitte, Moser Baer, Cipla and Indian Overseas Bank. To download and evaluate a fully functional version of SSL VPN-Plus, visit the VCOMM Security web site.
Blogged with the Flock Browser

Thursday, 16 July 2009

Sting nabs sticky-fingered JFK airport workers going through luggage

A sting captured by security cameras nabbed two sticky-fingered airport workers who swiped electronics planted by authorities, officials said. Brian Burton, 27, and Antwon Simmons, 26, stole a laptop and cell phone from the decoy luggage as it moved through Kennedy Airport, Port Authority officials said.

"When air travelers check their luggage with an airline, there is an implicit trust that their bags and their contents will meet them at their destination," said Queens District Attorney Richard Brown. "The defendants are accused of betraying that trust."

Burton, an officer with the Transportation Security Administration, was videotaped July 7 pilfering through the Miami-bound suitcase in an airport screening room while Simmons, a baggage handler, looked on. The thieves also switched the luggage tags, hoping to conceal their handiwork, officials said.

The suitcase was a trap set by the Transportation Security Administration and Delta Air Lines. They stuffed the luggage with a lap top, an iPod and two cell phones, prosecutors said. The pilfering pair - who had been on cops' radar, a source said - took the bait, failing the so-called integrity test.

Burton, of Queens, and Simmons, of Brooklyn, were awaiting arraignment last night on charges of grand larceny, possession of stolen property and falsifying business records.

They face up to four years in prison if convicted.

Monday, 13 July 2009

Alcatel-Lucent makes security sales simpler

LONDON, NEWBURY, July 13th 2009: Converged Partner Programme gives resellers single contract covering the complete Alcatel-Lucent portfolio

Alcatel-Lucent is hoping to ramp up partners’ security and applications expertise with a streamlined partner programme and specialisations-based rebate structure.

The Converged Partner Programme will give resellers a single, standardised contract covering the vendor’s entire portfolio. The level of discount awarded to VARs will be determined by the number of specialisations they attain.

The UK is the first country to roll out the programme and partners will have a “grandfathering” period to get up to speed on the new regulations.

David Parker, Alcatel-Lucent’s vice president of enterprise activities for the UK and Ireland, said: “The old programme worked but it had become a bit clunky. We simplified it because the market is looking for a converged solution.”

The vendor has partner specialisations centred on six areas, including two in voice, one covering SME and another in enterprise. Applications, security and data are also covered and the sixth focuses on the QIP address management line-up developed by Lucent.

To obtain Certified partner status, resellers must achieve a specialisation in one of the six areas. To ascend to Expert level they must gain one advanced specialisation. Obtaining three advanced badges will secure Premium status.

Parker revealed that in 2009’s opening quarter, less than half of the vendor’s UK revenue came through voice products, compared to more than 75 per cent in 2008’s first three months.

“Our voice reseller base has embraced security at a rate that has surprised even me,” he said.

John Massey, managing director of Alcatel-Lucent partner Actimax, welcomed the shift.

“It recognises the change in the market and that resellers ought to be able to sell both voice and data,” he said.

How to Protect Your Laptop from Theft and Data Loss

Laptops have become one of those devices that is quickly going, and in some cases, already quickly gone from something that only techies or high level business people owned to something that even a poor college student finds a way to afford. This is simply that our lives become wrapped around these objects. Think of the cell phone. Ten to 15 years ago it was again only the techies or important business people that owned a cell phone. Now even elementary school kids have them so parents can be in constant contact when necessary.

We all have had the moment when we though we had misplaced our cell phone. Imagine losing your laptop. Not only is it a fairly significant expense, but think of the data you have on there. You probably keep a file with account numbers, you have your family pictures stored there, maybe music, movies. The list is a long one and an important one.

Therefore, make sure you follow the recommendations in this article on how to protect your laptop.

The convenience of the laptop is obvious. The computing power and versatility are equivalent to most desktop computers. With the advent of wi-fi we can be on the internet almost anywhere and be emailing, chatting, writing, surfing the net or shopping, all anywhere in the world.

Here are some daunting statistics for laptop loss from 2008:

Relevant Data Loss and Data Breach Statistics

* 1 in 10 ...laptop computers will be stolen within the first 12 months of purchase.
* 97% ...of lost and stolen notebooks are never recovered.
* 50% ...of organizations reported laptop theft.
* every 43 seconds ...a computer is reported stolen.
* every 3 days ... an information security breach is reported in the U.S.
* 82% ...of all PC's will be mobile devices by 2008, increasing 4 times as fast as PCs.
* 4,425 ...laptops reported left behind in Chicago taxis during a six month period.
* 56 million ...individuals affected by significant U.S. data security breaches, 2005.
* 1 billion ...PC users expected by 2010, up from 660-670 million today.
* 57% ...of corporate crimes are linked to stolen laptops. The latest crimes of espionage and sabotage are theft of executive personnel devices to access vital financial or personnel data. (data source:

How Much Does Laptop Loss Cost?:

That completely depends on how you look at it and who is doing the looking....

Personal Laptop:

The actual cost here is the cost of the laptop and if stolen while in the laptop bag (most often this is the case) then you've lost all your accessories as well. Not to mention possibly your wallet, MP3 player, passport (eek!). Obviously the actual cost of items and the intangible loss of items such as wallets, all your stored music, your passport, etc. are vastly different.

Business or Corporate Laptop:

Here the intangible costs can be astronomical. We have heard it on the news more than once and most of us have had it hit us directly with someone in the corporate world losing one or more laptops with critical customer data on it. The cost the hardware is only about $4000, the information carried upon it was could be worth millions..

Of course, to get to valuable proprietary information is not the reason for all laptop thefts some laptop thieves head try to quickly sell the laptop as-is. However, some data indicate that about 10 percent to 15 percent of those laptops are stolen by criminals intent on selling the data.

How to Protect Your Laptop:

With this in mind, what can we do as individuals to prevent our own personal loss?

Laptop Security Cables:

This is one of the lowest cost and one of the most effective deterrents to theft. As with most theft attempts, even a small amount of effort can make a huge difference. For this to work you need to make sure that your laptop is equipped with the appropriate feature to attach a cable. This is called a Universal Security Slot.

It is important to pay attention to what you are attaching the laptop and cable to. You sometimes have to think like a thief. If you really wanted to get that laptop could you? If you answer is yes, then you need to add more security. Consider looping the cable through a hole drilled in the lag of the desk. If you just loop it around the leg than all it takes is some one strong enough to lift the desk enough to slip the cable under the leg and whoosh! your laptop is gone...

Keep Your Laptop Out of Sight:

If you are not with your laptop then it should be secured in a locked drawer or in the possession of someone you trust (for the short trip to the restroom for example). Especially if you are in a public place like an airport, bookstore, or your favorite coffee shop. Never leave your bag alone.

Some laptop cases scream "I have a laptop in here!"

Try to use a carrying case for your laptop that may be a bit beat up or at least not look like it obviously contains a laptop. This may be difficult to do but can be a real effective way to have a thief move on to the next victim without bothering your precious laptop inside your ugly bag.