 |
The WAVE Report on Digital Media 3D --- Media Creation --- Shared Space ---Published by 4th Wave, Inc.--- Issue #0607------------------2/17/06 |
The WAVE Report is Searchable on
http://www.3dlinks.com
http://www.wave-report.com
--------------------------------------
0607.2 Personalized Weather Reporting
WeatherBug VideoCast Advances Internet and Broadcast News Beyond RSS and Podcasts
0607.3 Web Security Standards
0607.4 January Spam Stats
0607.5 Windows Media Player Flow
eEye Digital Security Discovers Critical Flaw in Windows Media Player
0607.6 Fiberoptics Deployment
FTTH Council Urges Policymakers to Remove Deployment Barriers
0607.7 IT Security
Computer Economics IT Security Study Finds Large Firms Lag Behind
0607.8 PDA Sales Record
Gartner Says Worldwide PDA Shipments Reach Record Level in 2005
0607.9 Mobile Phone Access
Survey Reveals Increased Consumer Demand for Speech Solutions on Mobile Phones
0607.10 New MAC Browser
0607.11 Professional Security Certification
The Stanford Center for Professional Development to Offer Computer Security Certificate Program
0607.12 Storage Standards
--------------------------------------
0607.1 Travel Security
***GE Security Expands Commitment to Aviation Security with Strategic Investment in Verified Identity Pass; Investment in Leading Registered Traveler Program Hoped to Provide Better, Faster Security Screening for Air Passengers
BRADENTON, Fla.
Feb. 15, 2006
GE Security's Homeland Protection business, through its wholly-owned subsidiary GE Invision, has announced it is making a minority strategic investment of up to $16 million in Verified Identity Pass, Inc. (Verified ID).
GE intends to utilize its extensive research and development capability, its broad experience in airline luggage and passenger screening, as well as its next-generation explosives detection technology to improve passenger checkpoint security, drive down the cost of providing improved security and allow Clear members an expedited security process.
Along with its investment, GE has also agreed to provide its Lean Six Sigma process improvement capabilities to Verified ID's Clear lanes, to help make screening more efficient and convenient.
Registered Traveler is part of a recently announced Department of Homeland Security (DHS) vision for developing new solutions that ensure the best use of new technologies and more efficient processes to improve security and facilitate travel and trade.
The Registered Traveler program is intended to accelerate the screening process at participating airports for passengers who voluntarily choose to enroll. The TSA announced last November that by June 2006 private service providers will be allowed to roll out programs at airports around the country similar to the private sector program begun by Verified ID at the Orlando International Airport in July, 2005.
Verified ID created the first branded consumer product, Clear, in the voluntary identity credentialing industry. Clear allows the shifting of limited airport security resources away from lower-risk travelers. It is based on the risk-management premise that someone who is pre-screened is less likely to be a threat than someone who isn't.
The Clear service at Orlando International Airport, which now has more than 15,000 members, is the only Registered Traveler program operating in the United States.
By participating in the Registered Traveler program, Clear members spend less time in security lines. As further services roll out at airports across the country, the completely interoperable Clear system will allow members to use Registered Traveler lanes at any airport in the United States.
GE's vision for aviation security features a variety of innovative GE security products including the EntryScan, Itemiser FX and ShoeScanner, as well as the SafeView Scout millimeter wave portal. It is hoped that these next generation products will help make travel safer, security less costly and passenger checkpoints much more convenient and efficient.
0607.2 Personalized Weather Reporting
***WeatherBug VideoCast Advances Internet and Broadcast News Beyond RSS and Podcasts by Combining a Live, Comprehensive Neighborhood Weather Report with Broadcast Meteorologists Via One Click
GERMANTOWN, Md.
Feb. 14, 2006
WeatherBug has announced the debut of WeatherBug VideoCast. The revolutionary, web-based application offers end-users a unique and personalized video forecast. In a technological advancement in news and information delivery, the WeatherBug VideoCast combines the industry's only live, neighborhood weather conditions presented by local broadcast meteorologists in a comprehensive one-on-one, Internet broadcast... on demand. WeatherBug VideoCast takes Internet news beyond pre-packaged, one-size-fits-all news currently available on traditional news websites, RSS or Podcasts to an unprecedented level of intimacy and personalization.
The WeatherBug VideoCast commences when and where the viewer chooses "on command" vs. traditional broadcast or "canned" news segments directed to a broad audience. In short, each WeatherBug VideoCast summons the designated meteorologist with a click of the user's mouse -- to deliver the end user's individualized, comprehensive weather report of live weather data as the end user is viewing the actual report itself.
WeatherBug VideoCast features: actual (not computer modeled) live, streaming weather conditions for the designated zip code, weather alerts, 3 day and 7 day forecasts, radar and satellite views plus a fun photo of the day submitted by WeatherBug users.
The new application currently resides on the WeatherBug website and through the WeatherBug applications. When users click on the WeatherBug VideoCast icon, they are prompted to enter their zip code and select a meteorologist, which then launches the VideoCast.
WeatherBug VideoCast will initially feature WeatherBug's and selected broadcast partners' meteorologists. Like news videos currently available on traditional news sites, WeatherBug VideoCast will commence with 15-second video spots. Initially, WeatherBug will air public service announcements (PSAs) developed in collaboration with the Ad Council. Shortly, WeatherBug will feature ads, enabling viewers to enjoy the VideoCast free of charge. The new ad vehicle will offer advertisers a non-intrusive vehicle to reach end users via an intimate, personalized setting in a far less competitive environment than previously available.
WeatherBug owns and operates the world's largest weather network. Approximately 8,000 WeatherBug Tracking Stations and 1,000 WeatherBug Cameras across the U.S. stream crucial weather conditions to enable organizations and individuals to protect their property and lives. What makes WeatherBug so unique is its network and neighborhood level data (generated every two seconds) and the diverse industries that rely upon its depth and granularity. Alternative weather sources offer computer modeled forecasts and data based upon hourly reports from area airports.
WeatherBug, available at weatherbug.com, had 16.5 million unique visitors in December 2005, according to comScore Media Metrix. It is the #2 ranked news and information property, in terms of daily reach, and ranked among the top ten properties overall in terms of days visited per user per month, which is a key indicator of consumer loyalty.
http://videocast.weatherbug.com/
***Members Approve WS-Security v1.1 as OASIS Standard
BOSTON
Feb. 15, 2006
OASIS, the international e-business standards consortium, has announced that its members have approved WS-Security version 1.1 as an OASIS Standard, a status that signifies the highest level of ratification. Developed through an open process by the OASIS Web Services Security (WSS) Technical Committee, WS-Security delivers a technical foundation for implementing security functions such as integrity and confidentiality in messages implementing higher-level Web services applications.
WS-Security builds on existing security technologies to deliver an industry standard way of securing Web services message exchanges. Providing a framework within which authentication and authorization take place, WS-Security lets users apply existing security technology and infrastructure in a Web services environment.
The OASIS WSS Technical Committee remains open to new participation and particularly seeks input from those in the international community to advance WS-Security. All interested parties are encouraged to exchange information on implementing WS-Security via the wss-dev mailing list that can be accessed on the OASIS website. As with all Consortium projects, archives of the OASIS WSS Technical Committee's work are accessible to both members and non-members, and OASIS hosts an open mail list for public comment on the standard.
About OASIS:
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. The consortium produces open standards for Web services, security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 5,000 participants representing over 600 organizations and individual members in 100 countries. Approved OASIS Standards include AVDL, CAP, DITA, DocBook, DSML, ebXML CPPA, ebXML Messaging, ebXML Registry, EML, OpenDocument, SAML, SPML, UBL, UDDI, WSDM, WS-Reliability, WSRP, WS-Security, XACML, XCBF, and XML Catalogs.
***January Virus and Spam Statistics: 2006 Starts with a Bang
SAN JOSE, Calif.
Feb. 15, 2006
Commtouch has announced spam and computer virus statistics for the month of January 2006. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January.
January at a glance: Vicious and Varied
The numbers are indeed concerning: 19 new email-born significant virus attacks, of which a troubling 8 (42%) were graded "low intensity", 7 (37%) "Medium Intensity" and 4 (21%) were massive attacks -- a rare phenomenon for a single month.
One outbreak of specific interest, consisting of 7 variants, illustrates how viruses are growing in sophistication: the first variant was launched around December 25th as a low intensity virus, however with subsequently released variants the attack's intensity grew into a massive outbreak towards the end of the month.
The biggest virus attacks are the quickest -- fast-moving solutions required
One of the factors measured by Commtouch is the speed of distribution. We consider attacks that peak within eight hours to have "short spans," since it takes an average of 8-10 hours for a traditional anti-virus vendor to release an updated signature blocking a new virus.
Computer virus statistics from the Commtouch Detection Center indicate that 40% of attacks during January met this profile. Also, there is a clear connection between the attack's speed and its intensity -- the faster attacks are the biggest ones: while the average distribution time of low intensity attacks is a "leisurely" 27 hours and medium-intensity attacks can take 17 hours, massive attacks take as little as 5.5 hours to spread in hundreds of millions of emails.
Anti-virus engine statistics -- is your AV up for the challenge?
Based in part on a reliable third party lab test, Commtouch was able to compare detection times of 21 leading AV engines against 19 new viruses in January. The results:
-- On average, each AV completely missed 6.2 viruses (the attack was completed, and a signature was not yet available).
-- The average response time to new viruses among all AV engines was 8.12 hours.
Spam is physically sent primarily from the US
The Commtouch Detection Center monitors spam distribution patterns on a global level. January spam statistics show that 43.18% of global spam is sent from US-based sources (down from approximately 50%). China is also a significant 'launching pad' for 12.89% of the spam. Korean and German sources distribute about 4% of global spam, and the rest of spam originates from around the globe.
Domains used by spammers -- your favorite and familiar ones
While spammers make every effort to use diverse domains, in a sample of 256 million messages, we find that some domains are being used significantly more than others. Leading the list are hotmail.com (4.7 million), yahoo.com (4.2 million), msn.com (2.1 million), cisco.com (1.9 million) and gmail.com (1.5 million).
Spammers have deduced that to avoid being blocked by the simplest mail server rules, they need to use a valid domain. However, if the domain that is used is unique and used only for spam, they would easily be blacklisted. The result -- the use of popular domains that blacklists dare not touch.
January 2006 -- Major Spam Categories
Category % of spam Popular
products / subjects
--------------- --------- --------------------------------------
Pharmaceutical 52.46% Medical offering
Gifts 14.08% Rolex
replicas
Enhancers & Diets 13.38% Show her how;
Finance 7.57% Refinance
your home, Your loan is approved
Software 6.34% Windows
XP Pro, Photoshop, MS-Office
Porn & dating 5.28% Nasty
girls date site; Have sex with locals
Fraud 0.88% eBay
Inc. -- Urgent Security Notification
Find interactive charts, updated daily and available for downloading at:
http://www.commtouch.com/Site/ResearchLab/statistics.asp
0607.5 Windows Media Player Flow
***eEye Digital Security Discovers Critical Flaw in Windows Media Player; Vulnerability Discovered by Security Leader eEye Indicative of Growing Number of Attacks Targeting Consumer-Oriented Applications
ALISO VIEJO, Calif.
Feb. 14, 2006
eEye Digital Security has announced the discovery of a critical security risk related to Microsoft Windows Media Player. Unless immediately resolved, this flaw allows attackers to take complete control of an affected system and execute harmful action remotely, including installing programs, viewing, changing or deleting data. In addition, eEye's world-class research team has identified this vulnerability as part of a growing trend of attacks that target consumer-oriented applications rather than the operating system itself.
The vulnerability exists due to an unchecked buffer in Windows Media Player that allows a malicious bitmap file (BMP) to be used to execute commands on a remote system, in the context of a logged-in user. This flaw affects Media Player versions 7.1 through 10 that run on the following Windows operating systems: Windows NT, Windows 2000 SP4, Windows XP SP1 and 2, and Windows 2003. Unlike signature-based solutions, such as anti-virus or behavior-based solutions, the advantage for Blink customers is its unique approach to preemptive protection. Blink customers aren't required to do anything further to realize protection from this flaw, as protection is already in place and no updates or policy changes are required. For those interested in reducing IT costs by adhering to regularly scheduled protection policies, thereby eliminating panic patching and maintaining business continuity, an evaluation version of Blink is available for download on eEye's website.
***FTTH Council Urges Policymakers to Remove Deployment Barriers
WASHINGTON
Feb. 14, 2006
The Fiber-to-the-Home Council (FTTH Council) has urged Congress and the Federal Communications Commission to remove barriers to deployment of next-generation broadband communications infrastructure.
In a filing submitted to the FCC, the FTTH Council presented evidence that burdens often imposed on the acquisition of cable television franchises harm consumers, slow next-generation broadband deployment, and violate federal telecommunications law. Among the obstacles cited by the FTTH Council were: lengthy negotiating periods of six to 30 months, level-playing field laws (which serve to protect incumbents and deter new entry), requirements to extend networks beyond economic limits; requirements to move aerial plant underground, and imposition of unrelated fees and costs. The FTTH Council called on the FCC to use its authority to adopt regulations removing these barriers.
And in testimony submitted to the Senate Committee on Commerce, Science and Transportation, the FTTH Council defended the rights of municipal governments to provide broadband services. Noting that municipal broadband networks often serve citizens who would otherwise have inadequate services, the FTTH Council urged support for legislation prohibiting restrictions on municipal broadband authored by Senators Frank Lautenberg (NJ) and John McCain (AZ).
FTTH in the US has grown dramatically in recent years and now exists in over 654 communities in 46 states. However, the US still has less than 3% of our homes passed with fiber and is falling further behind countries such as Japan, Korea and Sweden.
The FTTH Council will discuss these recommendations further with national policymakers during its quarterly meeting February 27-March 1 in Washington, DC.
About the Fiber-to-the-Home Council
The Fiber-to-the-Home (FTTH) Council is a non-profit organization established in 2001 to educate the public on the opportunities and benefits of fiber-to-the-home solutions. FTTH Council members represent all areas of broadband industries, including telecommunications, computing, networking, system integration, engineering, and content-provider companies, as well as traditional telecommunications service providers, utilities and municipalities. Communities and organizations interested in exploring FTTH options can find information on the FTTH Council web site at
***Computer Economics IT Security Study Finds Large Firms Lag Behind
IRVINE, Calif.
Feb. 14, 2006
By nearly every measure, large firms lag behind mid-size organizations in IT security spending, staffing, technology, and management practices.
According to a new Computer Economics IT security study, companies with over $750 million in annual revenues lag behind mid-size firms in IT security spending and adoption rates for security technologies.
Furthermore, many companies of all sizes fail to implement a number of basic security best practices. For example, 65% of all organizations do not provide periodic security training for employees, and 67% do not conduct regular audits of desktop computers to check for unauthorized software.
The study also found that, in spite of these deficiencies, most companies are not authorizing more money for security.
The study, based on a survey of North American IT security managers, analyzes information security spending, staffing, incidents, technology adoption, and best practices for large, medium, and small organizations.
The full report, "2006 IT Security Study: The Current State of IT Security Budgets, Management Practices, and Security Incidents," with over 150 charts, is available from the Computer Economics Web site at
http://www.computereconomics.com
***Gartner Says Worldwide PDA Shipments Reach Record Level in 2005; PDA Shipments of 14.9 Million Units in 2005 Tops Previous Mark Set in 2001
STAMFORD, Conn.
Feb. 14, 2006
Worldwide personal digital assistant (PDA) shipments totaled a record 14.9 million units in 2005, a 19 percent increase from 2004, according to Gartner, Inc. The 2005 results topped the previous record of 13.2 million PDAs shipped worldwide in 2001.
Research In Motion (RIM) became the No. 1 PDA vendor based on worldwide shipments in 2005 (see Table 1) as it accounted for 21.4 percent of total shipments. Its shipments in 2005 increased 47 percent from 2004. These results do not include an estimated 858,000 BlackBerry smartphones shipped in 2005, which Gartner classifies separately because of their voice-centric design.
Table 1
Worldwide: Preliminary PDA Vendor Shipment Estimates, 2005 (Units)
2005 2004 2004-
Market Market 2005
2005 Share 2004 Share Growth
Company Shipments (%) Shipments (%) (%)
-----------------------------------------------------------------
Research In Motion 3,193,000 21.4 2,178,000 17.4 46.6
Palm 2,773,025 18.6 3,726,172 29.8 -25.6
Hewlett-Packard 2,264,666 15.2 2,668,627 21.3 -15.1
Nokia 1,010,000 6.8 250,000 2.0 304.0
T-Mobile 812,600 5.5 191,400 1.5 324.6
Others 4,839,701 32.5 3,499,314 28.0 38.3
Total 4,892,992 100.0 12,513,513 100.0 19.0
-----------------------------------------------------------------
Notes: Totals do not include smartphones, such as the Treo 650 and BlackBerry 7100, but include wireless PDAs, such as the iPAQ 65xx and BlackBerry 8700.
Source: Gartner Dataquest (February 2006)
Palm shipped 2.77 million PDAs in 2005, down 25 percent from 2004 shipments. These results exclude Palm's Treo smartphone shipments of 1.95 million units in 2005.
Palm regained the PDA market lead in the fourth quarter of 2005 with 1.04 million units shipped, reflecting the traditionally strong consumer PDA sales associated with the holiday season.
Table
Worldwide: Preliminary PDA Vendor Shipment Estimates, 4Q05 (Units)
4Q05 4Q04 4Q04-
Market Market 4Q05
4Q05 Share 4Q04 Share Growth
Company Shipments (%) Shipments (%) (%)
-----------------------------------------------------------------
Palm 1,037,680 23.5 1,226,525 29.9 -15.4
Research In Motion 780,000 17.7 698.000 17.0 11.7
Hewlett-Packard 660,463 15.0 869,000 21.1 -24.0
T-Mobile 305,000 6.9 96,000 2.3 217.7
Mio Technology 220,214 5.0 83,645 2.0 163.3
Others 1,405,569 31.9 1,135,788 27.6 23.8
Total 4,408,926 100.0 4,108,958 100.0 7.3
-----------------------------------------------------------------
Notes: Totals do not include smartphones, such as the Treo 650 and BlackBerry 7100, but include wireless PDAs, such as the iPAQ 65xx and BlackBerry 8700.
Source: Gartner Dataquest (February 2006)
Microsoft Windows CE was the No. 1 PDA operating system (OS) in 2005 as 7.05 million PDAs were loaded with the OS, up 33 percent from 2004 shipments of 5.28 million units. Palm OS PDA shipments declined 34 percent to 2.96 million units in 2005.
Gartner defines a PDA as a data-centric handheld computer weighing less than one pound that is primarily designed for use with both hands. These devices use an open market operating system supported by third-party applications that can be added into the device by end users. They offer instant on/off capability and synchronization of files with a PC. A PDA may offer WAN support for voice, but these are data-first, voice-second devices.
Additional information is available in the Gartner report "Dataquest Alert: Record 14.9 Million PDAs Shipped in 2005, Up 19 Percent Over 2004." The report is available on Gartner's Web site at
http://www.gartner.com/DisplayDocument?ref=g_search&id=488746
***Survey Reveals Increased Consumer Demand for Speech Solutions on Mobile Phones; Nuance Communications Finds Majority of Consumers Surveyed Want Speech Access to Popular Phone Features and Safer Access to Mobile Phones While Driving
3GSM World Congress 2006
BARCELONA, Spain
Feb. 14, 2006
Nuance Communications, Inc. has announced the results of a recent survey regarding user interest in the use of speech technology for mobile phones. According to the survey of nearly 2,000 mobile phone customers in the US and the UK, consumers are demanding increased hands-free and eyes-free access to mobile phones for improved convenience and safety. These requirements are more important than ever since mobile phones are increasingly used for messaging, email and Web browsing.
Voice Control of Mobile Phone Functionality
More than 75 percent of respondents expressed interest in using speech commands to facilitate dialing and improve access to the advanced features of mobile phones, particularly when driving. Additional survey results include the following:
-- 60 percent of US respondents frequently or occasionally use their cell phones while driving.
-- The top reason cited for rarely or never using the cell phone while driving is safety concerns (73 percent).
-- More than half of all respondents are looking for solutions that allow them to drive more safely by keeping their eyes on the road when using the phone.
-- 47 percent of respondents are demanding technology that will allow them to comply with regulations for hands-free mobile phone use while driving.
-- 35 percent of respondents are interested in speech solutions that enable them to become more productive during commute time.
SMS and Text Message Dictation
UK survey respondents expressed an overwhelming interest in text messaging: 90 percent of UK respondents use text messaging at least once a week, compared to 48 percent of US respondents. The survey found that mobile phone users, particularly those ages 13-24, are hoping to take better advantage of SMS and text messaging services:
-- More than 60 percent of respondents said they would be likely to use dictation technologies to enter SMS and email messages.
-- More than half of respondents found speech solutions for dictation "very appealing" if the technology enabled quicker text entry.
-- 52 percent valued the ability to compose messages by speaking naturally, with no need to pause between words.
Voice Control of Media Applications
Respondents also expressed a significant interest in full voice control of media applications:
-- 46 percent of the survey audience said they would be likely to use a voice application that enabled hands-free, eyes-free activation of MP3 players.
-- Justification for the appeal of this service was evenly split among the following factors: the ability to drive more safely, quickly search playlists and song libraries, and the ability to jump to songs without scrolling.
For a complete summary of survey results, visit
http://www.nuance.com/unlockthepower
***Camino 1.0 Browser Released; New Open Source Web Browser Combines the Power of Mozilla Technology and the Mac OS X Operating System
MOUNTAIN VIEW, Calif.
Feb. 14, 2006
The Camino Project has introduced the Camino 1.0 browser, a Web browser for the Mac OS X operating system built on the open source Mozilla Gecko rendering engine.
Full-Featured Web Browser
Considered one of the fastest Web browsers on Mac OS X, Camino also integrates tightly with the platform, adopting the refined style, user-focused interface, and cutting-edge technologies that are hallmarks of the Macintosh experience. The project's development philosophy embraces these ideals, so Camino includes built-in technology to block pop-ups and ads, allowing users to view the Web as it was meant to be seen -- annoyance-free.
With its elegant tabbed browsing implementation, Camino allows users to view several Web pages at once without cluttering the screen with multiple windows. The bookmarks manager offers an easy way for users to search and sort their bookmarks and history. To make downloading simple and unobtrusive, Camino provides a compact downloads manager that can pause and resume in-progress downloads and open completed ones with a single click.
By integrating seamlessly with Mac OS X system services and technologies, Camino fits cleanly onto Macintosh desktops. Camino uses the system Address Book when filling out Web forms and saves passwords in the Keychain data store. Camino also reads settings from the Mac OS X System Preferences whenever possible, saving users from entering information multiple times. In addition, the Spotlight search utility can search Camino's bookmarks, and support for Bonjour networking technology is included in the bookmarks manager.
Built on Mozilla's Gecko Rendering Engine
Camino uses Mozilla's Gecko rendering engine to display Web pages. Gecko is the leader in standards-based rendering, supporting HTML, XHTML, CSS, SVG, MathML and other specifications defined by the World Wide Web Consortium. Since it is powered by the same Gecko rendering engine as the popular Mozilla Firefox Web browser, Camino is also compatible with billions of Web pages around the world.
Open Source
Camino is built using the open source development model, which leverages the talents of a worldwide community. Under this system everyone has an opportunity to help improve Camino by volunteering to write code, test releases, write documentation, and even translate Camino into the world's many languages. By working together contributors enable the Camino Project to fulfill its mission of providing the best possible browsing experience on Mac OS X. Information on contributing is available on the Camino Project's Web site.
Released under the Mozilla Public License, Camino 1.0 is a free download and is available now from
0607.11 Professional Security Certification
***The Stanford Center for Professional Development to Offer Computer Security Certificate Program
RSA Conference 2006
STANFORD, Calif.
Feb. 13, 2006
Staying one step ahead of hackers and other security threats means having the most up-to-date and reliable information possible. To help organizations meet that need, the Stanford Center for Professional Development (SCPD) is offering the Stanford Advanced Computer Security Certificate program.
The four-day intensive program -- which will take place July 17-20, 2006 on the Stanford campus -- is designed to meet the needs of all professionals who have a stake in protecting their data and systems from security breaches. Participants will learn how to build secure infrastructures, and how to protect their networks and electronic assets from attacks and theft.
SCPD is uniquely suited to offer such a program. The center's executive director, Andy DiPaolo, says, "There is a great and growing demand for this kind of intensive learning experience. SCPD is in the unique position to offer courses designed and taught by world-renowned Stanford faculty members. These are industry insiders who understand security and have played key roles in the research and development of cutting-edge security mechanisms and systems."
A case in point is the certificate program's academic director Dan Boneh, professor of computer science at Stanford University and a leading authority in the fields of cryptography and computer science. A principal focus of Boneh's research is the building of security mechanisms that are easy to use and deploy. He is also a co-founder of Voltage Inc., a company which provides secure communication solutions.
In regard to the certificate program, Boneh notes that, "It is designed for busy professionals who feel a sense of urgency about protecting their systems and data. The course material is condensed, relevant, and practical, with a lot of emphasis on real-world scenarios and hands-on exercises. We want participants to take away skills and knowledge that they can apply to their jobs immediately."
http://proed.stanford.edu/?advancedsecurity
Stanford University master's degrees, graduate courses, certificates, and professional development courses are made available part-time to working professionals through the Stanford Center for Professional Development (SCPD). Courses are delivered online worldwide, on campus, and via TV broadcast within the San Francisco Bay Area.
***Trusted Computing Group Announces Trusted Software Specification, Makes Framework for Trusted Storage Available
SAN JOSE, Calif.
Feb. 13, 2006
The Trusted Computing Group (TCG), whose open building blocks will result in the shipment of more than 50 million trusted systems in 2006, has announced it has released a software specification to enable the development of applications for systems using the Trusted Platform Module 1.2.
The group also announced a set of detailed use cases as a framework for trusted storage, with a trusted storage specification to enable products anticipated for release the first half of this year.
Also at the RSA Conference, TCG demonstrated for the first time the Trusted Network Connect (TNC) endpoint integrity verification using the Trusted Platform Module (TPM). The TPM, which is embedded into a client PC, serves as a root of trust that is used by Trusted Network Connect components to verify the client platform against pre-set security policies and grant or deny network access based on compliance with those policies. Because the TPM is tamperproof, network administrators can be assured that the clients connecting are in the desired state and are authorized to connect.
TCG Trusted Software Stack
TCG has released the TCG Trusted Software Stack 1.2. The specification enables development of applications to access features of the TPM 1.2. These important security features include direct anonymous attestation, the ability to run and generate a new Attestation Identity Key, and many others.
TPM_1_2_Changes_final.pdf. A number of TCG members already support the TPM 1.2 with applications based on preliminary specifications and others are anticipated for release in the coming months.
Trusted Storage
TCG also is announcing a framework for trusted storage. TCG's planned specification, based on this initial framework, will help ensure that permanent storage devices such as hard disk drives, flash memory drives, optical drives and digital tape drives are trustworthy to prevent data misuse, theft or loss.
The newly available use cases document outlines seven potential applications for trusted storage:
-- Enrollment and connection for a trusted relationship between the storage device and the host
-- Protected storage for storing sensitive data
-- Locking and encryption to mate a storage device and host and for encrypting stored data at rest
-- Logging, for forensic purposes
-- Cryptographic services supporting a variety of security functions
-- Authorizing storage device feature sets to host applications for trusted and exclusive use
-- Secure download of firmware
TCG has worked closely with storage industry standards bodies to ensure the appropriate commands are supported in SCSI and ATA interfaces and protocols.
Trusted Network Connect
TNC is an open, non-proprietary standard that enables the application and enforcement of security requirements for endpoints connecting to the corporate network. The TNC architecture helps IT organizations enforce corporate configuration requirements and to prevent and detect malware outbreaks, as well as the resulting security breaches and downtime in multivendor networks. More than 60 of TCG's members have contributed to the first TNC specifications, which have been available since mid-2005. Several companies now ship products to support the specifications, and others are planning to ship products this year.
About TCG
TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft.
More information and the organization's specifications are available at
http://www.trustedcomputinggroup.org
--------------------------------------
Copyright 2006 4th WAVE, Inc.
To subscribe to WAVE go to
To unsubscribe also use the Wave Report Home page or send the preformatted UNSUBSCRIBE message:
Previous issues of WAVE, as well as other info can be found at
http://www.wave-report.com
http://www.3dlinks.com
Comments on or questions about the WAVE may be sent to:
or the below individuals below:
John N. Latta - Editor-In-Chief
Michael Robertson - Web Editor
The WAVE Report may be redistributed in full for individual readership and posted to newsgroups, Web, and FTP sites. This publication may not be reprinted or redistributed for profit. Short quotes are permitted but must be attributed to the WAVE Report. 4th Wave retains the copyright to the WAVE Report.