Month: December 2012 | Bach Seat

Archive for December 15, 2012

RB | December 15, 2012

Comments Off

Scan Your Sclera for Security

Scan Your Sclera for Security Typing a password into your smartphone might be a reasonable way to access the sensitive information it holds, but a startup called EyeVerify thinks it would be easier—and more secure—to just look into the smartphones’ camera lens and move your eyes to the side scan your sclera for security.

MIT Technology Review says that Kansas City, KS-based EyeVerify software claims that it can identify you by your “eye-prints,” the pattern of veins in the whites of your eyes. The firm claims the method is as accurate as a fingerprint or iris scan, without requiring any special hardware.

The company plans to roll out its security software next year. CEO and founder Toby Rush envisions a range of uses for it, including authenticating access to online medical records or bank accounts via smartphones. Mr. Rush told TR that phone manufacturers are interested in embedding the software into handsets so that many applications can use it for authenticating people, though he declined to name any prospective partners. The security software allows people to bypass the security on their mobile devices just by looking at it.

The article explains that the technology behind EyeVerify comes from Reza Derakhshani, associate professor of computer science and electrical engineering at the University of Missouri, Kansas City. Dr. Derakhshani, the company’s chief scientist, was a co-recipient of a patent for the eye-vein biometrics behind EyeVerify in 2008.

To the users, EyeVerify seems pretty simple (though somewhat awkward in its prototype stage according to the article). To access data on a smartphone that’s locked with EyeVerify, the blog says you would look to the right or the left, enabling EyeVerify to capture eyeprints from each of your eyes with the camera on the back of the smartphone. (Eventually, EyeVerify expects to take advantage of a smartphone’s front-facing camera, but for now, the resolution is not high enough on most of these cameras, Rush says.) EyeVerify’s software processes the images maps the veins in your eye and matches that against an eye-print stored on the phone.

EyeVerify CEO Rush says the software can tell the difference between a real person and an image of a person. It randomly challenges the smartphone’s camera to adjust settings such as focus, exposure, and white balance and checks whether it receives an appropriate response from the object it’s focused on.

Biometrics

The look of the veins in your eyes changes over time, and you might burst a blood vessel one day the article speculates. But Mr. Rush says long-term changes would be slow enough that EyeVerify could “age” its template to adjust. And the software only needs one proper eye-print to authenticate you, so unless you bloody up both eyes, you should be able to use EyeVerify after a bar fight.

EyeVerify still needs to do more to prove that. Mr. Rush says that in tests of 96 people, the eye-print system was 99.97 percent accurate. The company is working with Purdue University researchers to judge the accuracy of its software on 250 subjects—or another 500 eyes.

Mr. Rush’s favorite application is for voters on Election Day. “Being able to vote from the convenience of my house, I can already send in a mail-in ballot, why not verify biometrically here and simply vote?” he told Fox News.

rb-

The end-user will be the fundamental roadblock to any eye-based biometrics. Traditionally, anything related to eye recognition has received strong resistance, because it is just human nature to be squeamish about having our eyes scanned.

I covered the challenges of biometrics here, as long as this technology is limited to smartphones, some but not all biometrics issues remain:

What is the real-world sensitivity/specificity trade-off i.e. quantified False Positive and False Negative Error Rates?
Revocability. What happens if the mobile device is lost? What is the strategy to cancel and reissue a pair of eyes?

Despite the concerns scanning your sclera for security is coming to an iPhone near you.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2012, Biometrics, EyeVerify, iPhone, Iris recognition, Security, Smartphone

RB | December 13, 2012

Comments Off

Top Five IT Trends for 2013

Ian Kilpatrick, who has the longest job title I have ever seen, chairman of international value added distributor, specialists in market development for secure IP infrastructure solutions and convergence at Wick Hill Group shares his vision of the top five IT trends for 2013. In the article, Top five IT trends for 2013 at ITnewslink he shares his predictions.

1. BYOD – He says the first IT Trend for 2013 is BYOD. BYOD is now an unstoppable, user-driven wave that will continue to make a major impact on the IT world in 2013 and beyond. 2013 will see companies trying to integrate BYOD into their networks.

He also speculates that we can expect to see the growth of Microsoft (MSFT) Windows to Go secure USB sticks based on Windows 8, which provide remote users with the supported version of the corporate desktop. These are available from a limited number of suppliers authorized by Microsoft and include Imation’s IronKey Workspace for Windows to Go.

2. Mobile Device Management – The next IT trend for 2013 is that Mobile Device Management solutions growth will accelerate in 2013. The growth is due to the rapid growth of mobile devices such as smartphones, tablets, and laptops, but particularly smartphones.

Growth will be strongest for MDM solutions that offer features such as ensuring mobile device usage complies with company security policies, allocating access rights, managing configuration, updating policies, dealing with data leakage issues, and dealing with lost or stolen devices.

A crucial component for the continued growth of MDM solutions will be the clear separation between the management of business and personal data on devices. There are over 100 suppliers in mobile device management many of them are good but niche solutions. The Gartner (IT) Magic Quadrant identifies the strategic leaders, which includes Zenprise.

3. High density wireless – Wireless requirements have been significantly incrementing over the last year making it the third IT trend for 2013. The firm says BYOD has changed both the data transfer and performance expectations of users. However, these expectations have not been met, with many networks still inadequate in their coverage and performance.

The new 802.11ac standard, with 1 gigabit per second throughput rates, will be a key driver in organizations moving to high-density wireless in 2013. High density wireless will provide companies with high coverage and high performance, supporting business-critical applications and delivering complete site coverage There will continue to be a shift from niche solutions towards more strategic solutions. The Gartner Magic Quadrant identifies Xirrus, which will continue to experience stratospheric growth.

4. Data back-up and recovery – 2013’s fourth IT trend for 2013 deals with data back-up and recovery. Organizations have been under immense pressure from ever-increasing data volumes, archiving, and compliance requirements.

At the top end, new data replication technologies will have a major impact on data centers in 2013. For smaller organizations, the shift from tape will continue apace. For conservative organizations, the move to disc (and, in particular, RDX technologies that combine the best of tape and disk) will accelerate. Hybrid back-up to RDX and then the cloud will increase. In volume terms, the lowest move (but in market-hype the biggest) will be significant growth in direct back-up to the cloud. RDX, hybrid, and cloud data backup solutions are available from vendors such as Imation and Barracuda Networks.

5. Data leakage protection – The last Wick Hill Group IT trend for 2013 says that with the growing volumes of data and regulatory bodies’ willingness to levy fines for non-compliance, data leakage protection will continue to be a major cause for concern during 2013. Companies will be looking closely at how to secure and manage their data as their network boundaries spread even wider, with increased use of social networking and BYOD, increased remote access, the rapid growth of wireless, increased virtualization, and the move towards convergence.

Increasingly, organizations will couple DLP products with SIEM (Security Information and Event Management) solutions. DLP concerns will also continue the growth curve for authentication (much of it hosted in the cloud) and encryption, to protect data, both in motion and at rest. Some companies will look to hosted security services and the cloud to cope with an increasingly complex security situation. SIEM and authentication solutions are available from companies such as LogLogic, Check Point VASCO, and SafeNet.

rb-

So these are not really earth-shattering predictions for 2013, BYOD, MDM, and Wi-Fi are already part of my world. We are doubling our backup capabilities and will be updating from our current McAfee to some sort of DLP

BYOD vs MDM – Who Pays The Bill? (networkingnerd.net)

Category: Uncategorized | Tags: 2012, Backup, Business, Data, Gartner, IT, MDM, Microsoft, Mobile device, MSFT, Xirrus, Zenprise

RB | December 11, 2012

Comments Off

Disposal Dummies Cause Privacy Problems

The article Disposal Dummies Cause Privacy Problems, posted at SecureWorld Post by Rebecca Herold lays out the privacy problems caused by dumb disposal policies. The article claims that trash-based breaches are worse than ever.

The oldest security and privacy problem, unsecured disposal of personal information, is prevalent today as it was centuries ago reports the author. She says because of the rapidly growing amount of data, in which EMC (EMC) and IDC claim that data is doubling every two years, along with print information, there are even more ways in which disposal-related breaches are occurring. Here are just a few instances I found:

‘Confetti’ Dropped During Giants Parade Contained Confidential Information
School Accidentally Throws Out Books and Student Information
Dallas convicts no longer shred confidential data
Auction of Abandoned Storage Unit Contents Continues to Pose Data Security Risk
Student Records Found in Field
Spartanburg County Tax Records Found In Dumpster
County improperly disposed of documents, told no one
Student information compromised: Intact records found

The blog outlines some of the most common egregious information disposal dummy security and privacy mistakes:

Donating print documents with personal information on them to outside groups, like pre-schools and community groups, to use as scrap paper.
Selling computers, smartphones, copiers, fax machines, and other computing devices, to recoup some of the investment, but not irreversibly removing the data before the sale.
Putting digital storage devices in the trash without first irreversibly removing the data.
Putting print documents containing personal information into unsecured dumpsters, and not shredding them.
Never throwing away no-longer-needed hard copy and digital devices; letting them accumulate in storage areas, with inadequate or no security, allowing them to be taken by anyone who happens along.

Data disposal is important because breaches caused by poor disposal activities are getting so bad that the article states there are growing numbers of laws explicitly covering disposal, and bills are being proposed at the state and federal levels. The Disposal Rule (part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) has been in effect since 2005. The blog says FACTA has many very specific requirements that basically all types of businesses, of all sizes, that do most types of credit checks must take when disposing of information in all forms.

In Michigan, data destruction requirements are covered in IDENTITY THEFT PROTECTION ACT MCL Section 445.72a. where destruction of data containing personal information required; violation as misdemeanor; fine; compliance; “destroy” are defined.

Besides the fact that secure information disposal is now a legal requirement for most businesses, it makes sense to dispose of information securely to prevent privacy breaches. By having effective disposal policies, procedures and supporting technologies in place businesses demonstrate reasonable due diligence.

Ms. Herold argues that all organizations, from the smallest to the largest, need to follow proper information disposal practices or they will experience significant privacy breaches and non-compliance penalties. She presents an action plan to get started:

Assign overall responsibility for information security and privacy compliance to a position or department within your organization, which will include responsibility for the disposal of information in all forms.
Perform a disposal risk assessment to find exactly how your organization really disposes of all types of information.
Create information disposal policies and procedures, or update existing ones, based upon the results of the disposal risk assessment.

The policies and procedures need actions:

Locate, inventory, and gather at the end of their business usefulness all types of digital storage devices, including CDs, DVDs, USB drives, external drives, tapes (yes, many organizations still use them), microfiche (yes, these too), and any other type of storage media.
Inventory all types of computing equipment, including not just the “traditional” computers, but also devices such as printers, fax machines, copiers, smartphones, MP3 devices, and any other types of devices that do computing activities.
Define acceptable shredding methods and locations for paper documents. Finely cross-shredding hard copy information is recommended, as well as ensuring any contracted shredding company does such shredding on-site.
Define acceptable methods of irreversibly removing data from computing and digital storage devices. Degaussers are still often used, in addition to contracted services to wipe storage devices clean.
Make sure you include information backups, and all types of information archives, in your disposal procedures. These items are typically overlooked, and many breaches have resulted from such items.

The bottom line for all organizations, the author argues is: You need to make sure there are proper safeguards for information, computing, and storage devices, during the disposal process.

The author concludes with some recommended resources and articles to aid you with improving your own personal, and organizational, disposal practices:

Employees Fret Over BYOD-Related Privacy Issues (misco.co.uk)

Category: Uncategorized | Tags: 2012, CIPA, Disposal, EMC, Facebook, FB, Paper, PII, Privacy, Security

RB | December 8, 2012

Comments Off

OMG Texting bday

20 years ago this week, one of the largest phenomenons of web 2.0 emerged. On December 3rd, 1992, a 22-year-old Canadian test engineer sat down and typed out a very simple message, “Merry Christmas.” Gizmodo says the text flew over the Vodafone (VOD) network to the phone of Richard Jarvis, and since then, we just haven’t been able to stop texting.

Texting is a major staple of communication now, and by far the main use of a phone for many, but it didn’t start out that way. In the very beginning, texts were just a way to send network notifications, namely to let you know you had a voice mail. In 1993, Nokia (NOK) became the first company to make GSM handsets capable of person-to-person texting, but it still didn’t skyrocket to popularity for several years.

Growth of texting

ComputerWorld reports that in late 1995, three years after Papworth’s first text message, users were only sending an average of one text every two and a half months. In 2000 the industry counted 17 billion text messages, according to data from Ericsson. In 2010, the world sent over 6.1 trillion SMS messages or roughly 193,000 per second.

Today, upwards of 7 trillion text messages are sent every year—that’s more than 200,000 per second. So while you’re launching your daily flurry of textuals, take a second to consider the fact that your inane contributions are part of zeta-flood of data.

Digital Trends claims that texting is becoming obsolete. They cite data from Chetan Sharma, an independent mobile analyst and wireless carrier consultant, who reports that the number of text message exchanges in the U.S. had dropped by about 2 percent in the third quarter. This is a sharp difference from the steady growth that text messaging had previously seen. Sharma says it’s the first time that text messaging has begun to dwindle in the United States.

rb-

Texting is still a huge part of the way people communicate via mobile devices, but the emergence of new messaging options has led to the first decline in SMS volume.

Apple‘s (AAPL) iMessage, which operates almost exactly like a text message but only communicates between Apple devices. iMessage completely bypasses the carrier when sending text messages between iPhones.

Facebook ‘s (FB ) Messenger app, which essentially exists as the mobile presence for the social network’s instant messaging feature. Facebook’s Messenger app can be used across multiple platforms, which could give it an advantage when it comes to text messaging alternatives.

Hopefully, the competition will force AT&T (T) to stop overcharging its customer. Gizmodo claims AT&T’s New Text Plan Overcharges You by 10,000,000 Percent. Literally lead the way toward cheaper texting plans.

Text messages direct to your contact lens (telegraph.co.uk)

Category: Uncategorized | Tags: 2012, AAPL, Apple, Facebook, FB, iPhone, Mobile, Nokia, SMS, Texting, Vodaphone

RB | December 6, 2012

Comments Off

Tablet Info

iPad thefts from Cleveland Heights-University Heights middle school students prompt community soul searching

iPad thefts from Cleveland Heights-University Heights middle school students prompt community soul searching Cleveland.com reports that iPad thefts from middle school students in the Cleveland Heights-University Heights school district is causing an iPad re-think.

The school district gave 1,300 Apple (AAPL) iPad tablets to middle school students at the start of the school year. The report says students were permitted to take the iPads home as a continuing educational tool.

The experiment lasted less than three weeks because the students became targets for thieves. Between Sept. 26 and Oct. 13, a dozen middle school students had their iPads stolen while on their way to and from school, Cleveland Heights police chief Jeff Richardson said.

Since mid-October, the district has collected the tablets at the end of the school day and students no longer could take them home.

More than 130 people attended a meeting seeking answers about how to go ahead and whether crime will win out over education. The reporter writes that the meeting was meant as an information-gathering session. Police, principals, and other officials wanted to decide if the district could safely revive the “Take home iPad Plan” sometime in the near future. The crowd reaction was mixed about how to proceed.

Crime Spree Interrupts Educational Opportunity (fox8.com)

Superintendent John Deasy’s $17.5M request for computer tablet funds nixed

The Los Angles Daily News reports that the panel that oversees the spending of Los Angeles Unified’s bond revenue refused Superintendent John Deasy’s request for nearly $17.5 million to jump-start the purchase of computer tablets for every student. The Bond Oversight Committee voted 7-3 for the plan, but that was one vote short of the eight needed for passage, officials said.

The $17.5 million would have funded the first phase of his long-range technology program. The plan included the tablet pilot project at 14 secondary schools. Mr. Deasy said the tablets are needed for the district to start the new curriculum known as Common Core State Standards taking effect in 2014.

Ultimately, he wants to buy tablets for all 650,000 LAUSD students, a project estimated to cost upwards of $400 million.

LAUSD Superintendent Warns Of Shorter School Year Due To Budget Crisis (losangeles.cbslocal.com)

IDC Figures Show Samsung and ASUS Challenging Apple’s Grip on the Tablet Computing Market

MIT’s Technology Review pointed out new data from IDC suggest that Apple’s dominance of the global tablet computer market may be giving way. Competing tablet makers, led by Samsung (005930), gained substantial ground during the third quarter of 2012.

Apple‘s (AAPL) market share dropped from 65 percent in the second quarter to just over 50% in the third quarter. Meanwhile, Samsung’s share doubled to 18%, and Amazon (AMZN) and ASUS (2357) each saw their share rise from under five percent to around nine percent.

As is clear from the graph above, TR concludes that it’s too early to tell how quickly the market is diversifying. Apple’s lag was at least partly due to rumors about its plans to release the iPad Mini, which led some consumers to hold off on buying a new iPad, according to IDC. Now that the Mini is out, analysts expect Apple to have a strong fourth quarter.

The iPad Mini’s $329 starting price, however, is well above that of many Google (GOOG) Android tablets, which is why IDC’s analysts believe there is “plenty of room for Android vendors to build upon the success they achieved in the third quarter.”

Android-powered smartphones are already more popular than Apple’s iPhone in the U.S. as well as in other countries, like China

IPad will dip below 50% tablet market share in mid-2013 (venturebeat.com)

Tablet Makers Pursue Public Schools

Schools are a large and growing market for Apple’s iPad. Teachers claim that tablets help students with lessons, improve memory and language skills, and cause them to act more independently. The excitement among tablet makers is almost as great. Tablet makers like Apple are pursuing public schools for more sales.

MIT’s Technology Review brings us data from IDC which says global shipments of tablets will reach 177 million this year, and 11 million of them were purchased by businesses or government of those, IDC analyst Tom Mainelli says, the “vast majority” were sold to schools.

Mr. Mainelli thinks that within a few years all U.S. students will have some access to a tablet at school. With 55 million students in the country’s schools, that’s a lot of potential sales. The article says it’s not just a one-time product push: beyond selling tablets to schools and districts, tablet makers see a chance to set up future sales by establishing brand loyalty with young users. “All these guys see huge opportunities here,” he says.

The most successful tablet maker in the education market is Apple (AAPL). In its July 2012 quarterly report, the company said it sold one million iPads to schools. TR notes that Apple hasn’t reported education numbers since then, but it did unveil a smaller, cheaper model that it expects will also appeal to students and educators: the $329 iPad Mini.

Amazon (AMZN) also highlighted its interest in the education market with the debut of Whispercast, a service to manage its Kindle e-readers en masse. Jay Marine, vice president of product management for the Kindle, the company sees the education market as “a meaningful business opportunity.”

Smaller companies are making tablets aimed specifically at the education market. Two firms are CurriculumLoft, which makes the Kuno tablet, and Brainchild, which sells the Kineo.

Brainchild CEO Jeff Cameron claims his company’s $299 tablet, which runs on Google‘s (GOOG) Android software is better than mass-market devices because it was built for educational use. TR says that, unlike most tablets, the Kineo has a replaceable battery, resulting in a longer lifespan. Its touch screen is meant to withstand spills, and it has more physical buttons than an iPad.

Android Tablet Market Share Gains As iPad Declines in Q3 (socialbarrel.com)

Category: Tablet computing | Tags: 2012, AAPL, Amazon, AMZN, Apple, Asus, Brainchild, China, Cleveland, Crime, CurriculumLoft, GOOG, Google, iPad, Los Angles, Student, Theft

« Older Entries Recent Entries »

Bach Seat

Archive for December 15, 2012

Scan Your Sclera for Security

Top Five IT Trends for 2013

Related articles

Disposal Dummies Cause Privacy Problems

Related articles

OMG Texting bday

Growth of texting

Related articles

Tablet Info

iPad thefts from Cleveland Heights-University Heights middle school students prompt community soul searching

Related article

Superintendent John Deasy’s $17.5M request for computer tablet funds nixed

Related article

IDC Figures Show Samsung and ASUS Challenging Apple’s Grip on the Tablet Computing Market

Related article

Tablet Makers Pursue Public Schools

Related article

Meta