London, 28th July 2010 Trusteer, the leading provider of secure browsing services, today announced that it has added financial malware disinfection to its Rapport service. In addition to preventing Trojans like Zeus, Silon, Bugat, DBJP and zero day malware from tampering with website communications and transactions, Rapport now removes malicious code that attempts to attack browser sessions. This new capability is being provided at no additional cost to all Rapport customers and end users. Trusteer will also submit any new (zero day) malware it discovers to all anti malware vendors in an effort improve notoriously low detection rates for crime ware.
Recent studies from Trusteer and other fraud detection vendors show that antivirus solutions detect only 10 percent of active financial malware. By sharing financial malware samples with all anti malware vendors Trusteer is helping to improve banking security for all customers including those that are not yet using the Rapport service. Trusteer’s unique technology discovers, captures, and validates zero-day financial malware weeks and even months before new attacks are addressed by anti-malware vendors.
Mick Paisley, Head of information security and business resilience for Santander commented, -The new financial malware disinfection tool that has just been added to the Rapport secure browsing service is fantastic news for our customers, Santander offer this complimentary service to all our retail banking customers and many of them have already taken advantage of this additional protection for their online banking.
Trusteer is dedicated to improving their Rapport service and Santander and Alliance &Leicester would encourage any retail banking customers who have not already done so to download the Rapport secure browsing service from our website as the protection it offers is superior to other secure browsing and malware removal tools that customers could have to otherwise have to pay a considerable sum to buy.
Paisley continued, -Through experience we have confidence that Trusteer is always ahead of the curve in detecting and protecting people from new forms of financial malware and their willingness to immediately share this valuable intelligence with all other antivirus vendors is to be highly commended for making online fraud harder to commit by criminals.
Zeus and other online fraud Trojans are increasingly being remotely reconfigured by criminals to deliver new, more targeted and more authentic looking attacks. For example, Trusteer recently discovered campaigns that use Zeus to exploit the familiar Verified by Visa and MasterCard SecureCode security programs and launch regionally-focused attacks against specific banks. Rapport’s ability to block attacks from malware present on a machine and now to remove the malicious code provides the broadest protection for financial institutions and their customers.
-With the addition of its free malware removal capability Trusteer now provides the most comprehensive anti phishing and anti malware protection for online banking, said Amit Klein, CTO of Trusteer and head of the company’s research organization. -Rapport detects, alerts on, blocks, and removes financial malware at no cost for end-users, while it protects online communication with their financial institution. As an added benefit, Rapport can protect communication with an unlimited number of websites.
Rapport: Secure Browsing Service
Rapport from Trusteer is a lightweight browser security solution that prevents criminals from tampering with website communications and transactions, and protects against man-in-the-browser, man-in-the-middle, and phishing attacks. When a Rapport user browses to sensitive websites such as internet banking, Webmail, or online payment pages, Rapport immediately locks down the browser and creates a tunnel for safe communication with the web site. This prevents malware from injecting data and stealing information entered and presented in the browser. Rapport removes malicious code it discovers on protected machines. Trusteer also offers in-the-cloud reporting services. When unauthorized access attempts are detected by Rapport, these are analyzed by Trusteer fraud experts who provide actionable intelligence to customers.
Availability
Trusteer Rapport with financial malware removal is available immediately from financial institutions worldwide. Existing Rapport users will automatically and transparently receive the updated capabilities.
About Trusteer
Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer Flashlight allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 7 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com
The emergency budget has given us the first real indication of how and where the coalition’s major spending cuts are going to occur. Chancellor George Osborne has spelt out the agenda in recent weeks, explaining that, “decisive action to deal with Britain’s record budget deficit, estimated to be running at £149 billion annually with a structural deficit of £113.5 billion – is the top priority or else the country is on the “road to ruin”.
The new measures announced make it clear that the public sector has been singled out as a key area for cutting costs and making savings – a two year pay freeze for anyone earning more than £21,000 and a review of public sector pensions have been proposed, while in contrast a series of tax breaks and national insurance incentives have been made to try and stimulate private sector growth.
While departments won’t see their details of their individual budgets until October 20th, Mr. Osborne has stated that budgets for non-protected departments will fall by 25 percent over four years, a move that is likely to have escalated concern over whether wide-ranging cuts can be inflicted on the public sector without making redundancies, damaging services or the economy as a whole. As the government has already made high profile commitments to protect certain public services, including in health, education and policing, this 25 percent reduction has so far been defined purely in terms of eliminating waste. ‘Waste’ is clearly an important issue, and one that was highlighted by all major political parties during their election campaigns, but when it could refer to people’s jobs or public services, it’s easy to understand why there’s such concern over the cuts.
However, the truth is that there’s vast potential to reduce public sector costs simply by using existing government property more effectively – action that could even improve service provision. Delivering property efficiencies is a leading example of cutting waste, and although £170 million in property savings is already proposed for the current financial year, this figure doesn’t really do justice to the potential savings on offer. Done correctly, office estate transformation can deliver efficiency gains, improve the quality of the service that public sector employees are able to deliver, and make a meaningful contribution to Government’s sustainability targets.
For example, a significant contribution to the expense of government is the cost of running the 7.7 million square metres of offices that accommodates the UK’s civil service. New research conducted by specialist economic consultancy SQW suggests that substantially greater savings are achievable through deeper and accelerated implementation of best practice approaches to civil estate management. In particular, costs could be reduced by £1.4 billion per year within five years if the central government office estate was utilised more efficiently. Allowing for time to implement the necessary changes, this would amount to savings of more than £4.3 billion over the first five years. The savings relate only to the central government office estate that accounts for 10 percent of the overall £25 billion annual running cost of the entire public sector property portfolio.
More efficient property solutions would improve frontline service provision as well as achieving savings. This is possible by delivering a high quality working environment for staff and customers, resulting in higher levels of productivity, flexibility and customer satisfaction. They could also support cross-departmental strategies, which will help facilitate maximum savings across government.
Property efficiency solutions deliver an effective transfer of risk from the public to the private sector (where it can best be managed), and can offer savings to the taxpayer through contractual guarantees. One such example is the DWP estate, which has been managed by Telereal Trillium since 1998. Under the property efficiency approach and drawing on the DWP’s robust estate strategy, the size of the occupied estate has been reduced to 1.8 million square metres, a reduction of 0.8 million square metres (around 30 percent) that has been achieved despite a 2003 departmental merger with the Employment Service. The National Audit Office estimated that the DWP’s partnership with Telereal Trillium will eventually save around £780 million for the taxpayer.
And it’s not just financial savings that can be delivered through this approach. Substantial environmental and sustainability benefits can also be created through deepened and accelerated implementation of property efficiency solutions – for example, through reduced utilities consumption – thus allowing the coalition government to tick another box.
The budget cuts have provoked outcry in many quarters – indeed, the government always anticipated this would be the case. However, it’s clear that the pressure is now firmly on the coalition to demonstrate it can come good on its promise to protect frontline services, and the SQW research suggests there’s no better starting place than its own back yard.
Paul Seddon is a consultant for Expense Reduction Analysts, the UK’s largest cost and purchase management consultancy.
The £6billion of government cuts announced on 24 May were designed as a shockwave, a first taster of the real challenge that public bodies will be facing in earnest over the next few years. It is no secret that massive savings in public spending will have to be found if the public finances are to be turned around.
For years HM Treasury has emphasised to every public body, great or small, the need to find annual savings through improved efficiency and better procurement. Ritually, there have been announcements of saving after saving from new contracts. If all those announcements are to be believed, control of public spending has already been taken care of.
So why is there a savings crisis?
While all these claims of great savings have won politically valuable headlines, I believe the reality is different. Try putting the following question to those public bodies that have claimed a saving: -A year after the new contract was let, can you demonstrate how much money you have actually saved?
The first part of the truthful answer tends to be: -We don’t know, our financial systems are unable to provide the data to answer that question. The second is: -Our gut feeling is that we haven’t really seen the savings coming through.
In light of this, it can be argued that the last ten years have witnessed a phoney war on savings. However, the public sector now has no option but to get real, spend management needs to move right to the top of the managerial agenda in all public sector bodies.
The ownership of spend management at the top is absolutely key. It is not enough to appoint a procurement officer or ten and assume that savings will follow. Political leaders, chief executives and directors of finance must own their organisation’s strategy for spend management; and be seen by managers and staff throughout their organisations to be doing so.
By putting in place good contracts, procurement professionals can only make potential savings. These potential savings can easily be lost by non-compliant purchasing decisions made by budget holders who are usually distributed throughout service departments in public bodies. This is the area that needs most attention. Expense Reduction Analysts has reviewed spend analysis from a large sample of public sector bodies that clearly shows a huge potential for savings purely from tightening up purchasing discipline.
To realise actual savings, managers must exercise purchasing discipline, using contracts that procurement teams have put in place wherever possible, alerting procurement if their needs are not being met or are changing. Discipline about contracting needs to start right at the top of the organisation.
Key to realising savings is to manage spend, which starts with data analysis that identifies how much is being spent, on what and with which suppliers. Spending needs to be tied back to contracts and reviewed on a quarterly, if not monthly basis to check that contract terms are being adhered to. Spend being made outside contracts must be identified and then corrected for the future through normal management processes.
Spend analysis has been increasingly adopted in the UK public sector but its proper use as a tool for spend management is not yet widely understood, certainly not outside professional procurement management. It is the single most important key to unlocking savings from purchasing in the public sector. Spend analysis tools that get right down to line item data are now available and must be put to use as a structured part of management reporting, not just as an occasional -nice to have.
Alongside internal improvements in spend management, procurement teams generally need to get more commercial about contract decisions. In too many cases, procurement is there just to provide assurance that when contracts are tendered, the process does not fall foul of the regulations (such as the Public Contract Regulations 2006). This is not sufficient to ensure value for money.
Critically, there is much to be done to improve areas such as drawing up specifications for tenders. Far too many specs are drawn up on the basis of inadequate knowledge of either what outputs or outcomes are needed; or of what is the state of the art on the supply side. Without being able to tap into supplier innovation, the scope for savings is dramatically restricted.
However none of these suggestions about getting more potential savings will count for anything if indiscipline in day-to-day buying decisions persists. So to reiterate, the message for the new public sector world is that savings start at the top or not at all.
A wharehouse attached to Pingle Mill in Delph near Oldham was in danger of setting alight at the weekend.
James Cormode, 24, from Delph jumped in with a stick to put out the flames and stop the fire spreading to the building.
” I was at a barbeque when in the distance we spotted the smoke and realised the heather and grass was on fire and very close to the mill itself, I rang the owner of the mill, a friend of mine, and ran across the fields to see if I could do anything.
“the only thing I could do was to rip off a tree branch and start beating the flames out, it was very hot and smokey but I carried on until the fire brigade arrived by which time I had managed to get it out.
” It’s a bit ironic as I was turned down for the fire brigade, maybe they will let me in now, i’m just glad to have been able to help out ” , said James
The fire was further extinguished by the fire service using water jets and they remained on the scene until the last embers were out.
Chief Constable Grahame Maxwell, who is also the Association of Chief Police Officers’ Finance and Resource portfolio lead, said:
“We are taking the necessary time to analyse the Government’s emergency budget to determine its full impact on police funding both at a national and local level. We will be in a better position to respond in greater detail once all the implications have been established.
“As a force though, and in line with most facets of the public and private sectors, we are abundantly aware that there will be some pretty tough times ahead while the economy recovers from this deep recession.
“However, as a result of the Capability and Capacity Review which I instigated on my appointment as Chief Constable in May 2007, together with the ongoing ‘Towards 2012’ service development programme, North Yorkshire Police is in a strong position and I will do all that I can to protect visible policing levels.
“This means that the high-quality policing service that our communities rightly expect will be maintained, and our determination to ensure that North Yorkshire and the City of York remains one of the safest and low-crime areas of the country will not waver in the face of this significant national challenge.”
-In the short term I recognise that steps must be taken to address the consequences of the recession. These understandably have been framed around a trade off between cuts in public spending and tax increases.
-The real challenge is to make every pound of money in the public sector a pound well spent. The public sector has many talented and committed people who are being constrained by the environment in which they work. An environment which stifles them in exercising their judgement, being enterprising and creating new solutions to the myriad of problems they face. Nitty gritty problems faced in delivering critical services to some of the most needy and most deserving in our society.
-I am however, concerned about the Chancellor’s planned cap on housing benefit and I fear the extent to which the poorest will be hit hardest by this and by other departmental cuts.
-The tax rises against cuts debate has to be broadened to cover real reform of how the public sector does its job. Not cosmetic restructuring of closing a quango here and rebranding a service there but a fundamental review of how millions of people are doing their jobs day in and day out. How can that talent be unleashed? How can they be set free to work more closely with the people who need their support, so that we invest in prevention as much as cure?
-Big Society is a concept with real potential – but great danger that 25 per cent cuts in public services prevent government departments and local authorities from investing in greater civic enterprise and resilience. This is where real fairness starts and ends – with the attitudes of the people as a whole, not with the imprecation of those in government.
-The fairest societies are the most healthy, for everybody, poor and rich. We need an investment in fairness, which is an investment in mutual support and responsibility. In the long term, this reduces the problems which require public sector intervention such as unemployment, educational underachievement and obesity.
-There is a danger that this budget results in an underinvestment in the empowering themes that will deliver efficiency and fairness – resulting in a medium to long-term rise in the social morbidities which cost the public purse so dear. We will only know whether we are eating the seedcorn in this way when we see how the government departments react to the reductions in budget – with imagination or with the traditional protection of existing structures.”
A record number of Coast & Country Housing employees have been working towards qualifications in the last 12 months.
More than 100 staff have been studying for a wide range of qualifications including NVQs, Institute of Leadership and Management credentials, Foundation Degrees, Chartered Institute of Purchase and Supply Diplomas, European Computer Driving Licences and Masters Degrees.
Employees, from maintenance technicians to customer service staff to service team leaders, managers and supervisors, have been encouraged to extend their skills and knowledge through training and development programmes.
For the first time, Coast & Country worked with the School of Health & Social Care from Teesside University to deliver a leadership course, which has been so successful it plans to repeat the programme in the next academic year.
Coast & Country, one of the largest regeneration and housing companies in the region is aiming to be the best social housing business in the country and last year launched a Journey to Excellence initiative to help achieve that goal.
A key part of this initiative was to examine how the company is organised, how it can excel in customer service and how it can play a key role in regenerating communities.
Part of this strategy is ensuring its staff are motivated and empowered to be the best and the increase in the number of staff undergoing training is a key component.
Iain Sim, Chief Executive of Coast & Country, said: -Part of our Journey to Excellence is ensuring that employees, throughout the whole of Coast & Country, are given the support and opportunity to broaden their knowledge and skills base to enable them to provide an even better service to residents.
-This is the largest number of Coast & Country staff to have studied for qualifications in one year. It has proved to be a great motivator with many, having had a taste of getting back in to education, keen to continue with their personal development and work towards further qualifications.
-A well-trained workforce is more confident and knowledgeable which translates in to improved support and provision for our customers.
The Government’s attitude to public sector pay and pensions is a worrying issue. David Cameron seems to be pushing councils awkwardly down a path they are already addressing. A reduction of payment in pensions will have a crippling effect on the economy and further increases in employee contributions will not serve as an effective solution.
There is a huge misconception about gold-plated pensions. Government is overlooking the fact that the average public sector pension is only £7,000, according to the TUC.
In terms of pay, progression does need to be managed on performance and contribution rather than length of service (at least for senior managers) rather than all employees being penalised due to poor decisions by government. We are seeing more councils moving towards such a setup in order to manage long-term costs.
The majority of bonus schemes have been removed in the public sector but further reviews of some elements of pay should be encouraged and managed so councils can move forward sensibly whilst the potential attack on pensions is misguided.
Geoff Pearce
Principal reward consultant
NorthgateArinso
i2, the leading provider of intelligence and investigation software, has formed a formal partnership with leading risk intelligence specialist, World-Check. As a result, i2 customers can benefit from the ability to access highly structured information and create actionable intelligence faster. A new solution was announced here today at i2’s Europe, Middle East & Africa (EMEA) User Conference.
By preloading i2’s industry leading products, Analyst’s Notebook and iBase, with World-Check’s extensive database of Politically Exposed Persons (PEP’s) and heightened risk individuals and organisations, analysts have immediate access to the world’s most widely adopted open source research and the powerful tools they need to analyse the research in the context of a particular project or investigation.
-As the criminal and terrorist landscape continues to evolve the potential consequences of these threats grow significantly. Consequently, analysts find themselves with the daunting challenge of generating actionable intelligence for those who need it, fast,” said Guillaume Tissot, vice president of Product Marketing at i2. -Customers want secure access to high quality, trusted open source research, which has been rigorously vetted by one of the most respected risk intelligence providers and supported by i2’s unmatched visualisation capability. This enables organisations to make sense of this information blizzard — a powerful combination in the war against all forms of illegal activity.”
”The agreement with i2 represents a major step forward in the development and implementation of risk intelligence solutions. Our data sets fit perfectly within the i2 analysis and visualisation technology infrastructure,” said Dan Peak, CEO at World-Check. -Our two companies have the same commitment to pioneering innovation in our respective markets.”
With i2 and World-Check, customers can:
Access comprehensive research and powerful analysis:
Analyst’s Notebook and iBase will be preloaded with structured intelligence from the World-Check database.
Search results can be matched, analysed and visualised with Analyst’s Notebook and iBase.
Unrivalled coverage of Politically Exposed Person (PEP) and heightened risk entities.
Increase efficiency and enhance intelligence output:
Use World-Check data to supplement or enhance existing data while i2 products uncover hidden links and relationships within the data.
Add international intelligence to local investigations.
World-Check data is structured with more than 20 fields assisting in the identification of entities.
Organise and rapidly analyse vast quantities of high quality open source intelligence.
Improve operational decision-making:
Unmatched Always-on-Analytics and point of need alerting.
Research sources are included for verification purposes.
The partnership between i2 and World-Check marries 30 years of experience in developing intelligence software with 10 years of innovation in intelligence research. Available today, this turnkey solution provides analysts with the ability to search through more than a million highly structured profiles and open source intelligence from i2’s Intelligence-Led Operation Platform. The results can then be matched, analysed and visualised with i2 products, helping analysts create actionable intelligence, faster.
Commenting on the latest unemployment figures released today (16 June), Dave Prentis, UNISON’s General Secretary, said: -With unemployment on the up again it makes no sense to throw thousands more people on to the dole queues.
-Behind every statistic is a personal tragedy – cuts to public spending will have a huge impact on the local economy and will devastate communities and families.
-We face a lost generation of disaffected young people, struggling to get their first foot into work.
-Cutting hard and fast will risk a double dip recession. We need to protect public services and create opportunities for young people and the long-term unemployed.”
Chief Superintendent Lynn Hart has received a MBE in the Queen’s Birthday Honours List for services to policing.
Chief Superintendent Lynn Hart, Bournemouth and Poole Divisional Commander, said: “I’m honoured and humbled to be receiving this award as I go into my 36th year of service with Dorset Police.
“I couldn’t have achieved the award without the support of my family, colleagues – police officers, police staff and volunteers – and partner agencies. I am accepting the award on behalf of all of them.”
Chief Constable Martin Baker said: -This is a richly deserved recognition of Lynn’s achievements over a long and distinguished career in policing.
-She has risen to one of the most senior levels in the police service through her total commitment to the communities she serves and to the people that she leads and I am delighted both for her and the Force.”
Chief Superintendent Lynn Hart, 52, joined Dorset Police as a cadet in 1975 at the age of 17, and became a police officer in Bournemouth soon after.
While rising through the ranks of Dorset Police, Chief Superintendent Hart also worked in Poole, Christchurch and at Force Headquarters in Winfrith.
In 2001, she was promoted to superintendent in command of the former Eastern Division, and then to chief superintendent in early 2008 when she took on the challenge of merging the old Eastern and Western divisions to create the Dorset County Division.
Later in 2008, Chief Superintendent Hart moved to the conurbation to take command of the Bournemouth and Poole Division; the post that she remains in today.
Chief Superintendent Lynn Hart has lived in Dorset for her entire life, and currently lives in the Bournemouth area of the county.
Police have seized over 150 bottles and cans of booze from underage drinkers in a series of anti-social behaviour initiatives.
But instead of pouring the alcohol down the drain, the haul, which includes 74 bottles of lager, 63 cans of lager, two litres of vodka and 29 litres of cider has been donated by Rochdale South Neighbourhood Policing Team to care home residents at Springhill Hospice for their enjoyment.
The seizures have been by Rochdale South Neighbourhood Policing Team during Operation Quasar, an ongoing weekend anti-social behavior initiative for Rochdale Division. It sees mobile and foot patrols increased in hot spot areas such as Milkstone and Deeplish, Kirkholt, Castleton and Kingsway.
During the initiative police work in troubled spots with agencies such as the local authority, youth services and licensing officers and have used handheld cameras and mobile video units. Any youths found hanging around are stopped and accounted for and offered leaflets providing a list of activities they can take part in across the area.
Youths continuing to be a nuisance have letters issued to their parents and those ignoring the two warnings are then encouraged to sign into the acceptable behaviour scheme (ABS)*.
Police also work with licensed premises and shops in a bid to curb underage sales.
Sergeant Shoheb Chowdhury for Rochdale South Neighbourhood Policing Team, said: “A staggering amount of alcohol was seized during the operation and a large amount had to be poured away. What has to be remembered is that with alcohol comes nuisance and anti-social behaviour.
-In the past there have been some serious incidents of anti-social behaviour and criminal damage which has been caused by youngsters getting drunk on the street. The success of this operation in recent times has resulted in a drop of youth related incidents, which is pleasing to see.
-Residents living in the area have been telling us about how pleased they are about the operation and the results. This is great news for the team and shows that the work we have put into the operation has paid off.”
Christine Webb, chief executive for Springhill Hospice at Broad Lane, Rochdale, said: -Once again the Rochdale South Neighbourhood Policing Team has supplied Springhill Hospice with a range of alcohol for use by our patients.
-We have two very well stocked drinks trolleys and our patients in the in-patient unit and in the day hospice are offered a drink prior to each meal by one of the volunteering team. The drinks that have been donated save a huge amount of money for us and of course our patients really enjoy the social benefits of having a drink.
-We are extremely grateful to Sergeant Chowdhury and his team for bringing the drinks to the hospice, they will be greatly appreciated by our patients.”
The world of hacking has evolved into two major varieties: industrialized attacks and advanced persistent threats (APT). There has been a lot of discussion around the validity of APT recently , some have even connected APT with panties. But APT is a real threat. So, what’s the difference between APT and industrialized hacking, and how should you respond?
Industrialized Hacking
Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today’s cybercrime industry has similarly transformed and automated itself to improve efficiency, scalability, and profitability.
What are the key characteristics of an industrialized attack?
It’s ROI focused. All parties involved work to increase the bottom-line. Similar to the way a business works to maximize gain with as little investment as possible.
It’s not personal. Automated attacks do not target specific individuals. Rather, they target the masses, both enterprises and users, using general selection criteria. For example, a botnet that drives mass SQL injection attacks or brute force password attacks will not discriminate between large or small organizations.
It’s multilayer. Each party involved in the hacking process has a unique role and uses a different financial model.
It’s automated. Botnets, armies of unknowingly enlisted computers controlled by hackers, scan and probe the web seeking to exploit vulnerabilities and extract valuable data, conduct brute force password attacks, disseminate spam, distribute malware, and manipulate search engine results.
Common attack types include:
1. Data theft or SQL injections. Data theft is most commonly administered through SQL injection. Between January and June of 2009, IBM reported nearly 250,000 daily SQL injection attacks on websites around the world. Imperva researchers reported the use and deployment of SQL injections as the top chat topic on hacker forums. For example, the 2009 assault against Heartland Payment Systems, which resulted in 130 million dollars of lost records, was attributed to SQL injection.
2. Business logic attacks. Recently, web application hackers have begun to develop attacks that target vulnerabilities in the business logic, rather than in the application code. Business logic attacks often remain undetected. In fact, most business logic vulnerabilities are hard to anticipate and detect using automated test tools, such as static code analyzers, and vulnerability scanners. Often, attack traffic resembles normal application traffic. Attacks are usually not apparent from code and are too diverse to be expressed through generic vulnerability scanner tests. A recent hack against Durex India highlights how this type of attack works.
3. Denial of service attacks. This type of attack is usually executed as part of a blackmail scheme that forces application owners to pay a ransom to free their application from the invasion of useless traffic. For instance, attackers will threaten to shut-down online gambling sites for a particular ransom.
Advanced Persistent Threats
Advanced persistent threats (APT) are driven, usually, by government agencies, or their terrorist counterparts. Rarely are APTs led by political or commercial organizations. However, in some cases, marginal threats do arise from obsessed individuals and legitimate commercial organizations. What are the key characteristics of APT hacking?
It’s very personal. The attacking party carefully selects targets based on political, commercial, and security interests. Social engineering is often employed by an APT.
It’s persistent. If the target shows resistance, the attacker will not leave, but rather change strategy and deploy a new type of attack against the same target. The attacker may also decide to shift from an external threat to an internal threat.
Control focused. APTs are focused on gaining control of crucial infrastructure, such as power grids and communication systems. APTs also target data comprised of intellectual property and sensitive national security information. Personal data, however, is of no interest. Surprisingly, APT hackers are not as concerned with costs or revenue. Thus large budgets may be thrown against individual targets with no -financial justification. How can you quantify state security?
It’s automated but on a small scale. Automation is used to enhance the power of an attack against a single target, not to launch broader, multi-target attacks.
It’s one layer. One party owns and controls all hacking roles and responsibilities. In fact, the most serious government organizations operate their own botnets (or at least take control of parts of botnets).
Advanced Persistent Threats vs Industrialization: How Can Security Professionals Respond?
The industrialized hacker wants money but also wants to keep costs down, it’s simply the -Tony Soprano, business model. If you have a web presence, you are a potential target for industrialized attacks, even if you are a small organization. You need to use timely updates on attack sources to quickly identify attackers. Since you are bound to be attacked, emphasis must be placed on easy management and operations, with protection against known vulnerabilities and common attack types, such as SQL Injection, XSS, and CSRF.
Advanced persistent threats, on the other hand, are much more sophisticated and require a -James Bond, approach to impede the Dr. No’s. Consider yourself a target if you hold sensitive information beneficial to governments. Key characteristics include:
.mil and .gov sites
DoD contractors
Infrastructure companies, including power and water
Individual CEOs or leaders of powerful enterprise or government agencies, or their staff
Personal information of possible targets, such as the Chinese freedom of speech activists in the recent Google case
If you have identified an APT, then you need to collect and review audit information with regards to accessing sensitive assets.
In both cases, you should protect both your site and customers by using a rapid procedure of scanning for security vulnerabilities. Additionally, deploying a web application firewall will provide you with a first and last line of defense. Considering, however, the more -James Bond – nature of APTs, you may also need a powerful, fully customizable solution that integrates with vulnerability assessment technologies.
About Imperva
Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world’s leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit www.imperva.com and follow us on Twitter @Imperva.
Rob Murdoch, Chair of the Employment Related Services Association (ERSA) welcomed the further clarity given today by the Government on how existing welfare to work schemes will be replaced by the single Work Programme.
Mr Murdoch said -this is a significant step, and will help employment services providers to help many more thousands of long term unemployed people get off benefits and into work. ERSA members echo the Secretary of State’s commitment – we too are here to help people improve their lives.
-ERSA has been working closely with the Government on devising the new single scheme to ensure that it delivers what Iain Duncan Smith has set out, a back to work programme that -offers targeted, personalised help for those who need it most, sooner rather than later”.
-Introducing the Work Programme next year allows adequate time to put the new scheme in place and manage the transition. ERSA will continue to engage positively with Government to ensure that this transition is managed smoothly and to achieve the greatest possible value from a single scheme.
-We believe that working together we can ensure that the procurement exercise for the `Work Programme’ reflects the significant contribution and experience that our members have in delivering welfare to work schemes.
-We encourage the Government to create maximum flexibility, by allowing other Whitehall departments and local authorities to pool their budgets with DWP spending and deliver services through the single Work Programme.
-In honouring the 12 month notice period that ERSA negotiated as part of Flexible New Deal, we welcome the Government’s recognition that, should contracts be terminated, a full year’s notice is necessary to ensure a smooth transition and stability within the sector, in the best interests of jobseekers and long term value to the taxpayer.
Scientists from the University of Bath have reported a dramatic fall in the number of grey whale sightings in British Columbia and are investigating the reasons for the disappearance of one of their main sources of prey.
The researchers, supported by international environmental charity Earthwatch, are studying grey whales in their summer feeding grounds off the west coast of Vancouver Island and the central coast of British Columbia to design better ways to protect them and determine whether populations are being affected by climate change.
In 2004, the scientists spotted almost 100 whales on the southern central coast. This number fell dramatically to a low of just three in 2009.
The story is similar off the west coast of Vancouver Island, where the numbers of whales have shown an oscillating, but decreasing trend in the last six years.
So far this year there have been few sightings of whales. Earthwatch scientist Dr William Megill, a lecturer in the Ocean Technologies Laboratory at the University of Bath, says his colleagues in Mexico, where the whales breed, are continuing to see large numbers of thin and hungry whales.
Indications are that the whales’ requirements are exceeding the available prey resources in their feeding grounds off Alaska, British Columbia and the Pacific Northwest.
Three years ago Dr Megill warned that grey whales arriving malnourished in their breeding grounds off the Mexican coast may have represented an early indication of environmental changes in the Pacific.
In 2009, Dr Megill and his team found that the tiny crustaceans they feed on, known as ‘mysids’, had disappeared from Clayoquot Sound, forcing the whales to feed offshore, sifting through sand and mud for other prey such as amphipods (small shrimp) and worms.
Although it is obvious the whales have consumed the mysids, why the mysids are not returning is a more serious question.
Dr Megill said: -Our survey of the northern west coast failed to identify any other summer grey whale hotspots, so it sounds like the ‘mysid crisis’ may be more serious than we first thought.
-Only a small number of greys stayed for the summer, and it was quickly evident why the usually highly abundant mysid crop failed this year, and so the whales were forced to look elsewhere, or to switch prey.
-We completed a survey of the whole of the northern west coast of Vancouver Island and the southern Central Coast, and didn’t find any pockets of whales, so we conclude that they must have continued up into northern British Columbia at least, or more likely into Alaskan waters.
-Our colleagues in Mexico are seeing increasing numbers of ‘skinny’ whales, and there were several strandings this spring in Washington and British Columbia. It’s fairly obvious that these animals are pushing their food resource to the limit, and some aren’t going to make it.
-They’re pretty resilient, but if food stocks don’t recover, or the whales can’t find sufficient other resources, then we’re going to start losing whales. I don’t think we’re in any danger of losing the grey whale, but it is nonetheless an issue of some significant concern.
The team is monitoring the situation and this year their research is focussing on looking for whales in unusual places. They are also diversifying their prey studies to include other species the whales may be eating, and continuing to study the mysids in the laboratory to analyse the conditions in which they thrive.
Dr Megill added: -The big message is that we still need to understand what’s driving the ecosystem. If it’s just the whales overharvesting, then fine, nature will handle it.
-But if it’s more complicated than that, and there’s some kind of anthropogenic driver involved, whether it’s climate change, ocean acidification, habitat degradation, or something else, then it’s our responsibility to work out what’s going on, and see about setting things straight.
-The likelihood is that the ‘setting things straight’ will go way beyond grey whales and mysids, and our story will be one more call for mankind to get a grip on his consumption in order to deal with the global consequences.
Rolling Meadows, Ill., US (9th June 2010), ISACA International Vice President Rolf von Roessing, CISA, CISM, CGEIT, has applauded the actions of Ireland’s Data Protection Commissioner in publishing a draft code of practice that requires incidents involving the theft or loss of personal data relating to more than 100 people to be notified to its office.
“The Irish commissioner has reportedly published the draft code in response to the recent recommendations of the data protection review group established by Dermot Ahern, the Irish Minister for Justice,” said von Roessing.
“As well as proposing that organisations be mandated to report data losses and thefts involving more than 100 people, the draft code also proposes mandatory notifications of all types where sensitive personal or personal financial data is involved,” he added.
According to von Roessing, the proposed code of conduct formalises the situation regarding data losses or thefts in the Republic of Irelandand, as such, will act as a reference model for other European countries.
The proposal effectively draws a line on the responsibility of managers of organisations which are handling data involving people’s personal records, and that includes human resource records.
This means, says ISACA’s international vice president, that most larger businesses in Ireland will have to report data thefts of most types as they occur, should the code of conduct be ratified as an Act.
Identity theft, says von Roessing, has now become a serious cybercrime problem, with criminal gangs selling personal data between themselves like never before.
“When the UK’s ICO announced in January of this year that he was increasing the penalties for data beaches and losses to 500,000 pounds, we welcomed those changes, noting that it is a major worry for responsible citizens to find that their private data – or even worse, that of their family – has been released into the public domain,” he said.
Security issues such as identity theft, job application refusals and all manner of public embarrassment can result from the disclosure of private data, he went on to say, adding that what can be shrugged off by one person can result in major concerns for another.
“It has been more than 25 years since the original UK Data Protection Act came into force, and since then, computers and the Internet have changed our lives largely for the better,” von Roessing said.
“The same is true for Ireland and most other countries and this is why we welcome this proposal by the Irish Data Commissioner´s Office, as it formalises what has been best practice in many organisations to date,” he added.
Dr John Philpott, Chief Economic Adviser at the Chartered Institute of Personnel and Development (CIPD) predicts that the coalition government’s deficit reduction measures will stall any recovery in the UK jobs market later this year, result in a post-recession peak in unemployment close to 3 million, and slow any subsequent return to low unemployment.
Dr Philpott said:
-Although tough fiscal medicine is unavoidable and may boost the UK’s long-run economic growth and job prospects, reliance on cuts in public spending rather than tax increases as the primary means of cutting the deficit makes the short-term outlook especially bleak for those individuals and communities already suffering the greatest hardship in society.
The likely scale of public sector jobs losses and the impact on unemployment
-It is evident that the coalition government’s approach to deficit reduction owes much to that successfully pursued by Canada’s Liberal government in the 1990s. This resulted in the loss of 265,000 jobs from then 3 million strong Canadian public sector workforce and an eventual fall in the share of public sector employment in total employment from 26% to 19%. On an equivalent scale, this translates into around 500,000 UK public sector job cuts, in line with the CIPD’s own pre-general election baseline estimate for the period 2010-2015. However, the latter estimate was based on a roughly 60:40 split between cuts in public spending and tax hikes as means of deficit reduction. If as seems likely the coalition government adopts a split closer to 80:20, UK public sector jobs losses of around 725,000 are expected.
-Job losses on this scale do not inevitably lead to higher unemployment. The reason that the fall in the share of Canadian public sector employment in the 1990s is so large is because private sector employment increased to fill the gap, at the same time enabling unemployment to fall. Indeed, in a growing economy the UK managed a similar outcome in the 1990s, with net private sector job creation more than offsetting a net loss of 800,000 public sector jobs and reducing the share of public sector employment in total employment from 23% to 19%.
-Unfortunately, however, the favourable macroeconomic conditions that eased the pain of public sector downsizing in the 1990s do not exist as we enter the current age of austerity. This time around deficit reduction will slow an already anaemic recovery and in the short-run be bad for jobs in both the private and public sectors, stalling any hopes of a sustained improvement in job prospects this year and causing the labour market to relapse next year.
-Prior to the implementation of deficit reduction measures recently announced for the current fiscal year, it is possible that UK unemployment would have peaked at just over 2.65 million in 2010. This is less than the 2.8 million forecast by the CIPD six months ago – while our earlier forecast for a continued fall in employment proved correct, the rise in unemployment was moderated by a substantial rise in student numbers and the impact of measures to combat youth unemployment introduced by the last government.
-The revised CIPD forecast – which is subject to further review at the time of the Emergency Budget on June 22 – is that unemployment will rise to a peak of 2.95 million in the second half of 2012 and remain close to that level until 2015. There is little prospect of real wage growth on average throughout this period and ongoing real wage cuts in the public sector.
-Given what we know historically about the way in which the social burden of unemployment and stagnant average income growth is shared across individuals and communities, the prospects for those already suffering the most disadvantage seem particularly bleak. This will present a major challenge to a government that aims to reduce the deficit while also alleviating poverty, enhancing social mobility and mending a broken society.”
The British Library is the national library of the United Kingdom and is one of the world’s greatest research libraries. The purpose of the British Library is to retain the nation’s knowledge and memory and as such, every item that is deposited in the British Library is accessible for readers on site. Currently, it holds over 150 million items in different formats including books, magazines, newspapers, maps, patents, stamp collections and recordings.
This institution is obliged by law to provide free onsite access to printed articles deposited in it and another of its key roles is to provide a Document Supply Service. This is a commercial service that provides access to users all over the world. With such a wealth of information housed within its walls and a worldwide customer base, the Library gets request for copies of documents, images, sound recordings and permission rights. The Library provides these items for account holders or customers who want to purchase a one-off item for research and consultation.
Moving away from traditional methods
The British Library receives over one and a half million requests a year for access to research articles and over 80% of those requests are for a surrogate copy of an item in the Library. In the past, librarians would photocopy the required item and mail it out to the customer. As such, the Document Supply Service was based on paper delivery. This posed two major problems; the time and cost incurred in shipping the copies to customers (often overseas) and the environmental problem of continual paper use.
Martyn Lunn, Business Development Manager at the British Library, who is the spine that holds the Document Supply Service together says; -Although this was our traditional method of document delivery, it was clear that it was not exactly cost or time effective. It was also having a negative environmental impact. Although we have a collection of items dating back to biblical times, we needed to step into the 21st century with a digital document system.”
DSS moves to scanning – Library to cut paper?
The British Library replaced all of their photocopying units with 110 Fujitsu fi-4640S image scanners. These scanners allow for image capture on a much broader scale and automatic adoption of the quality of the original document. The British Library has benefited from adopting a scanning policy as it has allowed them to digitise every copy of an original item and send it electronically to the customer. 70% of all output from the Library is now digital.
Lunn notes; -Fujitsu scanners have helped us move away from the time and cost consuming process of photocopying and sending physical documents, to sending digital renditions. Aside from the obvious environmental benefit, we have been able to shift from what was largely a paper based delivery system to a digital based system.”
The scanners were further modified to flatbed scanners by Relais International, a third party software provider, while maintaining the integrity of the scanners. This was additionally beneficial to the British Library as it allowed the librarians to scan books and other documents that cannot be scanned via automatic document feeder. Lunn adds; -This was a key part of the development process as it has allowed us to enjoy the full productivity that we can get from the Fujitsu scanners.”
Additional benefits – Digital library
The standard turnaround time for providing paper items to customers was five days but due to the new system facilitated by Fujitsu scanners, a quicker time of 24 hours has been enabled. The Library is now able to reach a much larger range of customers including over 10,000 international corporate organisations because of its quick turnaround.
The future is in scanning
The British Library is so impressed with Fujitsu scanners that it has installed an additional eight Fujitsu fi-6770 colour scanners and the library has now taken delivery of 40 additional fi-6750S scanners to enable colour scanning as an option for the future. Andy Appleyard, Head of Document Delivery & Customer Services at the British Library says; -The Fujitsu scanners have a great output rate. The fact that they work in the way that we need them to work is absolutely critical. We don’t know of any other machine that can produce the same output. The scanners are also very reliable – we initially had a maintenance contract with Fujitsu but we eventually cancelled it and only called them out on an ad hoc basis because the machines were never faulty and simply did not break.”
Andrew Cowling, Senior Marketing Services Executive at Fujitsu Europe notes; -I am incredibly pleased that Fujitsu scanners are helping a national institution such as the British Library be more productive and increase efficiency in their critical business processes.”
A leading campaigner, who has championed older people’s housing and support needs, is retiring after 35 years working in social policy and older people’s housing.
As a founder member of the national consortium of sheltered and retirement housing (ERoSH), Imogen Parry is retiring from her position as Director of Policy for ERoSH, as well as her wider work as a consultant.
Imogen’s career has included working as a senior lecturer in social policy, senior policy manager (older people) at Sanctuary Housing Association, and a freelance sheltered housing consultant and trainer.
Imogen, aged 60, joined other like-minded campaigners in 1998 to create ERoSH following the successful Emerging Role of the Warden project, which focused on the role of sheltered housing within effective community care.
Since ERoSH’s inception Imogen has used her passion for raising awareness of the potential benefits of sheltered housing amongst health and social care professionals to be an influential figure in the sheltered housing policy arena.
Chair of ERoSH, Jo McTavish, said: -Imogen’s contribution to ERoSH, as a founder member, trustee and Director of Policy has been immeasurable. Imogen has made an immense contribution to ERoSH and sheltered housing in general during her career.
-All the trustees at ERoSH would like to thank Imogen for her dedication and time over the years. Imogen and ERoSH have been intrinsically linked together and her role as Director of Policy has been influential in building the profile and success of the organisation.
Imogen, who was previously Chair of ERoSH, has been involved in the Ministerial Working Group for Sheltered Housing, and has spoken at dozens of conferences, written articles and co-authored two editions of the CIH ‘Sheltered and Retirement Housing – a good practice guide’ and written five other good practice guides relating to sheltered housing.
Imogen explained: -I am very sad to be leaving ERoSH which has given me an ideal outlet for my views about the undervalued and neglected role of sheltered housing buildings and staff, and the need for better partnership working with other agencies. But the timing of reaching 60 at the same time as having three new grandchildren has led me to make this decision to leave the sector. I will continue however to offer safeguarding adults training to housing staff, on a part-time basis.
Bruce Moore Chief Executive of Hanover Housing, which is a member of ERoSH, said: -Imogen will leave a huge gap. She has been such a passionate champion of the case for sheltered and retirement housing and in many respects has defined ERoSH.
Since Imogen helped form ERoSH some of her key achievements with the organisation have included:
Working extensively with ministers and civil servants on the sheltered housing agenda. Her political influence was evidenced by Imogen’s articles being quoted by MPs in the Adjournment Debate and Parliamentary Question.
Contributing to the pressure on government to set up a review of sheltered housing, which resulted in the Ministerial Working Group on Sheltered Housing being formed. Imogen represented ERoSH on the Ministerial Working Group during 2009.
Contributing to the public debate on sheltered and retirement housing in the media, which has raised the profile of ERoSH. Imogen has drafted position statements for ERoSH to clarify its views on resident staff, allocations, and needs led services etc, as well as representing ERoSH on BBC Breakfast and Panorama.
Consistently emphasised, through a range of platforms, the importance of joint working between sheltered housing and other agencies. Imogen has promoted best practice in the management of sheltered housing through joined up working with social and health care providers. She has worked to raise awareness of sheltered housing amongst health professionals through her work around malnutrition amongst older people.
Contributed to the training and development of sheltered housing staff, including in adult protection. Imogen has promoted awareness of sheltered housing staff amongst adult protection staff and other social care staff through work on safeguarding the role of sheltered housing staff.
A 34 year old man has been extradited to Canada after officers from Kent Police’s Public Protection Unit arrested him in Ashford earlier this year.
John Cox, 34, an IT specialist who attempted to use anti-tracking methods to thwart attempts by detectives, was back in the custody of Saanich (Canadian) Police today (Tuesday 8 June) after being on the run for three months.
Cox, a Canadian national, had fled Saanich, Canada where he was due to stand trial for nine child sex offences including grooming and possession of indecent images of children, two firearms offences and breach of recognizance.
Using different aliases of Sean Pulsen and Jean Guillaume and using IT software and encryption to disguise his online identity, Cox attempted to frustrate law enforcement attempts to track him down.
Kent Police’s Detective Inspector Matthew Long said: ‘Public protection is Kent Police’s priority. Officers worked swiftly in order to ensure this man did not pose any risk within our community. I am pleased he has now been extradited back to Canada where he will face the charges put to him.
‘We will not tolerate anyone who puts children at risk within our county and will work with other agencies in this country and abroad, to ensure crimes against children are stopped.’
Officers from the Child Exploitation and Online Protection (CEOP) Centre tracked Cox’s movements to Kent and officers from Kent Police’s Public Protection Crime Unit (PPCU), based at police headquarters and South Kent specialist Public Protection Officers, carried out local enquiries in order to secure an international arrest warrant. Kent officers acted quickly and arrested Cox on 5 May. He was held in custody and transferred to the Metropolitan Police Extradition Unit who have secured Cox’s return back to Canada.
Detective Inspector Jon Holl from South Kent Public Protection Unit praised the effectiveness of working relationships between agencies and the quality of his staff saying: ‘This is a practical example of the effectiveness of law enforcement agencies from local to international level working together to protect children in Ashford and across the UK. I am immensely proud of my highly motivated and specialist team of investigators, often working invisibly to the general public to protect our children.’
Jim Gamble, Chief Executive of the Child Exploitation Online Protection (CEOP) Centre: ‘This potentially dangerous individual tried very hard to cover his tracks but he had underestimated the determination of CEOP and Kent Police officers to capture him. Hopefully Cox – and other suspected child sex offenders – will realise that the UK is not a safe place for them.’
Recent Comments