iPhone apps run background checks on your date

In a move that is sure to make playboys everywhere nervous, Internet company PeopleFinders has created two iPhone applications that let users perform background checks on their potential dates. PeopleFinders President and COO Bryce Lane says his company collects data from "thousands of sources" across the country from "federal governments to the very smallest city governments." He says the company then uses algorithms to sort through the data and make comprehensive files that will give users a reliable picture of who the person is. Five qualities of a great iPhone app  The apps, known as "Stud or Dud?" and "Are They Really Single?", utilize data culled from countless public records to give users a more complete picture of whom they're going out with. From there, the data is placed in PeopleFinders' database and is put up for sale.

From there, the program gives you a list of potential matches to choose from. While both of the applications the company debuted today cost a mere $0.99 to download, users can only access records by either paying $9.95 per record or by paying an annual subscription fee of $24.95. In the case of "Stud or Dud?" users have the option of using simply by a person's first and last name, by their age and hometown, or by their phone number. Once the user thinks they've found their match, they can then access all of PeopleFinders' records on them and learn whether they own property, whether they have a stable address history, whether they've ever gone bankrupt, whether they're married or are in a possible relationship and whether they have a criminal background or are registered as a sex offender. Lane says that like any search engine, "Stud or Dud?" will work better the more information you put into it. Lane cautions, however, that the program cannot guarantee 100% that all of its information is accurate, especially in cases where the person you're searching for has a relatively common name.

If "Stud or Dud?" is meant to be a comprehensive background check, the "Are They Really Single?" app is more tailored to answering the specific question of whether someone is either married or potentially in a long-term relationship. Much like "Stud or Dud?" the app combs through thousands of marriage records, divorce records, common addresses and wedding dates to provide users with information about whether the person they're seeing is really single. It could surely make those with philandering lifestyles like that of Mad Men's Don Draper  more than a tad nervous. Lane says PeopleFinders decided to debut this application on the iPhone because it was the most popular consumer-focused device on the market and because the App Store had the greatest reach of any other application market. However, he says people should be aware that this information is all public and that anyone can find it if they're really determined. "We take people out if they request it but we really do acquire our data from purely public places," he says. "The population that calls us the most are usually the criminals who want to hide fact that they've murdered someone or something." If the application is successful in its iPhone incarnation, he says the company will explore bringing it to other mobile operating systems, such as BlackBerry or Palm's webOS. When asked about privacy issues PeopleFinders' two apps could raise, Lane says the company will take anyone out of its databases who requests to be deleted.

Data masking secures sensitive data in non-production environments

Last week's article covered the topic of protecting data in databases from the inside out. This week's article takes look at data masking, which another way to protect sensitive data, especially as it is being copied and used in the development and testing of applications.  Data masking is the process of de-identifying (masking) specific elements within data stores by applying one-way algorithms to the data. That is, watching every action involving data as it happens, and promptly halting improper actions.

The process ensures that sensitive data is replaced with realistic but not real data; for example, scrambling the digits in a Social Security number while preserving the data format. If you don't think this is important, consider what happened to Wal-Mart a few years ago. The one-way nature of the algorithm means there is no need to maintain keys to restore the data as you would with encryption or tokenization. 10 woeful tales of data gone missing Data masking is typically done while provisioning non-production environments so that copies of data created to support test and development processes are not exposing sensitive information. Wired.com reports that Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain's point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe. Wal-Mart at the time produced some of its own software, and one team of programmers was tasked with coding the company's point-of-sale system for processing credit and debit card transactions. Many computers the hackers targeted belonged to company programmers.

This was the team the intruders targeted and successfully hacked. According to Gartner, more than 80%t of companies are using production sensitive data for non-production activities such as in-house development, outsourced or off-shored development, testing, quality assurance and pilot programs. Wal-Mart's situation may not be unique. The need for data masking is largely being driven by regulatory compliance requirements that mandate the protection of sensitive information and personally identifiable information (PII). For instance, the Data Protection Directive implemented in 1995 by the European Commission strictly regulates the processing of personal data within the European Union. U.S. regulations such as the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) also call for protection of sensitive financial and personal data. Multinational corporations operating in Europe must observe this directive or face large fines if they are found in violation.

Worldwide, the Payment Card Industry Data Security Standard (PCI DSS) requires strict security for cardholder data. That means companies must address their use of cardholder data for quality assurance, testing, application development and outsourced systems - and not just for production systems. In order to achieve full PCI compliance, organizations must protect data in every system that uses credit card data. In the Wal-Mart case discussed above, the retailer failed to meet the PCI standard for data security by not securing data in the development environment. A lack of processes and technology to protect data in non-production environments can leave the company open to data theft or exposure and regulatory non-compliance.

Many large organizations are concerned about their risk posture in the development environment, especially as development is outsourced or sent offshore. Data masking is an effective way to reduce enterprise risk. And while encryption is a viable security measure for production data, encryption is too costly and has too much overhead to be used in non-production environments. Development and test environments are rarely as secure as production, and there's no reason developers should have access to sensitive data. Many database vendors offer a data masking tool as part of their solution suites.

An alternative solution is to use a vendor-neutral masking tool. These tools, however, tend to work only on databases from a specific vendor. Dataguise is one of the leading vendors in the nascent market of data masking. So, even if someone has copied data to a spreadsheet on his PC, dgdiscover can find it. The dataguise solution has two complementary modules. dgdiscover is a discovery tool that searches your environment (including endpoints) to find sensitive data in structured and unstructured repositories.

This can be a valuable time-saving tool as data tends to be copied to more places, especially as virtual environments grow and new application instances can be deployed on demand. dgdiscover also can be used to support audits and create awareness of data repositories. Dgmasker works in heterogeneous environments and eliminates the common practice of having DBAs create masking techniques and algorithms. The second dataguise module is dgmasker, a tool that automatically masks sensitive data using a one-way process that can't be reverse engineered. The tool preserves relational integrity between tables/remote databases and generates data that complies with your business rules for application comparability. Instead, dgmasker obfuscates the real data so that it cannot be recovered by anyone - insider or outsider - who gains access to the masked data.

In short, you have all the benefits of using your actual production data without using the real data. Data masking is an effective tool in an overall data security program. Each of these technologies plays an important role in securing data in production environments; however, for non-production environments, data masking is becoming a best practice for securing sensitive data. You can employ data masking in parallel with other data security controls such as access controls, encryption, monitoring and review/auditing.

Enterprise business again helps Juniper Networks blow past Q4 estimates

Enterprise network business once again helped drive Juniper Networks to better-than-expected quarterly results. Juniper also beat expectations in Q3 thanks in large part to its enterprise business. The company posted Q4 revenue and earnings well ahead of Wall Street expectations. Full year revenue and earnings were down from last year though, with profits dropping 22%. For the quarter ended Dec. 31, Juniper posted revenue of $941.5 million and earnings of $173.7 million.

Juniper Networks: A brief history Fourth quarter revenue increased 2% from the same period a year ago while earnings, on a per share basis, were flat. Analysts expected revenue of $885 million and earnings of slightly over $141 million, according to Thomson Financial. Early in the quarter, Juniper made what it said was the biggest announcement in its history, a wide-ranging vision and product splash in which the Cisco rival touted "The New Network." For the twelve months ended Dec. 31, Juniper's revenue decreased 7% on a year-over-year basis to $3.32 billion. We've come a long way from uncertainty of a year ago. Net income, excluding expenses, charges and other items, was $491.5 million, a 22% drop on an earnings per share basis from 2008's profit. "We finished 2009 on a very strong note," said CEO Kevin Johnson in a conference call on the results. "It's a good indication that the macro [economic] environment continues to improve. Visibility is good in the enterprise market and we continue to take share.

For the full year, it was up 11%. The company's service provider business nudged up 1% in the quarter but fell 14% for the year. Visibility is improving in service provider." Juniper's Enterprise business was up 5% in the quarter from a year ago. The shift for the company, traditionally a strong player in service provider infrastructure, indicates the increasing focus and reliance on enterprise sales for Juniper's success. The company's Service Layer Technologies group, which includes security products, among others, was up 11% in the quarter and up 3% for the year. Juniper's Infrastructure Products Group – mostly service provider routers – realized a 1% drop in sales for the quarter and was down 10% for the year.

Online test helps you self-diagnose H1N1 flu

Feeling sick? Face it, your doctor may not be able to squeeze you right in. Wondering if it's the H1N1 flu or just a regular old go-away-don't-come-near-me, flu?

But you may be able to figure it out using a Web-based self-assessment tool developed by researchers at Emory University in Atlanta. Have you been short of breath? The tool is now available on several national Web sites, including flu.gov , the Centers for Disease Control and Prevention (CDC), and Microsoft's H1N1 Response Center . The online test includes questions like, do you have a fever? Do you have a pain or pressure in your chest that you didn't have before? The H1N1 flu , also widely known as the swine flu, is a fairly new influenza virus that has spread around the world.

Were you feeling better and now a fever or cough is returning? The CDC reports that it first appeared in the United States this past April. With concerns about the new flu running high , health care providers expect to get slammed with a mounting wave of people rushing in to find out if they have the H1N1 virus. By June 11, the World Health Organization categorized it as a pandemic . Because its extremely contagious, hospitals and health care workers have been bracing for the H1N1 to hit hard this fall. The online test, dubbed the Strategy for Off-Site Rapid Triage, is designed to help a lot of people figure out if they need to see their doctor or go to a hospital. "This Web site is carefully designed to encourage those who are severely ill, and those at increased risk for serious illness, to contact their doctor, while reassuring large numbers of people with a mild illness that it is safe to recover at home," Arthur Kellermann, professor of emergency medicine and an associate dean at the Emory School of Medicine, said in a statement. "Hopefully, providing easy-to-understand information to the public will reduce the number of people who are needlessly exposed to H1N1 influenza in crowded clinic and ER waiting rooms, and allow America's doctors and nurses to focus their attention on those who need us most."