The JamieWire

So What is Scrum?

2010-06-02T14:44:00.000-07:00

Scrum provides a framework for project management and agile software development. In 1986, Hirotaka Takeuchi and Ikujiro Nonaka described a new holistic approach that was designed to increase speed and flexibility in the development process for new commercial products.

They compared this new holistic approach to the sport of Rugby. The Scrum development phases overlap and the entire process is performed by one cross-functional team across the different phases. Similar to Rugby, where the whole team “tries to go the entire distance as a unit passing the ball back and forth”. Note - this is where the name Scrum came from - it was their favorite Rugby team! Scrum is not an acronym!

Scrum was first used for the management of software development projects. The beginning case studies came from the automotive, photo machine, computer and printer industries. Now Scrum is also used to run software maintenance teams and for general program/project management.

Scrum is seen as a “process skeleton” containing defined practices and roles.

The key roles in Scrum are:
1. “ScrumMaster” - maintains the processes (similar to a project manager)
2. “Product Owner” - represents the stakeholders and the business
3. “Team” - a cross-functional group of approximately 7 people who perform the analysis, design, implementation, testing, etc.

DEFINING THE SPRINT
A “sprint” is typically a 2 to 4 week development period decided by the team. This timeline is the time required for the team to meet a milestone such as development of a shippable "beta" product(ex: working/tested software).

THE PRODUCT BACKLOG
The set of features that are assigned to a sprint come from the product “backlog”. The backlog is a prioritized set of high level requirements of work to be completed. Specifying which backlog items go into the sprint is determined during the sprint planning meeting. The Product Owner informs the team of the items in the product backlog that need to be completed. The team determines how much of this they can commit to in order to complete the next sprint. Then the sprint is set to start.

FROZEN SPRINT
During a sprint changes are not allowed in the sprint backlog. In other words-the requirements are frozen for the active sprint. After a sprint is completed, the team demonstrates how to use the product(ex: software).

STRONG CROSS-COLLABORATION
Scrum promotes self-organizing teams that co-locate all of the team members assigned to the project. Scrum also requires frequent, in person, verbal communication across all team members and disciplines that are involved in the project.

CUSTOMER REQUIREMENTS FLEXIBILITY
A key benefit to Scrum for customers is that during a project the customers can offer additional requests or change their minds about what they want and/or need. In a traditional development process customers’ needs cannot be taken into consideration as the process is too rigid. Scrum promotes the approach of focusing on maximizing the team’s ability to deliver quickly and respond to the customers emerging requirements.

World-Check - Due Diligence (EDD) services - Global Company Background Checks

2010-05-06T10:17:00.000-07:00

If you are thinking of Partnering with a new company outside of the US and wonder what their "status" is - you may want to engage World-Check services!

In this down economy many companies are searching for new global opportunities in emerging markets. These new locations can present unusual challenges such as; corruption, organized crime, weak laws, unenforceable contracts, terrorist financing and money laundering. These are all common threats that have to be identified, assessed and mitigated prior to entering into a business relationship.

Effective risk management is key - you need to know who you are dealing with.
It is prudent to really understand the backround of international clients, business partners, distributors, agents and consultants. Especially before committing to an offshore deal, business association or foreign investment.

World-Check offers IntegraScreen Reports for international financial institutions and multinational corporations. The reports ensure compliance with; Anti Money Laundering (AML) regulations and legislation with trans-national reach. The USA PATRIOT Act and anti-corruption legislation like the Foreign Corrupt Practices Act (FCPA) contain specific customer due diligence requirements, especially within the context of emerging markets and offshore locations.

World-Check will assist you with Compliance, privacy and regulation laws. Note that in he process they have a strict policy that only publicly available records are accessed and used in their research. They do use digitised information on file but also access paper records as most public records held outside of the US in under-developed economies are not in an electronic format.

World-Checks Due Diligence Reports provide you with comprehensive background risk assessments of prospective and existing clients, M&A targets, IPO candidates, business partners and agents. These reports are designed to help YOU mitigate international business, legal and reputational risks.

If you are performning due diligence you will soon find that ‘publicly accessible’ does not mean ‘easily accessible’. World-Check has a global reach with local research experts to ensure accurate, comprehensive and consistent reporting for your company.

Contact World-Check for IntegraScreen Reports if you are ....
• Conducting pre-merger and acquisition inquiries and pre-IPO due diligence
• Entering into new international joint ventures
• Taking on a new banking or financial client
• Engaging overseas business partners
• Following regulatory compliance and corporate governance best practice
• Creating a consistent and auditable AML and anti-corruption compliance program

World-Checks IntegraScreen due diligence reports provide detailed risk insight to reduce business, legal and reputational risks. If you need help email: edd@world-check.com. Tell them The JamieWire sent you!

Silanis releases SMS Txt and Voice Authentication - Insurance and Financial Services Solution

2010-05-06T09:27:00.000-07:00

Silanis Technology,Montreal,QC announced SMS text authentication and voice authentication features for its ApproveIt Web Server e-signature process management solution. Silanis is the leading provider of Electronic Signature Process Management solutions for the insurance and financial services companies. They sell to major government agencies, integrators and service providers to increase business transactions, reduce costs and to improve compliance with legal and regulatory requirements.

The company’s electronic signature platform, ApproveIt®, is an enterprise-class e-signature process management solution that transforms paper-based business transactions to all-electronic, Web-based processes for e-commerce and e-government.

Silanis Technology's ApproveIt Web Server e-signature process management solution now supports SMS text authentication and voice authentication features. This functionality provides an extra layer of security for in-person, click-to-sign processes also eliminating hardware requirements.

What problem is solved?
In the past when a customer was working with an agent or representative the customer had to share the agent/reps laptop or desktop computer. This is not a very secure practice and it raised the question of who actually e-signed te documents.

How the new Agent/Representative process works
SMS text authentication - The agent/rep enters the customer’s mobile number prior to e-signing. A unique PIN is then automatically generated by the application then sent to the customer’s cell phone as a text message. The agent hands over their computer to the customer who then must enter the unique, one-time password in order to continue the e-signing process.

Voice authentication - The voice process displays a Web page that prompts the customer to record a verbal statement that he or she has reviewed all documents and agreed to the contract terms. Once the voice statement is captured, the customer then ’clicks-to-sign’ using their mouse.

Compliance and Regulatory evidence
ApproveIt Web Server captures the authentication processes as part of the Electronic Evidence™. Once the customer is logged on - the web-based service captures the entire application review and signing process. Including all of the Web pages displayed to customers, how long they spend on each page, the areas they clicked on, agreed to, and signed. This provides much stronger evidence than prior paper trails.

Secure digital signing fraud reducton - The signed documents and Electronic Evidence are also secured with digital signature technology to ensure that no changes can be made without visibility invalidating the electronic signatures. The strong Electronic Evidence captured by the solution helps to reduce the risk of fraud or repudiation. This solution would also be very useful in the Real Estate and rental markets!

Symantec enters Encryption Market - Acquisition of PGP & GuardianEdge

2010-04-30T00:26:00.000-07:00

Symantec Corp. made a big play last week in the encryption market through their purchase of encryption powerhouse PGP Corp., and GuardianEdge Technologies Inc.
Symantec's acquisition of PGP allows them to offer customers a broad range of full disk encryption via PGP and removable media encryption via GuardianEdge.

The deal cost Symantec $370 million dollars. Symantec paid $70 million for San Mateo, Calif-based GuardianEdge and $300 million for Menlo Park, Calif.-based PGP.
Symantec will integrate the two vendors' platforms into Symantec's centralized management platform.

Symantec currently has an OEM relationship with both Guardian Edge and PGP. The combined offering provides customers with a full range of full disk encryption (PGP) and removable media encryption (GuardianEdge). Since both companies are OEM partners of Symantec, there should be minimal integration issues- per reports from their CEO Enrique Salem.

The agreements are subject to regulatory approvals and are expected to close during the June quarter.

FireScope Delivers Industry's First CMDB iPad App

2010-04-27T04:28:00.000-07:00

The FireScope CMDB app for iPad lets you manage IT changes from anywhere!

The FireScope iPad App interfaces with the FireScope Configuration Management Database (CMDB). This gives you instant access to IT Service configuration knowledge and achieve structured, predictable change from an iPad.

With FireScopes iPad App you can view reports or approve Requests for Change(RFC's) from an Apple iPad. You can browse your CMDB from anywhere- forget being tied to your laptop or PC. Here is one example: You have an urgent incident and you need to begin troubleshooting. You arrive at the datacenter late at night. No worries - you can walk around the datacenter using the iPad drilling down through dependencies, supplied from the CMDB. This allows you to quickly find critical information you need to resolve the incident rapidly.

Common tasks you can perform with the CMDB iPad app include:
• Quickly inspect IT service dependencies
• View and approve Requests for Change (RFCs) remotely
• Perform impact analysis on prospective change
• Review configuration of critical assets
• Access all of your CMDB reports
• No additional software to install on the server, or additional configuration.

In addition to the iPad, FireScope has a solid mobile strategy. They have apps for the Apple iPhone 3GS, 3G and iPod Touch. And for Android phones they support Nexus One, HTC Hero, HTC Magic, Motorola Droid and more. I have a Droid HTC Hero and I downloaded it today-its Free! It installed without a hitch. I will see if I can hit a demo site to test it out!

The iPad application will be available for download via iTunes, pending final approval from Apple. Watch for the release!

NIST Content Automation Protocol (SCAP) - FIPS, Special Publications - CALL for Feedback

2010-04-27T04:14:00.000-07:00

Draft NIST Publications (FIPS, Special Publications) has published a draft (NIST IR-7511 Rev. 2) of the Security Content Automation Protocol (SCAP) Version 1.0 Validation Program Test Requirements

The DRAFT is open for review by the public and feedback is accepted until May 20, 2010. The SCAP document is waiting to be approved as a final document by the Secretary of Commerce.

SUMMARY
Draft NIST Interagency Report (IR) 7511 Revision 2, Security Content Automation Protocol (SCAP) Version 1.0 Validation Program Test Requirements, describes the requirements that must be met by products to achieve SCAP Validation. Validation is awarded based on a defined set of SCAP capabilities and/or individual SCAP components by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program. Draft NISTIR 7511 Revision 2 has been written primarily for accredited laboratories and for vendors interested in receiving SCAP validation for their products.

This update to Draft NIST Interagency Report (IR) 7511 Revision 2, includes changes to the Internet Connectivity requirements and clarifying language to several other requirements and test procedures.

If you have questions regarding this document, please send email to: IR7511comments@nist.gov . The deadline to submit comments is May 20, 2010.

FISMA - Federal Information Security Management Act

2010-04-27T03:43:00.000-07:00

The Federal Information Security Management Act was passed in 2002. FISMA is a framework to manage risk and ensure the confidentiality, availability and integrity
of federal information and information systems. The Act assigns specific development, management, oversight and reporting responsibilities to two federal
agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).

Federal Information Security Management Act (FISMA)
FISMA is a framework aimed at protecting Government information, operations and assets. FISMA requires agency officials to implement policies, procedures and practices to strengthen information security and reduce security risks. FISMA compliance requires the following:
• Develop an agency-wide security program
• Implement and adhere to security configuration standards developed by NIST
• Identify and resolve risks
• Perform ongoing assessment and testing
• Conduct annual reviews on the effectiveness of the agency’s information security and privacy programs and report the results to OMB annually

To provide a formal framework to manage and measure agency security and risk, FISMA tasked NIST with the development of the standards and guidelines for selecting, categorizing and assessing information systems.
Including:
-Develop Security Program
-Identify and Inventory Assets
-Select Security Controls
-Categorize Risk
-Implement Security Controls
-Assess and Monitor Security Controls
-Respond to Incidents

In a nutshell, FISMA requires compliance for all data and information systems that support the agency’s operations and assets. This includes operations and/or assets provided or managed by other agencies or contractors. As part of the FISMA process, agencies must be able to produce a complete and accurate inventory of all systems including their security status and requirements.

For more on FISMA visit: http://csrc.nist.gov/groups/SMA/fisma/index.html

Visa's Mandate for Merchants to be PCI Compliant - Deadline is July 1, 2010

2010-04-27T03:19:00.000-07:00

Electronic payment applications with credit card processing MUST meet PA-DSS
(Payment Application - Data Security Standards)

Deadline to enforce the requirement is July 1, 2010. If you are a merchant and you are NOT compliant - you may find that your merchant account service provider (bank)will not be able to process your credit card payment transactions!

Specifically - Visa will NOT allow financial institutions who provide merchant account service(Acquirers)to sign up merchant accounts for companies who use payment applications that are NOT in compliance with these security standards.

This is being driven by valid concerns over the increasing incidents involving large amounts of credit card data being breeched and or stolen annually. As a result, a data security council was formed by the payment industry to adopt Visa's PABP (Payment Application Best Practices) security initiatives. The mandate is to ensure that all electronic payment applications with credit card processing MUST meet PA-DSS (Payment Application - Data Security Standards) to guard against cyberdata thefts.

This reinforces the fact that PCI Compliance is no longer an option for businesses accepting credit card payments. All merchants must be in compliance with PCI or they will be subject to huge fines.

For more information regarding PCI compliance, please visit the Visa website at the below URLs for more information! http://usa.visa.com/merchants/risk_management/cisp_merchants.html
http://usa.visa.com/download/merchants/payment_application_security_mandates.pdf

HIPAA Violations and Enforcement - Penalties Listed!

2010-04-23T14:13:00.000-07:00

HIPAA Violations and Enforcement

Failure to comply with HIPAA can result in civil and criminal penalties (42 USC § 1320d-5).

Civil Penalties
The “American Recovery and Reinvestment Act of 2009”(ARRA) that was signed into law on February 17, 2009, established a tiered civil penalty structure for HIPAA violations (see below). The Secretary of the Department of Health and Human Services (HHS) still has discretion in determining the amount of the penalty based on the nature and extent of the violation and the nature and extent of the harm resulting from the violation. The Secretary is still prohibited from imposing civil penalties (except in cases of willful neglect) if the violation is corrected within 30 days (this time period may be extended).

HIPAA Violations broken down:

Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA is $100 per violation, with an annual maximum of $25,000 for repeat violations. Note: maximum that can be imposed by State Attorneys General regardless of the type of violation)$50,000 per violation, with an annual maximum of $1.5 million

HIPAA violation due to reasonable cause and not due to willful neglect
$1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million

HIPAA violation due to willful neglect but violation is corrected within the required time period is $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million

HIPAA violation is due to willful neglect and is not corrected is $50,000 per violation, with an annual maximum of $1.5 million

Criminal Penalties
In June 2005, the U.S. Department of Justice (DOJ) clarified who can be held criminally liable under HIPAA. Covered entities and specified individuals, as explained below, whom "knowingly" obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations face a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000, and imprisonment for up to ten years.

Covered Entity and Specified Individuals
The DOJ concluded that the criminal penalties for a violation of HIPAA are directly applicable to covered entities—including health plans, health care clearinghouses, health care providers who transmit claims in electronic form, and Medicare prescription drug card sponsors. Individuals such as directors, employees, or officers of the covered entity, where the covered entity is not an individual, may also be directly criminally liable under HIPAA in accordance with principles of "corporate criminal liability." Where an individual of a covered entity is not directly liable under HIPAA, they can still be charged with conspiracy or aiding and abetting.

Knowingly
The DOJ interpreted the "knowingly" element of the HIPAA statute for criminal liability as requiring only knowledge of the actions that constitute an offense. Specific knowledge of an action being in violation of the HIPAA statute is not required.

Full DOJ memorandum
(This link will take you off the AMA Web site. The AMA is not responsible for the content of other Web sites.)

Exclusion
The Department of Health and Human Services (DHHS) has the authority to exclude from participation in Medicare any covered entity that was not compliant with the transaction and code set standards by October 16, 2003 (where an extension was obtained and the covered entity is not small) (68 FR 48805).

Enforcing Agencies
The DHHS Office of Civil Rights (OCR) enforces the privacy standards, while the Centers for Medicare & Medicaid (CMS) enforces both the transaction and code set standards and the security standards (65 FR 18895). Enforcement of the civil monetary provisions has not yet been tasked to an agency.

Please refer to the AMA's FAQs on the privacy regulations for additional information on enforcement of the privacy standards.

No Private Cause of Action
While HIPAA protects the health information of individuals, it does not create a private cause of action for those aggrieved (65 FR 82566). State law, however, may provide other theories of liability.

REF: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.shtml

HIPAA - Overview of HIPAA's goals

2010-04-23T14:08:00.000-07:00

HIPAA stands for the United States Health Insurance Portability and Accountability Act. HIPAA is a set of standards introduced by Congress in 1996 that aim to protect the privacy of patient information in the healthcare industry by regulating how providers handle patient data while conducting business. HIPAA also ensures the continuity of individuals' healthcare coverage.

HIPAA created a set of universal standards for exchanging and securing personal data via electronic data interchange (EDI). The goal of HIPAA is to protect all data that is personally identifiable to a specific person, regardless if it is communicated orally, electronically or in writing.

There are two sections to the standard:
1) HIPAA Title I: Protecting citizens' healthcare coverage if they are fired or laid off
2) HIPAA Title II: Patients' rights and how to properly transmit, share and store their information.

The HIPAA privacy rule
All healthcare providers or any organization that processes medical records must inform patients of their privacy rights. They are required to educate and train staff on how medical data should be properly handled. They must also implement and practice the required privacy and security policies in order to ensure that electronic health information of patients remain secure.

HIPAA Fines
In the late 90's HIPAA fines and penalties for non-compliance were not often issued.
Because of this organizations assumed HIPAA compliance was discretionary. This is not true!

Recently, several organizations have received more then a slap on the wrist in the form of hefty HIPAA-related fines for bad practices, causing many healthcare organizations to rethink their lagging efforts in implementing and enforcing HIPAA policies. I will cover some of these instances under a different entry!

HIPAA - Brief Overview of Guidelines

2010-04-23T13:44:00.001-07:00

HIPAA security rules and compliance guidelines
HIPAA's standards require that all healthcare industries apply and enforce certain protections.

1) Organizations must have an administrative authority in charge of managing and enforcing HIPAA compliance rules, regulations and efforts. There should be a clear set of guidelines in place regulating who is and isn't permitted to access patient information. All access to sensitive data and systems should be monitored.

2) Documentation should be provided to patients informing them of their rights.

3) All corporate systems, machines and buildings must have physical and technical data and intrusion protection controls to prevent malicious hacker and unauthorized access.

4) There must be a traffic-monitoring device, such as a firewall, in place to examine activity coming into and leaving the organization's network.

5) Management should practice risk assessments, data-handling policies, data loss prevention (DLP) and record all security policies and procedures.
Note: These steps are numbered for ease of reading and do not denote actual steps taken from the requirements.

Appoint a central HIPAA management person or persons
These key people will be liaisons between your business and IT management teams. The goals is to delegate the responsibility of managing and enforcing compliance policies and procedures to a specific person or groups. Tasks will be to educate staff, handle data, enforce polices, answer questions and lead corporate efforts.

You will also need to make sure that all employees are aware of what the HIPAA regulations and policies are. How and why the organization needs to become compliant and what the potential penalties and fines are for non-compliance.

HIPAA employee awareness compliance training
All organizations affected by HIPAA should ask employees to undergo some form of HIPAA training to ensure the rules and regulations are clear and everyone is on the same page. You will need proof of this training! It should be clearly identified in the training sessions what constitutes as sensitive patient information, how it should be protected and who is allowed to access that information. This is critical if you ever have an incident where an employee claims that he or she was unaware of the HIPAA policies and procedures.

Restrict and monitor employee access
Administering access controls and data-handling polices are essential parts of all good compliance programs. Access to sensitive data and materials must be restricted to only those who absolutely need it to perform their job function. Additionally, their access should be monitored frequently and updated as required. Note - if you terminate an employee or they change positions - please remember to update access controls to avoid giving the wrong people open access privileges.

PCI DSS 1.2 - Check for rogue Wireless Networks

2010-04-23T12:37:00.000-07:00

PCI DSS requirement 11.1 states:

"Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use"

This requirement to change from WEP to WPA came several years ago - so hopefully you have already put this into your budget. Smaller companies can use a wireless analyzer to scan the network periodically for rogue and/or non-WPA wireless networks. If you find them you can take them offline as they are discovered. It is better to perform scans frequently. Once per month is the minimum suggested - the more the better.

If your company has a large physical footprint wireless surveys are not feasible. Consider using an existing wireless infrastructure to act as a sensor in a rogue wireless detection system by using a wireless IDS/IPS. Tools you can use are Kismet(open source tools), AirMagnet or AirTight Networks.

Best practice when upgrading is to eliminate any impact to your credit card processing systems. It is recommended that you run both WEP and WPA networks simultaneously for a few weeks and then make the transition of all hardware to your new WPA network. Don't put this off as merchant banks won't be willing to open up the possibility for an attack. Securing your wireless network is critical and it will lead you one step closer to PCI Compliance! If you need any assistance send me an email and I will help! jgrahamusa@yahoo.com

PCI Compliance - Eliminate WEP by June 30 2010

2010-04-23T12:12:00.000-07:00

The Payment Card Industry Data Security Standard(PCI DSS) requires companies to eliminate all use of Wired Equivalent Privacy (WEP) on their networks. WEP is an outdated standard and its problem is that it uses insecure cryptography. This allows hackers using AirCrack to penetrate WEP networks in a matter of seconds. The release of PCI DSS 1.2 in late 2008 from the PCI Security Standards Council set forth three new requirements for organizations using wireless networks:

1) Use strong encryption and authentication for all wireless networks.
2) Do not deploy any new WEP networks.
3) Decommission any existing WEP networks by June 30, 2010.

If you have not started you better get moving! You will need to deploy the more secure Wi-Fi Protected Access (WPA) encryption standard.

The WPA standard has been available for more than five or six years. If you have older WEP equipment that does not support WPA - then it will soon be near its life's end. So you must consider replacing it to deploy WPA.

To upgrade your network you will need to upgrade all wireless access points used on your companies campus. You will also need to upgrade your wireless adapters in client systems. If you have Wi-Fi-reliant client devices these will work in the new environment. You can also provide USB wireless adapters for laptop users as required.

One situation I ran into recently, when on a PCI consulting job, was the use of both WEP-encrypted and unencrypted networks running within the buildings. Employees brought their own wireless routers and plugged them into the corporate network. Of course they were caught but this is an issue that needs to be addressed. These are referred to as "Rogue" wireless networks and can be an issue with PCI DSS requirement.

The PCI DSS requirement 11.1 states:
"Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use".

So don't let this one slip by your IT teams! Add it to the procedures and policies of your company so it is not overlooked! Good Luck!

Andy Purdys Call to Secure our Nations Infrastructure

2010-04-23T11:14:00.000-07:00

Andy Purdy, National cybersecurity expert and former federal cybersecurity czar, calls for a new leadership committee to secure our nation's critical infrastructure.

Recently at the SOURCE BOSTON 2010 security conference, Purdy called for a leadership committee that would consist of both government and private sector officials. Their goal - to identify strategic priorities and take action on lessons learned from the 2006 and 2008 Cyber Storm exercises.

Purdy participated in the The Cyber Storm exercises that tested the nation's response to a major cyberterrorism attack. Purdy was a participant and agrees that little was done as a result of the findings. No lessons learned were applied in an effort to implement better defenses and develop a more coordinated response. So I wonder why did they even do them?

Per reports - Purdy states that much of the response to the exercises has been in the form of talk. Many reports highlight deficiencies, but little action has been taken. Cyber Storm I cost $3.5 million and more than $6 million was spent on Cyber Storm II, Purdy said. That adds up to $9.5 million of wasted tax dollars.

"Nobody followed up," Purdy said. "The challenge was to try to create visibility to get the government and private sector together … the opportunity for something like the outcome of Cyber Storm provides a roadmap for the private sector."

You may or may not know - but Purdy worked in the Bush Administration as one of the cybersecurity experts. He helped draft the U.S. National Strategy to Secure Cyberspace in 2003. He then moved on to the Department of Homeland Security where he served on the team that helped to form the National Cyber Security Division (NCSD) and the U.S. Computer Emergency Readiness Team (US-CERT). He is currently chief cybersecurity strategist at Falls Church, Va.-based Computer Sciences Corp.

Purdy, in my point of view, should have driven home the fact that the entire goal of such an exercise is to gain lessons and work towards resolving known issues based on their critical nature while he was involved with these projects. Now Purdy's call for yet another committee leaves me wondering if they too will have the share information and do nothing attitude. Lets hope not.

Purdys suggestion of a new leadership committee would meet quarterly and bring all the key stakeholders together to help White House cybersecurity coordinator Howard Schmidt set goals. His goal is to create a framework and identify strategic priorities or milestones that can be set so the White House could track progress. The focus would take a risk-based approach to address preparedness, defend against malicious activity and foster research and development activities.

The most unsettling comment from Purdy per reports - While some experts say it could take a major cyberattack to get the government moving on issues, Purdy said a cyberattack won't result in getting any action. "Somebody will get blamed," he said. "We have not adequately made it clear to decision makers what it is they need to worry about and what they need to do about it."

TJX & Heartland Payment Systems- Data Thief receives Two 20 year Prison terms

2010-04-15T22:09:00.000-07:00

Theft of over 130 million debit and credit cards delivered two 20 year prison sentences to Albert Gonzalez, 28, of Miami Florida last month. Gonzalez also had two Russian hacker counterparts in these attacks. As a result of their prosecution, they represent the largest hacking and identity theft ring ever prosecuted in the U.S.

DETAILS
A federal judge sentenced Albert Gonzalez to 20 years and one day in prison for being the master-mind behind the data security breaches into Heartland Payment Systems Inc. and other companies.

He was also sentenced to another 20 years in prison for his role in the theft and sale of millions of credit and debit cards from TJX Companies Inc., Barnes and Noble, 7-Eleven Inc., Hannaford Brothers and other retailers. Not to forget the more than 250 financial institutions that were affected as well. Both sentences are to be served concurrently.

How did they steal the data?? Well according to the indictment, they researched the credit and debit card systems. Then they used SQL injection attacks to bypass network firewalls to steal the data. They hid their activities by testing their malware against antivirus products prior to the attacks.

In the end, Gonzalez will spend many years in prison for the theft and sale of millions of debit and credit cards. He will also be required to serve three years of supervised release following his prison term. As far as fines - he was ordered to pay a $25,000 fine in both cases. A total of $50,000 dollars.

This fine by no means is large enough, in my opinion, given the shockwaves that still rumbles in the retail and financial sectors due to their crimes. As a result, PCI compliance and other safeguards have emerged to thwart these types of attacks in the future.

"These sentences -- some of the longest ever imposed for hacking crimes -- send a powerful message to hackers around the globe that U.S. law enforcement will not allow them to breach American computer networks and payment systems, or illegally obtain identities," said Assistant Attorney General Lanny A. Breuer.

PCI Council - Guidance on End-to-End Encryption

2010-04-15T11:51:00.000-07:00

2010 RSA Security Conference
The PCI Security Standards Council is researching emerging technologies and plans to issue a guidance document on end-to-end encryption in the next version of the PCI Data Security Standards (PCI DSS) expected for release in October.

It is reported that Bob Russo, general manager of the PCI Council, said researchers are preparing documentation on what he calls the latest industry "big buzz word." Other technologies they are researching include tokens, chip and PIN technologies. These are used to protect credit card data and how virtualization affects data protection technologies.

When asked the question by a reporter at RSA conference Russo reported the following updates on the PCI standard:

ADOPTION
Bob Russo: In 2009 we were seeing a lot of uptake on the standard. Since it's a global standard, we're seeing it throughout the world. We're doing lots of training and lots of awareness-type seminars for literally every place around the world. All of our training is pretty much sold out. This year we've had to add training sessions so people can understand what the standard is and get better prepared for an assessment. So overall 2009 was a very good year for the Council, but 2010 is a very busy year for us. We're releasing three standards this year in eight different languages, so we're working hard.

NEW TECHNOLOGY
Russo: We're studying a couple of technologies right now to give additional guidance on them hopefully this year when we release the standard. Chip (chip and PIN) [is being studied] as an initial technology, because chip is a mature technology. There's a lot known about the technology. We have a lot of experience with it outside the United States, so we're looking at chip and we're actually mapping how chip would compare with the standard. We certainly don't think that there's a silver bullet in any of these technologies, whether it is chip and PIN, end-to-end encryption as the buzz word goes, tokenization or anything of that nature.

The second technology is encryption. Russo does not like the term end-to-end encryption. Whether it is point-to-point encryption, account data encryption or transaction-based encryption, whatever it ends up being, they will be mapping that as well. Then they will be moving towards technologies such as tokenization and virtualization.

The PCI Council is creating a framework right now where they map these technologies out and lay them next to the standards, so if a company is using one of these technologies, the framework will let them know if they would satisfy certain PCI requirements.

Summary of Interview
2010 REVISIONS
As far as revisions or 2010 - At this point they are collecting feedback which will close at the end of April. The feedback touch points are how to best protect the data and then how much will this cost a merchant, the return on investment and whether there's anything that changes, fundamentally, the way the merchant will do business to comply.

It is reported, by Bob Russo, that they wont require something that changes the fundamental way a merchant does business. They are not going to put existing compliant merchants out of compliance. Ideally they will issue a guide for best practice for a certain period of time.

END-TO-END ENCRYPTION
Another question from merchants is with end-to-end encryption one of the questions is from what end to what end? Well - this is key. There are no standards yet for this type of encryption and how the keys are handled. If you are not careful you can end up making things less secure.

INTEGRATED SOLUTIONS
There are a dozen solutions on the market. The questions are - Do they talk to each other? Are they interoperable? What if a merchant is using more than one? All of these things will need to be considered.
What the PCI council plans to study is an encryption solution and the minimum level of things that need to be done with an encryption solution. Once this is defined they will then put out some guidance- but nothing specifically in the standard itself.

TOKENIZATION
Tokenization is making its way into emerging encryption products. The PCI council doesn't see themselves requiring any kind of tokenization, end-to-end encryption or chip technology in this version. However, the will issues guidance on them. Russo: If a merchant has already started down a path and spent some dollars on one technology, certainly it would not be in our best interest to say "you chose the wrong technology now you need to use this technology." So there will be guidance on each one of these things that we roll out.

DON'T PANIC - YET
In the last version of the standard, requirement 6.6 was a best practice for 18 months. It's still too early to tell if this will be a version 2 or a version 1.3.

FireScope's Reduces the Complexity in Compliance

2010-04-05T22:59:00.000-07:00

FireScope is a leader in Modular Compliance Solutions. FireScope's Compliance feature consolidates, automates and simplifies compliance efforts!

The result - reduction of costs associated with regulatory audits.

FireScope delivers real-time monitoring of key control objectives, intuitive checklists and powerful inline reporting. These contribute to a faster turn-around time for remediation, less cost and time spent in determining control effectiveness and audits.

The Result - greater efficiency and quality in IT security and administration.

Below is FireScope's 5-Pronged Assault on Compliance Complexity

1. Automated Monitoring of Key Controls
FireScope's consolidates all of the real-time monitoring of key controls into a single interface that includes log aggregation and processing, object access records, security events and more. These are deployed through pre-configured templates that can be associated with the key assets in your infrastructure, enabling rapid deployment and easier management.

Simplifies your day to day management of compliance events, enables faster turn-around time for remediation, less cost and time spent in determining control effectiveness and audits, greater efficiency and quality in IT security and administration.

2. Real-Time Dashboards
Real-time management of the business impact of IT Operations, compliance-specific dashboard pagelets provide real-time status of compliance controls. Instant compliance status on an ongoing basis simplifying the process of maintaining compliance between audits.

3. Interactive Checklists
some aspects of compliance can't be automatically evaluated -FireScope provides an intuitive self-assessment checklists that guide you through each line item of compliance controls and records results for instant access when you need them.

4. Easy, Pre-Built Reports
FireScope includes a rich library of pre-built reports that document organization's adherence to compliance that can be handed to the auditor. This significantly reduces the labor and costs of the audit. As audit requirements change over time, each report can be easily extended to meet evolving needs.

5. Extensible Architecture
FireScope's modular approach to compliance makes it extremely easy to support changing compliance requirements, or introduce support for other regulatory and governance standards.

FireScope, Inc. is headquartered in Huntington Beach, California, and provides organizations with actionable business intelligence concerning the health and security of all critical IT assets, regardless of operating system or platform with its FireScope line of security appliances.

Check them out at: http://www.firescope.com/Solutions/Compliance/

FireScope Raises the bar with Modular Compliance Solution

2010-04-05T21:58:00.000-07:00

I recently had a conversation with Steve Cotton, CEO of FireScope. The company provides an integrated IT Service management suite including FireScope Business Service Management, Configuration Management and Analytics solutions. They have developed the industries first Self-service solution allowing businesses of any size to achieve a technology agnostic- single-pane view of assets, events, performance trends, security and service-level agreement status. My interest was to see how this applies to the Compliance sector.

FireScope offers a very unique approach to Compliance with HIPAA, SOX, PCI, NIST, GLBA and NERC. I had the opportunity to have a demo of the portal-web dashboard- and it was very impressive. What do I mean by that? Everything you would want to take action on -or review- is in one web-based dashboard! All status reports, administration tasks, task assignments, real time data, etc - one window view! The demo showed views of their integrated IT Service management solution that included FireScope Business Service Management, Configuration Management and Analytics solutions. Thank you Josh - FireScope!

What is really cool is that FireScope is the first IT Operations Web-based portal built on Web 2.0 technology with a services-oriented architecture (SOA). Their "industry first" modular approach allows users to pick and choose services that apply to standards such as HIPAA, SOX, PCI, NIST, GLBA and NERC. Services include options for security, performance, availability and compliance monitoring along with long-term strategic planning, administration, task assignments, compliance reporting, audit related data, and more.

The ability to pick and choose service options is very flexible and the modules can also be reused with the ability to add new services at a later time. This make their solution very flexible, affordable and scaleable for companies of all sizes to adopt and manage over time. FireScope installs rapidly and is subscription based so you only pay for the services you use! This makes FireScope a very reasonable choice when compared to other options, such as, adoption of multiple solutions, long integration timelines, heavy maintenance and payment for options you will never use.

If you are seeking a Compliance Solution you must see FireScope!
Visit them at: http://www.firescope.com

Abbo EMR provides Medical Records on Smartphones

2010-03-28T11:05:00.000-07:00

Access To Your Medical Records has just become easier for patients. ABBO EMR is a web and mobile integrated system for tracking medical records between patients and doctors.

On March 25th Dr. Fred Abbo, of La Jolla CA, announced that he has developed an advanced medical record system that provides paperless communication between doctors and patients via the Internet and mobile phones. The software provides patients with complete access to medical records including reminders and lab reports.

Abbo EMR is a web and mobile document that allows patients to view, edit and update their personal health care history online. Data that can be edited consists of medications used, past diagnoses, office visits, lab results and physician’s instructions. Doctor visit reminders are also sent to the patient via text message and by email.

The company believes that a key feature in Abbo EMR is the graphing capability. Medical data such as lab test results, EKG parameters and life-style parameters are plotted on a graph to detect trends. This helps patients working on improving lab results such as cholesterol and vitamin levels over time.

The company that assisted Dr. Abbo in developing the software is Zco Corporation. Zco specializes in multi-platform application development including iPhone, iPad, Android and Blackberry. They also develop backend industrial strength applications leveraging .Net and Java Technologies.

HSBC’s Swiss Private Bank Data Theft - 24,000 Clients

2010-03-24T19:27:00.000-07:00

Europe's largest bank, HSBC, is feeling the heat due to a costly data breach that involved highly confidential client accounts. Swiss Banks..does that ring a bell?

Ex-employee Hervé Falciani gained access to client data while on a project to transfer HSBC’s customer database to a more secure system. In the process- Falciani stole 24,000 clients personal data from a branch in Switzerland.

This set of a string of concerns with clients who depend on confidentiality associated with Swiss banks. Per the FT.com report-HSBC said that the stolen information was limited to accounts in Switzerland. “We deeply regret the situation and unreservedly apologise to our clients for this threat to their privacy,” said Alexandre Zeller, head of HSBC’s Swiss private bank.

The concerns grew deeper when Ex-employee (Falciani)admitted stealing the data and that he also provided it to French tax authorities. He denies receiving any payment. Falciani also tried to sell the information to Lebanese banks before he was caught.

It is reported that his actions has strained Franco-Swiss relations because there are fears that the French authorities could use the stolen data to detect tax evaders and pass on details to other countries such as the U.S.

It is reported that due to this security breach - HSBC is sending $93M to upgrade their systems and improve security.

For the full report see:
Ref: FTC.com - By Haig Simonian in Zurich and Sharlene Goff in London
Published: March 11 2010 09:25

Medisoft v16 - Improves Integration with HIPAA Compliance

2010-03-24T19:01:00.000-07:00

MedicalBillingSoftware.com just released their latest version of medical practice management software called Medisoft 16. The new version offers improvements in insurance billing and practice management tasks associated with integration between Medisoft Clinical EMR Software program and HIPAA compliance. This level of integration allows small health care companies to spend more time with patients instead of administrative tasks.

Medisoft Clinical EMR Software has been adopted by thousands of medical and health companies around the U.S. Medisoft v16 offers improvements related to billing, scheduling, and patient accounting processes. The software Windows-based so it is familiar to Microsoft software users. The software also integrates with most existing software in use by most medical practices.

In summary, streamlining patient scheduling capabilities while also improving insurance claims processing and revenue management increasing productivity and processing time for both individual and small practices. This equates to higher profit margins and better patient care.

KEYLOK Fortress reduces Software Piracy

2010-03-24T16:07:00.000-07:00

KEYLOK was founded in Denver, Colorado in 1980 as Microcomputer Applications, Inc. Their KEYLOK Fortress platform provides piracy protection for thousands of applications on many levels. This provides developers with the ability to deploy a security solution that prevents hacking and piracy.

KEYLOK announced a new capability called Code Porting for the KEYLOK Fortress dongle. KEYLOK with Code Porting allows Developers to port 10,000 lines of executable code to the smart card portion of the dongle. This secure area allows the code to be executed- returning results to the application running on the computer. The beauty of this is that Software cannot be copied or run without the dongle holding the critical code required to run the software.

“KEYLOK’s driverless Fortress delivers the most secure software protection solution available today,” stated Stuart Zinanti, president of KEYLOK, Inc. “The combination of code porting and the tamper proof smart card hardware provide a highly reliable solution for protecting our customers valuable software.”

Benefits of code porting with KEYLOK Fortress include:

- Segregate key pieces of the application to run on a separate, secure smart card computing environment
- Code executed on the dongle cannot be inspected or hacked
- Application is configured to run separately on the computer and the dongle
- Software cannot be copied and run without presence of the dongle because key pieces of the application will be missing

Code Vault and the KEYLOK Fortress Smart Card is a driverless hardware dongle. The combination of the smart card and dongle will reduce piracy and hacking greatly offering a reliable and secure solution to software developers.

Ref: Denver (PRWEB) March 24, 2010

Social Networking and Identity Theft

2010-03-18T10:16:00.000-07:00

Social Networking is a growing concern for online identity theft. Sites like MySpace, Facebook,and Twitter are key targets. As an example - cyber-criminals are selling hacked Twitter accounts and passwords online for up to $1,000. The cyber-criminals use those accounts to infect other computers with software that steals data (data-stealing malware). With this software they can hack in to your personal data and steal bank account information that could result in drafts on your checking or savings accounts.

Tami Nealy is the Director of Public Affairs for Lifelock, "I think the time we live in gives identity thieves more opportunity. People are using online forums daily that are not secure, thus giving identity thieves more and more opportunities" Nealy said. "Identity thieves act as imposters and create file-sharing programs. You think you are getting an email from someone you know, but by accepting the share program, you are giving thieves access to your data, your personal information. Anytime you provide your personal information, make sure the website is a secure site." Note: Credit card debt and credit card identity theft comprises the majority of identity theft.

FTC - Identity Theft is #1 Complaint

2010-03-18T10:08:00.000-07:00

In 2009 identity theft was ranked as the number-one consumer complaint category according to the Federal Trade Commission (FTC).
It is reported that 1.3 million people were victims of identity theft accounting for 21% of total complaints per the FTC.

2009 Identity Fraud Stats - Climbing ID Theft

2010-03-18T09:58:00.000-07:00

ID Theft Statistics: Javelin 2010 Identity Theft Report

In February Javelin Strategy & Research issued their 2010 report on identity fraud for 2009. Key highlights from the report show that while the instances of identity theft reached record numbers in 2009.

Key statistics
11.1 million adults were victims of identity theft in 2009
The total fraud amount was $54 million
The average victim spent 21 hours and $373 out of pocket resolving the crime
-4.8% of the population was a victim of identity fraud in 2009
13% of identity fraud crimes were committed by someone the victim knew

Per Javelin, the number of identity fraud victims increased by 12% in 2009 and the amount of fraud increased by 12.5%. They report that this is the largest increase since they have been reporting on ID Theft (7 years).

- 4.81 % of the US population is a victim of Identity Fraud.
- The total fraud amount in 2009 reached 54 BILLION dollars, which is up from 48 BILLION dollars in 2008.
- Consumers who monitor their accounts electronically have shorter detection times and their consumer costs are over 50% less.
- Social Security Number thefts remain the top breached data and one of the most difficult frauds to detect.
- The risk of Identity Theft through social networking has nearly doubled in the last year.
- Small Business owners suffer from Identity Fraud at one-and-a-half times the rate of all other adults.

New account fraud represents 39% of all 2009 fraud cases- it was 33% in 2008.
They note that most of these fraudulent accounts were opened online. Fraudulent cell phone accounts make up 29% of total new account fraud. Also - existing credit cards are big targets too. They make up 75% of fraud attacks on existing accounts.

Mophie enters into the Mobile Payment Systems Market

2010-01-04T22:05:00.000-08:00

Mophie is releasing an iPhone credit card reader

Mophie makes iPhone and iPod accessories and batteries. It is reported on the IT Portal that they will use CES 2010 as the platform to release an iPhone credit card reader and third-party payment processing application.

Mophie is calling the accessory the “Credit Card Reader”. Not too flashy ey? In any case -purchases will also combine a free third party processing application which enables users to turn the iPhone into a device that accepts credit payments. You can swipe a credit card through the slot-like casing that is connected to the iPhone.

Mophies new mobile payment system has industry analysts saying that their success will depend on the design and bulk of the iPhone when it is connected. Not to mention the price must be acceptable for the target user. Just who is that user?

DirecTV appoints CEO Michael White of PepsiCO

2009-12-30T11:06:00.000-08:00

Five months after Chase Carey returned to News Corp (NYSE: NWS). as deputy chairman and COO, DirecTV (NYSE: DTV) finally has a successor as CEO: Michael White, now CEO of PepsiCo International and vice chairman of PepsiCo. The announcement comes on the eve of a special shareholder meeting to approve the satellite operator’s combination with Liberty Entertainment. White was picked over insiders Larry Hunter, who has been interim CEO, and Bruce Churchill, EVP, president of New Ventures and president and CEO of DirecTV Latin America, LLC. White is due to retire from PepsiCo this year after nearly 20 years and to leave that company’s board; those plans were announced in September. His first day as DirecTV CEO is Jan. 1.

On paper, this looks like a short-term step, putting a seasoned exec in place with deep international experience and a record, as PepsiCo put it, of engineering acquisitions and “developing the company’s most promising leaders.” In his statement about the hiring, DirecTV Chairman John Malone called White “an exceptional leader with a sustained track record of success, profitably growing businesses and a reputation for making the impossible possible.”
The DirecTV board hired a search firm this summer to look at internal and external candidates. Liberty Media (NSDQ: LINTA) CEO Greg Maffei was said to be interested and numerous other industry execs have been mentioned at various points. We reported that Black Krikorian, cofounder of Sling Media, was among those approached. But the search appears to have been caught up in board politics, the role of Liberty and Malone, who is also chairman of DirecTV. More to come. (PaidContent.org)

GXS and Invois Intent to Merge

2009-12-30T11:03:00.000-08:00

GXS and Invois Intent to Merge

Per the GXS website - On December 8, 2009, GXS and Inovis announced that they have signed a definitive agreement to merge. The combined company creates a global leader of B2B e-commerce services, providing customers with international reach and end-to-end capabilities in B2B integration software and services.

The merger is expected to close in the first half of 2010. During this period, each company will operate independently, “business-as-usual”, and all services and solutions will continue to be supported.

iPhone 3G Overheating

2009-12-30T10:57:00.000-08:00

iPhone 3G Overheating

It is reported that after the release of Apple’s new iPhone some owners complained about the handset’s high temperatures. This was noticeable on the white iPhones as they were turning brown!

AA small number of iPhone 3GS customers reported handsets reaching high temperatures.
However, there are more than a million iPhone 3GSes sold in the first weekend...
A specialist from Wired.com thinks the the issue could put tens of thousands of new iPhones at risk.

It is also reported that Aaron Vronko of Rapid Repair, a company that does teardowns of iPhones and iPods, said overheating is likely an issue due to faulty battery cells, and said he expected it could spur a recall of up to hundreds of thousands of iPhone 3GS units.

“My guess is there’s going to be a whole lot of batteries affected because these iPhones are from very large production runs,” Vronko said. “If you have a problem in the design of a series of batteries, it’s probably going to be spread to tens of thousands, if not hundreds of thousands, and maybe more.”

If your an iPhone users be aware of this overheating issue and wait to see if Apple holds off on production until this issue is FIXED!

iPhone with RFID?

2009-11-08T21:05:00.000-08:00

There are reports on the Internet that claim that Apple is researching the use of RFID with the iPhone.

"Radio-frequency identification (RFID) is the use of an object (typically referred to as an RFID tag) applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader". (Wikipedia)

iPhone RFID capability would mean that the iPhone would support the use of RFID tags. An example of the use of such tags today are mainly in the supply chain for logisitcs and order management process. They are also used in drivers licenses, credit cards, merchandise tags and many other things.

As far as the iPhone- RFID tags could transform the phone into a payment device, an identification device, a TV remote control and even a car key. Of course heavy security measures would need to be applied to these phones depending on what task they are performing. We will wait and see!

iPhone for Verizon Users

2009-11-08T20:48:00.000-08:00

Verizon Users - Get ready for the iPhone in 2010!

It is rumored that Apple is building hybrid iPhones for the Verizon CDMA2000 network and the UMTS 3G network iPhone uses on the AT&T service.

I think it is very true. If it is true - it is a good move on Apples part to make the iPhone compatible with Verizon in the U.S. This will expand Verizons market greatly. I believe that the only reason this has not occured yet is that Apple had an exclusive with AT&T through 2010. So - it is no shock that the date is currently set for the 3rd quarter of 2010. I have both Verizon and AT&T cell phones because I wanted the functionality of the iPhone. When this is release one of the services will be cancelled! Point in case - free market. Request - APPLE - please port the iPhone SDK to Windows!

InBev buys Budweiser

2008-07-14T05:09:00.001-07:00

InBev just bought Budweiser for $48 billion or around $70 per share. Modelo-a Mexican brand-is involved as well. They need to negotiate their own deal as they are under Mexico's regulations.

Tony Snnow has Passed Away

2008-07-12T06:08:00.001-07:00

Tony Snow has passed away. His battle with cancer has ended. My deepest sympathy to his family, co-workers and friends. He is missed both 'on and off air'.

SAG Strike in Hollywood

2008-07-09T06:45:00.001-07:00

The Screen Actors Guild -SAG- is causing havoc again and another informal strike is underway.

Sister Union AFTRA, however, signed their deal last night. So what does this mean to Hollywoods movie market? Once again-movie productions will grind to a hault. SAG members are already stopping work although a formal SAG strike has not been announced.

OIL COST UPDATE - BLEEK

2008-06-30T21:13:00.001-07:00

Gas is expected to go to $170 a barrel by the end of the year. That's $6-7 a gallon. Today-well we hit $143 a barrel. You should expect half of what the UK pays which is around $12 a gallon. YIKES.

The $143 a barrel is about 38% more compared to last year. We are paying approximately $600-700million a day for these increased oil costs.

Hello-Brazil has had Ethanol for more than 20 years. There are options! Learn to conserve now. More to follow from me on this-trust me.

SUVs are Dead

2008-06-24T06:40:00.000-07:00

GM is taking a bashing from Toyota.
GM is worth 8 billion and Toyota 100 billion. GM reported they have enough money to operate through 2008 with no promises for 2009.
GM, an American icion, is going out of business. On the other hand-Toyota is flourishing with efficient green cars. Bye-bye to SUVs!

iTunes Tops 5 billion Songs!

2008-06-23T12:02:00.001-07:00

Since 2001 Apple has been peddling songs from the iTunes store. Currently their catalog holds pver 8 million songs. They just announced its iTunes digital music website has sold over 5 billion songs since the service was introduced in 2001. In early 2008 iTunes blew past retail giant WalMart to become the largest music retailer in the U.S. It is also reported that Apple is also renting and selling over 50,000 feature films -each day- making them the leader for online movie rentals!

KPMG Digital Content Survey

2008-06-18T09:07:00.001-07:00

KPMG did a recent survey that revealed that venture capitalists are going to invest heavily in digital content creation over the next two years. KPMG polled 300 venture capitalists, investment bankers and corporate execs reporting that 52 percent of the repsonses believe venture investment in online and mobile content creation will increase over the next decade. Around 25 percent believe investments will increase by more than 20 percent. There was a dead tie when asked about investment in user-generated content or professional content providers.

The sectors where they expect the greatest investments are; 31 percent voting for mobile applications, 26 percent for technology enablers and 20 percent voted for social media services. Around 31 percent expect social networks to dominate mobile entertainment market revenue by 2009.

Music and gaming downloads got about 20 percent of the votes with video getting 14 p[ercent. User-generated applications received 10 percent. The survey also revealed that 44 percent percent chose mobile social networking, 44 percent social media, 22 percent for content owners, 20 percent brand advertisers and 14 percent going to wireless operators. As far as mobile video - 90 percent of investment firms think that mass adoption of mobile video will take place in the next five years. Around 60 percent forecasting it will happen in the next three years. I think the adoption will actually be faster than what they are predicting as the drop in mobile carrier prices (bundled offerings) and the reducion in cost of video cell phone will drive the rapid adoption.

Disgraced Enron CEO Appeals his 24 Year Sentence (SOX)

2008-06-17T07:27:00.001-07:00

Remember CEO Jeff Skilling? Who can forget what he did with the Enron scnadal. He is credited for being the most disgraced CEO. We can also credit him as the catalyst that led to Sarbanes-Oxley. As a refresher - Skilling was found guilty of 19 counts of fraud and sentenced to 24 years in prison after his 2006 trial. The big news on him today is the point that he may go free or get a substantial reduction in his sentence.

Financial Week reports that a three-judge panel, based in the big-easy New Orleans, is expected to rule on his appeal. Statement from Financial Week: "Surprisingly, some very prominent minds believe Mr. Skilling has a good shot at winning his appeal, or at least seeing a number of the 19 counts in the conviction overturned." Letting him off the hook would send a bad message and quite honestly he needs to pay as other did when they lost thousands and millions in shareholder value. To let him go free would be tragic in my view - we will keep you posted.

Perpetual Storage Backup Tapes Stolen

2008-06-16T15:28:00.001-07:00

The University of Utah Hospitals & Clinics said Tuesday that a metal box of backup tapes containing billing records for about 2.2 million patients and guarantors was stolen from a car belonging to a storage contractor's employee. The driver for Perpetual Storage violated the storage company's policies for secure data transport, officials said. The theft, which occurred June 2, is under investigation by the Salt Lake County Sheriff's Department, the FBI and the U.S. Postal Service. The University of Utah Hospitals & Clinics is offering a $1,000 reward for return of the tapes.

The billing records included patient names, demographic information and diagnostic codes. Records for a subset of 1.3 million patients also contained Social Security numbers. Although officials said there is no evidence that the data on the tapes has been accessed, the health care system is notifying the affected individuals, providing them with credit monitoring, and taking additional steps to safeguard its records. It also suspended deliveries of backup tapes to Perpetual Storage pending a review of procedures. Ref: Information Security Magazine.

Standford Stolen Laptop - 72,000 employee records stolen

2008-06-16T15:25:00.001-07:00

Stanford University is notifying 72,000 current and former employees that a laptop containing their personal data was stolen.

The university said on Friday that it's sending emails and letters to those whose confidential data may be at risk. The laptop contained personnel records of current and former Stanford employees who were hired before Sept. 28, 2007. As many as 72,000 could be affected, but university officials said there is no evidence that any of the data on the laptop has been accessed.

The laptop was stolen recently, but Stanford said it was not disclosing additional details about the theft while it's under investigation. Data on the system included names, Social Security numbers, phone numbers, salaries and home addresses. Stanford is working with law enforcement officials to recover the laptop. In light of the theft, Stanford is convening a task force to review its policies and practices for protecting confidential information. "The university has guidelines that prohibit keeping sensitive information on unsecured computers. This effort will be redoubled after this incident," Stanford Vice President for Business Affairs and CFO Randy Livingston said in a prepared statement.

Raketu Communications Integrates with iPhone

2008-06-16T15:14:00.001-07:00

Raketu Communications is an Internet communications, information, and entertainment company. They just announced that they are extending their social networking application to the Apple iPhone. Thier integrated communications platform will enable users to collaborate and share content inside and outside of the Raketu network. Raketus' web-based Social Networking and Media Drive iPhone Application allows blog updates, bulletins and comments through their real-time communications platform. Users can also use non-Raketu networks as well. The platform also allows users to communicate with friends in a chat-like environment. iPhone users can store and share multimedia across social networks like Facebook and MySpace. Users can aslo make international calls, send texts, instant messages and email. Some of the services are free and other services are at a discounted rate.

Nike - Cellular Photos onto Tennis Shoes

2008-06-16T14:14:00.001-07:00

Nike is launching Nike PhotoiD - a new mobile marketing service enabling people to create customized shoes using photos they take with their cell phones. Here is how it works - subscribers submit their photos to Nike PhotoiD. Nike then makes an image of the shoe based on the two dominant colors within the photo. It is then sent to the cell phone via MMS. This image can also be saved as a wallpaper for the cell phone. If the users like it they can order the tennis shoes with custom photo! The service will launch in nine European territories: The U.K., Italy, Germany, France, Spain, Denmark, Finland, Norway and Sweden. NOW THATS COOL!

Thumplay Launches "GET" Text Service

2008-06-16T10:51:00.001-07:00

Thumbplay is a Mobile entertainment content portal. They just launched the beta version of a new service called GET. This is a SMS-based search service that lest users buy ringtones, games, videos and wallpapers from their mobile device. Thumbplays' GET requires customer to send a text message with the word "Get" and any artist or song title to the shortcode THUMB. A few seconds later a reply message will arrive containing a link to all relevant content. Thumbplays' mobile catalog has more than 80,000 pieces of licensed audio, video and gaming content.

Bundled Cellular Plans - A Must

2008-06-16T09:22:00.001-07:00

Tariff Consultancy recently released a report on Mobile Pricing changes. The result is that unlimited data bundle plans are becoming the hot pricing model for many large mobile operators - worldwide. "We believe that the next stage in mobile operator evolution will be those who are able to make mobile broadband a convenient, available and easy-to-use service", said Margrit Sessions, managing director of Tariff Consultancy. "This time around mobile operators have the opportunity to provide a varied service portfolio which is geared to the user needs of individual groups, rather than provide pure price discounting."

My take on this is that it is a must if they want to stay competitive and retain their customers. People have gotten so used to texting and surfing the net from theri cell phones that the phone bills have sky-rocketed. I use Verizon and my bill was over $500 a month. I recently changed to the all inclusive plan which dropped it down to $150. If they did'nt offer this I would have been forced to jump to a provider that did offer a more reasonable plan.

TIM RUSSERT- Blessings

2008-06-13T20:04:00.001-07:00

Blessings to Tim Russerts family and his extended Media family. With warm regards, Jamie

USi is an AT&T Company - Identity Theft on the RISE!

2008-06-05T13:42:00.000-07:00

USinternetworking, Inc. (USi), an AT&T company, and claims that they are the most experienced Application Service Provider (ASP). This is the company that was involved with the Sterling Commerce Employee ID theft from a missing laptop.

Also noted is that AT&T also had data stolen from a laptop this month - not sure if it was from USi or not. What is concerning here is that USi is a global hosting service provider. So it will be very interesting to see just how many clients (other than their own sister and potentially their parent company) were involved in the Identity Theft of thousands of peoples' IDs. Note - this could turn out to be one of the largest breaches to date. However, AT&T is not disclosing the numbers of people involved - nor did Sterling Commerce. We will keep you posted.

GAP, Old Navy, Banana Republic - Identity Theft - Stolen Laptop

2008-06-05T13:32:00.001-07:00

SC Magazine - Jim Carr
Clothing retailer Gap revealed on Friday that a laptop containing the personal information of approximately 800,000 of its job applicants was stolen from a third-party contractor that manages the company's data. Included in the information were applicants' Social Security numbers, according to Gap. The stolen laptop contained personal information for those who applied for jobs with the company's Old Navy, Banana Republic, Gap and Outlet stores in the United States, Puerto Rico and Canada between July 2006 and June 2007, the company said.

"We're reviewing the facts and circumstances that led to this incident closely and will take appropriate steps to help prevent something like this from happening again," Gap Chairman and CEO Glenn Murphy said in a statement. Because it relies on multiple contractors for managing job applicant data, Gap said that not all applicants from that time are affected.
The unidentified consulting firm said it notified local law enforcement authorities as soon it discovered the laptop was stolen, according to a Gap statement. Police are investigating the theft. The information on the stolen laptop was not encrypted, contrary to Gap's agreement with the vendor, according to the company statement.

"It used to be that IT departments could do their 'best effort,' and hope everything was encrypted," Steven Sprague, CEO of Wave Systems, a developer of disk-encryption software, told SCMagazineUS.com. "But obviously that wasn't good enough, because ultimately the state of California passed regulations, and if a stolen hard disk was not encrypted, they need to tell everyone when the drive is lost or stolen.

Additional burden falls on IT staffs after a data breach, Sprague added. "The problem is, laptop theft is going to continue," he said. "So it's up to IT to ensure that no data is lost for the corporation if I accidentally lose my laptop or my laptop is stolen."
The company urged individuals who applied online or by phone for a job between July 2006 and June 2007 to contact the Gap's security assistance hot line at (866) 237-4007. Gap has posted more information on its assistance program at a security assistance website.

AT&T Management Identity Theft - Stolen Laptop

2008-06-05T13:31:00.000-07:00

Article from SC Magazine - Dan Kaplan
An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop. The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SCMagazineUS.com on Wednesday. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.

Sharp said the company would not disclose the number of affected individuals, but there is no reason to believe any of the data was being targeted when the machine was stolen. "Usually these are property crimes in which the drive is wiped clean and resold for profit," he said. The employee who was in possession of the laptop when it was stolen has been disciplined.
"There are a number of rules governing the handling of encrypted material and the mobile devices handling that material that employees must follow," Sharp said. "It is up to the employee to ensure that any sensitive material is encrypted."
AT&T used the breach as a reminder that employees must follow policies. This is the second major recent breach to involve an unencrypted laptop. Two weeks ago, Connecticut state officials announced that a Bank of New York Mellon contractor lost a laptop containing the personal information of some 4.5 bank customers.

Correction - DAN - it is the third major theft of ID's on Laptops in a matter of a few months!
SEE BLOG ENTRY: Sterling Commerce Employee ID Theft

As far as the comment - Sharp said. "It is up to the employee to ensure that any sensitive material is encrypted.
I disagree - it is AT&T's, or any companys', responsibility to ensure that all sensative data is protected- at any and all costs.

Sterling Commerce - Employee ID Theft - Stolen Laptop

2008-06-05T13:28:00.000-07:00

Last year I worked for Sterling Commerce - an AT&T company. This May I received a letter from their CEO - Robert Erwin - stating the following:

"This letter is to inform you about an incident that may effect you. One of our vendors, USinternetworking Inc. (USI) recently informed us that a computer used by USI in support of Sterling Commerces' benefits administration was stolen from the home of one of its employees on March 23, 2008. This computer contained benefits information of Sterling Commerce employees and their dependents, including your name, address, date of birth, social security number, and benefit premiums and coverage."

I did not receive this letter until two months after the event. This is not timely notice at all as theft could have occurred the following day after it was stolen. The recent AT&T and Sterling breaches are alarming. Especially knowing that they are a premium technology and tech-services company that is fully aware of HIPPA, SOX and PCI compliance standards. I do realize Sterlings' breach were from a partner. However, if you are responsible for providing them the sensative data - you are responsible for selecting partners/vendors that will fully comply with protecting this level of personal information.

To make matters worse - the insurance Sterling offered to protect me from fraudulent activities was through IDTeftSmart. The bad news is their discalimers. Their disclaimer states: "Membership Services do not cover any financial losses attributed to the Stolen Identity Event., including but not limited to, money stolen from a wallet, unauthorized purchases of retail goods or services online, by phone, mail or direct." If all they are doing is monitorig my credit - I can do that online for a nominal fee. This does not resolve any potential fraud or financial damage that may occur to the people that had their information stolen.

TO ALL: There is NO reason for sensative and personal infromation to ever be on an employees or vendors laptop.

Apple iPhone 2.0 - New Patents

2008-06-04T08:37:00.000-07:00

iPhone 2.0 is all the talk right now. Dial-a-Phone reports that Apple patents recently filed alude to the fact that they will support GPS capabilities and gaming as core functions. You can view this by going to the US PAtenet and Trademark site. Look up Patent Application 20080113614 filed by Apple on May 15, 2008. I think the title is "Personal media devices with wireless communication,".

Here are some blurbs from the Patent: "Such communication provides users of personal media devices with access to several WiFi oriented applications," . In specific - "For example, in one embodiment a personal media device may wirelessly download subscription assets (e.g., podcast) as they become available. In another embodiment, content specific or local to a merchant may be provided to personal media devices that are in wireless communication with a wireless router affiliated with the merchant. For example, if the merchant is a restaurant, the merchant may provide a menu to the personal media device and the user may place an order on his or her media device by selecting items on the menu." I already know several companies that just may have this functionality inthe works - so we shall see what happens.

Back on April 17 Apple filed two other patents. One was Patent 20080088858. It is titled "System and Method for Processing Images Using Predetermined Tone Reproduction Curves,". camera and image realted. The other patent number 20080088602 refers to a "Multi-Functional Hand-Held Device,". This details configurable user inputs based on how the phone can be used - "PDA, mobile phone, music player, camera, video player, game player, handtop, Internet terminal, GPS receiver, and remote control."

Just prior to that fliling was patent number 20080085707. It refers to the ability to have "Dynamic Carrier Selection,". This is wild as it states specifically - "The mobile device may not be associated with a particular home network operator. Bids can be received from multiple network operators for rates at which communication services using each network operator can be obtained. Preferences among the network operators can be determined using the received bids, and the preferences are used to select the network operator." Apples is on the move is a strong way!

Rohati Systems- Cisco Engineers for Startup

2008-06-04T08:35:00.000-07:00

The concept of what we all refer to as traditional firewalls will be challenged with a new startup called Rohati Systems. The company was started by five former Cisco engineers with a goal to provide a device that offers a very granular method of throttling user access on a per-user basis.
Rohati's network-based entitlement control device will limit access to applications on the network.

The product works by sniffing and checking to see if users should be granted access based on user credentials like VPN SSL, Kerberos or Microsoft's NTML. The configuration is started by putting the device in monitor mode on your network. Then it builds a policy that managers can further fine-tune. You can get the beta with expectations of them shipping sometime in July.

Vodafone - Strategic Move to buy Tiscali

2008-06-04T08:32:00.000-07:00

UK based Vodafone, a mobile carrier, may acquire the Italian broadband service provider Tiscali. Tiscali has been on the market for a while - peddling their Italian and UK IPTV operations. Previously they have had heavy interest from Italian service provider FastWeb. However, FastWeb got a curve ball when their owner, Swisscom, passed on the UK portion of the deal focusing on Tiscali's home market and IPTV operations based in Italy. The thing here is that even though Vodafone's interest in Tiscali's U.K. group is the lead motviation - they will also gain great strides acquiring the Iltaian operations as well. Vodafone already owns Tele2 operations in Italy - so combionging the Tiscali amrket with them would make them a highly competitive broadband powerhouse in the UK and Italy.

Onstream Media making an IPTV Move!

2008-06-04T08:31:00.000-07:00

Onstream Media, an Internet video service provider, agreed to acquire IPTV platform supplier Narrowstep. Narrowstep's, a Microsoft partner, developed a platform called telvOS to priovde content management, distribution, monetization and digital rights management. telvOS has been deployed by Telefonica along with Internet video companies and IPTV providers. Onstream partners with Qwest Communications.

Got Cache? Will Hack!

2008-06-04T08:29:00.000-07:00

Cached Google Data Exposes Passwords, Social Security Numbers and more....

Web security vendor Finjan Inc. recently uncovered several unprotected hacker servers. The servers had highly sensitive data (emails, social security numbers, passwords etc.) of thousands of people. How did they get it ? GOOGLE.
Researchers used a simple string of search terms and whallah - they found stolen passwords, usernames and Social Security Numbers.

But the worst of it - they even found usernames and passwords of internal databases of companies - yes other companies. This data was all nicely packed away in Google's public caching server. Got Cache - Will hack! YIKES.

Wavesat brings 4G to benefit The Mobile Sector

2008-06-04T08:17:00.000-07:00

WIMAX WORLD EMEA- Wavesat, a leading supplier of Broadband Wireless semiconductor solutions, announced their new 4G Broadband Wireless chipset named Odyssey(TM). The promise is to deliver a multimode 4G architecture enabling WiFi, WiMAX Wave2, XG-PHS with a smooth migration to future 4G technologies.

Wavesats first product is Odyssey 8500. This is a 4G multi-core architecture that incorporates multiple ultra low power DSPs. The advantage of this is high performance and low power consumption with no tradeoff at all. It also uses Embedded DRAM technology that requires no external memory. The result is a huge reduction in both cost and power consumption. This is key as the target use is portable and mobile applications. The new 4G offering will reduce power consumption on smaller portable devices such as wireless USB dongles, mobile phones and other electronics delivering music, video and gaming content.

Obama and McCain

2008-06-03T20:36:00.001-07:00

Its Official.......Obama -vs- McCain. Will Hillary..ok Billary ;-) be on the Ticket? We shall see. .. ..

CDMA Development Group (CDG) - Market Trends

2008-05-12T09:23:00.001-07:00

CDMA Development Group (CDG) leads the rapid evolution and deployment of 3G CDMA-based systems, based on open standards and encompassing all core architectures, to meet the needs of markets around the world.

The CDG and its members work together to:

Accelerate the definition of requirements for new CDMA features, services and applications
Promote industry and public awareness of CDMA capabilities and developments through marketing and public relations activities
Foster collaboration and the development of consensus among carriers on critical issues to provide direction and leadership for the industry
Define the evolution path for current and next-generation CDMA systems
Establish strategic relationships with government ministries, regulatory bodies, and worldwide standards and industry organizations to promote cooperation and consensus on issues facing the CDMA community
Serve as the worldwide resource for CDMA-related information
Minimize the time-to-market of new CDMA-based products and services
Enable global compatibility and interoperability among CDMA systems worldwide
Create global economies of scale to make CDMA the preferred choice of operators and end users

CDMA Quick Market Facts

259 commercial operators
98 countries
254 commercial 1X networks
24 1X networks in deployment
101 commercial 1xEV-DO Rel. 0 networks
44 1xEV-DO Rel. 0 networks in deployment
35 commercial 1xEV-DO Rev. A network
34 1xEV-DO Rev. A networks in deployment
417,500,000 CDMA2000 subscribers (4Q 2007)
90,534,000 CDMA2000 1xEV-DO subscribers (4Q 2007)
1,980 devices have been introduced in to the market including 515 1xEV-DO Rel. 0 and 56 1xEV-DO Rev A devices
(as of May 7, 2008)

For more details visit: http://cdg.org/

Mobile Media Entertainment (MME) market breakdowns / 2007-2012

2008-05-12T09:14:00.001-07:00

Analysys Research forecasts that MME services will account for 12.3% of nonvoice service revenue in the US by 2012. Mobile TV and VoD services will experience the highest growth rate of any MME service during the next five years. The combination of unicast TV and video services will account for 36% of MME revenue by 2012.

Revenue from personalization services will decline from 47% of total MME revenue in 2007 to 17% in 2012. Analysys Research forecasts that MME services will account for 12.3% of nonvoice service revenue in the US by 2012. Mobile TV and VoD services will experience the highest growth rate of any MME service during the next five years. When combined, broadcast and unicast TV and video services will account for 36% of MME revenue by 2012. By contrast, revenue from personalization services will decline from 47% of total MME revenue in 2007 to 17% in 2012.

Ref: (www.analysys.com).

Forecast - Mobile Media and Entertainment in the US / 20072012

2008-05-12T09:11:00.001-07:00

WASHINGTON DC, US, 22 April 2008 Revenue from mobile media and entertainment (MME) services in the US will more than double during the next five years, according to the latest research from Analysys, the global advisers on telecoms, IT and digital media

US MME services (excluding messaging, and mobile browsing and data charges) generated US$3.1 billion in revenue in 2007, and Analysys Research forecasts that revenue will grow to $6.6 billion in 2012, at a compound annual growth rate of 16.3%. The strongest growth will not occur until after 2010, as the technical and market environment for MME services improves, according to the latest Analysis report, Mobile Media and Entertainment in the US: forecasts 20072012.

Key trends that are driving market growth include:

Improvements to service accessibility: mobile Web browsing platforms will improve and facilitate access to off-deck content, and presentation of off-deck content will become more streamlined and user friendly.
Wider availability of content, driven in part by higher-generation network and device penetration: "As 3G, 3.5G and Qualcomm's MediaFLO network coverage increases, a greater range of services will become available to a wider audience, and off-deck content markets (both operator-billed and non-operator-billed) will develop," said Katrina Bond, co-author of the report. "Non-operator-billed revenue from MME content and services will increase significantly during 20072012, and will account for $1.3 billion, or nearly 20%, of MME revenue by 2012."
Improvements to service usability: providers have not focused enough on the end-user experience for MME services, and users' frustration when the experience does not meet their expectations has inhibited the growth of some services.
Simplified and more attractive pricing of MME content and applications, as well as mobile data access: complex pricing, high data charges, and unfavorable revenue sharing arrangements for content providers have inhibited growth in the MME market.

Report Reference and to buy the entire report go to: (www.analysys.com).

Frengo Social Mobile provider to interface with Facebook, MySpace, Bebo and more

2008-05-06T10:30:00.001-07:00

Frengo, a social mobile services provider, just announced their suite of applications that will intergrate with Bebo, Facebook, MySpace, hi5 and Orkut. Tjhis will allow users to interact with existing contacts while also discovering individuals that have similar interests. This service is not dependent on a specific social networking site- so it is more open that what we have seen in the past.

Frengo is offering what they call their Flirtable mobile social browsing and dating application.

This has around four million members on Facebook and is now expanding onto MySpace, hi5, Orkut and Bebo networks.

Here is their quote:

"We're enabling users to interact with different site users without doing anything different--we've built these applications to be seamless, and we don't demarcate whether you're a Facebook or MySpace user," said Frengo CEO Mahi de Silva in an interview with FierceMobileContent. "Owners of social networks want more traffic, more stickiness and more reason for the user to come back and be engaged. What works well for social networking communities is these kinds of applications that create interactivity."

ROK Entertainment buys Jalipo Media Limited

2008-05-06T10:21:00.001-07:00

Jalipo Media Limited is an online TV and video marketplace that lets content developers distribute their channels. This includes video-on-demand and live events that are delivered to viewers via the web. ROK Entertainment, a global mobile entertainment group, announced the acquisition stating that Jalipo broadens their offering fitting in nicely with ROKs live and on-demand mobile broadcast technologies. The deal - ROK will acquire 100 percent of Jalipo's issued and to-be-issued share capital for total consideration of 600,000 ordinary shares or around $16.8 million.

Nokia - Multimedia Film Production

2008-04-24T11:36:00.001-07:00

Nokia announced a multimedia film production initiative associated with director Spike Lee. Nokia Productions will team with Lee to create a social film generated from user-generated mobile content. According to Nokia, the project will spotlight "the way music tells the story of humanity," with Spike directing the film digitally via the Nokia Productions website while guiding submissions as they are entered. To make it more interactive - online assistant directors will help participants revisre and repost entries for consideration. Spike will select the winning entries integrated into the final film.

Particpants in the prodcution can submit their riginal content like music, text, images or video. The final film will premiere this fall at Club Nokia in Los Angeles. "The future of filmmaking is changing and mobile-generated art is fast becoming the next medium for film," Lee said in a prepared statement. "In five years, I believe we will be watching films in movie theaters that have been shot on a mobile phone. Today, with state-of-the-art multimedia devices like what Nokia has to offer, you are seeing firsthand the democratization of film. Aspiring filmmakers no longer have to go to film school to make great work. With a simple mobile phone, almost anyone can now become a filmmaker."

I must say I agree with Spike - the more collaborative and the less barriers are involved - the more creative people can be. We will see entertainment evolve into all types of formats not yet seen - now is when the fun begins!

Interop - Ability by Novell and Microsoft

2008-04-22T08:02:00.001-07:00

Security Breaches on the rise

2008-04-22T07:52:00.001-07:00

IT infrastructure solutions supplier CA says a new survey of 642 large North American organizations indicates more than 84 percent experienced a security incident over the past 12 months. The survey was conducted across the manufacturing, government, financial services, retail, communications, health care/pharmaceuticals, and oil & gas sectors.

The survey found security breaches have increased 17 percent since 2003, leading to the following:

54 percent of organizations reported lost workforce productivity;
25 percent reported public embarrassment, loss of trust/confidence, and damage to reputation;
20 percent reported losses in revenue, customers, or other tangible assets; and
Of organizations experiencing a security breach, 38 percent suffered an internal breach of security.

The top three measures cited for improving security include documenting policies (88 percent); creating education policies for employees (83 percent); and establishing a Chief Information Security Officer position (68 percent) within the organization

Infosecurity - Hosting a Mock Breach Trial

2008-04-22T07:50:00.001-07:00

The Boardroom has ultimate responsibility for security breaches!

Infosecurity's mock trial will be based on a fictionalised account of the real theft of thousands of credit card account details. In the dock will be the chief executive, the chief information officer, the chief information security officer and other suspects.

Paul Williams, former president of the Information Systems Audit and Control Association, will defend the CIO's role. "Ultimate responsibility for information security rests with the board and the chief executive, " he said. "This cannot be delegated. It is up to them to set the policies and to monitor their implementation.

Williams said security was more than the "box-ticking" exercises demanded by regulations such as Sarbanes-Oxley and PCI DSS. "I am not convinced more regulation helps," he said. "Jail means that all else has failed."

He said regulations such as PCI DSS were the application of common sense. "The basic principles are simply good housekeeping for anyone who processes credit card data," he said. "Of course you should encrypt customer data, and use firewalls to stop attacks."

Williams said regulations had sharpened boards' focus on IT security, but many were still ignorant of all that it entails. Source: ComputerWeekly.com

VC are betting on Web 2.0 Start-ups

2008-04-22T07:42:00.001-07:00

Reports show that first-quarter investments in Internet companies doubled from a year ago.

This equals around $1.58 billion in over 170 deals. The amount invested was up 50%compared to the previous quarter. The investments were mainly tied to web 2.0 start-ups.

This marks a trend-as overall VC investments have declined. Even though they are banking on web startups- its a gamble as the economy still plays a large role in their success too. The good thing about web start-ups is that they generally require smaller investments - even in a tough economy. Betting on web start-ups allows VCs to spread their investments while gaining more exposure.

Blessings to Cameron Diaz and Family - Her father Emilio Diaz passed away this past Tuesday

2008-04-20T14:06:00.000-07:00

Emilio Diaz (age 58)died Tuesday from complications due to pneumonia.

Cameron Diaz, is a friend I met four years ago through mutual friends. I was fortunate to spend some time with her family including her father Emilio. He was a longshoreman in his early days off of Long Beach.

One thing I do know - is that he lived to love life and loved to live life.
He also loved his family dearly. I only shared a short moment in time with him and he impacted me with his infectious spirit for life. I can only imagine how he will be missed by all that had the great opportunity to meet him and share his spirit for life and people.

It was reported by many news feeds that - Production has halted on her current film, My Sister's Keeper, as the actress has cleared her schedule to regroup with her family following the loss of her father.

"My mom, sister and I are deeply appreciative of the overwhelming outpouring of love and support during this difficult time for us and all of our family," the actress said in a statement through publicist Brad Cafarelli. "My dad was loved by so many people and his humor and spirit will always live on in our hearts."

I want to send my deepest sympathy as he was an incredible man.
God Bless the Diaz family and friends.

Motorola Spinning-off Handset Business

2008-03-29T00:52:00.001-07:00

Motorola is spinning-off their handset business. They are planning to create two independent publicly traded companies.

One is for Mobile Devices and the other delivering Broadband & Mobility Solutions. The Broadband & Mobility company will keep the enterprise and home networking portion of the business.

However, details about the strategy are still undecided and have not been formally announced. Such as; Will these companies use the Motorola brand? What about the services and systems-will they be shared? More interesting, how will they dole out the intellectual property! They have some time to decide as the spin-off is rumored to happen in 2009. We will keep you posted as more is released.

PCI Compliance - Hannaford Breach was 4.2 Million

2008-03-27T17:57:00.001-07:00

The reported theft of credit and debit card numbers from Hannaford Bros. Co, a supermarket chain in Maine, ended-up being over 4.2 million numbers/customers.

These customer numbers were stolen by a cyberintruder over the past three months. This breach hit 271 stores in the supermarket chain with 23 independently owned markets along with 70 banks nationwide.

The one thing that was bad about the Hannaford theft was that the data was stolen while it was in transit-not from internal employees accessing the database.

But the mother of all breaches still belongs to TJX. That breach effected 94 million cardholders.

The Hannaford breach contributed to around 1,800 associated fraud cases with more to follow most likely. Class action lawsuits have already started hitting Hannaford.

Sony BMG Music - Developing Digital Music Service

2008-03-26T08:44:00.001-07:00

Sony BMG Music Entertainment is working on a new digital music
subscription service. The goal is to give users unlimited access to BMGs
catalog across many portable media devices-including the Apple iPod.

Sony BMG Music CEO Rolf Schmidt-Holtz is reportedly working on pricing plans and its said that he's looking at a flat-rate subscription plan. It may be between $9 to $12 per month in exchange for unlimited access to their entire music catalog. They may even allow users to keep the music after their subscription expires. No firm release date was provided at this time.

Thumbplay & Clear Channel Radio ink Partnership

2008-03-24T09:37:00.001-07:00

Thumbplay, a mobile entertainment service provider, announced a partnership with Clear Channel Radio.

As a team they are providing customized mobile content stores across 650 of the Clear Channels local stations' websites. Thumbplay content appears in the "Just Played" box and "Top 20 On Demand" lists on all participating local stations' websites. Links to the mobile content
storefront are featured in the "Last 10 Played" playlist on each
website.

What's really cool? They are providing customizable widgets so DJs at each station can choose
their favorite ringtones and update their selections online.

Currently Thumbplay has launched 100 mobile content stores with Clear Channel. Current markets include; Los Angeles, Chicago, Philadelphia, San Francisco, Boston, Washington D.C., Dallas, Houston & Atlanta.

Floods will Increase Soy and Corn costs

2008-03-20T09:06:00.001-07:00

The Miami river is dishing havoc on farmers' golden crops. Watch for changes in stock prices associated with Soy beans, corn and other crops flooded by rivers in the midwest. This will trickle into the economy in the form of higher costs at the grocery store and with the Biofuel sector as well!

Verizon - Any App and Device program revealed at their Open Development Conference

2008-03-19T16:30:00.001-07:00

Today in NYC Verizon had their "Open Development Conference". In the spotlight was their "Any App and Device" program. This allows consumers the ability to download any application without previous restrictions. You can choose from a variety of payment options where as in the past you had to go through your Verizon plan. Plus you were forced to extend your contract and be subjected to more fees. So no more of that we hope if they want to be competitive.

If you are a hardware provider / partner the projected certification timeis 4 weeks.

When the device is certified it can then be registered in their database as an approved device. So to get on board as a harware vendor you can sell the device sans voice/data or you can buy airtime from Verizon at a wholesale price. If you do the wholesale option you will need to do your own advertising and distribution sales. Verizon will kick off this program later at the end of the year. Finally - a good move to keep them competitve.

Crayola CIO - Change Management is key

2008-03-18T15:02:00.001-07:00

Crayola LLC has those lovely crayons boxed in 120 shades and bouquets of what they call "Silly Scents". They are now using software from SAP AG for its order-to-cash process and for manufacturing.

However, as we know, even the best-planned ERP implementations can go seriously wrong. But that's not Crayolas' biggest concern.

Their CIO, Sandra Brandon, says she isn't concerned about the technology. nor is she concerned about the company's network.

Instead - its Change Management.
Here is her quote. "I am concerned, because the way that every single person in our organization does their job and values themselves is going to change," said Brandon. "Nothing they do from here on forward is going to look anything like what they do right now." This will be true for many employees - in all major industries.

Hannaford Grocery Chain - Customer Identity Theft (PCI Compliance)

2008-03-18T12:17:00.001-07:00

President and CEO Ronald Hodge admitted (its on their website) that the company had an intrusion of its computer network late last month. As a result, theft of customer credit and debit card numbers. The data was accessed illegally from Hannaford's computer systems during the card verification transmission process in transactions. Hannaford is said to be cooperating with credit and debit card issuers to protect customers who were affected.

Here is a direct quote:

"Hannaford was first made aware of suspicious credit card activity on Feb. 27, and immediately initiated a comprehensive investigation with the assistance of leading computer security experts," he said. "We would advise customers that have made purchases at our stores using credit and debit cards over the last three months and who suspect that their accounts may have been compromised to immediately notify their card issuer or bank. Even if customers do not suspect fraudulent use of their credit or debit cards, it is always important to review billing and bank statements monthly."

PCI Security Standards Requirements

2008-03-14T02:48:00.003-07:00

At the core of the PCI DSS is a group of principles and requirements that will help you to "Build and Maintain" a "Secure Network". Below is a summary of key areas you need to address to become PCI compliant.

Requirement 1:
Install and maintain a firewall configuration to protect "Cardholder" data. This is any personal data that your company collects to make a credit card transaction.

Requirement 2: DO NOT use vendor-supplied defaults for system passwords or anny other security parameters. You must Protect Cardholder Data.

Requirement 3: Protect stored Cardholder data. This can be done in a variety of ways using access control and technology.

Requirement 4:
Encrypt transmission of Cardholder data across open, public networks.
Maintain a Vulnerability Management Program.

Requirement 5:
Use and regularly update anti-virus software.

Requirement 6:
Develop and maintain secure systems and applications. Implement Strong Access Control Measures. This means assigning permissions to any person touching the data at any point while Cardholder data is in your custody.

Requirement 7:
Restrict access to Cardholder data by business need-to-know. If its not critical for performing a task-no access is granted to Cardholder data.

Requirement 8:
Assign a unique ID to each person with computer access. This is to ensure tracking of all Cardholder data access.

Requirement 9:
Restrict physical access to cardholder data. Regularly Monitor and Test Networks.

Requirement 10:
Track and monitor all access to network resources and Cardholder data.

Requirement 11:
Regularly test security systems and processes. Maintain an Information Security Policy.

Requirement 12:
Maintain a policy that addresses information security to further the adoption of the PCI DSS.

PCI Compliance - Payment Card Industry Data Security Standard

2008-03-14T02:48:00.001-07:00

PCI Security Standards Council developed the PCI DSS (Payment Card Industry Data Security Standard). This is a set of comprehensive requirements for enhancing payment account data security.

Who developed the standard?
The PCI Security Standards Council was founded by the industries leading payment brands. These companies include American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

Their goal is to facilitate the broad adoption of consistent data security measures on a global basis. It helps to protect Cardholder data from being breached while in the possession of third parties performing financial transactions using buyers' credit cards.

So just what is the PCI DSS?
It is an in-depth security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This standard is designed to help organizations protect customer account data. PCI is a critical tool that can help stop the theft and fraudulent use of consumer data.

See PCI DSS REQUIREMENTS post for details on what you need to become compliant! Also search on my blog uner "PCI" for previous posts. Also helpful are posts on "SOX" for Sarbanes-Oxley compliance.

AT&T 2008 NCAA March Madness Bracket Challenge - Win $10,000

2008-03-14T01:48:00.003-07:00

The AT&T MEdia Net NCAA March Madness portal features the AT&T 2008 Bracket Challenge. Additionally, fans can vote for the players they think should get the Naismith Trophy.

Fans can forecast the winners of all March Madness games for a hefty $10,000 prize. Prizes are awarded to eligible entrants within the top 10 percent of overall points leaders.

The Bracket Challenge begins on March 17 at 9 a.m. EDT. It ends at on March 19 at 11 a.m. EDT.

The Naismith Trophy is awarded annually to the men's and women's college basketball players of the year. AT&T is allowing carrier-agnostic text voting so fans can take part in awarding the Naismith Trophy. Fans' text votes will amount to 25 percent in the overall Naismith selection process. The Voting will end April 5th at 11:59 pm EDT.

AT&T's MEdia Net - NCAA March Madness portal

2008-03-14T01:48:00.001-07:00

AT&T announced that they are expanding their mobile coverage of the upcoming NCAA Men's Basketball Championship!

AT&T's MEdia Net NCAA
March Madness portal will deliver to mobile subscribers video clips from
each tournament game.

They are delivering news
coverage, on-court interviews, exclusive video highlights, player award voting, expert bracket analysis and even a bracket challenge. They are also broadcasting classic championship moments - news, scoring updates, polls and NCAA hoops trivia!

Don't worry- AT&T is still broadcasting Coaches' Corner as a six-week series of exclusive mobile video interviews launched earlier in the season.

Apple iPhone SDK toolkit

2008-03-12T09:41:00.001-07:00

Apple is raving about the iPhone SDK toolkit. Touting it as an easy to use development tool. Apple claims that their EA Games only took two weeks to develop. This is excellent if the reports are valid-I believe they are!

More interesting, after experts reviewed the Apple SDK documentation, it appears that there are limitations on the types of applications that can be built for the iPhone. In other words, it is not totally open at this point. More will come on this later-no doubt.

Jamie Graham-Global Strategic Officer "GSO"

2008-03-11T13:11:00.001-07:00

"Global Strategic Officer"
If you need my services in the Global Market please call!

Best regards,
Jamie Graham
949.244.8761 (cell)
http://thejamiewire.blogspot.com

Mobile Money Venture - SK Telcom and Citigroup partner

2008-03-11T06:12:00.007-07:00

SK Telecom, a Korean mobile operator, announced a joint venture with Citigroup.

As a team they will sell mobile banking and payment solutions in North American and Asia. They have agreed to invest $8 million to launch a San Francisco-based Mobile Money Venture.

Under the partnership SK Telecom will develop mobile banking hardware and software for Citibank customers in Hong Kong and other major US cities.

SK Telecom also made sure this was non-exclusive. So they will sell the platform to other banks and
mobile carriers around the world.

Cell Phone Acceptance - Pew Research Stats

2008-03-11T06:12:00.005-07:00

According to the Pew Internet and American Life Project -Americans are now using their mobile phones more than their landline phones. No surprise to me. Landlines are that-tied to land and we are all on the move. Plus landline phones don't provide email, text messaging and Internet surfing. In contrast, cell phones provide us with direct on-the-go communications at many levels; business, friends, family, shopping, driving directions and more.

Because of the lack of functionality with landlines phones- mobile handsets are THE tech devices Americans are most reluctant to live without. They would give up the Internet and television over their cell phones!

In comparison, two years ago landlines topped the Pew Research list with television in 2nd place and cell phones in 3rd. Wow we've come a long way in 2 years! Look at these stats!

According to Pew Research:
- 58 percent of mobile users have now sent or received text messages
- 41 percent increase over April 2006 totals
- 31 percent of mobile subscribers employ text services daily
- 15 percent turn to camera features - 8 percent playing mobile games
- 8 percent rely on their phones for email

I expect these numbers to continue to grow as more functionality is embedded into lower-end (less expensive) cell phones. Additionally, mobile carriers are adjusting fees as competition increases. This will allow the general population to have access to more functionality at cheapers costs.

Nielsen Companys bi-annual Mobile Advertising Report

2008-03-11T06:12:00.003-07:00

This is a valuable summary of Mobile Advertising stats. The numbers enclosed came from the Nielsen Companys bi-annual Mobile Advertising Report from Nielsen Mobile notes:

Approximately 23 percent of U.S. mobile subscribers say they've received mobile advertising in the past 30 days. Around 51 percent say they did respond to the ad. Note-this could be a negative or positive response.

The number of data users who recalled seeing mobile advertising grew sharply between the second and fourth quarters of 2007. This is a 38 percent increase from 42 to 58 million subscribers.

Other Nielsen findings include:
- 26 percent of those who saw an ad responded at least once via SMS which was the the most popular response
- 9 percent say they've used click-to-call to respond
- Teens ages 13 to 17 were the most likely age segment to recall seeing mobile advertising at 46 percent. Compared to 29 percent of all data users
- Asian-Americans (42 percent) and African-Americans (40 percent) are more likely to recall mobile advertising than all data users
- 32 percent of data users said they are agreeable to mobile advertising if it lowers their monthly bill
- 13 percent said they are agreeable to mobile advertising if it improves the media and content currently available
- 14 percent said they are already agreeable to mobile advertising assuming it is relevant to their interests
- 23 percent expect to see more mobile advertising in the future,
up from 15 percent in the first quarter of 2007

Direct Quote:
"We see an increasing trend of consumers willing to trade off and receive advertising to gain more and better mobile content," Nielsen Mobile VP of mobile media Jeff Herrmann in a prepared statement. "Successful mobile marketers will meet the challenge offered by consumers by engaging with them
in a way that adds value to the mobile user content experience."

CTST Mobile Payment and Digital Commerce Seminars

2008-03-11T06:12:00.001-07:00

If you are a mobile commerce professional (ie: payment systems or digital commerce) you should consider attending this new Mobile and NFC Track offered by CTST. They are offering 3 days of sessions in TRACK C: Mobile and NFC

Topics and sessions include:
- mobile telecom technologies and applications
- mobile payments roundtable
- mobile operator's roundtable
- NFC business models
- NFC technologies and applications
- wireless security and
- international mobile applications

To book your seat for the Mobile/NFC Track at CTST 2008 Visit www.ctst.com or call them at 800.803.3424. Make sure to give the code below for a discount: CTFMEM. Also sign-up ASAP and save $600.

Reinventing Record Companies- Adopting a New Business Model

2008-03-10T11:14:00.003-07:00

More than 1/2 the music in the U.S. is downloaded illegally. On the otherhand, sales for Record companies increased 14% for legal digital downloads.

Record companies don't have as much power now that marketing artist, which was a large portion of their power in contracts, can be done independently via the Internet?

Record companies have lost control of artists and their distribution channels since digital music hit the Internet. Napster started this trend some years ago. That rumble with the record companies was about distribution and legal issues related to royalties and license fees. However, record companies thought that they still had enough power to control their artists - NOT!

Our youth view online music like water coming out of a free-flowing tap paid by someone else. Their attitude is that they will listen and share their music. If they like the artist- then they will pay the artist via a concert ticket. That's their justification for not paying per reports.

Artist are also having a change of heart. Artists can distribute their music on their own and via sites like Myspace and Facebook. So many are not keen on going with a label.

One example is the group Bare Naked Ladies. They left Warner to go-it-alone They sell fewer CDs but they are making more money. With Warner they made $2 per CD and now they make around $6. CDs are quickly becoming obselete and payment structures will need to be per song or a variety of "user-compiled" CD-like packages.

Another Record company defecter is Madonna. She jumped ship also opting to go it alone as she does have great marketing power on her own brand. However, she just formed a more beneficial partnership in the form of a $120 Million partnership with a concert promotional company.

Now that self-promoting artists don't have a large marketing arm behind them-they will need to build or maintain a strong following with their fans. They do this with daily fan blog updates, cruises with their fans, special ringtones, fan gear and more. Its a more touchy-feely relationship -opposed to fans using binoculars to see their heroes sweat drip on stage.

The fact is - there is a power-shift occurring away from the labels and on to the artist. They will need to adopt a new more valuable business model that supports the artists. They can offer better services such as business development, financial and creative services. One example in business services is to assist artists in placing their music onto major user platforms and hardware in the mobile sectors like AT&T, iPhones, iTunes and more.

Record companies need to be more of a partner with artists to transition into a new business model. This is not all bad news for Record labels. They actually can have mo opportunities with larger volume globally if they get out-of-the bow and get some vision into the future.

The music game has changed and they don't have the artist by the throat like in the past. It won't be business as usual- that's for sure!

Facebook in Talks with Major Record Companies

2008-03-10T11:14:00.002-07:00

Facebook, a social networking mega-player, is reportedly in negotiations
with major record labels to launch a music service.

The Financial Times reported that this Facebook service would focus on premium, device-agnostic MP3 downloads and advertiser-supported streaming content.

Facebook Pages, launched in November 07, lets artists create their own home pages. They also offer applications from digital music firms including Pandora, iLike and Last.FM.

So what spurred Facebook to contact the major content providers last week? A little heat from reported talks speared by rival MySpace.
It is reported that they are in
negotiations with Universal Music, Sony BMG, Warner Music and EMI.
This service could be called MySpace Music-but its not confirmed to my knowledge!

Checkout my post today covering Record companies reinventing themselves! This is exactly the way they can reduce the revenue attrition they are experiencing due to online digital downloads and the defection of their artists going-it-alone on the net!

Microsoft can't say Yahoo yet

2008-03-10T11:14:00.001-07:00

Yahoo is still pushing back Microsoft's acquisition talks.
The New York Times reported that Microsoft is gearing-up with a
takeover bid by launching a proxy contest this week.

The New York Times claims that Microsoft was planning on nominating directors to the Yahoo board. Nice strategy. You can bet that Yahoo is feverishly checking out all their options including continuing their negotiations with AOL.

One option is for Yahoo to delay their acqusition attempts by extending their deadline for nominating directors. These directors would include Microsoft's nominees.

Yahoo can delay making the selection for 10 days after announcing a date for its annual meeting-which has still not been released. Their last meetings were in June 07. Under Delaware laws, the must hold meetings within a 13 months time period. So they have 3-4 months to get a deal in place before their board could change in favor of Microsoft's takeover strategy. Google in my opinion should buy Yahoo! Creating some very cool "GoogleHoo" services! GoogleHoo is copyright by me-hehe!

The eBay Effect - Statistics on eBay

2008-03-10T11:14:00.000-07:00

I watched a documentary called the eBay Effect. So I thought I'd post some topics and figures discussed.

Pierre Omidyar founded eBay in 1995. Today eBay is 10 years old and Pierre is only 37 years old. He is one of the wealthiest men in the world.

eBay got traction with people who were looking for collectables such as Pez dispensors and Beanie Babies. After launching the company in 3 years Pierre contacted Meg Wittman to help him manage the huge growth. At the time Meg was a Marketing exec with Hasbros toy division-Marketing Mr. Potatoe Head!

So where are they today? They have
9,000 employees with around 135 million users. If they were a nation-they would be the 9th most populated in the world-per Meg.
If they were employed directly -eBay would be one of the largest emoyers - behind Walmart.

So how much do they sell? Over $80,000 a minute is traded on eBay daily. Over 430,000 people trade on eBay as sellers.

MARKET BREAKDOWN
As far as the breakdown of their market penetration - Germany is the largest market besides the U.S. In fact, 37% of volume comes from Europe with 34 million users. Of those users-10 million are in the UK. The UK had 100% growth this year alone. Around 15% of all eBay trade crosses borders. This needs to increase to have a true global marketplace.

Lets look at Asia. South Korea is eBay Asias' largest market. China is one they have their eyes on. Today their user-base grows by 20,000 users a day eBay is spending over 100 million to solidify their growth in Asia where they are behind other online auctions.

eBAY INCREASES FEES
eBay is full of fees. Over 4.2 Billion dollars are derived from fees. On the average they get around 7% of every sale from a variety of fees. For an online store you will pay $15.95 a month. Sounds cheap-but its the fees for posting items that gets very pricey. Recently, their monthly fee was $9.95 month but just increased to $15.95. Posting a single item in a store went from $1.25 per item to $2 per items. Commission costs per item sold went from 20 cents to 40 cents per item. Over 7,000 stores were closed due to these fee hikes. eBay did this to get people to move items out of stores and into a single sale format to increase their sales volume as these items are easier to find online.

FRAUD
Their security and risk management consists of over 1,000 employees that staff this division. They are tasked with watching for fraud. They don't insure sales of items as it could encourage more fraud. So they watch live, with their teams, trying to stop potential illegal transactions. The best way to avoid any fraudulent transactions is to use PayPal-but its not a safteynet either.

STOCK TANKED
In Jan 2005 eBay lost 15 billion in stock value when it tanked on Wall Street. This was due to large fee increases, fraud and other strategic decisions that caused concerns with investors and analysts. This stock devaluation shook-up Wall Street and Meg. After 7 years as their CEO she almost left to work at Disney. But ultimately decided to stay.

EBAYS FUTURE
Now eBay is focusing on service related acquisitions such as rent.com, PayPal etc. PayPal accounts for 1/4 of their revenues. The other main focus is their move to get further embedded within Asian markets. Meg Whittman describes eBay as the worlds 1st global marketplace in the world. To achieve this lofty goal eBay will need to increase their current 15% sales occurring across-borders-globally.

The JamieWire by Jamie Graham- Global Hi-Tech Trends

2008-03-09T20:48:00.000-07:00

Get daily updates on Global Hi-Tech Trends, Breakthrough Technology, New Business Models, Hot Startups, Industry Mergers and more!

Focusing on Global Wireless, eCommerce and B2B markets.

Intels Virtual Logic - Improves VoIP performance

2008-03-06T09:07:00.001-08:00

Intel has been demoing a technology called Virtual Logic.

The goal of the technology is to decrease poor performance associated with services such as VoIP calls using a MID (Mobile Internet Device) or UMPC.

The current problem- while on a VoIP call your device or PC freezes. You then have to reboot and you lose your live call.

Recently Intel demoed the technology with a VoIP call running.
They crashed the main OS and restarted the PC while the VoIP call never dropped! Very cool and this is much needed for VoIP sector.

Google extends Mobile Browser capabilities

2008-03-06T08:54:00.001-08:00

Google just revealed that they have a mobile version of Google Gears. This is a browser extension software that provides developers with tools for storing web application data on
Cell phones.

Google Gears allows developers to create a standard web-based mobile platform. The result is that developers can develop applications only once for deployment across multiple mobile operating systems.

These mobile applications can run when there is no network signal. The benefit is that this will reduce data charges by throttling or restricting mobile data traffic between the device and the mobile operator.

7digital & Warner team to provide DRM-free content

2008-03-06T08:43:00.001-08:00

7digital is the first European music
retailer to offer Warner content without digital rights restrictions.

7digital, a digital media delivery firm, announced an agreement with Warner Music Group to sell DRM-free Warner MP3 downloads. The service will target customers in the U.K., France, Ireland, Spain, and Germany.

DRM-free music aims to provide users with better interoperability with multiple devices.

7digital and Warner plan to bundle digital music products such as album bundles with extra content. They will also tie-in dedicated artist and label pages which Warner executives can update remotely. "

7digital currently has a catalog of 3.5 million tracks and a customer base of 1.2 million. It is reported that their DRM-free MP3s outsell rival digital formats such as AAC and WMA by a 4 to 1 ratio.

CTST 2008- Advanced Payment, Access Control and ID Technology

2008-03-06T08:31:00.001-08:00

CTST begins May 12-15 in Orlando, Florida. This is the largest conference and exhibition in the U.S. Key areas covered are advanced payment, access control and ID technology!

It is excellent show to attend if you want to see case studies on vertical markets such as Mobile Commerce Transit, Healthcare, Government and Retail.

They also have special education tracks on MOBILE/NFC, IDENTIFICATION, PAYMENTS, SECURITY and more.

Attendees top 2,500 annually. Speakers include more than 120 professionals from the US, Mexico, Canada, Brazil, UK, France, Japan, Argentina, Belgium, China and more!
Get a brochure: www.ctst.com

Gas hits All-time High

2008-03-05T12:04:00.001-08:00

Gas, per barrel, hit an all-time high today of $104. California also hit an all-time high of $3.51 per gallon as an average. Gordo California is selling regular unleaded for over $5 per gallon!

WARREN BUFFET BITES

2008-03-03T21:32:00.001-08:00

This post is para-phrased from a CNBC interview broadcast this evening. Buffet Face to Face.

- Unemployment-will increase.
- US company sales are declining in major sectors.
- In February Ford revenues were down 7% and GM's were down 15%.
- Purchasing power will decrease as credit scores and family earnings decline.
- Gas is not in high demand as peoe are cutting back on travel. Yet gas prices are still increasing.
- Home listings are increasing dramatically. While home sales are still declining along with their value rapidly. Figures vary from state to state.

MY VIEW..we are in a recession even though the government has not formally announced this position. The impact of the above is yet to be seen.

The reality is that as people foreclose on homes their credit will be ruined. Equity in homes will be lost as the values have fallen under what they owe.

Families won't have credit or cash as expected - so they won't be able to put money down on a new home. This has a ripple effect. The result will be a major reduction in home sales, home furnishing, electronics, car, travel purchases and much more.

The fall-out in finance sectors, real estate coupled with the decline in retail sales and the US job market will definitely deliver a blow that will take 5 years to rebound from-if not more.

Gas hit $102 per Barrel

2008-02-27T10:17:00.000-08:00

Today Gas is up nationwide 9 cents per gallon. Why? We have a larger demand from other countries competing for that same oil sources. In addition, the falling value of the US dollar makes it even worse.

Expect prices at the pump to sore during spring break and the summer seasons. We will see some prices in places like California break the $4 per gallon mark.

In essence, any adjustments that might be made for the US Real Estate and Mortgage market downfalls will have minimal impact as our daily driving costs will increase even more.

Patent filed by Microsoft

2008-02-26T16:52:00.003-08:00

A recent patent filed by Microsoft with the United States Patent and
Trademark Office documents what the software giant calls "Extensible
Filtered Lists for Mobile Device User Interface," outlining details for
improving the consumer data experience by arranging access to multiple applications through a group or listing of items.

Each group or list includes multiple items associated with data or tasks from multiple applications. The groupings will be customizable and extensible

In essence, item groups offer users a filtered view of content available through the mobile device improving access to all available data and tools.

iTunes rivals Walmart Music Sales

2008-02-26T16:52:00.001-08:00

NPD Group reported that iTunes came in second behind Walmart in music sales

iTunes had a whopping 50% increase in sales too over the previous year. Also noted -10% of the entire revenue share for music was downloaded legally. As far as our future buyers- 50% of all teens bought music online-not at store!

The JamieWire

So What is Scrum?

World-Check - Due Diligence (EDD) services - Global Company Background Checks

Silanis releases SMS Txt and Voice Authentication - Insurance and Financial Services Solution

Symantec enters Encryption Market - Acquisition of PGP & GuardianEdge

FireScope Delivers Industry's First CMDB iPad App

NIST Content Automation Protocol (SCAP) - FIPS, Special Publications - CALL for Feedback

FISMA - Federal Information Security Management Act

Visa's Mandate for Merchants to be PCI Compliant - Deadline is July 1, 2010

HIPAA Violations and Enforcement - Penalties Listed!

HIPAA - Overview of HIPAA's goals

HIPAA - Brief Overview of Guidelines

PCI DSS 1.2 - Check for rogue Wireless Networks

PCI Compliance - Eliminate WEP by June 30 2010

Andy Purdys Call to Secure our Nations Infrastructure

TJX & Heartland Payment Systems- Data Thief receives Two 20 year Prison terms

PCI Council - Guidance on End-to-End Encryption

FireScope's Reduces the Complexity in Compliance

FireScope Raises the bar with Modular Compliance Solution

Abbo EMR provides Medical Records on Smartphones

HSBC’s Swiss Private Bank Data Theft - 24,000 Clients

Medisoft v16 - Improves Integration with HIPAA Compliance

KEYLOK Fortress reduces Software Piracy

Social Networking and Identity Theft

FTC - Identity Theft is #1 Complaint

2009 Identity Fraud Stats - Climbing ID Theft

Mophie enters into the Mobile Payment Systems Market

DirecTV appoints CEO Michael White of PepsiCO

GXS and Invois Intent to Merge

iPhone 3G Overheating

iPhone with RFID?

iPhone for Verizon Users

InBev buys Budweiser

Tony Snnow has Passed Away

SAG Strike in Hollywood

OIL COST UPDATE - BLEEK

SUVs are Dead

iTunes Tops 5 billion Songs!

KPMG Digital Content Survey

Disgraced Enron CEO Appeals his 24 Year Sentence (SOX)

Perpetual Storage Backup Tapes Stolen

Standford Stolen Laptop - 72,000 employee records stolen

Raketu Communications Integrates with iPhone

Nike - Cellular Photos onto Tennis Shoes

Thumplay Launches "GET" Text Service

Bundled Cellular Plans - A Must

TIM RUSSERT- Blessings

USi is an AT&T Company - Identity Theft on the RISE!

GAP, Old Navy, Banana Republic - Identity Theft - Stolen Laptop

AT&T Management Identity Theft - Stolen Laptop

Sterling Commerce - Employee ID Theft - Stolen Laptop

Apple iPhone 2.0 - New Patents

Rohati Systems- Cisco Engineers for Startup

Vodafone - Strategic Move to buy Tiscali

Onstream Media making an IPTV Move!

Got Cache? Will Hack!

Wavesat brings 4G to benefit The Mobile Sector

Obama and McCain

CDMA Development Group (CDG) - Market Trends

Mobile Media Entertainment (MME) market breakdowns / 2007-2012

Forecast - Mobile Media and Entertainment in the US / 20072012

Frengo Social Mobile provider to interface with Facebook, MySpace, Bebo and more

ROK Entertainment buys Jalipo Media Limited

Nokia - Multimedia Film Production

Interop - Ability by Novell and Microsoft

Security Breaches on the rise

Infosecurity - Hosting a Mock Breach Trial

The Boardroom has ultimate responsibility for security breaches!

VC are betting on Web 2.0 Start-ups

Blessings to Cameron Diaz and Family - Her father Emilio Diaz passed away this past Tuesday

Motorola Spinning-off Handset Business

PCI Compliance - Hannaford Breach was 4.2 Million

Sony BMG Music - Developing Digital Music Service

Thumbplay & Clear Channel Radio ink Partnership

Floods will Increase Soy and Corn costs

Verizon - Any App and Device program revealed at their Open Development Conference

Crayola CIO - Change Management is key

Hannaford Grocery Chain - Customer Identity Theft (PCI Compliance)

PCI Security Standards Requirements

PCI Compliance - Payment Card Industry Data Security Standard

Forecast - Mobile Media and Entertainment in the US / 20072012