Eating our own secure dog food

Media Sourcery CEO Larry Ketchersid writes on Infosec Island how the company uses its own products in working with its partners and customers:

Similar to security assessments, network architecture designs and other projects, a development project, such as this one involves the exchange of confidential data, including in this case, intellectual property designs, requirements documents, test plans, code fragments and roadmaps.
We could have chose to exchange these documents over email, or printed them out and sent them next day parcel post.
Instead, we “ate our own dogfood” and utilized IslandPKI. This gave us and our partners several advantages and efficiencies:

  • the timeliness of email, with notification of new content; (the notifications aided our workflow allowing the requirements, design and development process to proceed apace)
  • encrypted content; (no loss of IP, protected by our built-in PKI system);
  • digital signing; (for non-repudiation);
  • tracking;
  • confirmation of receipt;
  • little to no training for our partners; (so the bringing new members to the team did not impede the process).

Read the entire article here.

Mobile Monday Austin

AUSTIN, TX - December 7, 2009 - Media Sourcery was one of several

Mobile Monday Austin

Mobile Monday Austin

companies invited to demo and present our mobile solution at the Austin Chapter of Mobile Monday. The agenda (which can be found here) reviewed incubators and funding sources, and the turnout was excellent. Thanks to C. Enrique Ortiz for inviting us and putting the event together, and to the Austin Wireless Alliance for sponsoring the event.

HIPAA enforcement strengthened by HHS

Healthcare IT News is reporting that the US Department of Health and Human Services has issued an interim final rule to strengthen enforcement and increase penalties for violations of the Health Insurance Portability and Accountability Act, known as HIPAA.

From the article:

Prior to the HITECH Act, the penalty could be no more than $100 for each violation or $25,000 for all identical violations of the same provision.

A healthcare provider, health plan or clearinghouse could also bar the secretary’s imposition of a civil money penalty by demonstrating that it did not know that it violated the HIPAA rules.

Section 13410(d) of the HITECH Act strengthened the enforcement by establishing tiered ranges of increasing minimum penalty amounts, with a maximum penalty of $1.5 million for all violations of an identical provision. A covered entity can no longer bar the imposition of a civil money penalty for an unknown violation unless it corrects the violation within 30 days of discovery.

Read the entire article here.

WireHead Security, Media Sourcery Partner to Introduce PKI Encryption Service to Infosec IslandPKI Community

New IslandPKITM Premium Web-based Service Offers Easy, Low-Cost Sharing of Encrypted Confidential Records or Documents over the Web.

RALEIGH, NC – September 21, 2009WireHead SecurityTM and Media Sourcery today announced a strategic partnership under which WireHead is delivering a first-of-a-kind security service to its new Infosec IslandTM community for IT and information security professionals. The new service, called IslandPKITM is the first public Web-based service to provide secure, easy-to-use browser-to-browser messaging and file transfer capabilities. IslandPKI is built on proven technology from Media Sourcery, currently in use at major healthcare and other organizations providing secure business-to-business solutions. Using this technology provides the IslandPKI architecture with the highest level of security available for confidential and privileged business or personal communications. Infosec Island is the first secure infosec community featuring not only SSL-based security, but additional options for enhanced security for its members, such as IslandPKI.

As the first premium service available on Infosec Island, IslandPKI takes the complexity out of using public key infrastructure (PKI) encryption technology, providing an easy-to-use solution for encrypting sensitive employee, health or financial records and documents to share them safely via the Web.

IslandPKI is available on the Infosec Island site starting today to anyone who registers for a free membership. There is a 60-day free trial available to all Island members, after which members may subscribe for a low, flat fee of $25 per month/per user for this unique service. Site licensing options will be available to any organization with 100 or more registered members of Infosec Island.

IslandPKI was developed for Infosec Island by WireHead Security and Media Sourcery, makers of the AppMobilizer and PortalMobilizer security solutions. The underlying PKI technology is based on the PortalMobilizer solution from Austin, TX-based Media Sourcery, and is licensed by WireHead Security and adapted for Infosec Island.

For small- to medium-sized businesses, healthcare providers and facilities and other organizations that routinely handle confidential records and data, IslandPKI transforms PKI-level security into a practical option for the first time. IslandPKI makes it easy, quick and simple for IT/security pros to help non-technical users within their organizations to safely and securely share these records and documents. It is highly suitable for any industry that deal with regulatory compliance, such as healthcare, law, law enforcement, banking, government, insurance and financial services.

“We have been providing solutions for organizations in the healthcare field, as our technologies are designed from the ground up with HIPAA compliance in mind, plus simplicity,” noted Larry Ketchersid, chairman and CEO of Media Sourcery. “IslandPKI is an ideal way to utilize our proven solutions to give the Infosec Island community an easy way to securely share any type of document or file containing confidential personal data or privileged business communications. We’re very pleased to partner with WireHead and Infosec Island on this innovative Web-based service. The IslandPKI approach is simply not available on any other infosec portal or online community.”

“IslandPKI brings Infosec Island members a number of unique benefits that enhance their organization’s security,” said Michael Menefee, president of Infosec Island publisher WireHead Security. “It can protect any document containing an individual’s Social Security Number or other sensitive data, the loss of which could result in identity theft or fraud. It’s so easy to use that any employee can use the service—not just technical experts highly-trained in PKI. That’s the genius behind Media Sourcery’s technology, and that’s why we’re so pleased to partner with them to deliver IslandPKI to our members.”

IslandPKI offers the following functionality to Infosec Island members:

  • Lightweight, secure, browser-based communications via public key infrastructure;
  • Enables direct, highly-secure member-to-member communications including messaging within the Infosec Island site as well as file transfers;
    • PKI, session encryption, encrypted local keystore, secure handshake, private key challenge/response, unique digital signature, and parcel payload verification; and,
    • Planned enhancements for early 2010 include support for secure messaging and file transfer with a number of popular mobile devices plus a first-time authentication process for communicating with non-members of the Island.

About Infosec Island

Infosec Island is a new type of online community designed specifically for IT professionals who manage security, risk and compliance. Unlike other infosec portals, it combines the benefits of IT security portals and social networking into a single, vendor-neutral community. Infosec Island members improve their organization’s security, save time and reduce their costs by taking advantage of a unique set of benefits, including infosec news and information, built-in social networking capabilities, relevant content based on personalized organizational views, free security tools and premium Web-based security services. Infosec Island is the first secure infosec community featuring not only SSL-based security, but additional options for higher security levels. Membership is free.

Developed by professional services firm WireHead Security (www.wireheadsecurity.com), Infosec Island focuses on several industry sectors, including higher education, K-12, government, banking and insurance, healthcare, manufacturing, scientific research and other SMB enterprises. Based in Raleigh, NC, WireHead Security enables its clients to reduce their business risks by remediating dangerous and costly information security weaknesses. The company delivers high-quality security solutions and consulting services that help organizations combat threats and institute policies and procedures to safeguard their security. WireHead Security LLC is privately held and was founded in January 2009. More information can be found on the Web at http://www.infosecisland.com. You can follow Infosec Island on Twitter at http://twitter.com/InfosecIsland, or follow Mike Menefee’s blog at http://www.hackyourself.net.

Download the PDF of this release Here.

AT&T Certifed Solution

(August 27, 2009) - Media Sourcery’s AppMobilizer solution is now an AT&T Certified Solution for RIM Blackberry’s and Nokia’s E71x.

You can find AppMobilizer here in the AT&T Certified Solutions catalog.

Read more about AppMobilizer here.

Snooping through power lines

Interesting technique described for detecting power fluctuations made by key presses on keyboards linked via PS2 cables to PCs.

Read the full article here.

Schneier: New Attack on AES

Bruce Schneier notes on his blog a new cryptanalytic attack on AES that is better than brute force.

He also notes:

While this attack is better than brute force — and some cryptographers will describe the algorithm as “broken” because of it — it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there’s no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.

Read the entire post here.

Article - Study ranks RIM, WinMo and iPhone on Security

(June 1, 2009) - From an article at Daily Tech:

A new study by Lopez Research, founded by President Maribel Lopez, a former Forrester Research analyst tackles this question, looking at these three top competitors in the smart phone arena.  The study was broken down into three categories — device, network, and transmission.  It gives a score of 0 to 4 (highest) to each competitor for each category.

Click here for the full article and rankings.


Article - Spam accounted for 90 percent of all email traffic

(May 29, 2009) - According to a report released by Symantec Message Labs, junk mail accounted for 90.4% of all email in May.

An article from SC Magazine discussing the report is here.

The Symantec report in PDF format is here.

Article on iPhone application security in Network World

In the second in a series on iPhone security, Professor Richard Steinberger from the MSIA Program at Norwich University provides a very high level analysis of the security environment for iPhone applications.

Read the article here.

  • Media Sourcery, Inc.
  • Media Sourcery, Inc.
  • Media Sourcery, Inc.
  • Media Sourcery, Inc.

© 2010 Media Sourcery, Inc. All rights reserved. Powered by Wordpress. Designed by Woo Themes