Security News
This News Section is written and maintained by: Jewel Creative Ltd
Holland and Barrett rolls out Checkpoint's EVOLVE Electronic Article Surveillance system in 135 UK stores
September '10
Vitamin, mineral and herbal supplement retailer Holland & Barrett has announced that it is rolling out Checkpoint’s EVOLVE Electronic Article Surveillance (EAS) system with fully integrated visitor counting at 135 stores in the UK. The EVOLVE system will allow the retailer to tackle theft and accurately measure customer throughput.
Holland & Barrett, NBTY Europe, which consists of Holland & Barrett, GNC, Natures Way, De Tuinen and Julian Graves and has over 1000 stores across the UK, Ireland and Holland, initially elected to install Checkpoint Systems’ visitor counting solution, CheckCountTM, as a stand-alone system to monitor the sales effectiveness of its staff and gather quantified results from marketing campaigns. However, Holland and Barrett realized the additional benefits that an integrated EAS and visitor counting system could deliver, in terms of return on investment for both the loss prevention department and the marketing and sales teams.
Jon Pilkington, Internal Audit Manager at Holland & Barrett, explained: “The results of the CheckCount trial were extremely positive and gave us access to detailed data that we needed in order to improve our sales techniques in individual stores, as well as gain a better understanding of the effectiveness of marketing campaigns. With ‘people-counting’ technology we are able to measure which promotions get customers through the door.”
“We had initially approached Checkpoint solely about visitor counting,” continued Pilkington. “After a limited initial trial of the CheckCountTM solution, Checkpoint suggested we explore the new EVOLVE EAS system with a visitor counting solution integrated into the EAS pedestals. We previously had no EAS systems in our stores, so we were eager to see how they could reduce shrink and increase our average transaction value by allowing us to give customers open access to more of our products, knowing the products would now be secured from theft. The integrated EVOLVE solution provided us with the same accurate visitor counting data, but also helped us to reduce shrink. The EVOLVE system was a perfect fit for us as it allowed us to solve two problems with one solution. As such we agreed to run a three-month trial of the EVOLVE integrated platform.”
The results of the trial convinced Holland & Barrett to roll out Checkpoint Systems’ EVOLVE EAS system to tackle shrink, increase shelf availability, monitor customer throughput, improve store operations and ultimately enhance their bottom-line performance. The EVOLVE antennas, integrated with Checkpoint’s visitor counting solution, will be fitted at store entrances.
In addition, Holland & Barrett is using Checkpoint’s Enhanced Performance (EP) labels with the EVOLVE system. The EP Labels family includes labels that are significantly smaller in size, making them an excellent choice for small health and vitamin items, while actually enhancing detection performance and increasing the effectiveness of the system.
Pilkington added: “We agreed to an initial trial period of three months, and we were so impressed with the results that we decided to fully roll out the EVOLVE solution, incorporating visitor counting. The integrated systems’ ability to monitor activity in-store, increase our average transaction value and secure our merchandise from theft, delivered a return on investment far more quickly than other systems.”
EVOLVE’s integrated visitor counting is powered by the EVOLVE VisiPlusTM unit, a bi-directional people counter housed right on the antenna that accurately measures the number of people entering and exiting a store. The system’s built-in connectivity allows data to be automatically exported daily for detailed analysis and reporting. This helps retailers improve store operations and, when combined with PoS transactional data, understand their customer conversion rate.
Holland & Barrett also chose to integrate EAS compliance management tools into the EVOLVE system. Store staff members enter reasons for EAS activations into CheckPro Compliance Manager - a small unit located near the store entrance/exit. This information is then uploaded to Checkpoint’s Web-based reporting service, where retailers can remotely monitor and report on the reasons for EAS activations. The reports help the loss prevention department maximize the return on their EAS investment by allowing them to pinpoint operational issues and initiate corrective actions, and ensure that staff are actively engaged in the EAS programme.
Per Levin, worldwide president of Checkpoint’s Shrink Management Solutions business, concluded: "We are pleased that we have been able to take Holland & Barrett into the loss prevention arena. Due to the recession, more and more retailers have started to look at visitor counting technology as a way of improving sales within their stores. Holland & Barrett is leading the way by introducing EVOLVE, a revolutionary solution that helps to reduce shrink, improve merchandise availability and leverage real-time data in ways never before possible."
Currently, the integrated Checkpoint Systems EVOLVE solution has been installed at 135 Holland & Barrett stores across the UK and Ireland to date, with additional stores planned for the future.
Source: SecurityPark
July '10
Cloud computing will result in an improvement in security defences
According to a recent poll, over half of organisations believe that cloud computing will result in an improvement in security defences according to a poll from 360°IT, a fifth thought there would be no improvement and a quarter of organisations said that it will be detrimental.
Richard Hall, CEO of CloudOrigin, claims that the current trend of businesses migrating their IT systems into the cloud does not mean a reduction in security defences.
Far from it, says Hall, who, after more than 20 years in the IT business, has concluded that cloud technology actually raises the industry's game on the security front. "After decades performing forensic and preventative IT security reviews within banking and government, it was already clear to me that the bulk of security breaches and data losses occur because of a weakness of internal controls," he said in his 360°IT blog post.
According to Hall, the complete automation by public cloud providers means the dynamic provision, use and re-purposing of a virtual server occurs continuously within encrypted sub-nets. The process, he says, occurs out of sight of operations staff and without any of the manual interventions that might introduce unintended weaknesses.
"That's why solutions built on commodity infrastructure provided by the likes of Amazon Web Services have already achieved the highest standards of operational compliance and audit possible - for example in healthcare (HIPAA), credit cards (PCI DSS) and audit (Sarbanes Oxley, SAS70)," he explained.
Citing the example of Easyjet and how the successful airline has harnessed the application integration security benefits of Windows Azure at the platform as a service (PaaS) level, allowing the company to move its airline management systems into the cloud, the CloudOrigin CEO said the airline has effectively reduced its security exposure and increased its resilience as a result.
Other organisations that are drawing on the security benefits of the cloud include the RNLI, whilst the Cloud Security Alliance is bringing together users, vendors and consultants to formulate and share best practice.
Hall says that, as the CSA's executive director Jim Reavis announced to a packed room of IT security experts in London, work is now under way on cloud security controls, governance issues and many other issues. Also in the pipeline, he added, are a series of interoperability standards and audit guidance, as well as individual accreditation for practitioners. You can therefore, he says, expect to see more high-profile cloud solutions as a result.
Source: SecurityPark
March '10
Guarding costs represent a significant part of the overall facilities budget
According to a recent Magenta Security Services survey, the greatest number of respondents (42%) confirmed that their guarding costs represented a modest 10% or less of their overall facilities budget. However, a surprisingly large number (12%) confirmed that between 50 and 75% of their facilities budget goes into guarding – making it their single largest and most important piece of expenditure.
Magenta Security Services, managing director, Abbey Petkar: “This is great news for the guarding industry. After the results of our last survey showed that 74% of businesses were most fearful of physical attacks on their business (51% theft and 23% vandalism) we were not surprised to see reasonable expenditure on guarding but the fact that over a third of our respondents spend more than 25% of their budgets on guarding is great news.”
“Guarding represents the most effective means of protecting businesses against physical attack and the fact that businesses are still investing in such services is a great sign for the future of the industry.”
The data used to compile these statistics was collected by Magenta Security Services in the final quarter of 2009. Businesses surveyed included retailers, public authorities, recreational facilities and commercial buildings.
Source: Security Park
January '10
Imperva reveals the most commonly used passwords
The most commonly used passwords have been revealed:
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
This list comes from the Imperva study, analyzing 32 million passwords recently exposed in the Rockyou.com breach. Imperva’s Application Defense Center (ADC) analyzed the strength of the passwords in a report 'Consumer Password Worst Practices', to help consumers and website administrators identify the most commonly used passwords they should avoid when using social networking or e-commerce sites.
“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes,” explained Imperva’s CTO Amichai Shulman.
“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”
Some key findings of the study include:
· The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
· Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.
· Recommendations for users and administrators for choosing strong passwords.
For enterprises, password insecurity can have serious consequences. “Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” said Shulman.
“The problem has changed very little over the past 20 years,” explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. “It’s time for everyone to take password security seriously; it’s an important first step in data security.
Source: Security Park
January '10
GeoLok locking and tracking solution prevents access to containers while tracking the shipment
Across South America, Central America, and the Caribbean, new rail and ocean carrier links are being made within the region and internationally. Even domestically, trade routes are being developed and improved to increase cargo traffic to and from previously harder to access areas. The new trade routes are seen as boosters to the Latin American and Caribbean economies.
One such domestic project is a new rail line to connect Valparaiso and Santiago in Chile. This project would greatly decrease travel times between the two cities. Peru is also upgrading its rail lines to carry copper, gold and phosphate from mines in the interior to the Bavovar port. According to President Alan Garcia, the rail link will add nearly 2% to Peru’s annual GDP, create 500,000 jobs and carry a million tons of supplies to the mines.
A new cargo shipping line between the Port of West Palm Beach and Colombia, Ecuador, Peru and Chile has been established by BBC Chartering USA. This line will help increase cargo shipments to these countries, particularly for the construction and mining industries. Maersk Line is opening new shipping lines between South America, Central America and the Carribean. Direct ports of call will be established linking the ports of
Buenos Aires (Argentina), Zarate (Argentina), Montevideo (Uruguay), Rio Grande (Brazil), Itajai (Brazil), Paranagua (Brazil), Santos (Brazil), Port of Spain (Trinidad and Tobago), Cartagena (Colombia), Manzanillo (Panama), Kingston (Jamaica), Puerto Cabello (Venezuela), Point Lisas (Trinidad and Tobago), Vitoria (Brazil), and Santos (Brazil).
Unfortunately, when new trade routes are established they can quickly become targets for cargo theft. Increased container traffic in a port increases the time containers end up in a holding pattern leaving them vulnerable to theft. In addition, cargoes transported by rail are also vulnerable to theft, especially when trains are stationary.
Also, cargo theft is characterized by FreightWatch International as elevated to extreme across the entire region. Honduras, Costa Rica, Panama, Venezuela, Ecuador, Bolivia, and Paraguay are considered to have a high amount of cargo theft. Cargo theft is considered to be severe in Colombia, Guatemala, and Haiti while it is extreme in Brazil and Mexico.
While there are several companies now offering cargo security in the form cargo tracking systems most lack a physical security component. There is one exception to this dilemma in a solution provided by the TrakLok Corporation. Its GeoLok locking and tracking solution provides physical security preventing access to the container while tracking the shipment in real-time anywhere on the planet.
By employing TrakLok’s patented technology in a multi-layered security approach, cargoes can be better protected against theft than ever before. GeoLokTM is unlike any other cargo security technology in providing both physical security and real-time monitoring. Quite simply it is the best security solution on the market for containerized cargo.
In addition to providing better physical security than any other tracking solution on the market, data generated by the GeoLoKTM will be accessible through TrakLogTM. This information can be used in Transportation Management Systems to increase efficiency in shipping and supply chains. The GeoLokTM provides information on idle containers that can put into use, if a shipment is ahead or behind schedule, if a driver has deviated from course or if a shipment needs to be triaged and unloaded quickly. It also can give information on the condition of the shipment itself by communicating with sensors that detect temperature, humidity, light, even spoilage.
TrakLok Corporation, which owns the intellectual property for the GeoLokTM container locking solution, has integrated several wireless technologies to track containers globally, and has developed its own web accessible information-technology based global tracking system. The information provided by the GeoLokTM is accessible through TrakLogTM where users can obtain the location and condition information of a given container from any computer or web enabled device.
TrakLogTM alleviates in a holistic fashion problems for companies managing containers in the supply chain including:
• Asset visibility. Where is my leased or owned container now?
• Condition monitoring. How is my container now?
• Security/stop loss. Has my container been tampered with?
• Asset utilization. When can I return my container to duty?
• Predictive maintenance of assets. When is my next required maintenance?
Source: Security Park
IP CCTV with Automatic Face Recognition can help address the huge rise in shoplifting
The latest shoplifting figures released by the British Retail Consortium reveal that a shop theft occurred nearly once every minute in 2009 – landing UK businesses with a hefty £1.1bn bill.
Retailers considering how to tackle this issue in 2010 may want to consider how IPCCTV systems could help them address this increasingly expensive problem. Matt McCloskey, Senior Manager, Applications & Services of ntl:Telewest Business explains:
"IP CCTV brings surveillance into the digital age. Essentially it runs as an application across the converged, corporate network. By running IP CCTV over the existing network, organisations can essentially digitise it. This gives increased control of surveillance, makes maintenance much easier and reduces security costs. It is also incredibly easy to add and move cameras on an IP network, versus a traditional system, which further enhances security effectiveness."
"IP CCTV technology opens surveillance to imaginative new applications. As images can now be viewed and stored digitally this has made it possible for software developers to create innovative ways of analysing and presenting data. With that in mind, IP CCTV will soon enable Automatic Face Recognition, making IP CCTV security systems proactive rather than simply reactive. Automatic Face Recognition can be used to flag known suspects to camera operators. So, for example, if a known shoplifter enters a supermarket, security staff will be alerted immediately. The application is reported to be ten times more effective than the average policeman on the street."
Source: Security Park
Virus and Malware Threat to computers running Mac OS X
As Apple has provided more information about Snow Leopard, the next version of Mac OS X (10.6) to be released in September 2009, the company has also publicly recognized the virus and malware threat to its operating system. This highlights the need to use the best antivirus software to protect computers running Mac OS X.
On Apple's web page outlining security features in Snow Leopard the company discusses features that provide "Defense against viruses and malware," such as warnings when users open applications they have downloaded, a feature that has existed since Mac OS X 10.4. This page also states that "Mac OS X offers a multilayered system of defenses against viruses and other dangerous malware," such as "sandboxing," a method of restricting the actions that applications have to an operating system or its files, library randomization, which "prevents malicious commands from finding their targets," and execute disable, which protects memory from attacks.
Beyond recognizing the malware threat to Macs, Apple goes further, admitting that the techniques it includes in Mac OS X aren't enough to fully protect Macs from viruses and malware. The company provides security advice, as Intego has said for many years, saying, "since no system can be 100 percent immune from every threat, antivirus software may offer additional protection." Apple's attitude toward the malware risk in the past has been careless, especially in its TV commercials, suggesting that malware targeting the Mac does not exist. This change in the company's position shows that Apple has realized that the threat is real.
Apple has flip-flopped on the question of viruses and malware in the past. In December 2008, the company updated a technical document on its web site recommending three antivirus programs (including Intego VirusBarrier X5) for use with Macs. But given the response from the press, regarding Apple’s acknowledgment that Mac users need antivirus software, Apple removed the document. It is clear, however, that talking honestly about the security threats that Mac users face will have no negative effects on the success of Mac OS X. Mac users will be better informed about the risks they face, and will be better protected since they are aware of these risks.
"Apple has finally recognized what Intego has been saying for years: that Macs are not immune to viruses and malware," says Laurent Marteau, CEO Intego. "With the recent increase in Mac malware, it would be logical, as a next step, for Apple actually to integrate anti-malware technology in future releases of Mac OS X. As the only 100% Mac security company, we would be happy to work with Apple to ensure that Mac users get the best protection from viruses and malware."
Intego has long shown that Macs are at risk from malware, and the company's flagship VirusBarrier X5, which Macworld has called "the gold standard", has been the leading bastion against malware on Macs since 2000. Intego has always highlighted the risks to Macintosh computers, and ensured that its software protects Mac users from the latest forms of malware as soon as they appear. VirusBarrier X5 remains the best and most trusted antivirus and malware software for Mac OS X.
Source: Security Park
Companies fail to take precautions to secure the weakest link in their information infrastructure - paper
Recent well documented stories in the media have shown how easy it is to cause breaches in security by careless handling of paper documents. IT managers need to understand that not all attacks are malicious, and employees can inadvertently be involved in accidental data loss.
While millions of pounds have been spent by corporations on security networks to ensure that data entering and leaving cannot be accessed by anyone without permission, many companies still fail to take any precautions to secure perhaps the weakest link in their information infrastructure – paper.
With Chief Security Officers under increasing commercial and regulatory pressure to implement watertight data security systems to protect their businesses, Helen Berentzen, office solutions marketing manager at Ricoh, says that the focus should not only be on digital information. The potentially most embarrassing data, or compliance, breach could be paper-based.
Investing in firewalls and anti-virus software has become second nature for businesses to ensure that their sensitive information is not stolen and does not fall into the wrong hands. The same cannot be said for technologies that ensure the security of hard copy documents.
According to research by Info Trends, 30 per cent of business documents are still paper based yet the majority of companies are failing to ensure that they have taken adequate precautions to ensure that paper does not become the weakest link in their information and document management strategies.
Increased regulatory compliance and legislative requirements to protect data mean companies need to treat paper-based documents with the same degree of security attributed to digital data.
IT managers need to look at the threats and demand that their paper-based information is as secure as that contained on corporate networks. Complete document security cannot be achieved without considering paper documents. Technology already exists to achieve these standards without inconveniencing everyday life but before you can implement it you need to fully understand your needs.
When data is shared by many users across a network, new threats to security can arise continuously, simply as a result of human nature. Mistakes are made and information can be leaked simply by people accidentally looking in the wrong file on a network, or by printing out a document that is inadvertently picked up by someone else. What one person doesn’t consider sensitive data, may become extremely sensitive in the hands of the wrong person.
These may sound obvious but what would be the impact on staff morale if, for example, details of the pay-roll or disciplinary proceedings were left lying around the printer, or if they were picked up by the wrong person in error? Alternatively, what would be the impact on the business if your sales orders were typically received by fax and a large order comes in this way and is misplaced? The customer will never receive their goods, valuable business is lost and goodwill is put at risk.
When developing information and document management strategies it is important to consider the whole of the document lifecycle. The sensitivity of information – both internal and external - needs careful evaluation. All aspects from access control, scan, copy, print and even fax need to have clear guidelines within an organisation to ensure devices linked to the IT network cannot compromise information security.
Threats that organisations need to consider when looking at documents include:
• Document creation – who is opening and viewing soft copy documents; when are they being scanned and saved onto the network?
• Scan to email – without an audit trail it is impossible to monitor if someone has distributed confidential data to a wrongful destination, or to track who has received it?
• Unauthorised access to archived documents.
• Can documents be copied or viewed by passers by once printed?
How can these be resolved?
Each log-in point on the network, such as multifunctional devices (MFDs), printers, scanners, copiers and mobile devices, etc should require user access just like a PC. As part of a standard security programme IT managers can implement authentication solutions which require staff to input their log-in details and password before accessing these devices, just as they would to access their PC or the corporate network.
Smartcards ensure that access to MFDs is restricted and print jobs can only be released by the authorised users. This means that documents can only be scanned, emailed and faxed directly from these devices by staff members with authority to do so.
In more complex environments, the latest security technologies can provide up to four different layers of administration and supervisor rights for enterprises, including managing permission for machine default settings, network default settings, access to stored files and managed local address books.
As with any form of network traffic, unprotected print jobs are vulnerable when they transfer from the desktop to the output device, so it is now possible to encrypt this traffic in order to restrict the ability of hackers (internal or external) to access this data in transit. Other uses of encryption on an MFD include; data in the local address book, print job authentication and encrypted passwords when using PDF direct print functions.
With documents only being printed when the user actually goes to the device, the system has the benefit of reducing the environmental impact of energy and paper consumption. It stops people sending print jobs to the printer and then not collecting them, saving paper and energy. If a print run isn’t collected at the device within a pre-defined time period, then the device simply deletes the job from the queue.
Looking to the future
While smartcards and encryption technologies are already available to businesses, biometrics is fast becoming the next step in authentication with enterprise ready solutions. According to Matia Grossi, Frost & Sullivan’s industry analyst, “the market for biometrics products is going to almost triple in value between 2008 and 2012.”
This will address demand for an enhanced, secure identification and personal verification technology. Fingerprint technology is the most established way of doing this, with the main advantages being that it is the most economical biometric technology, its small form factor, reduced power requirements and resistive nature to temperature and background lighting. It also provides added convenience to the user who doesn’t have to remember a user ID PIN and reduces the risk of lost cards.
This technology is being developed for a range of devices and will allow the release of documents only when an authorised fingerprint is read at the device, providing users with added security, control and convenience. Biometric applications will also eliminate the security and cost implications every time an authentication card is lost. This is an issue which has been highlighted in technology savvy schools that spend a small fortune replacing the authentication cards that students lose.
In the not so distant future this could be extended even further with devices having the ability to scan retinas or even DNA before releasing documents.
Source: Security Park
May '09
Checkpoint Systems cuts theft at Crombie
Crombie, a luxury British clothing retailer, has announced a partnership with Checkpoint Systems, to reduce shrinkage and improve store operations. Most famously recognised as creator of the world’s finest coats, Crombie has installed Checkpoint’s Style and Plaza EAS antennae to reduce theft. The retailer has also invested in the CheckCount TM visitor counting Service to improve store operations and increase the customer conversion rate in six of its eight UK stores.
Crombie was experiencing high shrinkage levels on certain product lines, and approached Checkpoint to help address the problem. The need was two-fold; a solution was required to address shrinkage in stand-alone stores and concessions whilst laying the foundations for long-term plans to migrate to a combined RFID and source tagging programme.
Adrian Roe, IT Manager at Crombie explains: “We needed to address our shrinkage problem as it was eating away at our bottom line. Particularly in the current economic climate, rather than cut our budget in this area, we realised we had to invest in security to protect our margins from further erosion.
“Checkpoint Systems is a market leader in this area and has a very good global labelling network. Coupled with the fact that it also supplies one of the UK’s leading department stores with its EAS technology, it made sense to enter into discussions, given that our RF labels had to be compatible with their systems for Crombie concession stores. And so far it has proven to be a prudent business decision.
“The EAS system has been installed for a number of months now and we have already seen a great improvement in our stock loss figures. One store in particular, that at one stage was recording the highest level of stock loss of them all, has already achieved a 50 per cent reduction in shrink. “added Roe.
In addition to EAS technology, Checkpoint is also supplying Crombie with the very latest version (4.1) of its CheckCountTM visitor counting Service. Previously, the retailer had little or no visibility on the number of visitors to its stores and therefore no clear idea of each outlet’s trading performance in relation to potential customers.
CheckCount TM operates by automatically collecting and transferring store visitor information via a secure server into a web-hosted site for reporting and evaluation. Having installed CheckCount TM and integrated it with its stores’ transactional data, Crombie can now obtain detailed analyses on the performance of its outlets and create customised customer conversion rate reports.
Roe added: “The most important reason for us choosing CheckCount TM was the fact that it can be integrated with our EPOS data to provide us with details of customer conversion rates. We needed more of an insight into our business performance and the reporting and analytical capabilities CheckCount TM offered met this requirement perfectly. Having a greater insight into visitor numbers is essential for managing and improving our overall business performance and increasing sales.”
Neil Matthews, Vice President, Northern, Central and Eastern Europe was delighted to win the Crombie contract: “Adding a prestigious brand like Crombie to our client portfolio was a great coup for us, and it’s satisfying to see that our systems are already delivering results.
“Investing in our EAS technology will certainly help Crombie lower its shrinkage levels and we will continue to work with them to ensure we tackle the issue effectively. At the same time, installing the CheckCount TM visitor counting Service will not only deliver specific insight into certain areas of interest but will also help to improve Crombie’s overall business performance and increase profitability.”
Crombie is also working with Checkpoint to create bespoke labels overprinted with its logo for both men’s and women’s ranges.
Source: Access Control News Portal
Source: The Security Excellence Awards Team.
January '09
Laser-based security system for extreme weather conditions
Effective nighttime security is a critical deterrent to crime and terrorist activity around the world. Often, the rugged environmental conditions prove to be a challenge for security systems. Extreme heat or cold weather can wreak havoc on sensitive electronic equipment that is fine-tuned to operate within specific parameters.
The Vumii Discoverii security platform is used in border security systems, airports, ports, waterways and nuclear power plants around the world. It has a reputation for reliable security and is also used by the US Department of Energy and the Department of Defense.
Unlike conventional night vision technologies that rely on moonlight, proximity and/or significantly more costly equipment, Discoverii uses continuous wave laser illumination, electro-optics and image processing to provide clear pictures in zero light or full daylight.
With the assistance of Georgia-based Rep Technology, the engineering team at Vumii selected the VersaLogic Python single board computer (SBC) for its laser-based security system because of its proven versatility in the field and its rugged dependability.
"We needed the tools to bring back the image and control the system in the embedded PC," said Dan Russotto, Vice President of Product Strategy at Vumii. "The Python product delivered on, and exceeded, our expectations."
Discoverii provides unprecedented target recognition and identification, with excellent natural contrast image resolution and magnification out to 3000 metres. Unlike with IR thermal imagery, Discoverii produces grayscale video in which people look like people and words and numbers are legible. Discoverii also provides visibility through rain and other inclement weather.
Enter 19 or XX at www.engineerlive.com/eee
VersaLogic Corporation is based in Eugene, OR, USA.www.VersaLogic.com
Source: EngineerLive
November '08
Installers advised to get ready for EU Battery Directive
By Anthony Hildebrand
The British Security Industry Association is advising installers to get prepared for the forthcoming EU Battery Directive – the latest piece of environmental legislation which comes into force next year.
The new directive aims to reduce the environmental impact of waste batteries that are currently disposed of in landfill sites by ensuring that they are collected, treated and, where possible, recycled. This new piece of legislation covers portable batteries (such as torch batteries, AA, C Cell etc); industrial batteries (intruder alarm panel lead acid batteries); and vehicle batteries.
BSIA technical director Alex Carmichael said: "Installers may believe that this new piece of legislation only affects those producers who supply batteries. However, this is not the case. It will be up to the installer to collect the batteries wherever possible and dispose of them in the correct waste stream."
Battery box
“Installers already collect lead acid batteries for disposal. In the future it is expected that installers will collect the small AA and C Cell type batteries and return them to the waste stream instead of just throwing them in the bin. A simple method of achieving this is by having a battery box in the engineer's van.
"The new regulations will set in place a national waste mechanism for battery collection and also describes battery labelling requirements, restrictions on the type of materials batteries can be made of, and requirements for the ease of battery removal from an appliance. The BSIA and its members are looking at the necessary systems to put in place to ensure compliance with the new regulations and to meet the 29th September 2009 deadline when the full requirements come into effect.
"The Battery Directive is a worthy piece of legislation and will make a real contribution to protecting the environment. It is now up to the industry to ensure that its businesses are prepared to make the introduction of the legislation as seamless as possible."
Oct '08
HSBC Installs Biometrics
HSBC has become the first bank to install facial-recognition technology at its two new data centres in the UK following recent high-profile cases of identity theft.
Identity theft is now the fastest growing crime in the UK, affecting over 100,000 people at a cost of £1.7m. In response to growing concerns, the bank will be working with Surrey-based biometric experts OmniPerception to develop and install 10 ‘light immune’ facial biometric access control units over the next six to nine months. The units will be based on OmniPerception’s CheckPoint facial-recognition technology.
OmniPerception’s products have been used in police applications throughout the UK and are currently being applied for access control, data protection and general improvement of identity management.
David McIntosh, chief executive of OmniPerception, said: ‘Helping to prevent sensitive data falling into the wrong hands is clearly an important role for modern facial biometric technology.
‘By being the first to adopt facial-recognition technology for this purpose, HSBC is blazing a trail that will benefit both the banking sector and society as a whole.’
Sep '08
Isis Forensics, a Lancaster University spin out company, has developed a tool to help businesses clamp down on illegal file sharing. Businesses can face serious consequences from illegal file sharing that takes place on their network, whether the files contain confidential client data or copyrighted material such as music downloads. But many companies appear to be powerless to stop it. As part of a study, Isis Forensics observed that more than a third of FTSE 100 companies and more than half of Fortune 100 companies were sharing copyrighted material such as music, films and software using Peer-to-Peer (P2P) file sharing software.
By building on P2P file sharing monitoring techniques, Isis Forensics can non-invasively monitor the file sharing activities of organisations based anywhere in the world and alert them should compromising behaviour be detected. James Walkerdine of Isis Forensics said: 'The risks of illegal file sharing are huge. There have been examples of file sharing software bypassing a company’s network security. This has led to virus infiltration making company computers open to attack. 'There have also been documented cases of employees accidentally sharing sensitive information - this is particularly worrying for an organisation that is responsible for financial or personal information relating to clients.'
He added: 'Isis Forensics can monitor file sharing activity to ensure it is safe without interfering with day-to-day business. Ultimately we can help companies to stop illegal file sharing before it becomes a problem and they are faced with the consequences.' Isis Forensics was created by Danny Hughes and James Walkerdine of Lancaster University’s computing department. Their company is already working with a range of large international organisations and has provided services to public institutions both in the UK and abroad.
July '08
Electronic Billing System Enhances Security
A leading car rental company has worked with OTM to develop an e-billing system, which will meet Europe's tightest data security regulations. A leading car rental company has worked with OTM to develop an e-billing system, which will meet Europe's tightest data security regulations An electronic invoicing system, which is claimed to provide ease of operation along with maximum security for customers, went live in Germany last August and will be live for the rest of Europe in April. The brief for OTM was to develop a method of e-billing that would be a 'push' mechanism and not require the car rental company's customers to pro-actively log-in.
It needed to meet Germany's data security regulations - the strictest in Europe - that overcome concerns that invoices could be altered or interfered with during transmission. OTM's e-billing system works by delivering to the car rental company customers an email containing two attachments, the invoice in PDF format and a digital signature. The data in the digital signature verifies that the invoice has been produced by OTM on behalf of the rental company and acts as proof of authenticity. In addition, the digital signature, when presented with an associated invoice allows the car rental company to validate the invoice, said OTM. The company said that much attention has been paid to the email carrier to reinforce the car rental company brand.
The email engine allows the user to incorporate advertisements and to apply rules to target marketing campaigns at specific groups of customers. The system also provides the car rental company's customers with access to a website that enables them to verify the digital signature and access copies of their invoices. Each customer is sent a link to the website, which varies depending on their status. The customer's staff are given access to facilities that allow them to search for and view electronic documents. The electronic invoicing system is the latest in a series of services that OTM has developed for the car rental company, who have a presence in Europe, Africa, the Middle East and Asia, serving almost eight million customers a year, added the company.
The car rental company's adoption during 2004 of OTM's 042 application, which prints individually customised messages on bills, increased customers' response to marketing promotions to more than 10 per cent.
July '08
Solaris gets another Common Criteria certification
Sun's Solaris 10 operating system with Trusted Extensions has obtained Common Criteria certification for the Labelled Security Protection Profile (LSPP) at Evaluation Assurance Level (EAL) 4+. EAL 4+ is one of the highest commonly recognised assurance levels with very few operating systems exceeding it.
The certification applies to both the x86/64 and SPARC versions of the operating system. The Canadian auditors CGI have also included in the testing process a multi-level secured version of the Gnome GUI and desktop. Often, certified systems have only been tested and certified for command line usage.
Solaris had previously received EAL4+ certification for the Controlled Access Protection Profile (CAPP) and Role Based Access Control Protection Profile (RBACPP) for Solaris Trusted Extensions. The open source OpenSolaris operating system has not been certified, but the Trusted Extensions code has been incorporated into it.
Common Criteria, published as ISO/IEC 15408:2005, is an internationally standardised procedure for evaluating IT security. Protection profiles are used in CC certification to specify security objectives from the user point of view and form the basis of product certification. EAL certification is generally a pre-requisite for being able to deploy a product in security-related areas of government organisations or in the financial and health care sectors.
July '08
Google Mail has more spam
Roaring Penguin Software says its research shows that the proportion of email coming from Google Mail accounts that is spam has almost quadrupled, from 7 to 27 per cent. This means that more than one email message in four coming from a Google Mail account was classified as spam, which makes up more than 2 per cent of all spam email originating from America.
