WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Interactive Advertising Bureau Weighs In On Obama Proposals

    During Tuesday’s State of the Union Address, President Obama briefly touched on some proposals that may have an impact on the digital advertising industry. These include laws to combat cyber attacks and to protect the data of minors.

    Here’s the full speech in case you didn’t watch it:

    From the prepared remarks:

    We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.

    The follows Obama’s proposal last week to require companies to notify customers of breaches within 30 days as a “single, strong national standard”. This is part of what’s known as the Personal Data Notification and Protection Act. The President says this will not only let consumers know when their info is stolen, but also make it easier for companies to deal with hacks.

    The Interactive Advertising Bureau has some thoughts about the President’s proposals, and sent us a statement from Mike Zaneis, EVP, Public Policy & General Counsel.

    “Among these ideas, were some extremely positive legislative vehicles that IAB wholeheartedly endorses,” he said. “The mission of securing the internet through stronger cybersecurity laws is vitally important. This is why the IAB created an Anti-Malware Working Group and formed an information partnership with the FBI in September of 2014. We also laud the President’s call for a single, national data breach notification standard. Having a patchwork of 46 disparate state laws does not adequately protect consumers’ identities. The President rightly called for new free trade agreements that would allow the internet to flourish. We also applaud the President in his effort to craft a new Federal law to secure students’ data when they are using innovative digital tools.”

    “The President laid out many areas where there can be bipartisan cooperation to enact new consumer protections that also allow industry to continue to innovate and create new jobs. These are ideals shared by the IAB, so much so that the digital marketing industry has taken a lead role in ensuring that consumers have the ability to control their privacy online, creating the first ever comprehensive digital self regulatory program called the Digital Advertising Alliance (DAA). The DAA was developed in coordination with the FTC and endorsed by this Administration in 2012.”

    “We want to build upon these successes, but some of the President’s proposals could derail our collective efforts,” he added. “A push for controversial, European-style privacy restrictions, such as enactment of a ‘Consumer Privacy Bill of Rights,’ would make the U.S. less competitive in the global economy. This nebulous concept is ill-advised and could undermine the opportunities to deliver real results to the American public. ”

    “We look forward to working with the Administration and the 114th Congress on their pro-growth agenda and to having the $50 billion U.S. digital advertising industry continue to lead our economy in the right direction.”

    Not all of this was explicitly discussed in the State of the Union Address, but here’s the President’s speech about protecting consumers and families in the digital age from January 12:

    And his speech on Cybersecurity the following day:

    The White House Blog runs down the key takeaways from the privacy speech here.

    Images via YouTube, IAB

  • ‘The Interview’: NYC Comedians Plan a Live Read ‘in the Name of Free Speech’

    Who knows when you’ll get to see The Interview?

    Last week Sony execs decided to cave to vague, terroristic threats and postpone the release of the Seth Rogen/James Franco comedy indefinitely. According to reports, Sony was not alone in its cowardice. At this point nobody knows when the film, which was originally scheduled for a Christmas Day release, will see the light of day. Sony has no immediate plans for DVD or VOD release. The internet is calling for someone like Netflix to buy the rights, but that seems unlikely.

    It’ll probably work its way online at some point. Some recent rumors pointed to Sony releasing the film, for free, on Crackle – but those were shot down. Sony has said that it’s considering releasing the film, but there’s definitely no timeframe. Whatever happens, this is a big loss for Sony and for some, an even bigger loss for the idea that we, as a people, won’t be threatened out of our freedom of expression.

    Sure, it’s just a movie (of questionable quality at that) – but this is not a good precedent to set, right?

    What do you think about the decision to pull The Interview? Let us know in the comments.

    Sony has made its decision. Before that, a handful of major theater groups made theirs. The film is simply too toxic to distribute right now. At this point, theaters and Sony are engaging in a bit of a back-and-forth over who is truly to blame for the film’s indefinite postponement. Some lawmakers are calling for its release. The President has input his two cents. The situation’s a mess – but it’s a fluid mess. The movie could find its way to the big screen – or at least your small screen – at some point.

    But you might not get to see The Interview anytime soon. However, if you’re in New York City next weekend, you can watch the next best thing.

    No, not Team America: World Police. Everyone’s too scared to show that either. What you can watch is a group of actors, who “feel very strongly about bringing this film to you by whatever means necessary”, perform a live read-through of the script.

    The Treehouse Theater in NYC will host A Live Read of The Interview on Saturday, Dec 27. It’s free and open to the public. I recently got the opportunity to talk to the show’s producers – Dave Hensely, Benny Scheckner, and Sean Perrotta – three friends and improv actors who just so happened to get hold of an earlier copy of the script.

    “There are three of us that are planning this show,” said Hensley, Scheckner, and Perrotta. “We’re all friends who take classes at a well-known improv school in New York [the Upright Citizens Brigade Theatre]. The Treehouse Theater opened just recently. We asked and they said yes. The people there have been extremely supportive — they love that we’re doing this, and we can’t thank them enough for allowing us to use their space.”

    WPN: I know you probably can’t say too much about how you got hold of the script, but are you pretty sure it’s a final copy? Is what you have what’s on the screen?

    HSP: The script is not the final draft, but it very closely agrees with what we know about the movie (from the trailer, press coverage, etc.).

    WPN: What are your thoughts on Sony’s decision to yank the film?

    HSP: We’re huge fans of the filmmakers, and we understand that Sony was in a difficult position, and that they have been strong armed by theater chains. But ultimately, we can’t let threats of terrorism from a foreign nation inhibit free speech here in America. That’s the most important thing.

    WPN: So, have you read through the script yet? Thoughts?

    HSP: Yeah, it’s great. We think the movie is extremely positive for the people of North Korea (if not their leader).

    WPN: What do you hope to accomplish with the read-through?

    HSP: We hope the read makes people feel empowered, as well as entertained. And we hope to remind them that, as we found out a few days ago, free speech isn’t a given — it’s something we need to fight for.

    The live read has been cast, and will kick off at 7pm. It will be immediately followed by Fuck You Kim Jong Un! A Comedy Show to Benefit the People of North Koreaan improv show “based on awful North Korean propaganda films”. Admission to that is $5, all of which will go to Human Rights Watch.

    “Our feelings are that Kim Jong-un already does enough censorship in his own country, and we don’t need him deciding what movies we can and can’t watch here in the US,” said Hensley, Scheckner, and Perrotta. “Americans understand the importance of free speech. But again — and this is really the heart of the issue — we can’t have free speech if we let fear inhibit it and dictate our decisions.”

    In late November, Sony Pictures fell victim to a massive hack – one which exposed private information, including some pretty embarrassing emails from studio execs. A group that called themselves ‘Guardians of Peace” took credit for the hack. As the group dumped more and more data from the hack, it began to threaten any and all theaters who dared show The Interview.

    “The world will be full of fear,” the message read. “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.)”

    The hacker group is reportedly incensed over the content of the movie, which depicts the assassination of North Korean dictator Kim Jong-un.

    Soon after, a handful of high-profile theaters announced cancellations of The Interview showings. And that led to a blanket decision from Sony to yank the film entirely.

    “We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public,” Sony said in a strangely contradictory statement. “We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.

    “We respect and understand our partners’ decision and, of course, completely share their paramount interest in the safety of employees and theatergoers.”

    It’s still unknown what role, if any, North Korea had in the Sony cyberattacks. The FBI is saying there’s enough evidence to conclude that North Korea was behind it.

    What should Sony do? What should individual theaters do? Let us know in the comments.

    Image via The Interview, Facebook

  • Over 1 Billion Online Usernames, Passwords Reportedly Stolen

    Wow, this is a big one.

    A first reported by The New York Times, Hold Security discovered that a Russian crime ring has stolen 1.2 billion user name and passwords combinations and over 500 million email addresses from 420,000 websites “including household names and small Internet sites”. The Times reports:

    Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

    Compromised sites include some here in the U.S. as well as some based in Russia itself. According to Hold Security, most of the sites involved are still vulnerable.

    A message on Hold Security’s site says:

    You have been hacked! Over the past 18 months, this was our conversation starter with many companies and individuals. Helping our clients prevent breaches or find their stolen data is our business. If you have been following information security, or even if you haven’t, you have probably heard of Hold Security and our work. In October 2013, we identified a data breach with Adobe Systems. Later in December that year, we independently identified and tracked the Target breach and in February 2014 we identified over 360 million stolen credentials trafficked on the black market. Overall, Hold Security played a role in identifying and helping victims with most of the largest breaches.

    In the latest development, Hold Security’s Deep Web Monitoring practice in conjunction with our Credential Integrity Services discovered what could be arguably the largest data breach known to date.

    Whether you are a computer expert or a technophobe, as long as your data is somewhere on the World Wide Web, you may be affected by this breach. Your data has not necessarily been stolen from you directly. It could have been stolen from the service or goods providers to whom you entrust your personal information, from your employers, even from your friends and family.

    They’re calling the Russian gang, which they say still has possession of the stolen data, “CyberVor”. The 1.2 billion credentials are just the unique ones taken from a whopping 4.5 billion records altogether. The 420,000 compromised sites includes FTP sites.

    According to Hold Security, the gang acquired databases of stolen credentials from other hackers on the black market. These, it says, were used to attack email providers, social media, and other sites to distribute spam to victims and install malicious redirections on legitimate systems. Later, they got access to data from botnet networks and SQL injection.

    “The CyberVors did not differentiate between small or large sites,” the firm says. “They didn’t just target large companies; instead, they targeted every site that their victims visited. With hundreds of thousands sites affected, the list includes many leaders in virtually all industries across the world, as well as a multitude of small or even personal websites.”

    They encourage companies to check if their sites (including auxiliary sites) are susceptible to SQL injection. They then use the opportunity to plug their new “Breach Notification Service,” which charges you $10 a month or $20 a year to monitor your site for vulnerability.

    In fact, some see this as a bit shady.

    Kashmir Hill at Forbes writes, “It’s certainly in the interest of any security firm to portray the state of cybersecurity as dire to make their wares more appealing, and that’s something any reader should keep in mind when reading quotes from a security professional. But this is a pretty direct link between a panic and a pay-out for a security firm. Yes, I expect security firms to make money for making the Internet more secure, but I am skeptical of a firm with a financial incentive in creating a panic to be the main source for a story that causes a panic. If nothing else, it should be disclosed in the New York Times story that the firm that reported a major breach hoped to directly profit from it. We don’t just need hashed passwords salted, we need grains of salt in our reporting around security.”

    Those who watched the recent John Oliver bit on native advertising (which specifically talks about The New York Times) might be going back to look at the NYT piece for indication of a sponsored post. There doesn’t appear to be one.

    Meanwhile, Hold Security is also offering a service to individuals.

    Image via Facebook

  • Google Penalty Costs eBay Big Time

    Google Penalty Costs eBay Big Time

    Back in May, when Google launched a new version of the Panda update, some quickly noticed that eBay seemed to be taking a hit in the rankings. It turned out that it was apparently at the hands of a manual penalty rather than Panda.

    The penalty was related to weird category pages that eBay users were unlikely to actually land upon navigating the site, making one (Google alike) wonder why they even existed.

    This week, eBay reported its quarterly earnings with a 13% increase in revenue. That could have been higher if it wasn’t for the Google penalty. Danny Sullivan at Search Engine Land points to some comments made by eBay CFO Bob Swan during the company’s earnings call:

    Marketplaces delivered $2.2 billion in revenue, which grew 6%, GMV grew 8%, and operating margin declined 340 basis points. It was a challenging quarter. As John indicated, we got off to a good start, but we had significant obstacles late May.

    The combination of the cyberattack and the Google SEO had an immediate and dramatic impact on GMV growth. June GMV growth was 7% driven by slower active buyer growth and lower conversion. In light of these events, we have made significant investments to get eBay users reengaged, including couponing, seller incentives and increased marketing spend . . .

    He later indicated the “SEO changes” could take a while and “cost more” to recover from. The company reduced its full year revenue guidance by $200 million. Swan also blamed the cybersecurity/password reset debacle for some of the trouble, but clearly the SEO issues are the biggest problem for the company currently.

    You can find the transcript of the call at Seeking Alpha.

    It goes to show that not even the big boys are immune to the wrath of Google.

    Image via eBay

  • Internet Explorer Security Flaw Puts Users at Risk, Feds Say Switch Browsers

    If, for some reason, you still use Internet Explorer to browse the web, the U.S. Department of Homeland Security advises that you switch to a different browser for the time being. A major security flaw was exposed in Microsoft Internet Explorer versions 6 through 11 that could allow hackers to take over your computer.

    The security flaw was discovered over the weekend and reportedly “has the potential to give hackers the same user rights as the current user.” According to Microsoft, “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

    Not only does the bug potentially allow users to control your computer, it could also give them access to your financial information. “They could start to maybe drop a keylogger on your system and watch when you go to do online banking, get access to your bank accounts, credit card info; that’s generally what these folks are looking for,” said Michael Gregg, COO of Superior Solutions, a Houston cybersecurity firm.

    What Can You Do?

    The United States Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, released a statement today advising Internet Explorer users to switch to a different browser. “US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available,” the statement reads.

    If you’ve never used another browser, the two most popular Internet browsers are Google Chrome and Mozilla Firefox. If you’re hesitant about installing a new browser, PC World suggests using Internet Explorer in a more secure mode by adjusting your security settings under Internet options.

    A Fix is Coming, But Windows XP Users Are Screwed

    Microsoft is working to issue a fix, unless you own a Windows XP–in which case, you’re out of luck. According to Forbes, approximately 25 percent of people still use Windows XP, and Microsoft ended tech support for XP earlier this month.

    Microsoft issued the following warning to XP users less than three weeks ago: “If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses.” No surprise there, but the timing of this bug has some people wondering whether Microsoft ignored the problem to force people into upgrading from XP.

    Huge security threat aside, the people who haven’t used Internet Explorer as their main browser since the early part of the millennium aren’t hesitating to pile on:

    Image via Facebook

  • Antivirus Software: No Match For Potential Cybercrime

    Antivirus Software: No Match For Potential Cybercrime

    “There are only two kinds of companies: those who have been breached and those who will be breached.”

    Such is the claim of Cynthia James, director of business development for Kaspersky Lab, a leading antivirus and Internet security firm. Her assessment may not be far off, either. Identity theft against Target and Neiman Marcus during the holidays last year ended with millions of debit and credit card numbers stolen. It was deemed even worse than the breach of data on T.J. Maxx and Marshalls about ten years ago. Some experts believe it may continue to get worse, too.

    Why?

    Well, in Target’s case, it was somewhat opportunistic. Hackers scored a holiday treat after an AC company employee with access to Target’s network clicked on a malicious email. From there, the thieves had free reign of the company’s system to steal the retailer’s payment card information. For the most part, though, criminal technology is evolving while the technology that stops them is pretty archaic.

    “The unfortunate reality is that we suffered a breach,” John J. Mulligan, Target’s Chief Financial Officer stated during recent legal meetings.

    He added, “And all businesses and their customers are facing increasingly sophisticated threats from cybercriminals.”

    Consider, for example, Aleksandr Andreevich Panin. The Russian national was recently convicted in federal court after constructing a malware virus called SpyEye. According to prosecutors, he sold it for just $1,000 online. Between 2009 and 2011, a minimum of 150 hackers used Panin’s program to set up servers that would let them to drain strangers’ bank accounts from afar. In fact, one criminal customer managed to rake in $3.2 million in half a year via the virus.

    Codes like Panin’s make theft automatic. SpyEye infected over 1.4 million computers across the world and when computers were overtaken, information was immediately compromised.

    “Our decades-old payment system was not designed with cybersecurity in mind,” said Christopher Soghoian, principal technologist at the American Civil Liberties Union.

    Some surmise promising prospective changes include: acquiring end-to-end encryption, walling-off sensitive information off on separate networks, and utilizing new technology that secures the credit card customer’s information on an embedded chip (rather than the black magnetic tape most have in America).

    Where the magnetic strip we swipe at retail counters harbors security flaws, the embedded “chip and pin” technology could potentially put an end to all of that.

    Dan Kaminsky, the founder of White Ops (a company that uses hacking to stop fraud online), explains, “It’s like having a small computer on a credit card. The computer negotiates with retailers and has a unique number for every transaction, rather than one number that is repeated over and over.” However, the long-term outlook on identity theft is a matter of debate.

    “Companies may succeed in strengthening their defenses…deterring hackers,” Security researcher Nicolas Christin said. He went on to add, “Or the surge of stolen credit card information on the market may cause a glut and drop prices to the point at which incentives for new attacks shrink.”

    Implanted security chip cards might thus just be the answer.

    They could even replace our existing ones in the next few years. In fact, an industry group including big credit card issuers wants assimilation of chip card use by October 2015. However, there’s been reluctance by federal regulators to invest if there’s a possibility that it won’t prevent future attacks.

    Before the thought of a multi-million dollar criminal income starts seducing some of you into scouring the undernet, consider first what befell the nefarious Russian responsible for multitudinous Trojan attacks. Mr. Panin demonstrated the inverse relationship his computer and street savvy have during a holiday last year when the FBI nailed him on a sting operation. He now is facing 30 years in prison after trying to sell his inimical invention to an undercover agent.

    SpyEye for a SpyEye, justice is served.

    Image via Youtube

  • Software Security Coming Soon to Vehicles

    Software Security Coming Soon to Vehicles

    The future looks fantastic for drivers. Electric cars are set to begin reducing driving costs and helping manufacturers meet emissions requirements within the next two decades. At the same time, driverless car technology will be slowly making its way into general use, allowing drivers passengers to use their daily commutes more productively, engaging in activities such as watching streaming video though those new 4G connections announced at this year’s Consumer Electronics Show (CES).

    As all of these new technologies enter the car, however, cars will begin to rely more and more on software. With software comes the possibility of entire vehicles being compromised.

    Market Research firm ABI Research today released a new cybersecurity report focused on automobiles. The firm predicts that software security for vehicles will quickly become a huge industry as connected cars become the norm.

    ABI forecasts that more than 20 million cars will ship with software security built-in by the year 2020. The firm believes such software will be needed prevent autonomous and communications systems from cyber-attacks. It is predicted that current enterprise security firms will license out technology to car companies woefully lacing in cybersecurity knowledge or infrastructure.

    “So far connected car security has been mainly based on hardware protection and separation with infotainment and vehicle-centric safety systems shielded from each other. However, the shift towards cost-effective software-based security based on virtualization, containerization and sandboxing is well under way with Harman and Mentor Graphics as some of the leading vendors,” said Dominique Bonte, practice director at ABI.

    Image via Tesla

  • Mobile Hardware Security to Take in $1 Billion This Year

    As the world becomes more connected, the inherent security flaws in our global network have been highlighted by security professionals, criminals, and national governments alike. With software security still struggling to stay ahead of hackers and government mandates, more and more businesses are turning to hardware-level security.

    Market research firm ABI Research today released a new cybersecurity report predicting that the mobile hardware security market is set to take off in the coming years. The firm estimates that the total mobile hardware security market will take in $1 billion in revenue during 2014.

    The market for hardware-level security will likely be propelled along with the rise in use of mobile devices for financial institutions and government applications. However, ABI also warns that the market may be held back by a lack of standards stemming from the wide variety of mobile devices and manufacturers currently on the market. With bring-your-own device programs now complicating both hardware and software matters for businesses, it may be quite a while before a consensus on mobile hardware security is reached.

    “Interesting partnerships are being formed in the market, with players still unsure which technology will ultimately prevail,” said Michela Menting, senior cybersecurity analyst at ABI. “Yet all are aware of the pressing demand for security and that they will need to dive into the turbulent waters soon if they want to stay ahead of the game.”

    Image via Samsung

  • Will Lawmakers Use The Target Hack To Give The FTC More Power?

    Will Lawmakers Use The Target Hack To Give The FTC More Power?

    Target, one of the nation’s largest retailers, suffered a major security breach over the holiday shopping season that affected millions of its in-store customers. In fact, it’s estimated that 40 million dedit and card card accounts were stolen. It’s already a given that Target will be paying for this breach of trust for years to come, but will it lead to even stricter scrutiny and government regulation?

    Well, it certainly seems that way if some members of Congress are to be believed. In the week since it was revealed that Target was hacked, lawmakers have been calling for action. For some, that action will simply be an investigation into the hack itself. For others, they’re playing around with the idea of giving the FTC additional powers to punish companies.

    Do you think the FTC needs more power? Does the Target hack make new powers necessary? Let us know in the comments.

    One senator in particular – Sen. Richard Blumenthal – has called upon the FTC to act in a recent open letter sent to FTC Chairwoman Edith Ramirez:

    I write to urge you to immediately open an investigation into Target Corporation’s recent reported data security breach, which may have exposed the credit and debit card information of 40 million Target customers this holiday season. If Target failed to adequately and appropriately protect its customers’ data, then the breach we saw this week was not just a breach of security; it was a breach of trust. The Federal Trade Commission (the FTC or the Commission) has the authority and the responsibility to investigate and address this kind of event, and I urge you to look into this case immediately.

    Next, Blumenthal says that the FTC Act gives the agency the authority to investigate Target’s security policies. He encourages the agency to use this power to immediately look into how Target secured its data and if the retailer could have done more to secure its customers’ data:

    As you know, section 5 of the Federal Trade Commission Act (15 U.S.C. § 45) gives the FTC jurisdiction to investigate companies’ privacy and information security policies, procedures, and practices. Given the scope and duration of Target’s recent data breach, it appears that Target may have failed to employ reasonable and appropriate security measures to protect personal information. A breach of this size indicates that somebody gained extensive and unfettered access to customer information held by Target. The fact that the intrusion lasted for more than two weeks indicates that Target’s procedures for detecting and shutting down an effort to steal customer data does not live up to a reasonable standard. If Target failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects their personal information. Its conduct would be unfair and deceptive, and it would clearly violate the FTC Act.

    Now, here is where things get interesting. Later in the letter, Blumenthal says the FTC needs more power to prevent something like this from happening again. How? He suggests that the agency be given the power to impose sanctions on Target and other retailers that don’t do enough to protect their data.

    While it is clear that the FTC has the authority to investigate breaches like the one that occurred at Target stores, it is equally clear that the Commission needs additional authority to impose sanctions sufficient to fully punish and deter the conduct that leads to such breaches. The breach at Target highlights how vast and damaging data breaches can be. The FTC should be able to respond to breaches like this with penalties commensurate to the potential harm. I look forward to working with my colleagues in the Congress and with the Commission to ensure that the Commission has all the sanction authority it needs to carry out its mission effectively.

    At this point, lawmakers are on the warpath. It’s pretty obvious that Blumenthal wants to make an example out of Target and the retailer should be held responsible for what happened. What needs to be considered, however, is the idea that Target may not have been fully prepared for whatever techniques and tools the hackers used to obtain the the credit and debit card data of 40 million Americans.

    Should Target have been prepared for every possible privacy breach and attack? In a perfect world, yes. Unfortunately, we live in a world where the tools used by hackers and data thieves are often outpacing the advances in security. It doesn’t help that our government only imposes optional security guidelines for companies to follow and some may not follow all the guidelines in order to save a few bucks.

    What we’re looking at here then is a government that’s trying to fix a problem that has two solutions. One is the solution given to us by Sen. Blumenthal in which he calls for the FTC to be given more power to prosecute those who don’t adequately protect consumer information. The second solution would be to improve our cybersecurity standards and force companies to adopt the strictest measures to protect consumer data. Unfortunately, the only bill that would do that is the ill-fated CISPA and it contains too many privacy problems of its own to make it a worthy candidate.

    Consumer privacy is becoming all too important in today’s world of electronic transactions. While Target may not have been the first company to be hit by hackers, it’s one of the largest thefts of consumer data to ever occur. Over the next few months, the retailer will have a lot of explaining to do. The government will be overseeing that explanation and will dole out what it feels is a proper punishment. We can only hope the punishment doesn’t get in the way of real cybersecurity reform that would prevent an attack of this scale from ever happening again.

    Should the FTC be given more power to punish privacy breaches? Or should lawmakers focus on updating our cybersecurity standards? Let us know in the comments.

    Image via Wikimedia Commons

  • Default Porn-Blocking Is Your Hilarious White House Petition of the Day

    It’s been a while since I’ve looked at We The People, the U.S. Government’s online petition site that’s, well, whatever is worse than an exercise in futility. Think of something that could be described as that, and then think of something worse. Then add a shiny layer of platitudes. Ok, now you’re close. The site wasn’t up during the government shutdown, so I kind of forgot it existed.

    But I kid the White House, with love. There have been a couple of moments in the past where the White House has made an important response to a popular petition. Those moments are here and here. That’s it. If you want to take a look at all of the petitions that The White House are ignoring – someone made a whole site devoted to it. There are currently 25 unanswered petitions that have successfully hit the signature requirements, and the average waiting time on those responses is 308 days.

    Because of this, the We the People site is generally used by me (and many others) as a place to find humor. You know, what kind of wacky stuff are people demanding now? Over the past year or so, we’ve seen people ask Obama to recreate a Frozone scene from the Incredibles, make Google keep Google Reader alive, make R. Kelly’s Ignition (Remix) the national anthem, and various Star Warsrelated demands. Oh, and some people wanted to secede. That was fun.

    Ok, so now someone has petitioned the White House to block all of our porn by default. You’ve gone too far, M.G. of Greenbrae, California.

    “Require Porn to be an “Opt In” feature with Internet Service Providers rather than a standard feature,” they say.

    In its current state, Internet porn seeks out users by email solicitations and massive amounts of free content throughout Internet browser searches. The average person, even children, can type in the word “cat” or “home” or “soup” and instantly be inundated with offensive and disturbing pornographic images. Parents and individuals have to go to great lengths to install Internet filters that often don’t weed out all porn. We are asking for greater protection and responsibility from Internet Service providers and our country. We are asking that people who are interested in porn should have to seek it and choose it. They should have to “Opt In” for it by making arrangements to receive it with their Internet Service Provider. Everyone else should be free from it and assumed “Opt Out”.

    Meanwhile, this petition concerning NSA leaker Edward Snowden has been sitting well across the threshold barrier, totally ignored, since the summer. Good thing we finally have an official response on what it means to be truly gluten-free…on a petition that never actually crossed the signature threshold.

    It’s clear that the UK-inspired opt-in porn system is doomed to fail. For one, it’s on the We the People site – so that’s reason enough. Also, it’s only on pace to get about 15,000 signatures or so – maybe. That’s not going to cut it, anti-porn crusaders.

    Still, part of me hopes it hits the 100,000 signature threshold. I’d love to see a response, and the day-after headlines. “Obama wants your kids to have easy access to gay porn.” Thank you, We the People, for continuing to amuse me at every turn.

    Image via WhiteHouse.gov

  • Rep. Mike Rogers Is Not Giving Up On CISPA

    Rep. Mike Rogers Is Not Giving Up On CISPA

    Back in April, the House once again passed CISPA – a controversial cybersecurity bill that would allow the government to share information with private companies and vice versa. At the time, opponents said it didn’t have enough privacy safeguards to prevent the NSA from nabbing subscriber data, but recent revelations regarding the agency have already shown such actions to be taking place. Since then, CISPA has been all but forgotten, but one of its biggest proponents isn’t going to let it die.

    House Intelligence Chairman and NSA defender Mike Rogers recently spoke at a panel discussion hosted by the Center for Strategic and International Studies. The topic of CISPA and how it’s fairing in light of the recent NSA leaks obviously came up. Instead of painting a picture of doom and gloom for his legislation, Rogers simply said that CISPA is “a little ill.” He’s confident, however, that the bill is “not dead yet.”

    That’s certainly one way to put it, but CISPA is pretty much dead. The Senate, despite Senate Intelligence Chairwoman Dianne Feinstein’s best efforts, has pretty much dropped the legislation, and is instead working on its own cybersecurity legislation. The new bill, being drafted by Senate Commerce, Science and Transportation Committee Chairman Jay Rockefeller, wouldn’t allow the government and companies to share data. Instead, it would set up voluntary standards and best practices that power plants and other critical infrastructure would be encouraged to follow.

    Despite this, Rogers is still confident that Feinstein, his counterpart in the Senate, will succeed in crafting a Senate version of CISPA. He’s also working to rewrite some parts of his own bill to address some of the concerns that privacy proponents have brought forward in light of the NSA leaks.

    Of course, any improvements from Rogers or Feinstein should be taken with a grain of salt as both are staunch defenders of the NSA. Feinstein, in particular, has said she would introduce legislation that would make the NSA more transparent, but would otherwise leave the agency’s many controversial surveillance programs, including its bulk collection of Americans’ cellphone metadata, fully intact.

    In short, the same people who say the NSA has done nothing wrong are moving ahead with legislation that would fully legalize the act of private companies handing over your data to the NSA all in the name of cybersecurity. After all, hackers and terrorists are apparently the most dangerous threat facing this country – not an incompetent Congress.

    [Image: Mike Rogers/Facebook]
    [h/t: The Hill]

  • Cybersecurity Legislation Asked for by NSA Director

    On Wednesday, top cybersecurity officials and government leaders met at the Billington Cybersecurity Summit in Washington, D.C. The purpose of the summit was to discuss how the federal government can partner with contracting companies in order to best protest the nation against cyber attacks.

    The keynote speaker at the event was Keith Alexander, Director of the National Security Agency (NSA). Alexander’s main push was to call upon private companies to work with the federal government to help pass legislation that would urge critical infrastructure components to provide information to the federal government when they are hacked: “What we can tell you is how they went down and how bad they were, but if we can’t work with industry, if we can’t share information with them, we can’t stop it,” stated Alexander.

    Alexander emphasized the fact that he believes the NSA and federal government need “shared situational awareness” in order to be effective in providing cyber security and preventing cyber attacks:

    “The answer is that nobody sees it today. We don’t have that shared situational awareness we need. So we’re developing a common operational picture. If we can’t see it, we can’t respond to it. We have to do that at network speed. We have to share what we know about those threats and they have to tell us what they see. This is where Internet service providers are critical, not just here but with our allies… We have to work with industry, because we can’t see it. Right now what happens is the attack goes on and we’re brought in after the fact. And I can guarantee you 100 percent of the time we cannot stop an attack after the fact. That legislation that we’re pushing for is absolutely important for our country.”

    Besides simply asking for further cooperation between private companies and the federal government in terms of information gathering, Alexander also spent much time at the conference attempting to defend the role and actions of the NSA. Alexander stated that the ethos of the program stems from the results it has had in terms of deterring domestic terrorist attacks: “It provides us the speed and agility in crises, like the Boston Marathon tragedy in April and the threats this summer.” While Alexander went on to admit that information collected by the NSA did not help identify who was behind the attacks at the Boston Marathon, he did say that it helped ensure those in New York that the attackers were not going to strike there next.

    Alexander had one more interesting statement about the effectiveness of the NSA information-gathering program: “Over 950 people were killed in Kenya, Syria, Iraq, Yemen and Afghanistan, and we’re discussing more esoteric things here. Why? Because we’ve stopped the terrorist attacks here.”

    First, his numbers seem to be a little off. Only 950 people have been killed in the regional violence in those 5 combined countries? 950 in what types of attacks? Secondly, what makes Alexander believe that we have stopped the terrorists here? He openly admitted that NSA surveillance did not help capture the Boston Marathon bombers. It also apparently did not help stop the Navy Yard shooting, nor did it seemingly help to warn the Kenyans that American-based al-Shabaab terrorists were going to attack their mall.

    If Alexander is going to use the premise that the NSA spying program helps deter domestic and international terrorism, perhaps he should have some concrete evidence to support his claim? Just a suggestion.

    Regardless of whether or not Alexander has proper evidence, all signs point to the fact that no cyber legislation is going to pass soon. Not only is the docket in D.C. full of more pressing issues (such as the looming shutdown), there has been too much negative publicity toward the NSA due to the Edward Snowden scandal. The American people do not trust the NSA to properly gather appropriate information (and they have reason not to), and Congress is not willing to create even more negative publicity for themselves by pushing for more cybersecurity legislation: “In recent months, a perfect storm — from the Snowden leaks to subsequent domestic and international crises — enveloped comprehensive cybersecurity legislation, significantly curtailing its prospects of passage in the near future,” stated Democratic Representative Gerry Connolly.

    Image via Wikimedia Commons

  • NIST Says It Never Worked With The NSA To Weaken Encryption Standards

    NIST Says It Never Worked With The NSA To Weaken Encryption Standards

    Last week, it was revealed that the NSA works tirelessly to break through all forms of encryption. One of the more worrisome revelations from the leak was that the agency worked with the National Institute of Standards and Technology to introduce intentionally weak encryption standards. Now NIST is saying that never happened.

    In a statement today, NIST denies ever helping the NSA to weaken encryption standards. The organization adds that it would never “deliberately weaken a cryptographic standard.” Here’s the relevant part of the statement:

    NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large.

    There has been some confusion about the standards development process and the role of different organizations in it. NIST’s mandate is to develop standards and guidelines to protect federal information and information systems. Because of the high degree of confidence in NIST standards, many private industry groups also voluntarily adopt these standards.

    While NIST denies ever helping the NSA to weaken standards, it does admit that it works with the agency on encryption standards. In fact, the group is “required by statute to consult” with the agency during its “cryptography development process because of [the NSA’s] recognized expertise.”

    In other words, NIST has to work with the NSA on encryption standards, but it doesn’t actively weaken said standards at the agency’s bequest. Conspiracy theorists might say that the NSA inserted the vulnerabilities in NIST’s standards without the group noticing. It’s not exactly that far out of a theory considering everything else we’ve learned about the agency thus far.

    To help remove some of the skepticism it’s facing, NIST has also announced that it’s reopened the public comment period for its latest standards publication. This will give the public another chance to look through the latest encryption standards to see if they find anything out of the ordinary.

    [Image: Wikimedia Commons]
    [h/t: The Hill]

  • IBM Completes Trusteer Acquisition

    IBM has completed its acquisition of Trusteer, first announced last month.

    “The way organizations protect data is quickly evolving,” said Trusteer CEO Mickey Boodaei at the time. “As attacks become more sophisticated, traditional approaches to securing enterprise and mobile data are no longer valid. Trusteer has helped hundreds of large banks and organizations around the world defeat thousands of sophisticated attacks using innovative solutions that combine intelligence, cloud, mobile, and desktop technologies.”

    When IBM announced the acquisition, it also announced that it would be launching a cybersecurity lab in Israel, which it said would bring together 200 Trusteer and IBM researchers and developers. At the lab, workers will focus on mobile security, advanced cyber threats, malware, counter-fraud and financial crimes.

    “The acquisition of Trusteer builds on more than 40 years of IBM’s rich contribution to the security space,” said Brendan Hannigan, General Manager, IBM Security Systems. “Trusteer will extend our data security capabilities further into the cloud, mobile and endpoint security space. This acquisition helps provide our clients with comprehensive network and endpoint anti-malware solutions.”

    “This acquisition is further proof that IBM is serious about providing clients with the security intelligence capabilities to help protect organizations in a constantly evolving threat landscape,” said John Johnson, Global Security Strategist, John Deere. “As part of IBM, Trusteer’s counter-fraud capabilities, along with the creation of a cybersecurity software lab, will help make advances in counter-fraud and malware protection.”

    Financial terms of the deal were not disclosed.

    Image: IBM (YouTube)

  • Cisco Layoffs And Guidance Send Stock Down Despite Earnings Hit

    Cisco released its Q4 and fiscal year 2013 earnings on Wednesday, along with plans to lay off 4,000 employees. While the earnings managed to meet analysts’ expectations, the company’s stock is suffering on news of the job cuts.

    The layoffs, which the company is calling a “workforce rebalancing” will begin starting next quarter, and will amount to about 5% of Cisco’s workforce.

    All Things D’s Arik Hesseldahl spoke with CEO John Chambers, and shares this quote:

    “The primary reason is that as a company we’re rebalancing our work force to meet the opportunities.”

    The company’s revenue was up 6% year over year at $12.4 billion for the quarter. For the year, it was also up 6% at $48.6 billion.

    As of the time of this writing, Cisco shares are at $24.41 (-1.97‎, -7.48%‎).

    Here’s the company’s earnings release in its entirety:

    SAN JOSE, CA — August 14, 2013 – Cisco (NASDAQ: CSCO)

    • Q4 Revenue: $12.4 billion (increase of 6% year over year)
    • Q4 Earnings per Share: $0.42 GAAP; $0.52 non-GAAP
    • FY 2013 Revenue: $48.6 billion (increase of 6% year over year)
    • FY 2013 Earnings per Share: $1.86 GAAP; $2.02 non-GAAP

    Cisco, the worldwide leader in networking that transforms how people connect, communicate and collaborate, today reported its fourth quarter and fiscal year results for the period ended July 27, 2013. Cisco reported fourth quarter revenue of $12.4 billion, net income on a generally accepted accounting principles (GAAP) basis of $2.3 billion or $0.42 per share, and non-GAAP net income of $2.8 billion or $0.52 per share.

    “My confidence in our ability to be the #1 IT Company is increasing. Our fourth quarter was a record on many fronts, with record revenue, and record non-GAAP operating income, non-GAAP net income, and non-GAAP earnings per share. In every case, we exceeded the midpoint of our guidance. We also generated $4 billion in operating cash flow in the quarter, another record,” stated Cisco Chairman and CEO John Chambers.

    “Now, more than ever, our customers and our partners want Cisco’s help navigating the inconsistent global landscape successfully. They recognize the benefit of a partner who is not only the leader in their product categories, but can bring technologies and solutions together in an architecture to lower operating costs, reduce time to results, and future proof their investments.”

    Q4 GAAP Results
    Q4 2013 Q4 2012 Vs. Q4 2012
    Revenue $ 12.4 billion $ 11.7 billion 6.2 %
    Net Income $ 2.3 billion $ 1.9 billion 18.4 %
    Earnings per Share $ 0.42 $ 0.36 16.7 %
    Q4 Non-GAAP Results
    Q4 2013 Q4 2012 Vs. Q4 2012
    Net Income $ 2.8 billion $ 2.5 billion 12.7 %
    Earnings per Share $ 0.52 $ 0.47 10.6 %
    Fiscal Year GAAP Results
    FY 2013 FY 2012 Vs. FY 2012
    Revenue $ 48.6 billion $ 46.1 billion 5.5 %
    Net Income $ 10.0 billion $ 8.0 billion 24.2 %
    Earnings per Share $ 1.86 $ 1.49 24.8 %
    Fiscal Year Non-GAAP Results
    FY 2013 FY 2012 Vs. FY 2012
    Net Income $ 10.9 billion $ 10.0 billion 8.5 %
    Earnings per Share $ 2.02 $ 1.85 9.2 %

    GAAP net income and GAAP earnings per share for the fourth quarter and fiscal year ended July 27, 2013 include the previously disclosed charge of $0.03 per share for the TiVo, Inc. (“TiVo”) patent litigation settlement. This charge was excluded from non-GAAP earnings per share. A reconciliation between net income on a GAAP basis and non-GAAP net income is provided in the table below.

    Cisco will discuss fourth quarter and fiscal year 2013 results and business outlook on a conference call and webcast at 1:30 p.m. Pacific Time today. Call information and related charts are available at http://investor.cisco.com.

    Cash and Cash Equivalents and Investments

    • Cash flows from operations were $4.0 billion for the fourth quarter of fiscal 2013, compared with $3.1 billion for the third quarter of fiscal 2013, and compared with $3.1 billion for the fourth quarter of fiscal 2012. Cash flows from operations were $12.9 billion for fiscal 2013, compared with $11.5 billion for fiscal 2012.
    • Cash and cash equivalents and investments were $50.6 billion at the end of the fourth quarter of fiscal 2013, compared with $47.4 billion at the end of the third quarter of fiscal 2013, and compared with $48.7 billion at the end of the fourth quarter of fiscal 2012.

    Dividends and Stock Repurchase Program

    • During the fourth quarter of fiscal 2013:
      • Cisco paid a cash dividend of $0.17 per common share, or $918 million.
      • Cisco repurchased approximately 47 million shares of common stock under the stock repurchase program at an average price of $24.80 per share for an aggregate purchase price of $1.2 billion.
    • During fiscal year 2013:
      • Cisco paid cash dividends in the aggregate amount of $0.62 per common share, or $3.3 billion.
      • Cisco repurchased approximately 128 million shares of common stock under the stock repurchase program at an average price of $21.63 per share for an aggregate purchase price of $2.8 billion. As of July 27, 2013, Cisco had repurchased and retired 3.9 billion shares of Cisco common stock at an average price of $20.40 per share for an aggregate purchase price of approximately $78.9 billion since the inception of the stock repurchase program. The remaining authorized amount for stock repurchases under this program is approximately $3.1 billion with no termination date.

    “Our financial strategy is working as our profits grew faster than revenue for the full fiscal year,” stated Frank Calderoni, executive vice president and chief financial officer. “Our fourth quarter also delivered solid financial results as we continued to deliver profitable growth to maximize shareholder value for the long-term.”

    Select Global Business Highlights

    • Cisco completed its acquisition of privately held Ubiquisys Limited, a leading provider of intelligent 3G and long-term evolution (LTE) small-cell technologies designed to provide seamless connectivity across mobile heterogeneous networks for service providers.
    • Cisco completed its acquisition of privately held JouleX, Inc. a leader in enterprise IT energy management for network-attached and data center assets.
    • Cisco announced its intent to acquire privately held Composite Software, Inc., a leader in data virtualization software and services.
    • Cisco announced a definitive agreement to acquire Sourcefire, Inc. a leader in intelligent cybersecurity solutions, with the goal of integrating world-class products, technologies and research teams to provide continuous and pervasive advanced threat protection.
    • Cisco completed its acquisition of SolveDirect Service Management GmbH, a privately held company headquartered in Vienna, Austria that provides innovative, cloud-delivered services management integration software and services.
    • At the Microsoft Worldwide Partner Conference, Cisco announced it would team with Microsoft to accelerate the deployment of private and hybrid cloud infrastructure worldwide.
    • Cisco released an Internet of Everything (IoE) Value Index study predicting that the IoE-the networked connection of people, process, data and things-is expected to enable global private-sector businesses to generate at least $613 billion in global profits in 2013.

    Cisco Innovation

    • Cisco introduced the Carrier Routing System-X (CRS-X), its newest addition to the industry-leading CRS family. The CRS-X is designed to provide unmatched economical scale and lasting investment protection to more than 750 customers worldwide, including global telecommunications service providers and organizations.
    • Cisco announced that it has opened an innovation center in Israel in collaboration with Pelephone Communications Ltd., an Israeli telecom service provider, to develop and deploy a radio network topology for handling the surge in demand for mobile Internet services.
    • Cisco announced the evolution of its network services strategy for virtual and cloud networks by integrating the market-leading Citrix® NetScaler® application delivery controller (ADC) technology into the Cisco Unified Fabric Cloud Network Services portfolio.
    • At Cisco Live! in Orlando, Cisco unveiled a new data center networking architecture designed to usher in the era of Application-Centric Infrastructure by transforming data centers to better address the demands of new and current applications in the cloud era.
    • Cisco took another significant step in the evolution of its networking portfolio, introducing new and updated Cisco Catalyst® switching and Integrated Services Router products that provide high-performing, fully programmable enterprise networking solutions.

    Select Customer Announcements

    • Cisco announced that it was selected by Vodafone Hutchison Australia (VHA) to accelerate deployment of VHA’s 4G long-term evolution (LTE) network with the Cisco® ASR 5500 as the mobile multimedia core platform.
    • Cisco announced that Manchester City will be the first Premier League team to offer Cisco Connected Stadium Wi-Fi and StadiumVision™ Mobile solutions.
    • Cisco announced that Czech telecommunications operator T-Mobile has chosen the Cisco ASR 5000 Series to manage its mobile data traffic from the new LTE network, together with existing 2G and 3G networks.
    • The Universidad San Sebastián in Chile has updated its voice, data and wireless connectivity using Cisco technology to serve more than 26,000 students and 2,500 teachers.
    • Cisco announced that TIM Brazil, one of Brazil’s leading service providers, has selected Cisco Videoscape™ Distribution Suite Transparent Caching (VDS-TC) to enable the delivery of video content across multiple screens, protocols, applications and networks.
    • Cisco announced that Polymetal, a leading precious metals company in Russia and Kazakhstan, has deployed a distributed telephone network based on Cisco Unified Communications.
    • The University of Virginia Center for Telehealth was selected as the first member of the Cisco Healthcare Center of Excellence program.
    • The Stock Exchange of Thailand has implemented Cisco’s Data Center architecture to increase operational flexibility and streamline its online trading platform.
    • By using the Cisco service provider Wi-Fi solution, Hong Kong telecommunications service provider PCCW-HKT became the first service provider in the Greater China region to deploy the next-generation 802.11ac Wi-Fi network.
    • Cisco announced that Vodafone India, one of India’s leading telecommunications service providers, will be deploying Cisco’s end-to-end networking solutions to evolve to a complete IP-based architecture in India.

    Editor’s Note:

    • The Q4 and fiscal year 2013 conference call to discuss Cisco’s results along with its business outlook will be held on Wednesday, August 14, 2013 at 1:30 p.m. Pacific Time. Conference call number is1-888-848-6507 (United States) or 1-212-519-0847 (international).
    • Conference call replay will be available from 4:00 p.m. Pacific Time, August 14, 2013 to 4:00 p.m. Pacific Time, August 21, 2013 at 1-866-507-3618 (United States) or 1-203-369-1892 (international). The replay will also be available via webcast from August 14, 2013 through October 21, 2013 on the Cisco Investor Relations website at http://investor.cisco.com.
    • Additional information regarding Cisco’s financials, as well as a webcast of the conference call with visuals designed to guide participants through the call, will be available at 1:30 p.m. Pacific Time, August 14, 2013. Text of the conference call’s prepared remarks will be available within 24 hours of completion of the call. The webcast will include both the prepared remarks and the question-and-answer session. This information, along with GAAP reconciliation information, will be available on the Cisco Investor Relations website athttp://investor.cisco.com.

    About Cisco
    Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.

    This release may be deemed to contain forward-looking statements, which are subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. These forward-looking statements include, among other things, statements regarding future events (such as our ability to be the #1 IT company; the desire of our customers and partners for Cisco’s help to successfully navigate the inconsistent global landscape; the benefits to our customers of our leadership in their product categories and our ability to bring technologies and solutions together in an architecture to lower operating costs and accomplish other business objectives; our financial strategy and our ability to continue profitable growth to maximize shareholder value for the long term; and the expectation that the Internet of Everything (IoE) will enable global private-sector businesses to generate profits) and the future financial performance of Cisco that involve risks and uncertainties. Readers are cautioned that these forward-looking statements are only predictions and may differ materially from actual future events or results due to a variety of factors, including: business and economic conditions and growth trends in the networking industry, our customer markets and various geographic regions; global economic conditions and uncertainties in the geopolitical environment; overall information technology spending; the growth and evolution of the Internet and levels of capital spending on Internet-based systems; variations in customer demand for products and services, including sales to the service provider market and other customer markets; the return on our investments in certain priorities, including our foundational priorities, and in certain geographical locations; the timing of orders and manufacturing and customer lead times; changes in customer order patterns or customer mix; insufficient, excess or obsolete inventory; variability of component costs; variations in sales channels, product costs or mix of products sold; our ability to successfully acquire businesses and technologies and to successfully integrate and operate these acquired businesses and technologies; our ability to achieve expected benefits of our partnerships; increased competition in our product and service markets, including the data center; dependence on the introduction and market acceptance of new product offerings and standards; rapid technological and market change; manufacturing and sourcing risks; product defects and returns; litigation involving patents, intellectual property, antitrust, shareholder and other matters, and governmental investigations; natural catastrophic events; a pandemic or epidemic; our ability to achieve the benefits anticipated from our investments in sales, engineering, service, marketing and manufacturing activities; our ability to recruit and retain key personnel; our ability to manage financial risk, and to manage expenses during economic downturns; risks related to the global nature of our operations, including our operations in emerging markets; currency fluctuations and other international factors; changes in provision for income taxes, including changes in tax laws and regulations or adverse outcomes resulting from examinations of our income tax returns; potential volatility in operating results; and other factors listed in Cisco’s most recent reports on Forms 10-K and 10-Q filed on September 12, 2012 and May 21, 2013, respectively. The financial information contained in this release should be read in conjunction with the consolidated financial statements and notes thereto included in Cisco’s most recent reports on Forms 10-K and 10-Q as each may be amended from time to time. Cisco’s results of operations for the three months and the year ended July 27, 2013 are not necessarily indicative of Cisco’s operating results for any future periods. Any projections in this release are based on limited information currently available to Cisco, which is subject to change. Although any such projections and the factors influencing them will likely change, Cisco will not necessarily update the information, since Cisco will only provide guidance at certain points during the year. Such information speaks only as of the date of this release.

    This release includes non-GAAP net income, non-GAAP effective tax rates, non-GAAP net income per share data and non-GAAP inventory turns.

    These non-GAAP measures are not in accordance with, or an alternative for, measures prepared in accordance with generally accepted accounting principles and may be different from non-GAAP measures used by other companies. In addition, these non-GAAP measures are not based on any comprehensive set of accounting rules or principles. Cisco believes that non-GAAP measures have limitations in that they do not reflect all of the amounts associated with Cisco’s results of operations as determined in accordance with GAAP and that these measures should only be used to evaluate Cisco’s results of operations in conjunction with the corresponding GAAP measures.

    Cisco believes that the presentation of non-GAAP net income, non-GAAP effective tax rates, and non-GAAP net income per share data, when shown in conjunction with the corresponding GAAP measures, provides useful information to investors and management regarding financial and business trends relating to its financial condition and results of operations. In addition, Cisco believes that the presentation of non-GAAP inventory turns provides useful information to investors and management regarding financial and business trends relating to inventory management based on the operating activities of the period presented.

    For its internal budgeting process, Cisco’s management uses financial statements that do not include, when applicable, share-based compensation expense, amortization of acquisition-related intangible assets, impact to cost of sales from purchase accounting adjustments to inventory, other acquisition-related/divestiture costs, significant asset impairments and restructurings, significant litigation settlements (such as the patent litigation settlement with TiVo in the fourth quarter of fiscal 2013), the income tax effects of the foregoing, and significant tax matters. Cisco’s management also uses the foregoing non-GAAP measures, in addition to the corresponding GAAP measures, in reviewing the financial results of Cisco. In prior periods, Cisco has excluded other items that it no longer excludes for purposes of its non-GAAP financial measures. From time to time in the future there may be other items, such as significant gains or losses from contingencies that Cisco may exclude for purposes of its internal budgeting process and in reviewing its financial results.

    For additional information on the items excluded by Cisco from one or more of its non-GAAP financial measures, refer to the Form 8-K regarding this release furnished today to the Securities and Exchange Commission.

    Copyright © 2013 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, Catalyst, Cisco StadiumVision, and Cisco Videoscape are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to: www.cisco.com/go/trademarks. Third party trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.

    CONSOLIDATED STATEMENTS OF OPERATIONS
    (In millions, except per-share amounts)
    (Unaudited)
    Three Months Ended Fiscal Year Ended
    July 27,
    2013    		 July 28,
    2012    		 July 27,
    2013    		 July 28,
    2012
    REVENUE:
    Product $ 9,736 $ 9,150 $ 38,029 $ 36,326
    Service 2,681 2,540 10,578 9,735
    Total revenue 12,417 11,690 48,607 46,061
    COST OF SALES:
    Product 4,154 3,729 15,541 14,505
    Service 916 876 3,626 3,347
    Total cost of sales 5,070 4,605 19,167 17,852
    GROSS MARGIN 7,347 7,085 29,440 28,209
    OPERATING EXPENSES:
    Research and development 1,517 1,416 5,942 5,488
    Sales and marketing 2,360 2,417 9,538 9,647
    General and administrative 590 711 2,264 2,322
    Amortization of purchased intangible assets 66 91 395 383
    Restructuring and other charges 79 105 304
    Total operating expenses 4,533 4,714 18,244 18,144
    OPERATING INCOME 2,814 2,371 11,196 10,065
    Interest income 171 167 654 650
    Interest expense (143 ) (147 ) (583 ) (596 )
    Other income (loss), net 29 (5 ) (40 ) 40
    Interest and other income, net 57 15 31 94
    INCOME BEFORE PROVISION FOR INCOME TAXES 2,871 2,386 11,227 10,159
    Provision for income taxes 601 469 1,244 2,118
    NET INCOME $ 2,270 $ 1,917 $ 9,983 $ 8,041
    Net income per share:
    Basic $ 0.42 $ 0.36 $ 1.87 $ 1.50
    Diluted $ 0.42 $ 0.36 $ 1.86 $ 1.49
    Shares used in per-share calculation
    Basic 5,367 5,332 5,329 5,370
    Diluted 5,437 5,354 5,380 5,404
    Cash dividends declared per common share $ 0.17 $ 0.08 $ 0.62 $ 0.28
    RECONCILIATION OF GAAP TO NON-GAAP NET INCOME
    (In millions, except per-share amounts)
    Three Months Ended Fiscal Year Ended
    July 27,
    2013    		 July 28,
    2012    		 July 27,
    2013    		 July 28,
    2012
    GAAP net income $ 2,270 $ 1,917 $ 9,983 $ 8,041
    Adjustments to cost of sales:
    Share-based compensation expense 42 54 178 209
    Amortization of acquisition-related intangible assets 153 100 569 376
    Impact to cost of sales from purchase accounting adjustments to inventory 40
    TiVo patent litigation settlement (1) 172 172
    Other acquisition-related/divestiture costs 1 1
    Significant asset impairments and restructurings (5 ) (31 )
    Total adjustments to GAAP cost of sales 368 149 960 554
    Adjustments to operating expenses:
    Share-based compensation expense 198 313 947 1,192
    Amortization of acquisition-related intangible assets 66 91 395 383
    Other acquisition-related/divestiture costs 59 7 129 36
    Significant asset impairments and restructurings 281 55 506
    Total adjustments to GAAP operating expenses 323 692 1,526 2,117
    Total adjustments to GAAP income before provision for income taxes 691 841 2,486 2,671
    Income tax effect of non-GAAP adjustments (114 ) (231 ) (620 ) (695 )
    Significant tax matters (2) (983 )
    Total adjustments to GAAP provision for income taxes (114 ) (231 ) (1,603 ) (695 )
    Non-GAAP net income $ 2,847 $ 2,527 $ 10,866 $ 10,017
    Diluted net income per share:
    GAAP $ 0.42 $ 0.36 $ 1.86 $ 1.49
    Non-GAAP $ 0.52 $ 0.47 $ 2.02 $ 1.85
    (1) Pursuant to the terms of the previously disclosed settlement and patent license agreement, Cisco paid TiVo a single lump sum of $294 million. During the fourth quarter of fiscal 2013, Cisco recorded a charge of $172 million in connection with this agreement. Non-GAAP net income for the fourth quarter and fiscal year ended July 27, 2013 excluded this charge.
    (2) For the fiscal year ended July 27, 2013, Cisco recorded a net tax benefit of $983 million. This net tax benefit is comprised of an Internal Revenue Service settlement of $794 million, the retroactive reinstatement of the U.S. federal R&D tax credit of $72 million and a tax benefit of $117 million related to prior fiscal years. Non-GAAP net income excluded this net tax benefit of $983 million.
    RECONCILIATION OF GAAP TO NON-GAAP EFFECTIVE TAX RATE
    Three Months Ended Fiscal Year Ended
    July 27,
    2013    		 July 28,
    2012    		 July 27,
    2013    		 July 28,
    2012
    GAAP effective tax rate 20.9 % 19.7 % 11.1 % 20.8 %
    Tax effect of non-GAAP adjustments to net income (0.8 )% 2.0 % 9.7 % 1.1 %
    Non-GAAP effective tax rate 20.1 % 21.7 % 20.8 % 21.9 %
    CONDENSED CONSOLIDATED BALANCE SHEETS
    (In millions)
    (Unaudited)
    July 27,
    2013    		 July 28,
    2012
    ASSETS
    Current assets:
    Cash and cash equivalents $ 7,925 $ 9,799
    Investments 42,685 38,917
    Accounts receivable, net of allowance for doubtful accounts of $228 at July 27, 2013 and $207 at July 28, 2012 5,470 4,369
    Inventories 1,476 1,663
    Financing receivables, net 4,037 3,661
    Deferred tax assets 2,616 2,294
    Other current assets 1,312 1,230
    Total current assets 65,521 61,933
    Property and equipment, net 3,322 3,402
    Financing receivables, net 3,911 3,585
    Goodwill 21,919 16,998
    Purchased intangible assets, net 3,403 1,959
    Other assets 3,115 3,882
    TOTAL ASSETS $ 101,191 $ 91,759
    LIABILITIES AND EQUITY
    Current liabilities:
    Short-term debt $ 3,283 $ 31
    Accounts payable 1,029 859
    Income taxes payable 192 276
    Accrued compensation 3,378 2,928
    Deferred revenue 9,262 8,852
    Other current liabilities 5,048 4,785
    Total current liabilities 22,192 17,731
    Long-term debt 12,928 16,297
    Income taxes payable 1,748 1,844
    Deferred revenue 4,161 4,028
    Other long-term liabilities 1,034 558
    Total liabilities 42,063 40,458
    Total equity 59,128 51,301
    TOTAL LIABILITIES AND EQUITY $ 101,191 $ 91,759
    CONSOLIDATED STATEMENTS OF CASH FLOWS
    (In millions)
    (Unaudited)
    Fiscal Year Ended
    July 27,
    2013    		 July 28,
    2012
    Cash flows from operating activities:
    Net income $ 9,983 $ 8,041
    Adjustments to reconcile net income to net cash provided by operating activities:
    Depreciation, amortization, and other 2,351 2,602
    Share-based compensation expense 1,120 1,401
    Provision for receivables 44 50
    Deferred income taxes (37 ) (314 )
    Excess tax benefits from share-based compensation (92 ) (60 )
    Net losses (gains) on investments 9 (31 )
    Change in operating assets and liabilities, net of effects of acquisitions and divestitures:
    Accounts receivable (1,001 ) 272
    Inventories 218 (287 )
    Financing receivables (723 ) (846 )
    Other assets (27 ) (674 )
    Accounts payable 164 (7 )
    Income taxes, net (239 ) 418
    Accrued compensation 330 (101 )
    Deferred revenue 598 727
    Other liabilities 196 300
    Net cash provided by operating activities 12,894 11,491
    Cash flows from investing activities:
    Purchases of investments (36,608 ) (41,810 )
    Proceeds from sales of investments 14,799 27,365
    Proceeds from maturities of investments 17,909 12,103
    Acquisition of property and equipment (1,160 ) (1,126 )
    Acquisition of businesses, net of cash and cash equivalents acquired (6,766 ) (375 )
    Purchases of investments in privately held companies (225 ) (380 )
    Return of investments in privately held companies 209 242
    Other 74 166
    Net cash used in investing activities (11,768 ) (3,815 )
    Cash flows from financing activities:
    Issuances of common stock 3,338 1,372
    Repurchases of common stock – repurchase program (2,773 ) (4,560 )
    Shares repurchased for tax withholdings on vesting of restricted stock units (330 ) (200 )
    Short-term borrowings, maturities less than 90 days, net (20 ) (557 )
    Issuances of debt, maturities greater than 90 days 24
    Repayments of debt, maturities greater than 90 days (16 )
    Excess tax benefits from share-based compensation 92 60
    Dividends paid (3,310 ) (1,501 )
    Other (5 ) (153 )
    Net cash used in financing activities (3,000 ) (5,539 )
    Net (decrease) increase in cash and cash equivalents (1,874 ) 2,137
    Cash and cash equivalents, beginning of fiscal year 9,799 7,662
    Cash and cash equivalents, end of fiscal year $ 7,925 $ 9,799
    Cash paid for:
    Interest $ 682 $ 681
    Income taxes, net $ 1,519 $ 2,014
    ADDITIONAL FINANCIAL INFORMATION
    (In millions)
    (Unaudited)
    July 27,
    2013    		 July 28,
    2012
    Cash and Cash Equivalents and Investments:
    Cash and cash equivalents $ 7,925 $ 9,799
    Fixed income securities 39,888 37,297
    Publicly traded equity securities 2,797 1,620
    Total $ 50,610 $ 48,716
    Inventories:
    Raw materials $ 105 $ 127
    Work in process 24 35
    Finished goods:
    Distributor inventory and deferred cost of sales 572 630
    Manufactured finished goods 480 597
    Total finished goods 1,052 1,227
    Service-related spares 256 213
    Demonstration systems 39 61
    Total $ 1,476 $ 1,663
    Property and equipment, net:
    Land, buildings, and building and leasehold improvements $ 4,426 $ 4,363
    Computer equipment and related software 1,416 1,469
    Production, engineering, and other equipment 5,721 5,364
    Operating lease assets 326 300
    Furniture and fixtures 497 487
    12,386 11,983
    Less accumulated depreciation and amortization (9,064 ) (8,581 )
    Total $ 3,322 $ 3,402
    Other assets:
    Deferred tax assets $ 1,539 $ 2,270
    Investments in privately held companies 833 858
    Other 743 754
    Total $ 3,115 $ 3,882
    Deferred revenue:
    Service $ 9,403 $ 9,173
    Product:
    Unrecognized revenue on product shipments and other deferred revenue 3,340 2,975
    Cash receipts related to unrecognized revenue from two-tier distributors 680 732
    Total product deferred revenue 4,020 3,707
    Total $ 13,423 $ 12,880
    Reported as:
    Current $ 9,262 $ 8,852
    Noncurrent 4,161 4,028
    Total $ 13,423 $ 12,880
    SUMMARY OF SHARE-BASED COMPENSATION EXPENSE
    (In millions)
    Three Months Ended Fiscal Year Ended
    July 27,
    2013    		 July 28,
    2012    		 July 27,
    2013    		 July 28,
    2012
    Cost of sales – product $ 9 $ 14 $ 40 $ 53
    Cost of sales – service 33 40 138 156
    Share-based compensation expense in cost of sales 42 54 178 209
    Research and development 58 104 286 401
    Sales and marketing 101 159 484 588
    General and administrative 39 50 175 203
    Restructuring and other charges 2 (3 )
    Share-based compensation expense in operating expenses 198 315 942 1,192
    Total share-based compensation expense $ 240 $ 369 $ 1,120 $ 1,401
    Income tax benefit for share-based compensation $ 53 $ 64 $ 285 $ 335
    ACCOUNTS RECEIVABLE AND DSO
    (In millions, except DSO)
    July 27,
    2013    		 April 27,
    2013    		 July 28,
    2012
    Accounts receivable, net $ 5,470 $ 4,942 $ 4,369
    Days sales outstanding in accounts receivable (DSO) 40 37 34
    INVENTORY TURNS AND RECONCILIATION OF GAAP TO NON-GAAP
    COST OF SALES USED IN INVENTORY TURNS
    (In millions, except annualized inventory turns)
    Three Months Ended
    July 27,
    2013    		 April 27,
    2013    		 July 28,
    2012
    Annualized inventory turns – GAAP 13.8 12.4 11.7
    Cost of sales adjustments (1.0 ) (0.5 ) (0.4 )
    Annualized inventory turns – non-GAAP 12.8 11.9 11.3
    GAAP cost of sales $ 5,070 $ 4,705 $ 4,605
    Cost of sales adjustments:
    Share-based compensation expense (42 ) (44 ) (54 )
    Amortization of acquisition-related intangible assets (153 ) (146 ) (100 )
    TiVo patent litigation settlement (172 )
    Other acquisition-related/divestiture costs (1 )
    Significant asset impairments and restructurings 5
    Non-GAAP cost of sales $ 4,702 $ 4,515 $ 4,456
    DIVIDENDS PAID AND REPURCHASE OF COMMON STOCK
    (In millions, except dividends paid per common share)
    Three Months Ended Fiscal Year Ended
    July 27,
    2013    		 April 27,
    2013    		 January 26,
    2013    		 October 27,
    2012    		 July 27,
    2013
    Dividends paid $ 918 $ 905 $ 743 $ 744 $ 3,310
    Repurchase of common stock under the stock repurchase program 1,160 860 500 253 2,773
    Total $ 2,078 $ 1,765 $ 1,243 $ 997 $ 6,083
    Dividends paid per common share $ 0.17 $ 0.17 $ 0.14 $ 0.14 $ 0.62

    Image: World Economic Forum (Wikimedia Commons)

  • IBM To Launch Super Security Lab With Big Trusteer Acquisition

    IBM announced on Thursday that it has entered into a definitive agreement to acquire security company Trusteer.

    With the news, IBM is launching a cybersecurity software lab in Israel, which it says will bring together over 200 Trusteer and IBM researchers and developers to focus on mobile security, advanced cyber threats, malware, counter-fraud, and financial crimes.

    “Trusteer’s cybersecurity protection will help IBM protect millions of client endpoints, including smartphones and tablets,” an IBM spokesperson tells WebProNews. “Malware installed on a bank customer’s PC or smartphone, for example, can generate fraudulent transactions. Trusteer solutions help financial institutions and other commerce companies identify and help remove malware on remote devices. Seven of the top 10 U.S. banks and nine of the top 10 U.K. banks use Trusteer’s solutions to help secure customer accounts against financial fraud and cyber attacks.”

    “The new Israeli Cybersecurity Software Lab will combine Trusteer’s and IBM’s research and global expertise in global fraud intelligence and malware to help provide organizations with protection in a constantly evolving threat landscape,” the spokesperson says. “Trusteer analyzes data gathered from more than 30 million endpoints that it currently protects, using data analytics to develop real-time, actionable intelligence that will be incorporated into IBM’s security products and services. This lab will focus on mobile and application security, as well as advanced fraud and malware detection.”

    IBM believes it is “well-poised” to take advantage of the $28 billion cyber security market as it operates one of the broadest security research and development organizations in the world. The company monitors 15 billion security events per day in over 130 countries and holds over 3,000 security patents.

    “Trusteer’s expertise and superior technology in enterprise endpoint defense and advanced malware prevention will help our clients across all industries address the constantly evolving threats they are facing,” said Brendan Hannigan, General Manager, Security Systems Division, IBM. “Together with IBM’s capabilities in advanced threat detection, analysis and remediation, we will now be able to offer our clients several additional layers of defense against sophisticated attackers.”

    “The way organizations protect data is quickly evolving,” said Mickey Boodaei, CEO, Trusteer. “As attacks become more sophisticated, traditional approaches to securing enterprise and mobile data are no longer valid. Trusteer has helped hundreds of large banks and organizations around the world defeat thousands of sophisticated attacks using innovative solutions that combine intelligence, cloud, mobile, and desktop technologies.”

    IBM has already acquired about a dozen other security software companies, including Guardium, Big Fix, Watchfire and Internet Security Systems. In 2011, the company acquired Q1 Labs, the analytics capabilities of which are the foundation for IBM’s Security Systems division.

    Terms of the deal were not disclosed, but TechCrunch says it has a source that suggests it’s around $1 billion.

  • AT&T, CSC Partner For Enterprise Cloud Solutions

    AT&T, CSC Partner For Enterprise Cloud Solutions

    AT&T and Computer Sciences Corporation (CSC) this week announced a new enterprise solutions agreement. CSC is a global IT company that offers enterprise solutions including applications, big data, cloud solutions, and cybersecurity.

    The companies will partner globally to provide “next-generation technology solutions” for businesses. More specifically, the companies will develop cloud solutions for enterprise. AT&T’s mobile network and existing cloud infrastructure will be used to offer CSC’s cloud services to businesses.

    As part of the agreement, AT&T will be managing CSS’s internal network and managed network services with business clients. CSC will be providing “application expertise” to AT&T and business customers. The companies claim the new partnership will speed up the process for businesses that need enterprise cloud solutions quickly deployed.

    “This agreement advances our cloud market leadership position by layering our leading cloud platform on AT&T’s worldwide network and infrastructure architecture, capitalizing on quickly evolving technology solutions and enabling AT&T and its clients to modernize their applications to take advantage of these solutions,” said Mike Lawrie, president and CEO of CSC. “Additionally, this agreement enhances our ability to compete globally with AT&T’s expertise and scale to better meet customer demand.”

  • Commerce Department Recommends Congress Bring Back A Part Of SOPA

    Commerce Department Recommends Congress Bring Back A Part Of SOPA

    I think we can all agree that SOPA was no good. The legislation would have done extensive damage to the Internet and free speech all in the name of stopping piracy. One of the more troubling parts of the legislation would have criminalized “unauthorized streaming.” It’s a good thing SOPA was killed off, right?

    SOPA may be dead, but the Department of Commerce’s Internet Policy Task Force recently released a report that recommends Congress bring back the part of SOPA that would have made “unauthorized streaming” a felony. Their reasoning is that streaming is just as important as physical media is to content creators so the unauthorized reproduction of the former should be met with the same punishments as the latter. In short, the Commerce Department is saying that streaming an episode of Game of Thrones outside of HBO Go is the same thing as selling a bootleg DVD of Game of Thrones.

    You can probably already see why this is a bad idea. Previous bills and provisions that concern online streaming have been so ambiguously worded that they could conceivably be used to punish people who upload YouTube videos of themselves singing over their favorite songs. In fact, one bill – the Commercial Felony Streaming Act – from Sen. Amy Klobuchar met with stiff resistance from none other than Justin Bieber. He famously said that Klobuchar “needs to be locked up” after being told about the bill.

    Now, it should be said that it’s hard to imagine any piece of legislation being used to go after regular people uploading videos of themselves jamming out to their favorite songs on YouTube. What does raise concern are the people who upload clips from movies and television shows. YouTube already has a competent ContentID matching program in place to remove these unauthorized streams from the service. It’s ridiculous to think that some people in Washingon and Hollywood think this isn’t enough, and are demanding that these people be thrown behind bars.

    What makes this all especially troubling is that the Obama administration, of which the Commerce department is a part of, has effectively flip-flopped on its stance regarding SOPA. In last year’s Annual Report on Intellectual Property Enforcement, the administration said that it stood against any legislation that “reduces freedom of expression, increases cybersecurity risk (including authority to tamper with the DNS system), or undermines the dynamic, innovative global Internet.” I hate to be the bearer of bad news, but cracking down on streaming, even if it’s unauthorized, would undermine the “dynamic, innovative global Internet” by making people scared to invest in or use streaming services for fear of being locked up.

    Maybe Congress and Hollywood should start seeing the real reason behind unauthorized streaming – a lack of official monetized services. Sure, we have Hulu, Netflix, HBO Go and others, but some of them (i.e. HBO Go) make it incredibly hard to appreciate their efforts since it requires a cable subscription. Consumers need a simple, catch-all service that delivers everything they want. It’s worked wonders for the music industry, and now Hollywood has to follow suit.

    Besides, how else is Bieber going to watch his favorite UFC fights?

    [h/t: Washington Post]

  • House Proves Yet Again That It Cares Not For Your Privacy

    The House proved earlier this year that it doesn’t care about your privacy when it voted in favor of CISPA yet again. Now the House has cemented the fact that it cares not for your civil liberties.

    The Hill reports that the House voted 205-217 against an amendment from Rep. Justin Amash that would have stopped the NSA from collecting Americans’ phone records. The amendment was proposed as an addition to the annual Defense Department spending bill. If it had passed, it would have prevented the NSA from targeting anybody not currently under investigation.

    As expected, the Obama administration, pro-NSA members of Congress and the intelligence community would have none of it. They lobbied furiously at the beginning of the week to shoot down the amendment when it became clear that it was headed to the floor for a vote. In short, they argued that a vote for Amash’s amendment would be a vote for terrorism.

    Rep. Amash’s amendment wasn’t the only NSA-related amendment being voted on last night though. The House, in a 409-12 vote, approved an amendment from Rep. Mike Pompeo that would prevent the NSA from intentionally targeting Americans. It’s a nice gesture, but the amendment does absolutely nothing as the laws currently in place prevent the same thing. Amash’s amendment would have actually put a stop to the wholesale collection of Americans’ phone records.

    Despite the House rejecting Amash’s amendment, the vote was still an important one. It’s the first time Congress has directly voted on the NSA’s spy programs since they were leaked last month by Edward Snowden. It also sets up the next battle against the NSA brewing in both the Senate and the House as lawmakers write up legislation that would either curtail the agency’s actions or make it more transparent. With the knowledge of this vote, opponents of the NSA can now more accurately target those lawmakers who voted in favor of spy agency.

  • Cisco Is Acquiring Sourcefire For $2.7 Billion

    Cisco Is Acquiring Sourcefire For $2.7 Billion

    Cisco announced today that it has entered an agreement to acquire security firm Sourcefire in a deal worth $2.7 billion. Cisco wil pay $76 per share in cash for all shares of Sourcefire, and will assume outstanding equity awards. Retention-based incentives are included in the price.

    Sourcefire reported $223.1 million in revenue last year (up 35% from the prior year). The company was founded in 2001, and went public in 2007. It’s based in Columbia, Maryland.

    “‘Buy’ has always been a key part of our build-buy-partner innovation strategy,” said Hilton Romanski, VP, Cisco Corporate Development. “Sourcefire aligns well with Cisco’s future vision for security and supports the key pillars of our security strategy. Through our shared view of the critical role the network must play in cybersecurity and threat defense, we have a unique opportunity to deliver the most comprehensive approach to security in the market.”

    “The notion of the ‘perimeter’ no longer exists and today’s sophisticated threats are able to circumvent traditional, disparate security products. Organizations require continuous and pervasive advanced threat protection that addresses each phase of the attack continuum,” said Christopher Young, SVP, Cisco Security Group. “With the acquisition of Sourcefire, we believe our customers will benefit from one of the industry’s most comprehensive, integrated security solutions – one that is simpler to deploy, and offers better security intelligence.”

    “Cisco’s acquisition of Sourcefire will help accelerate the realization of our vision for a new model of security across the extended network,” said Sourcefire founder and CTO Martin Roesch. “We’re excited about the opportunities ahead to expand our footprint via Cisco’s global reach, as well as Cisco’s commitment to support our pace of innovation in both commercial markets and the open source community.”

    The boards of both companies have already approved the acquisition, which is expected to close later this year. It’s still subject to customer closing conditions and regulatory reviews.

  • Senate Finally Gets Around To Drafting A Cybersecurity Bill

    Earlier this year, the House proved yet again that it doesn’t care about your privacy by passing CISPA. The controversial cybersecurity bill would let the government and private companies easily share information to counter cyber threats. Now the Senate has finally gotten around to drafting its own legislation, but it’s nothing like CISPA. It’s not like it matters though.

    The Hill reports that the Senate Commerce, Science and Transportation Committee has drafted a bill that would address the nation’s lack of cybersecurity standards.

    So, who would be creating these standards? As it stands, the bill tasks the National Institute of Standards and Technology to create “voluntary cybersecurity standards and best practices for critical infrastructure, such as banks and power plants.”

    The bill doesn’t stop there, however, as it would also help improve research and education relating to cybersecurity. The latter is especially important as many people still aren’t aware of just how much malware is on the Web.

    As you can see, the proposed bill contains nothing about information sharing. That doesn’t mean the Senate doesn’t want to pass its own version of CISPA though. Sen. Jay Rockefeller, who just so happens to be the chairman of the Committee for Commerce, Science and Transportation, says he would support legislation that enabled information sharing. That won’t come until later down the road, however, and the Senate bill will probably once again look different from the House’s CISPA.

    It should be noted that bills like CISPA and CSA are actually kind of pointless. We now know that the NSA is collecting information on foreign threats and Americans alike through programs like PRISM. Leaked documents have also shown that the data collected by the agency can be used for cybersecurity purposes. Kind of makes the White House’s response to CISPA seem a little disingenuous in light of recent statements from the administration.

    But I digress, cybersecurity standards are incredibly important, and its encouraging to see the Senate only make them voluntary. It’s not like I don’t have faith in the National Institute for Standards and Technology, but mandatory standards are rarely a good thing when it comes to technology. The ever changing nature of it requires people that actually know what they’re doing to apply new standards as new threats emerge.