Tag: chief executive
She will take up the post on 1 May 2017. Neaman is currently a consultant at the Tech Partnership, the networ...
The 4-4 vote by the 2nd US Circuit Court of Appeals sets the stage for a potential Supreme Court showdown over the US government's demands that it be able to reach into the world's servers with the assistance of the tech sector. A three-judge panel of the 2nd Circuit had ruled that federal law, notably the Stored Communications Act, allows US authorities to seize content on US-based servers, but not on overseas servers.
Because of how the federal appellate process works, the Justice Department asked the New York-based appeals court to revisit the case with a larger, en banc, panel—but the outcome fell one judge short. Peter Carr, a Justice Department spokesman, said the agency was reviewing the decision and "considering our options." Those options include appealing to the Supreme Court or abiding by the ruling. In its petition for a rehearing, the government said Microsoft didn't have the legal right to defend the privacy of its e-mail customers, and that the July ruling isn't good for national security.
The authorities believe information in the e-mail could help it investigate a narcotics case. "The Opinion has created a regime where electronic communication service providers—private, for-profit businesses answerable only to their shareholders—can thwart legitimate and important criminal and national security investigations, while providing no offsetting, principled privacy protections," the government argued. Some of the members of the appeals court agreed with the government, but there weren't enough votes from the full court to rehear the case with all of its judges. In his vote to rehear the case, Judge Dennis Jacobs noted in his dissent that it doesn't matter where the data is stored, as Microsoft can retrieve it to honor the US-based warrant. "But electronic data are not stored on disks in the way that books are stored on shelves or files in cabinets," he wrote, in a dissent joined by three other judges. Dozens of organizations and companies have lodged briefs in the case on behalf of Microsoft.
They include the US Chamber of Commerce, Amazon, Apple, Cisco, CNN, Fox News Network, Gannett, and Verizon. Microsoft did not immediately comment on the ruling.
But right after the July ruling, Microsoft's president and chief legal officer said the outcome "provides a major victory for the protection of people’s privacy rights under their own laws rather than the reach of foreign governments.
It makes clear that the US Congress did not give the US government the authority to use search warrants unilaterally to reach beyond US borders."
eProseed will participate as a Supporting Partner in the 11th MENA Regulatory Summit on February 5th & 6th in Dubai, United Arab Emirates.
The summit will cover the main topical challenges faced by the regulatory authorities and the GRC community, a debate in which eProseed has a pivotal role to play as the publisher of FSIP, a comprehensive financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.
The 11th MENA Regulatory Summit will take place in Dubai, UAE, in association with the Dubai Financial Services Authority (DFSA) and under the patronage of H.E.
Sultan bin Saeed Al Mansouri, the UAE Minister of Economy.
Formerly known as the GCC Regulators' Summit, the event has been renamed in an effort to ensure the utmost involvement of the governance, risk and compliance (GRC) community across the MENA (Middle East and North Africa) region, and to expand the dialogue to neighboring countries that share the same topical risk challenges and regulatory outlook.
"With increasing demands from many international regulatory bodies, financial supervisory authorities are required to monitor the compliance of their financial institutions against numerous new national and international requirements.
In the MENA region, the recent macroeconomic developments have also triggered an unprecedented demand for collection of high precision data at high frequency from all financial institutions to support a better risk based supervision", comments Geoffroy de Lamalle, Chief Executive Officer of eProseed.
MENA: an increasing role in global compliance and combating financial crime
The 11th MENA Regulatory Summit will be attended and supported by regional and international regulators, financial services professionals, law practitioners, advisors and market players.
The participants will highlight the recent macroeconomic developments in the MENA region including the US election, Brexit aftermath, regional regulatory responses to the financial crisis, the digital revolution in financial services, block chain technology, and crowd funding.
The speakers will set the landscape for international anti-financial crime trends, FATF perspective on terrorist financing and emergent types of financial crimes, and the dangers of withdrawal of correspondent banking relationships. Panelists will also discuss trade-based money laundering and trade finance activities, compliance culture, business conduct, business ethics, and compliance conflicts.
eProseed, the Solution Provider for Financial Supervision
Leveraging the proven expertise in developing and implementing end-to-end business solutions based on Oracle's world-class software technology stack and a close collaboration with major Financial Institutions and Regulators, eProseed has developed eProseed Financial Supervision Insight Platform (FSIP), an end-to-end financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.
"In essence, eProseed FSIP is a comprehensive, highly agile, and plug-and-play financial supervision solution, enabling efficient and pro-active collection of high precision data at high frequency from all financial institutions, as well as automating and integrating all regulatory and supervisory functions in one single software solution", says Geoffroy de Lamalle.
eProseed is an ICT services provider and a software publisher. Honored with 8 Oracle ACE Directors and 14 Oracle Excellence Awards in the last 7 years, eProseed is an Oracle Platinum Partner with in-depth expertise in Oracle Database, Oracle Fusion Middleware and Oracle Engineered Systems.
eProseed’s portfolio of business applications and business accelerators is built on state-of-the-art, reliable technologies and sound knowledge of today’s challenges, developed and maintained with the highest standards in mind.
Comprehensive training and support are provided by eProseed’s experts for both applications and underlying technologies.
Headquartered in Luxembourg, in the heart of Europe, eProseed has offices in Beirut (LB), Brussels (BE), Dubai (AE), London (UK), New York (USA), Porto (PT), Riyadh (SAU), Sydney (AU), and Utrecht (NL).
The main goal of launching the hidden service, Yen claims, is a means to make the service more resistant to censorship and surveillance. “Tor applies extra encryption layers on top of your connection, making it more difficult for an advanced attacker to perform a man-in-the-middle attack on your connection to us.
Tor also makes your connections to ProtonMail anonymous as we will not be able to see the true IP address of your connection to ProtonMail,” Yen wrote. According to the blog post, ProtonMail conferred with Roger Dingledine on the .onion site. Dingledine developed Tor and currently serves as the service’s research director and president. As ProtonMail was able to acquire a certificate from the CA DigiCert, the .onion site exists only on HTTPS, meaning users should see a green bar in their browser upon navigating to the site. Developers with the service acknowledge that while the concept of using HTTPS for an onion site may sound redundant to some, it was a necessary step. If Tor was ever compromised, Yen claims having HTTPS enforced by default would protect users.
Vice versa, if a certificate authority was ever compromised, or HTTPS was ever cracked, Tor could help safeguard users. “The notion of HTTPS being compromised is one that we take seriously, considering that there are hundreds of CAs (certificate authorities) that are trusted by default, with many of them under direct government control in high risk countries,” Yen wrote. Yen goes on to say that the way the site is put together should make it more resistant to phishing. The company used some spare computational power it had to “generate millions of encryption keys” which it then hashed to generate a more “human readable hash” for the URL. Yen is still asking users to double check that they’re on the right site – most importantly that it has a SSL certificate issued to Proton Technologies AG – before entering their credentials. Yen points out that the site is experimental, so it may take longer to reach and users’ experiences may vary. Nevertheless, he is still encouraging ProtonMail users who value their privacy to seek it out. It was over two years ago that DigiCert issued an .onion SSL certificate to Facebook for its own hidden service.
The move, at the time, was a milestone; it marked the first time a CA had issued a legitimate SSL certificate for an .onion address. The move was a success. Over the course of 30 days this past summer one million people accessed the site over Tor. Following Facebook’s hidden service news, the CA said it was mulling opening up the way it was issued .onion domain certificates. Jeremy Rowley, then DigiCert’s vice president of business development and legal, said the company believed there was a value in providing SSL and TLS security for Tor, but only if the right security controls were in place.
The company went on to issue HTTPS .onion certificates for Blockchain.info and the Intercept’s SecureDrop installation in the months following.
Image: WordFence. Users who fall for the attacks can be saved by two factor authentication. One user claiming to be a system administrator at a school says the attacks compromised students and three staff within two hours, using an athletic schedule paired with a subject line to pull off the attacks. This is the closest I've ever come to falling for a Gmail phishing attack.
If it hadn't been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh — Tom Scott (@tomscott) December 23, 2016 Attackers use the data URI scheme to embed a file in the browser location bar which executes once their malicious attachment is clicked, displaying the fake Google login page and google.com address. Keen eyed users may spot the URL prefix data:text/html or the lower resolution Google image in the phishing page. White space separates and hides the URL from the file text which invokes the phishing page in a new browser tab. Maunder says the phishing attacks do not trigger Google's green or red secure and insecure HTTPS security indicators, giving it an appearance of uniformity that makes the attacks highly effective. "In user interface design and in human perception, elements that are connected by uniform visual properties are perceived as being more related than elements that are not connected," he says. He recommends Google change the colour of the data:text/html prefix to amber which would grab user's attention. ® Sponsored: Customer Identity and Access Management
Indecent mobile security experts have questioned whether the technology offers much by way of benefits over that offered by native Pixel smartphones. But professor David Rogers, chief executive of Copper Horse and a Lecturer in mobile systems security at the University of Oxford, questioned what exaclty is new. “Many of the proposed functions are already in-built into Pixel (examples below), so what are the extra benefits Kaymera offers?” For example, Pixel has full device encryption and file-based encryption, backed by TrustZone. Plus, as it's Google’s own phone, Pixel is first in line for patching - an important security defence in itself. “Pixel has many other functions and capabilities built over many years including Position Independent Execution (PIE), Address Space Randomisation Layout (ASLR), SE Linux and so on,” Rogers added. Kaymera responded that its kit offered benefits on this front by enforcing security controls built into Pixel but not actually enforced. Oded Zehavi, Kaymera chief operating offficer, told El Reg: “In places where Google has good enough security, we leverage the existing functionality (in many of the examples given here, the functionality is not actually enforced.
In these cases we enforce and prevent disabling of the security functionality by negligent users or malicious hackers).” Third-parties building on Google security do not have a good track record in this space (including Blackphone) in terms of getting their own code secure and tested properly, including updates. Rogers is unconvinced that Kaymera will do any better with hardening Pixel than others have done with hardening Android. Zehavi responded that Kaymera devices have been tested to the most rigorous standards by governments around the world. “As a philosophy we always have more than one security layer against any attack vector hence we don’t trust any single security measure including Google security measures.
For example, our prevention layer feeds with fake resources any payload that may overcome the OS hardening and get loaded onto the device,” Zehavi said. Rogers remains unconvinced about the security proposition of the Kaymera Secured Pixel, especially in the absence of NCSC certification or US security certification.
It’s more like “some kind of Chimera rather than a Kaymera,” he cuttingly concluded. “If Kaymera really want to protect against comms interception, low-level malware attacks and so on, they would have to build some kind of firewall and introspection capability,” Rogers said. “To do that they would need access inside the Radio Interface Layer and also to processes and app data.” “Google’s security architecture does not allow this unless you ‘roll your own’ in a big way, creating your own device and modifying the AOSP [Android Open Source Project] code to deliver a bespoke device,” he added. Creating a bespoke device risk undoing Google’s security controls, Rogers warned. “Application sandboxing and isolation there for a reason, including enforcing the Principle of Least Privilege,” he said. The Israeli manufacture said it had been careful to add extra security without breaking Google’s existing controls. Zehavi explained: “Even though we embed our code deep into the AOSP code in layers that are beyond what regular applications can reach, we do not break any existing Google security measures including the sandboxing etc.
Instead, we add extra measures across the board that, as mentioned, leverage the existing mechanism but bring the device to a total different level of security which cannot be achieved via the application layer alone.” Rogers responded: “They admit to using AOSP which I guess means they self-sign the build of the device themselves.
That then comes down to a question of trust in who is digitally signing the product (that gives that signer access to absolutely everything, the radio path, the private data, the lot).“ The Kaymera Secured Pixel is aimed at business and government customers prepared to pay for extra to avoid the security weaknesses associated with the ‘off the shelf’ Android operating system.
The device retains the original Google device’s purpose-built hardware, features and ergonomics. Users can, for example, still use the fingerprint scanner. Kaymera devices are centrally managed via the company’s management dashboard, enabling easy enforcement of security policies on the smartphone. Kaymera’s secured Pixel phone is available immediately. Kaymera was started in late 2013 by the founders of NSO, the surveillance tech provider whose legitimate iPhone spyware malware was used to target the phone of UAE human rights activist Ahmed Mansoor in August 2016. The spyware caused Apple to rush out emergency software patches, to plug vulnerabiliies in its iOS mobile operating system. The Israeli firm is open about its roots.
If NSO is a ‘poacher’, selling surveillance tools to governments, then Kaymera is the gamekeeper, its pitch runs. “I’m not sure I can buy in to the poacher turned gamekeeper thing here and I would rather trust Google in this case,” Rogers concluded. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub