Category Archives: Security

Back Thru the Future Announces On-Site Hard Drive Shredding

Back Thru the Future (BTTF), the leading technology disposal company, has announced the availabilty of its on-site hard drive shredding service, designed for the demands of industries with stringent data privacy regulations, including healthcare and finance. A state-of-the-art custom shred vehicle, dubbed The Predator, allows BTTF to extend its Safe Harbor Express directly to its client locations throughout the eastern U.S.

The launch of the on-site service affirms BTTF’s commitment to the highest standards of regulatory compliance, environmental sustainability and auditability.

“This is the most significant capital investment in our 20-plus year history,” said Melanie Haga, CEO and founder of Back Thru the Future. “It was important to us that bringing the shredding capability to our client’s location doesn’t in any way compromise the rigor and integrity of the secure data destruction process. We have taken the time and made the investment to design a vehicle and a process that are second to none in providing secure, auditable compliance with all data privacy and environmental regulations.”

Since current New Jersey regulations prohibit mobile hard drive shredding, BTTF will continue its in-plant shredding operations for that state, while enhancing services to clients in all other states.

“We have submitted a request to the New Jersey DEP to allow us to begin on-site shredding within the state,” Haga said. “We’re cautiously optimistic that they will approve this service, which is rapidly becoming the industry standard throughout the rest of our service area.” Upon approval, Haga said, BTTF is in a position to immediately provide on-site hard drive shredding within the State of New Jersey.

Via EPR Network
More Computer press releases

Attack on Japanese Defence Contractor

The recent publication of the security breach suffered by the Japanese Defence Contractor, Mitsubishi Heavy Industries is just the latest in a long series of similar breaches around the world.

Once again, the discovery of multiple instances of the installation of malware or viruses on servers and desktops is symptomatic of what could be a very sophisticated attack – frequently referred to as Advanced Persistent Threat (APT) type attack.

It is reported that the breach started with what is known as spear phishing attacks – when attackers use very targeted emails; specially crafted/customised to targeted individuals, to maximise the chances of them being opened and any links within them being clicked on and followed.

Martin Finch, Managing Director of commissum, a specialist Information Security Consultancy, said that “the organisation targeted here is a typical victim of such an attack by what could be industrial espionage or state sponsored hacking to access either national security information, or intellectual property. Previous victims have for example included, Lockheed Martin, the world’s largest aerospace company”.

Chris Williams, senior consultant at Information Security company, commissum said that “the usual modus operandi is for attackers to establish a foothold through initial breaches, and then use this to both escalate the level of the breach and establish further access points. This frequently continues over what is often a very protracted time-scale. The victim will, if one or more breaches are discovered, be uncertain as to how many other breaches have been established and where these are”.

China, Russia and Korea have been mentioned as possible sources of this type of attack in the past; China in particular in this case has vigorously and indignantly denied any involvement. That is one of the problems with a sophisticated attack of this type; it can be almost impossible to establish for certain where the attack originated. It is clear though that China is just one of the countries suspected of past involvement in such attacks by US and Western European government agencies.

In addition, as is often the case, the victim is downplaying the impact and the level of penetration achieved. It is reported that the Japanese government were not immediately informed of the breach, as is required in the Defence sector; allegedly it was discovered in August but was exposed by the press this week. It is unlikely that the public will ever know for sure if the breach involved a serious leak of information.

Via EPR Network
More Computer press releases

What Are the Issues Around Cloud Computing?

commissum explain all the issues of cloud computing, and explain all about the benefits it can bring small companies.

When we mention cloud computing to our SME clients as a possible solution for the cost effective management of their services, we often get asked “but what are the risk of trusting our information to someone else?” At commissum we believe that many of the issues relating to cloud computing are not new and should be considered for all relationships with service providers, although there are a few specific considerations to be made.

Using cloud computing, organisations can contract service providers to provide infrastructure, platforms and, presently more commonly software. These services enable convenient, on-demand network access to a shared pool of configurable resources such as networks, servers, storage, applications and other services, provided and released with minimal management effort or interaction of the service provider. The advantages of scalability, reduced lower overhead costs and flexibility are clear and allow organisations to focus on core competencies instead of devoting resources on IT operations.

Most companies have policies and processes in place to deal with commercial relationships with IT service providers. Although these policies and processes will equally work well with cloud services many still do not sufficiently cover the risk related to the security of information.

Applications which are to be provided by a cloud service require the same risk assessment considerations as those provided by a traditional service provider.
What if the solution is:-
· failing to deliver the required business value;
· not performing to the levels agreed;
· not integrated with the existing in-house services;
· unavailable and causes delays and reputational damage;
· suffered from breaches in integrity and confidentiality of information.

But commissum’s Principal Assurance Consultant André Coner suggests that the following considerations specific to cloud computing should
he added:
· Maturity of the cloud service provider and service provider on-going concern issues;
· Complexity of compliance with laws and regulations;
· Legal issues around liability and ownership relating to different hosting countries;
· Storage of personally identifiable information in other countries;
· Consider the much greater dependency on third parties and reliance on external interfaces;
· Greater reliance on Internet connectivity;
· Security issues of public, community and hybrid cloud environments;

With 20 years of experience, commissum is adept at offering practical advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation’s information assets.

Via EPR Network
More Computer press releases

Trade-in Plan for RSA’s SecureID Customers

Made4Biz Security Inc . has announced today a trade-in plan for RSA’s SecureID. Each SecureID customer can switch their SecureID devices to IDentiWall while using their SecureID’s past investments as credit against the IDentiWall license fee.

Such trade-in is guaranteed to be financially compelling and technically superior.

The innovative trade-in plan makes sure that switching customers enjoy:

  • Better, newest security technology that protects its users against all latest attacks even if their computer is contaminated with malwares or even if their ID is exposed.
  • Wider security coverage, which includes not only two-factor authentication, but also combines transaction verification, anti-phishing, anti-farming, as well as breach attempt notification.
  • All platform coverage including Desktops, Tablets, Smartphone
  • VPN and SSL-VPN user authentication
  • E-Banking, m-Banking, e-Health, e-Government web application protection with special ‘application agnostic’ mode by which, not even one line of code needs to be changed.
  • Polite implementation including co-existence with SecureID for the transition period and built-in implementation risk elimination measures.
  • No physical devices to be distributed and yet out-of-the-box support for such token devices and smart-cards does exist.
  • Lowest TCO. This trade-in plan was designed to ensure cost savings for the whole duration of the IDentiWall usage.
  • Cloud or on-site implementation options are supported.

Via EPR Network
More Computer press releases

The new PCI DSS version 2 is effective. What now?

The PCI Security Standards Council (PCI SSC) is a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS). The PCI SCC has released the new version 2 of its PCI Data Security Standard (PCI DSS) which has become effective on 1st January 2011.

The new standard begins the three year lifecycle that allows for validation against the previous version of the standard (1.2.1) until 31st December 2011. This provides stakeholders time to understand and implement the new version of the standard as well as provide feedback. The PCI SCC encourages organizations to transition to the updated version as soon as possible.

The changes in version 2.0 introduce no new major requirements. The majority of changes are modifications to the language to clarify the meaning of the requirements and make understanding and adoption easier. Many of the revisions reinforce the need for a thorough scoping exercise prior to assessment in order to: understand where cardholder data resides; reduce the infrastructure and applications subject to the standard; allow organizations to adopt a risk-based approach when assessing; prioritizing vulnerabilities based on specific business circumstances;

commissum’s Principal Assurance Consultant André Coner commented that many organisations fail to adequately segment the cardholder data environment from the remainder of it’s network and therefore are significantly increasing the complexity and cost of their PCI DSS compliance. Because, without adequate network segmentation the entire network is in scope of the PCI DSS assessment. Segmentation is therefore strongly recommended as it will reduce the scope and cost of the PCI DSS assessment. It also reduces the cost and difficulty of implementing and maintaining the PCI DSS controls.

Via EPR Network
More Computer press releases

Portable Storage Media Management Solution

US Diversified Tech, LLC together with Advanced Systems International, SAC announce the release of USB Lock RP v5.29. A software security solution designed strictly to provide the ability to block or allow specific portable media devices. USB Lock RP’s scope of protection now includes: eSata, Firewire, USB 3.0 super speed technology, MTP, USB 2 sticks, as well as cell phones, Tablets, iPod’s, mp3, SD Cards and all other interfaces that can be used to extract data. The newest and biggest addition is the eSata protection which has been, and remains industry wide, a difficult opening in data security to address. With the inclusion of eSata, USB-3.0 and Firewire super speed transfer interfaces, Advanced Systems International, SAC has addressed every opening presented where a media storage device can be misused. It is important to not just lock out these devices but to have the option to allow their use, when necessary, in a managed and protected manner.

Javier Arrospide, Advanced Systems International, SAC founder and lead software developer states that, “USB Lock RP (Remote Protect) is straightforward effective endpoint security software. Allowing organizations to authorize, from a central location, specific devices with ease and automatically block all other removable storage external hardware that could be used to extract data assets or to enter malware in your networked environment.” USB Lock RP’s operation is automatic, alerting, logging, authorizing or blocking device connections in real-time. Installation is simple and, for large networks, the client side setup is provided in MSI format so initial remote deployment can be done silently and with ease.

Via EPR Network
More Computer press releases

Information Security Experts commissum Welcomes the Cyber Crime Classification But Warns Businesses May Not Be Able to Improve

The National Security Council has released its security strategy that classifies cyber crime as one of the four highest priority risks.

Titled ‘A strong Britain in an age of uncertainty’, the 39-page document looks at and evaluates all levels of national defences. It claims that the four highest priority risks for the next five years include: ‘international terrorism, cyber attack by other states and by organised crime and terrorists, international military crises and major accidents or natural hazards’.

commissum’s Managing Director Martin Finch made the following comment:

“Attacks to the national infrastructure are now becoming more sophisticated. These are not being just initiated by teenagers looking for a challenge but by groups of state sponsored professionals in a number of countries that are using the complex connectivity of modern systems to access information or systems for economic advantage or hostile aims.

“Therefore more needs to be done to protect us from the increasing cyber attacks but the current economic climate, or even the perception of this may make it difficult for many organisations to increase or even maintain expenditure for information and IT security.”

This has also been recognised by the Centre for the Protection of National Infrastructure (CPNI) which is providing organisations and companies with protective security advice to reduce risks. Their top ten security guidelines provide protective security points which have not changed for some time, but are still valid and are becoming much more important with the increasing sophistication of attacks.

The CPNI have established a unique partnership program with expert security consultancy companies such as commissum to work with businesses to help find innovative and holistic ways to address vulnerabilities and increase security with minimum investment or, in some cases, decreasing operational costs.

The commissum information security advisory services which include risk assessments, audits and security health checks, will help organisations to prioritise the selection and deployment of defensive measures in the context of the risk attitude and culture of the organisation.

Via EPR Network
More Computer press releases

New TROY Printers Meet Government Requirements For High Security Printing

TROY Group, Inc., a Worldwide Leader in Secure on-Demand Printing Solutions, MICR Toner Cartridges, and Check Printing Programs, announces the new TROY SecureDXi 3015 printer to its line of security printing solutions. Based on the popular HP LaserJet Enterprise P3010 printer series, TROY’s SecureDXi 3015 printers provide a fast 42 page per minute print speed, robust HP LaserJet workgroup printing capability, and a complete set of TROY features for securing all aspects of the print environment.

“Government agencies and other organizations throughout the world are faced with new challenges relating to document fraud prevention and protecting confidential information”, states Larry Landtiser, Senior Vice President and General Manager of TROY Group. “To address this need we drew from our full array of proven software, firmware, electromechanical, and secure toner technologies to create the TROY SecureDXi printers, the most advanced secure printing solution available.”

TROY SecureDXi 3015 printers are configured to help organizations manage all four dimensions of security defined in the HP Security Printing Framework: securing the printing device, protecting the information on the network, securing the document, and monitoring the printing process. To secure the printer, TROY includes seven security features including the TROY 3-positon key control. Using this feature, IT department managers can lock the printer from all print jobs, enable the full array of TROY secure printing features, or set the printer to only allow standard HP features. To secure high value security paper, all SecureDXi printers are configured with TROY’s latest high strength paper tray locks. Print information is protected through print file encryption and in-printer decryption technology. Other information security features include TROY’s exclusive hard disk lock which prevents print jobs from being stored on the printer’s internal storage device when the printer is set to the TROY Secure mode. Finished document security is supported by ten TROY security features including TROYMark™ variable data watermarking, TROY copy evident pantograph technology, and TROY patented Security Toner technology. A TROY Security Toner cartridge is included with every TROY SecureDXi printer. Print monitoring is enabled with the TROY print audit solution which captures a record of every print job received by the printer.

TROY offers four different models of configured SecureDXi 3015 printers. To assure chain of custody control, TROY SecureDXi printers can only be purchased through TROY and select TROY certified resellers. For additional information on TROY SecureDXi Solutions visit the TROY web site at www.troygroup.com.

Via EPR Network
More Computer press releases

Remote Data Backups & A & C Direct IT Consulting Partner to Protect Clients’ Data

A & C Direct IT Consulting Owner James Readnower today announced it has partnered with Remote Data Backups, Inc. to provide its customers with the the most cost effective, convenient and secure way to automatically back up their data offsite.

“This is a mission-critical service every business needs,” Readnower said. “We are excited to be able to integrate Remote Data Backups into our core offerings. They have an impressive list of clients who praise their reliability — the most important aspect in data protection — and ease of use.”

One in 4 PC users suffer from data loss each year, according to a Gartner Group study. Seven of 10 small firms experiencing a major data loss go out of business within a year (DTI/PriceWaterhouse Coopers).

“We know how frequent and damaging data loss can be, and this is the best way to prevent it,” Readnower added. “Backups need to be automatic, secure and offsite. With RDB, you can rest assured your data is safe.”

Clients are encouraged to take a free 30-day trial at http://ancdirect.databu.com. Setup is simple and takes just a few minutes.

After the initial backup, nightly automatic backups compress and securely transfer only new files and block-level changes, for fast, efficient backups with minimal bandwidth usage and transfer time. With one click, you can also run backups on-demand any time, on Windows exit, or on network connection (great for laptops) backups.

Users can retrieve files via the desktop agent or securely online through the Remote File Access feature. Easy System Restore provides a full system backup to protect the operating system, program files and registry settings.

About A & C Direct IT Consulting
Since 1996, A & C Direct has been providing quality IT support, network and computer repair, and recently managed flat rate monitoring and reapir, secure asset disposal and recycling. A & C Direct IT Consulting supports business customers in Wadsworth, Ohio and the surrounding cities including Norton, Barberton, Akron, Cleveland, and more.

Call 888-564-5334 if your business would like to find out more information on the many services including equipment recycling and very affordable rates they offer.

Free reports are available at  on what every business owner should know about. Free Tools and utilities can also be found there.

About Remote Data Backups
Since 1999, Remote Data Backups, Inc. has been the leader in the online backup business. Remote Data Backups’ unbeatable combination of easy, reliable software, rock-solid infrastructure and free, friendly, responsive 24/7 customer service translates into thousands of ecstatic clients.

Via EPR Network
More Computer press releases

Next-Generation Computer Defense System

Horizon offers next-generation technologies to guard the system of the customer.

These next-generation technologies of Horizon are different from existing security technologies. There are not yet these technologies in U.S.A., EU, and Japan. In addition, Horizon will intend to offer new technologies and applications about “Ubiquitous” in sequence .From all over the world, Horizon will suggest only new technologies to do excess of existing technology. In addition, all these technologies consigns system test to “the technically authoritative third person organization” strictly.

This program is gross size 1.43 kbytes, and the changing quantity is really a very small program of 292 bytes.

The masking system is in particular security software of a totally new type to overturn the conventional common sense that there is not in U.S.A., EU, Japan either. It has been never exceeded so far by any hackers.

Via EPR Network
More Computer press releases

Expansion of company’s SecureAuth authentication products fuels growth

MultiFactor Corporation, an innovator in 2-way 2-factor authentication, Web application security and SSL VPN Authentication solutions, announces record fourth quarter growth of its SecureAuth authentication products, despite the slumping global economy.

Thomas Stewart, CFO of MultiFactor Corporation stated, “Our recently completed Q4 ‘08 sales revenues maintained 300 percent quarter over quarter growth for the third consecutive quarter as enterprises and Web operators are increasingly adopting SecureAuth as a superior authentication method for SSL VPN, IPsec VPN, and secure Web applications. We are very happy with our ‘08 results and our projections for 2009 are strong.”

A contributing factor to SecureAuth’s continued market growth was the addition in the third and fourth quarter of native integration into Juniper SSL VPN products, CA’s SiteMinder and the IBM Tivoli Security Products. This complements very strong adoption for SecureAuth with Cisco ASA SSL VPNs, Microsoft Outlook Web Access, Microsoft SharePoint Server and all .NET applications. New customers were drawn to the automated simplicity of a truly strong dual factor authentication scheme. SecureAuth’s low acquisition cost and minimal implementation burden provided added incentive to move forward.

“Security concerns have not subsided due to the economic downturn,” said Craig Lund, CEO of MultiFactor Corporation. “On the contrary, threats are increasing and rendering legacy authentication methods practically obsolete. SecureAuth’s novel technology allows companies to have the strongest authentication without the large capital investment.”

“In these times, we are fortunate to be operating in the relatively resilient sector of IT security,” added Lund. “However, we are even more fortunate to have a product with a price/performance value far superior to any competitive or substitutive technology.”

About MultiFactor Corporation
MultiFactor Corporation is the leader in automated 2-way 2-factor user authentication. SecureAuth is a true plug-n-play multi-factor authentication mechanism that allows secure access into the enterprise network and application resources. MultiFactor Corporation and SecureAuth are registered trademarks of MultiFactor Corporation.

Via EPR Network
More Computer press releases

MultiFactor Corp. announces the integration of its flagship product, SecureAuth(r) and Data Guard Systems’ newest product, AlertBoot

MultiFactor Corporation, an innovator in 2 factor authentication, Web application security and SSL VPN Authentication solutions, today announced the integration of its flagship product, SecureAuth® and Data Guard Systems’ newest product, AlertBoot.

AlertBoot transforms enterprise-level full disk encryption and data security into a fully-managed and centralized Web-based service. It promises customers the same benefits as a traditional full disk encryption and data security solution, but on a platform that is scalable to the needs of an organization and requires far less investment in IT infrastructure, support, and training.

“A Web-based platform and an emphasis on a user-friendly customer experience were common ground for AlertBoot and SecureAuth,” said Timothy Maliyil, Data Guard’s Systems’ CEO. “And it didn’t take long to realize that SecureAuth could integrate X509 certificate technology authentication in a way that wouldn’t affect delivery of AlertBoot’s basic product performance while maintaining the integrity of key differentiators of speed and convenience.”

SecureAuth revolutionized X509 certificate technology authentication into a tokenless, non-phishable, two-way authentication solution that can be effortlessly deployed over the Web and requires virtually no training or infrastructure modifications to implement and manage. The solution proved to be a perfect match for the type of multi-factor authentication system AlertBoot needed for AlertBoot Central, its administrative console.

“This level of security becomes especially critical, considering the new type of DNS phishing attacks Hackers have been mounting,” said Garret Grajek, COO of MultiFactor Corporation. “These attacks fool a DNS server—which directs alphabetical URL requests to the corresponding numerical IP address of a website—into directing the user unknowingly to a hacker-created site where they capture your log-in information. However, when a hacker attempts to replay your log-in in AlertBoot, the absence of a certificate prevents them from gaining access.”

SecureAuth works by authenticating both the user and the client for each session via a non-exportable cryptographic credential. When an authorized user logs into AlertBoot Central for the first time, they’re immediately redirected to the SecureAuth registration system, which emails them a PIN. Once they enter the PIN, the system installs the certificate on their computer. From that point on, whenever the user logs into the AlertBoot management console, they’re instantly authorized.

The end result is that the user and customer both enjoy the full security benefits of X509 certificate technology authentication, but without the additional infrastructure that would have otherwise been required.

About MultiFactor Corporation
MultiFactor Corporation is the leader in strong, simple to use, user authentication. SecureAuth is a true plug-n-play dual factor authentication mechanism that allows secure access into the enterprise network and application resources. Enabling the enterprise to cost effectively harness the true power of the network. Please visit http://multifa.com. MultiFactor Corporation and SecureAuth are registered trademarks of MultiFactor Corporation.

Via EPR Network
More Computer press releases

SecureAuth reinforces CA SiteMinder’s security with certificate-strength protection, with the ease of username and password

MultiFactor Corporation, an innovator in 2-factor authentication, web application security and SSL VPN authentication solutions today announced it has joined the CA Technology Partner Program as a provider of strong user authentication services. CA SiteMinder customers will now have the added security of MultiFactor’s SecureAuth, a convenient user authentication solution that lets organizations quickly and securely vet the identity of any user.

“By offering direct integration of SecureAuth into CA SiteMinder, we extend the SecureAuth security and benefits to CA’s SiteMinder customers, while keeping the total costs down to a few dollars per user, per year,” said Craig Lund, CEO of MultiFactor Corporation. “These days real security at the lowest possible cost is the top customer priority.”

CA SiteMinder Web Access Manager users can now securely sign on using only username and password through SecureAuth’s Direct integration into CA SiteMinder. The benefits of the integration include ease of use of a standard username and password but with strength of full X.509 authentication, all in a frictionless user environment.

“SecureAuth provides critical strong authentication capabilities for SiteMinder customers. The easy to implement integration leverages SecureAuth for a tokenless, non-phishable authentication scheme which can be used to protect both new and existing web resources. In today’s age of increased security, this integration ensures that access is restricted to authorized users and also helps to protect your company brand and customer retention,” said Todd Clayton, President and CEO of CoreBlox, the leading CA SiteMinder integration company.

In addition to user friendly username/password validation, SecureAuth features a unique, variable certificate expiration option that gives the enterprise additional flexibility in setting their authentication parameters.

About MultiFactor Corporation
MultiFactor Corporation is pioneering the delivery of the strongest, proven 2-factor authentication, web application security, IPSec and SSL VPN security methodologies in an easy-to-deploy, low-maintenance product called SecureAuth™. This tokenless, browser-based authentication solution generates and validates client- and server- side certificates without PKI. SecureAuth represents the evolution of a technology that, for more than two decades, has remained the de facto standard for identity and access management technology. More secure than hardware or software tokens, SecureAuth is inexpensive to acquire, deploy and manage. MultiFactor Corporation’s innovation and its development of real-world security solutions draws from a diversified team of cryptographers, network and Web application specialists and certified security engineers.

Via EPR Network
More Computer press releases

Welcome to EPR Computer News

EPR Computer News is a new blog, part of EPR Network, that is going to be focused on and will be covering the computer news and stories from press releases published on EPR Network.

EPR Network (EPR stands for express press release) is one of the nation’s largest press release distribution networks on Web. The EPR’s nationwide network includes 12 State based PR sites, one major PR forum and a number of industry specific PR blogs and what started as a hobby on Internet years ago turned out to be a rapidly growing business today. EPR Network is also known as one of the most trusted (human optimized, published, edited and monitored, spam/scam/low quality PR content free) PR sites on the web with more than 10,000 company and individual press releases distributed per month. EPR Network is putting your press releases on top of all major search engines’ results and is reaching thousands of individuals, companies, PR specialists, media professionals, bloggers and journalists every day.

EPR Network has thousands of clients around the world including global 500 corporations like Hilton Hotels, Barclays Bank, AXA Insurance, Tesco UK, eBay/Skype, Emirates, just to name a few. The network’s PR web sites are currently reaching from 150,000 to sometimes 500,000 unique visitors per month while our viral reach could possibly go to as much as 1M people per month through our presence across various social media sites. EPR Network was established in 2004 and as of May 2008 it had more than 800,000 press releases (pages) published on its network.

If you have a press release to be distributed, you can do it over here: press release distribution