2008/12/02
TheRegister: Biz travelers howl over US gov RFIDs
by Dan Goodin
A travel industry group has called on the US government to halt its use of new machinery that remotely reads government issued identification cards at border crossings until the safety of the new system can be better understood.
Monday's call by the Association of Corporate Travel Executives (ACTE) follows similar requests by a chorus of civil liberties and computer researchers. They warn that use of the new long-range radio frequency identification (RFID) scanners could jeopardize the privacy and security of people who pass through US borders.
"ACTE is concerned that unauthorized individuals could either resort to electronic eavesdropping at the border or use similar devices that could extract data from RFID chips at other locations," the group's executive director said in a statement. She asked for the system to be halted pending a comprehensive security review.
In July, researchers with RSA Laboratories and the University of Washington published a paper exposing several risks posed by RFID system used in US passport cards and drivers licenses issued by several states that emit RFID signals. They found the documents were susceptible to cloning, a vulnerability that could allow attackers to assume the identity (at least partially) of others.
The researchers also said it was possible for unauthorized parties to remotely read the RFID information embedded in the documents. Interestingly, drivers licenses issued by Washington state were vulnerable to remote scanning even when placed in protective sleeves, the report found.
InfoWorld: Is there a hidden cost to data protection?
by Chris Parkerson
Companies today realize the threats and consequences of data loss and by now most have some sort of data protection in place. But, many companies that were rushed into data protection by the fear of losing precious data may have been too quick to throw together a patchwork quilt of security software, which is now proving costly.
In the rush to get data protection in place, many companies frantically stitched together technology from various vendors and overlooked issues such as software integration and policy. The fear of leaving themselves vulnerable to data loss resulted in a lack of planning and processes for technology implementations, and has left them dealing with the consequences.
Now that technologies are in place, companies are faced with ongoing auditing and the need to prove to auditors that 1) they did enough to protect themselves and 2) they chose the right paths of protection. In fact, despite implementing a slew of security solutions, companies are finding that they may have not done much to actually lower their risk because they didn't actually understand what data needed to be protected in the first place. Furthermore, the mishmash of security solutions is impossible to manage and have greatly increased costs.
To make matters worse, those who haven't yet implemented data protection technology are seeing the spike in costs other organizations face from data protection and are beginning to evaluate a dangerous risk equation. They are willing to run the risk of not protecting their data and face the consequences and costs of a potential data breech as opposed to dealing with implementing what they feel are costly and complicated data protection solutions. Once companies decide that data loss is a more desirable option, there is a big problem.
CNet: Intel, Hitachi to develop solid-state drives
by Brooke Crothers
Intel will target solid-state drives for server computers in a tie up with Hitachi that was announced Monday night.
Intel and Hitachi Global Storage Technologies (Hitachi GST) said they will "jointly develop and deliver" Serial Attached SCSI (SAS) and Fibre Channel (FC) solid-state drives (SSDs) for servers, workstations, and storage systems.
While Hitachi is a large supplier of hard disk drives, Intel manufactures and sells consumer and enterprise-class solid-state drives. The enterprise-class X25-E Extreme SSDs that Intel offers now are based on Serial ATA (SATA) technology. As are its consumer-class drives.
Solid-state drives are generally faster than hard-disk drives, particularly at reading data.
"The combination of a leading Enterprise drive supplier with a NAND technology and manufacturing leader will produce world-class solutions in terms of reliability, performance and system compatibility," the companies said in a statement.
The agreement is exclusive to the two companies with the first Serial Attached SCSI and Fibre Channel products expected to be available in early 2010. Both Serial Attached SCSI and Fibre Channel are interfaces typically used in servers.
