Sunday, August 2, 2009

Internet Security Alliance News & Information Security Resources

 

From The Internet Security Alliance

In The News…

July 24, Orange County Register – (California) FBI to investigate Placentia library hacking. The FBI is hunting down the hackers that hijacked the Placentia Public Library Web site the morning of July 24, a bureau official said the same afternoon. “The FBI will open and investigation into this incident,” said an FBI spokeswoman. The spokeswoman, who works out of the bureau’s Los Angeles field office, said that the FBI has a special unit that investigates “cyber crimes, computer intrusions, defacements, more traditional crimes like fraud and child exploitation.” Visitors to the Placentia Library Web site were greeted by an image of a flapping flag with a crescent moon and star behind a portrait of famed Turkish leader Mustafa Kemal Ataturk. Underneath was the phrase “Editaarruz is back.” A group calling itself the “Federal Attack Team” has apparently hacked www.placentialibrary.org — disabling the site completely. The word “taarruz” means “attack” or “offensive” in the Turkish language.
Source: http://www.ocregister.com/articles/site-web-search-2506225-google-placentia

Internet Security Alliance News 7-29-09 : Information Security Resources

♪ Smile - Charlie Chaplin

A special “Thank You” for all my friends and family. - Kev

YouTube - ♪ Smile - Charlie Chaplin

Friday, July 31, 2009

The Value of a Clear Moral Compass

By:  Mike Spinney, CIPP –  Privacy Analyst, Ponemon Institute

Here’s a brazen bit of breachery from the Miami Herald.

It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings.

Apparently the scheme went on for two years before the hospital employee blabbed about it. Luckily for Miami-area residents, someone with a clearer moral compass recognized the crime and told authorities.

This isn’t all that different from the revelation that UCLA Medical Center employees were abusing their access privileges to snoop the files of celebrity patients, either for their own amusement or to pass info along to the tabloids.

While both stories are a reminder of the serious threat posed by malicious insiders, the Jackson Memorial case offers another lesson: don’t overlook the importance of personal ethics in your security strategy.

We have no information about the security and ID/access management technologies in place at Jackson Memorial, and we don’t know if the person who tipped the police was a co-worker. But we do know that someone who knew right from wrong had the moral courage to do the right thing when confronted with information related to misconduct.

Good, consistent training and an ongoing awareness campaign – along with a visible example set from the top down –  can have a positive effect on your company’s overall security program (and at a very reasonable cost). We cannot emphasize enough the importance of creating a security-conscious culture within every organization.

Mike Spinney, Senior Privacy Analyst , CIPP

Mike Spinney is a senior privacy analyst with the Ponemon Institute, a research organization dedicated to advancing responsible information and privacy management practices in business and government. He works closely with founder Dr. Larry Ponemon to develop a better understanding of and new approaches to responsible information management.  Spinney serves on the Ponemon Institute’s RIM Council and is a frequent author and speaker on data privacy issues.

Spinney’s work on privacy has appeared in Privacy Advisor, 1to1: Privacy, RFID Journal, CSO, Computerworld, and other industry publications, and he has addressed audiences including the Privacy Summit, Secure Boston, Secure Chicago, IAPP/ISC(2) Security Series, INTERPHEX, and SecureWorld. He is a frequent media resource on privacy issues and has been quoted extensively by such media as the San Francisco Chronicle, BBC, Inc. Technology, Popular Science, American Medical News, Security Management, IDG News Service, SC Magazine, and many more.

The Value of a Clear Moral Compass - Mike Spinney's Blog

 

The Value of a Clear Moral Compass - Mike Spinney's Blog

Tuesday, July 28, 2009

Securing a Hacker-Free Zone on the Internet

 Jackie Herships
By Jacqueline Herships, Founder of Jacqueline Herships & Associates
(This article was first published in the Gerard Group International, Inc. newsletter “INTELANALYSIS”.)


Patented Telecommunications Plan Would Create Secure VoIP Communications

A recent patent series promises a new, secure telecommunications system by mitigating risks to Internet telephony like Voice over Internet Protocol (VoIP) from espionage, hacking, intrusion, and interruption of service.

computer-hackingThe entire worldwide Domain Name System (DNS) was brought to its knees by hackers not too long ago; however, this new Internet telecommunications system will not depend on DNS.

In theory at least, the Wild West days of Internet telecommunications are over.

Based upon the inventions articulated in his five-patent suite, inventor Harry Emerson III, has mapped out a union between our secure and venerable telephone system - (Plain Old Telephone Service; a.k.a., POTS) - and the hyper-evolving, media-rich Internet which is so famously not one bit secure.

As it evolves, he believes this next generation telecommunications system, dubbed IronPipe™, will have huge implications for national security as well as tremendous new revenue opportunities for the carriers and supply chains which serve them.

Conceived in response to what he views as the seriously flawed paradigm, which is currently developing as telecommunications migrates to the Internet, Mr. Emerson says he designed IronPipe™ to offer an alternative with a high degree of security.

The Internet has produced something akin to a gold rush experience for those mining its resources and developing its vast potentialities, he said.

However, in the midst of this frenzy, he has observed that fundamental requirements of privacy, secrecy, and security are seldom openly discussed when it comes to Internet-based phone services known as Voice over Internet Protocol (VoIP) systems such as Skype, which are proliferating in cyberspace.

These are serious issues, he maintains, and they need to be fully considered by users such as corporations, telecommunications carriers, VoIP carriers, law enforcement agencies, and federal and state governments, as well as by the millions of Internet using individuals who are concerned with their own personal privacy.

According to Mr. Emerson, our current state of vulnerability came about because we have turned a blind eye to these issues of privacy, secrecy and security, combined with the scramble for profit, and an unregulated environment for VoIP.

“The Internet is a lawless frontier where nothing is safe and secure and reliability is always one step away from calamity,” he says.

“As things stand today, VoIP does little to protect the interests of the aforementioned entities, not to mention protecting the security of the United States. We are suffering untold numbers of hacker attacks DAILY, with systems broken into and identities stolen. Not too long ago the entire worldwide DNS system (Domain Name System) was brought to its knees by hackers,” Emerson said.

In his opinion, if the technology continues to develop in its current direction, no one will be able to guarantee that communications cannot be intercepted and monitored.

In addition, if we examine our circumstances, a lot of the excitement generating the rush to VoIP is based upon an illusion, the appearance that we are being offered new and sophisticated technologies.

In fact, existing VoIP offerings are simply discounted POTS service, he says, with no value-added features, only lower cost caused by fierce price pressure from cable TV and other low-overhead vendors.

The result is the continued downward spiral on price that has plagued the telecommunications industry for 30 years.

IronPipe™ is a re-thinking of 21st century telecommunications architecture, which will return a sense of safety to our society as a whole, reinvigorating our economy from the inside out.

If his vision is implemented, Mr. Emerson says we won’t have to put up with either the fear of intrusion or the huge financial burden of protecting ourselves from the ever-increasing army of those with malicious intent.

We will now have a choice.

The challenge is that VoIP companies such as Skype (NASDAQ: EBAY), Vonage (NYSE: VG) and the various Cable carriers (Comcast NASDAQ: CMCSA, Time Warner: NYSE TMC, and CableVision: NYSE CVC) , which have migrated to the Internet, did so not only to provide cheaper communications, but to avoid regulatory scrutiny.

“If you don’t have to deal with the regulations it tends to make it cheaper,” Emerson said, “but these profits come at a price.”

“The integrity of the communications system has been compromised because of this short term thinking geared towards reducing costs.”

In its simplest terms, IronPipe™ enables us to make Web 2.0 Internet-style media rich calls utilizing the existing private, protected, secure, Public Switched Telephone Network (PSTN), and its unseen private data network - known as Signaling System #7 (SS7), which connects all the main switches around the world.

While VoIP uses the Internet exclusively and thus can be, and regularly is, compromised by persons of malicious intent, if we establish Internet calls through these telephone company switches there will be no access from the outside.

We can create rich media visual telephone calls on broadband Internet connections, using wire-line or wireless touch-screen phones such as the Apple (NASDAQ: AAPL) iPhone, simply by dialing a phone number, and still enjoy the privacy, security and reliability of traditional telephone calls.

Mr. Emerson says that his technology seamlessly merges the best of the Internet with the best of the telephone network.

Considering the cost to government, industry and “society at large” to protect against intrusion and to remediate the damage caused by intrusion, IronPipe™ could be well worth looking into.

About Harry Emerson, Co-Founder Emerson Development LLC:

  Mr. Harry Emerson is an expert in computers, voice and data communications, and the Internet.

Harry EmersonHis career history includes 25 years in various sales, management, and strategic capacities at AT&T (NYSE: T) and the design and management of large-scale, multi-million dollar enterprise applications and data systems.

He has numerous patents issued and pending against a variety of technologies including FM radio, Internet streaming, PC software, and telecommunications.

Mr. Emerson co-founded GEODE Electronics to commercialize a series of patented enhancements to commercial FM radio. Subsequently, Mr. Emerson co-founded SurferNETWORK, an Internet streaming media business.

His background in switching systems and data networking, along with concepts he developed in corporate architecture and strategy positions, ultimately led to the development of the patent portfolio that defines the next generation of secure telecommunications, known as IronPipe™, featuring secure, rich Multimedia capabilities.

He is a member of the New Jersey Technology Council (http://www.njtc.org/) Telecommunications/Media Industry Network Advisory board.

Emerson Development, LLC has been awarded a fifth telecommunications patent that introduces breakthrough technology combining the multimedia capability of the Internet with the safety, security, and reliability of the phone network.

This exciting new technology enables a world in which audio/visual phone calls will become the standard for routine, daily communications. The Emerson Development Multimedia Telecommunications technologies will create the next generation of telecommunications — visual, multimedia, and videophone communications on screen-based phones that require no knowledge or training for users. Just dial a phone number.

Emerson Development Multimedia Telecommunications provides the carrier class infrastructure, operations, management, and billing capabilities that will be absolutely necessary for the major telecommunications companies throughout the world to venture into this field.

These mandatory capabilities include requirements for security, privacy, secrecy of communications, and unlisted numbers, including the guaranteed ability to keep the identities of callers secret under every circumstance imaginable.

In addition, just as importantly, Multimedia Telecommunications provides for these privacy and security requirements while still enabling government mandated provisions for law enforcement wiretapping and call tracing.

Overview of the Emerson Development, LLC Patents

Patent Number


Description

6,704,305

“Integrated Device For Integrating The Internet With The Public Switched Telephone Network”

This patent, describes telephone devices such as screen phones that support audible and visual communications across the Internet simply by dialing a telephone number. These “Integrated” phones have both a telephone connection and an Internet connection. By using digital call control messages that are sent to and from the local telephone central office, an “Integrated” telephone can set up an Internet Multimedia call to a compatible phone. If the called phone is not Internet capable, a standard phone call is established.

6,700,884

“Integrating the Internet With The Public Switched Telephone Network”

This patent, describes a system for a telephone device as described in 6,704,305 to be able to create an Internet call. The system includes a mechanism for correlating the telephone number of a calling or called device with its associated IP address. That information could be stored in the telephone itself, in a record system of the local central office, or in one or more central registries.

6,697,357

“Call Management Managing System For Integrating The Internet With The Public Switched Telephone Network”

This patent describes a digital call management messaging system, that could be thought of as an extension of ISDN and SS7, that enables an “Integrated” telephone device to communicate across the Internet. When one of these telephones places a call, it sends a digital message to its serving central office switching system. That message includes its telephone number and IP address, as well as the telephone number of the called party. By sending a compatible message to the central office serving the called party, the originating central office can determine if the called party is capable of an Internet call. If so, once the called device receives the call setup message, it has the Internet IP address of the calling device, and can then establish a connection across the Internet.

6,928,070

“Integrating The Internet With The Public Switched Telephone Network”

This patent, describes a sophisticated system, which greatly enhances the privacy, secrecy, and security of Internet calls. This system enables the telephone-switching network to dynamically assign an IP address to both the calling and called device, and route the resulting Internet call through an intermediate proxy server. Internet phones require more than just “unlisted number” capability since a called party can easily determine the geographic location of a caller, and thus putting the life of some individuals at risk (such as a battered spouse). With this invention, the proxy servers can be in other geographic regions to cloak a device’s actual geographic location. Furthermore, the Internet call can be split into two unidirectional streams, and each of those streams can be routed through a separate pair of proxy servers. Since the proxy servers can be dynamically selected for each call, the true location of an “Integrated” phone can be protected.

7,327,720

“Integrated Telephone Central Office Systems For Integrating The Internet With the Public Switched Telephone Network”

This patent describes a telephone central office switching system having a digital messaging capability to send and receive call setup and management messages to and from compatible phones. These call management messages can initiate and control a communications session transpiring across the Internet. The central office switching system can communicate similar digital messages to other central offices and central office systems to create and manage end-to-end Internet communications.

Emerson Development, LLC’s IronPipe™ Benefits

Telephone carriers stand to benefit from this new technology because it preserves their business position by providing high value in the PSTN and in the underlying private SS7 network that connects the PSTN together.

Traditional telephone carriers, as well as VoIP vendors that participate in this new technology, will benefit by offering new high value consumer services instead of competing by cutting prices.

Consumers will benefit from a flourish of new Multimedia features. The experience will be similar to accessing a web page with a browser, but would be done by dialing a phone number.

Industry and governments will benefit from a rich communications environment that is secure from espionage, hacking, intrusion, and interruption.

Questions and comments for Mr. Emerson may be directed to:
Direct - (973) 641-7420 
Email - hemerson@EmersonDevelopmentLLC.com
Via LinkedIn: http://www.linkedin.com/in/harryemerson

Jacqueline Herships is the founder of Jacqueline Herships & Associates, a strategic communications and new business development company. Jacqueline developed her skills in the documentary film business, as a journalist, and as an organizer in her own right. She believes in the power of alliances and builds these into her strategic plans. In addition to her work with Emerson Development, Ms Herships’ client projects have included the US Green Building Council of New Jersey, the Sierra Club - NYC, the Local Initiatives Support Corporation Greater Newark & Jersey City (a funding agency for inner city community development), HANDS, Inc; Wildlight Productions, a critically acclaimed social issues documentary film company; and a variety of artists and arts projects. She is a workshop facilitator for the Support Center for Nonprofit Management in Manhattan and others on the subject of laser communications-developing attention in the age of information overload; she has twice been a member of the board of the International Furnishings and Design Association, IFDA/NY as well as their publicist for 2 years. And, she is the co-founder of Professionals in Media (PIM), a regional organization of media professional including writers, editors, publishers, filmmakers, consultants, etc., who meet across professional lines.

Comments and questions may be directed to: Jacqueline Herships & Associates: 
Direct - (973) 763-7555
Email - jacqueline@jacquelineherships.com

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

© Copyright 2009 – Jacqueline Herships – All Rights Reserved  

(This article may be reprinted in whole or in part only with proper attribution to the author.  See: Information Security Resources)