May 31, 2011

Report slams outdated ANZ Bank systems | The Australian

AN internal review of ANZ Bank's ageing technology has revealed the first true picture of the shambolic nature of the organisation's IT systems.

The review highlights many issues that might be detrimental to the business, including operational risks, data inconsistencies and business continuity problems.

The weaknesses could even stymie chief executive Mike Smith's ambitious plan to turn the institution into a "super-regional bank", sources said.

They said there was a wide gap between Mr Smith's aspirations and the lack of investment in technology procurement. The report on the bank's corporate centre enterprise resource planning systems, released last month, was prepared by Accenture on behalf of ANZ. In a section dubbed "Risk pain points", it shows that the bank's risk system is unable to calculate off-balance-sheet exposures.

Such data enables a company to assess the amount of risk it faces when, for example, it acquires a minority stake in a foreign-based government-owned entity.

Under "finance pain points" it says ANZ's current systems are unable to meet regulatory requirements and flag inefficiencies in the integrity of bank data. "Data is inaccurate and unreliable and manual intervention is required from source," the report, obtained by The Australian, says. "The current capital forecasting system in Treasury is inaccurate and requires standardisation.

"Chart of accounts is complex and inefficient and does not allow transparent and accurate reporting and decision making."

The analysis shows that ANZ's manual use of the Microsoft Excel spreadsheet software to manage financial information "lacks automation, accuracy and appropriate controls". The finance system's charts of accounts are "complex and inefficient (and) current process and systems are complex and inefficient", the report says.

It also says that ANZ's human resources system has its own set of pain points, adding that there is a risk of legal and regulatory non-compliance as a result of the lack of process controls with human resources systems. Asked what was being done to resolve the pain points highlighed in the report, an ANZ spokesman admitted that current systems were "not overly efficient".

The spokesman said the corporate centre ERP "program is designed to improve the way we run the bank as we evolve from a mainly domestic bank to a super-regional bank with significant operations in 32 countries".

"There are existing processes for each of the 'pain points' and these are both effective and accurate. It's fair to say, however, that they are not overly efficient and the aim of the program is to identify where we can use technology to automate processes." The bank's legacy human resources and finance platforms run on Oracle, while its risk software is from Fermat, which is owned by Moody's Investors Service. The bank is one of Oracle's largest customers in Australia.

Sources close to the bank said morale was low in the technology department as key investments to update finance, risk and human resources systems continued to be stymied. For example, in November, the technology team had recommended that new Oracle Exadata boxes be purchased to vastly improve its ERP system performance.

May 29, 2011

Why bungy jump when you can fly Air France Airbus?

.HE was one of Air France's "company babies": a dashing 32-year-old junior pilot - and a keen amateur yachtsman - who had been qualified to fly the airline's ultra-sophisticated Airbus A330 jet for barely a year.
Yet despite his inexperience, Pierre-Cedric Bonin found himself responsible for the lives of 228 passengers and crew members on June 1, 2009, when the cockpit of his $190 million aircraft lit up with terrifying and contradictory alarm signals en route from Rio de Janeiro to Paris.  While Bonin held on to the plane's “side-stick” controller and looked at his instruments in disbelief, his co-pilot, David Robert, 37, began troubleshooting. The captain, Marc Dubois, 58, was napping outside the cockpit.
According to a newly-released report by French investigators - which finally answers some of the questions surrounding the mystery of Flight 447 - a fatal sequence of events had already been triggered when the plane's external speed sensors suddenly gave inconsistent readings, possibly because of ice.
This is thought to have caused the autopilot to disengage, which in turn brought warning of an “aerodynamic stall”.  That is when Bonin - who remained at the controls while Robert shouted with increasing desperation for the captain - did something that aviation experts have described as inexplicable: he pointed the nose of the Airbus upwards, causing it to slow down dramatically. He kept doing this for at least one minute until the plane had climbed 3,000ft to 38,000ft.

This one rudimentary mistake, according to the initial findings of France's aviation safety authority, might have been responsible for the aircraft no longer having enough air flow over its wings to remain aloft, although no blame has yet been officially assigned.
Regardless of fault, the aviation authority says data from Flight 447's “black box” recorders show it suffered an irrecoverable stall over the Atlantic, meaning the plane fell out of the sky after a sickening 40-degree roll. Bonin's wife, Isabelle, was among those who died in the main cabin. Their two children were at home with their grandfather.
The question being asked in the industry is why, given that there was a 50,000ft thunderstorm near the plane's flight path, the youngest of the three pilots, with the least flying time, was at the controls.
“It seems as though they were just clueless,” says Mike Doerr, a former Airbus A320 captain who charters private jets in California. “The response to the invalid speed data doesn't make any sense unless they also had a Mach warning (that the plane was going faster than its mechanical limits).”
So far, there has been no such evidence. At night and in bad weather, however, there is also the possibility the pilots had become disoriented, or did not know which instruments to believe and therefore which warnings to prioritise.
“I don't have any more indications,”
“ Bonin is heard saying on the cockpit voice recorder, his voice still calm.
In a statement, Air France said its pilots “demonstrated a totally professional attitude and were committed to carrying out their task to the very end”.
Doerr said he doubted that American pilots, who typically come from military backgrounds, would have been overwhelmed. “The European airlines select people with virtually no flight time at all and train them pretty much from the ground up,” he said.
“They are 'company babies' who rise up through the organisation. Whereas if you get your experience in the navy or air force, there's an emphasis on trial by fire.”
Online criticism has been even blunter. “It seems reasonable to conclude that the instruments failed then the pilots screwed up,” wrote Henry Blodget, an influential former Wall Street analyst, on his US website Business Insider. “First thing you learn in flight school is when there is any question about having enough airspeed, you push the nose down.”
Others agreed. “An inexcusable, arrogant waste of life,” wrote one commentator, while another offered: “At 37,000ft, it shouldn't be terribly tough to recover from a stall. Push the nose down, gain some speed, then level the damn thing out and try to figure out what the hell just happened.”
..In the final chaotic moments, both Bonin and his co-pilot attempted to simultaneously operate their side-sticks, before the 32-year-old seemed to give up. “Go ahead, you have the controls,” were his last words, possibly directed to the captain, who had woken up and rushed into the cockpit, but was too late to do anything.

May 25, 2011

Euro could go the way of British pound in 1992 | The Australian

PREDICTING the direction of currencies is a mug's game.
Still, if you have billions at your disposal it can be a very lucrative one -- as the world found out when George Soros famously took a billion-dollar bet against the British pound in September 1992 and won.
This year again will see billions won or lost on the direction of currencies.
Foreign exchange markets trade on an imperfect slew of data, second-guessing the direction sovereign states and central banks will take with monetary and fiscal policies.
And none is more imperfect than Europe.
What was once supposed to unite Europe is now dividing it. The fiscal disaster in Greece is something not readily contained thanks to the unifying characteristic of the euro, once a symbol of the strength of a newly united continent.
Just a few years ago the euro was bounding higher against the US dollar.
Now, even against a weakened greenback, the euro is falling as hedge funds and others lay quite sensible bets that more bad news is coming on the continent as the sovereign debt storm rolls on.
In Australia, it is a different story as our dollar soars. Now the guessing game is on as to just how high the Aussie will go.
For every piece of research confidently predicting the Australian dollar might soar to as high as $US1.70, you can find another view indicating that perhaps the currency is at its apogee.
And in the past few weeks there have been a number of indicators that the latter view may prevail -- buying your overseas currency now before your holiday could be a sensible move.
Australia's proxy position as a play on the Chinese economic growth story is a key driver of the local currency.
The dollar's strong performance -- up more than 30 per cent from lows in the past year against the greenback -- is partly explained by the commodities boom. But similar commodity-linked currencies such as the South African rand and the Canadian dollar have followed a different path.

May 22, 2011

Warning of power bills to double within six years

One of Australia's largest home and business electricity suppliers, TRUenergy, has warned that household power bills will double in six years after a carbon price is introduced and uncertainty over its implementation might lead to power shortages.
The gas and electricity giant's chief executive, Richard McIndoe, said uncertainty over what the long-term carbon price might be has stalled capital investment in the industry and halted construction of new power stations.
"Capital is not being invested so we haven't seen new power stations built," Mr McIndoe told ABC TV today.
Electricity regulator Australian Energy Market Operator [AEMO] had forecast shortages of baseload power for Queensland in 2013 and 2014, with Victoria and NSW experiencing shortages in 2015 and 2016, he said.
"Given the timeframe for building new power stations, we're concerned that we need that certainty today so we can build power stations to meet that coming gap in the market," Mr McIndoe said.
He said that gap had resulted in electricity prices rising by 40 per cent in the past three years as a result of network investment.
Rising fuel and gas prices would cause them to increase by another 30 per cent over the next three years, Mr McIndoe said.
The mooted carbon tax of between $20 and $25 a tonne of emissions would not change industry behaviour but would double electricity bills for households over six years given the 30 per cent rise, he said.

May 19, 2011

Google rolls out a security patch for android to fix an encryption hole- The Inquirer

Google rolls out a security patch for Android to fix an encryption hole

99 per cent of users were at risk
Thu May 19 2011, 13:11
SOFTWARE DEVELOPER Google is rolling out a security patch for Android that fixes a vulnerability reported to have affected 99 per cent of users.
The patch fixes an issue flagged by German security experts that could allow hackers to look at personal information in the Google calendar and contacts apps.
The University of Ulm researchers said that in Android 2.3.3 and earlier these apps transmitted unencrypted information to retrieve an authentication token, or Authtoken, from Google. This left an opening where criminals could steal the token through WiFi snooping.
Once a hacker had one of these Authtokens, they could use it for several days, accessing your private information and potentially impersonating an individual smartphone. In Android 2.3.4 this flaw is fixed, but it was mentioned that 99 per cent of Android users were still using versions 2.3.3 and earlier, which meant they were all at risk.
But now Google is updating all of the endangered handsets with a silent server-side patch that won't require any action by Android users, forcing servers to use an encrypted HTTPS connection when syncing with a handset.
A Google spokesperson said, "We're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days."
Sophos security consultant Graham Cluley praised Google's actions but added, "Concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates." ยต

Read more: http://www.theinquirer.net/inquirer/news/2072288/google-rolls-security-patch-android-fix-encryption-hole#ixzz1MnppErs3
The Inquirer - Computer hardware news and downloads. Visit the download store today.

May 17, 2011

Obesity's 'master switch: scientists find the gene behind weight problems

Obesity epidemic ... the new discovery should help in the search for treatments to counter diabetes and cholesterol.

More than half a billion people, or one in 10 adults worldwide, are obese and the numbers have doubled since the 1980s as the obesity epidemic has spilled over from wealthy into poorer nations.
In the United States, obesity-related diseases already account for nearly 10 percent of medical spending -- an estimated $147 billion a year.
Type 2 diabetes, which is often linked to poor diet and lack of exercise, is also reaching epidemic levels worldwide as rates of obesity rise.
Scientists have already identified a gene called KLF14 as being linked to type 2 diabetes and cholesterol levels, but until now they did not know what role it played.
Spector's team analyzed more than 20,000 genes in fat samples taken from under the skin of 800 British female twin volunteers. They found a link between the KLF14 gene and the levels of many other distant genes found in fat tissue, showing that KLF14 acts as a master switch to control these genes.
They then confirmed their findings in 600 fat samples from a separate group of people from Iceland.
In a report of their study, the researchers explained that other genes found to be controlled by KLF14 are linked to a range of metabolic traits, including body mass index, obesity, cholesterol, insulin and glucose levels.
"KLF14 seems to act as a master switch controlling processes that connect changes in the behavior of subcutaneous fat to disturbances in muscle and liver that contribute to diabetes and other conditions," said Mark McCarthy from Britain's Oxford University, who also worked on the study.
"We are working hard...to understand these processes and how we can use this information to improve treatment of these conditions."

How security chief's bank details leaked

Security firm Symantec's Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws.
The security chief, Craig Scroggie, told of his experience at a Symantec roundtable discussion in Sydney last week which revealed the average cost of a data breach to Australian companies was $2 million.
He said the government should implement Australian Law Reform Commissioner (ALRC) recommendations requiring companies to notify customers when a data breach has occurred, but raised questions over how it could be enforced.

Such laws would require an organisation to notify individuals if, for example, their username, password or credit card details had been breached by a hacker. The government has been criticised for failing to implement these laws despite sitting on recommendations for them since 2008.
In a phone interview the Home Affairs Minister, Brendan O'Connor, said the government had responded to 197 of the 295 recommendations stemming from the ALRC's privacy law review, which he said was "War and Peace in size".
He said the government would decide soon whether to implement mandatory data breach notification laws and other provisions that would, for instance, give the Australian Privacy Commissioner powers to fine companies for breaches.
"I accept that there is a public expectation that the government is responding to concerns about privacy breaches," Mr O'Connor said, adding the recent Sony PlayStation Network hack showed there was a need for new rules forcing companies to notify customers of breaches in a "timely fashion".
"We are dealing with some very significant issues but I have sought advice to see whether we can engage more quickly on this issue, but even if we were to try to bring forward this matter, it will need significant consultation because this has to be done in partnership with industry," Mr O'Connor said.
'Spiky' issue
Enforcing such laws was a "spiky" issue for the federal government, Mr Scroggie said, as it would most likely reveal embarrassing data breaches occurring within the government itself.
"Their own capacity to comply will be tested," he said. "They'll need to think about their own personal level of preparedness."
His view on the Australian Law Reform Commission's recommendations to enforce a mandatory data breach scheme remained "the same and have not changed", he said.
"Organisations [that] breach the personal or confidential trust of information of a customer should be required to notify the individual and should be required to take remedial action and notify the government and the individual of the action taken."
Restaurant leak
Scroggie's credit card data was leaked via email when a Melbourne restaurant at which he was a member attempted to have its summer menu sent out to clients. But instead of attaching the menu, it sent out the client database (unencrypted) to members.

May 14, 2011

Cost of a data breach climbs higher - Dr. Ponemon's blog

Most privacy advocates and people in the data protection community believe that data breach costs will start coming down eventually because consumers will become somewhat immune to data breach news. The idea is that data breach notifications will become so commonplace that customers just won’t care anymore.
But, that hasn’t happened yet. The latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it.
It’s not only direct costs of a data breach, such as notification and legal defense costs that impact the bottom line for companies, but also indirect costs like lost customer business due to abnormal churn. This year’s study showed some very interesting results. In my view, there are a few standout trends.
Rapid response to data breach costs more. For the second year, we’ve seen companies that quickly respond to data breaches pay more than companies that take longer. This year, they paid 54 percent more.
Fueling this rush to notify is compliance with regulations like HIPAA and the HITECH Act and the numerous state data breach notification laws. It seems that U.S. companies have this urgency to just get the notification process over with. Unfortunately, these companies are in such a hurry to do the right thing and notify victims that they end up over-notifying. This causes customers who are not actually at risk to lose trust in the company and abnormal customer churn increases. Companies that take a more surgical approach and spend the time on forensics to detect which customers are actually at risk and require notification, ultimately spend less on data breaches.
Malicious or criminal attacks are causing more breaches. This year malicious attacks were the root cause of 31 percent of the data breaches studied. This is up from 24 percent in 2009 and 12 percent in 2008. The significant jump in malicious attacks over the past two years is certainly indicative of the worsening threat environment. Malicious attacks come from both outside and inside the organization, ranging from data-stealing malware to social engineering.
What’s more, these data breaches are the most expensive. Malicious attacks create more costs because they are harder to detect, the investigation is more involved and they are more difficult to contain and remediate. Another reason malicious attacks are so expensive is the criminal is out to monetize their work; they’re trying to profit off the breach.
However, it’s not always the bad guys doing bad things that cause data breaches. It’s often your best employees making silly mistakes. Negligence is still the leading cause of data breaches at 41 percent.
There is good news. Companies are more proactively protecting themselves from malicious threats. Three response characteristics increased in frequency: the number of organizations responding quickly (within 30 days), those putting CISOs in charge of data breach response, and those with an above-average IT security posture. Moreover, breaches due to systems failures, lost or stolen devices and third-party mistakes all fell. And, average detection and escalation costs went up by 72 percent, suggesting that companies are investing more resources in prevention and detection. Taken together, these figures may indicate organizations are taking more active steps to thwart hostile attacks.
So, what’s a company to do with all of this data breach cost information? Calculate your potential cost of a data breach. This year, in conjunction with the report, Symantec and the Ponemon Institute have launched the Data Breach Risk Calculator. This free online tool let’s companies connect the dots between all of this research and what it really means to them. The Data Breach Risk Calculator lets you estimate how a data breach could impact your company. You can check it out at www.databreachcalculator.com

Posted by Dr. Larry Ponemon at 10:00 am

May 4, 2011

Popular Australian e-commerce fraud suburbs revealed

New data collated from about 2 million Australian credit and debit cards reveals the popular suburbs in which e-commerce fraud has been attempted, using internet-connected computers.
E-commerce fraud involves a criminal using a stolen credit or debit card to buy goods online. The computers in the suburbs listed are either being used by an actual fraudster sitting at the terminal or remote fraudsters who have infected machines within that suburb.
The data, released by security company RSA to Fairfax, publisher of this website, showed Queensland was the hot spot for e-commerce fraud in Australia during the January to March reporting period, which used data collected from about 2 million Visa and MasterCard credit and debit cards.

Victoria, New South Wales and Western Australia were the second, third and fourth most popular states after Queensland, RSA data showed. Both MasterCard and Visa were RSA clients, RSA spokesman Mason Hooper said.

In NSW the suburb of Fairfield accounted for 6.9 per cent of the state's e-commerce fraud. Gosford (5.4 per cent), Hurstville (2.1 per cent), North Ryde (2 per cent), Hay (1.5 per cent), Sydney (1.1 per cent) and Mascot (1 per cent) were also also among the top-ranked NSW suburbs in which e-commerce fraud was committed.

The Victorian suburb of Sunshine accounted for 3.1 per cent of the state's e-commerce fraud, Melbourne (1.1 per cent), Sunbury (0.7 per cent), Burwood East (0.3 per cent) and Burwood (0.2 per cent).

In Queensland the suburb of Sandgate accounted for 2.6 per cent of the state's e-commerce fraud followed by Brisbane (1.6 per cent), the Sunshine Coast (0.8 per cent) and Ipswich (0.6 per cent).

Popular goods attempted to be purchased using stolen credit or debit card details often included iPhones, iPads, laptops and other computer hardware, as well as plane tickets, Mr Hooper said, adding: "We see a lot of fraud in the air travel space."

A person's credit or debit card information was usually stolen by a fraudster "phishing" for it or a victim unknowingly installing what is known as a "Trojan" virus on their computer.

Phishing can occur when a fraudster sends a victim an email that appears to look as though it's come from a bank. It usually asks the victim to "verify" their details by clicking on a link and entering their credit or debit card details. Banks will never ask customers to supply these details online.

If the details are filled out and submitted, the victim essentially hands over their details to the fraudster instead of to their bank, allowing the fraudster to perform what is known as a card-not-present transaction to buy goods using the internet with the card information they have obtained.

A Trojan on the other hand, such as Zeus or SpyEye, can be used by hackers to steal information from a compromised computer. It usually takes advantage of security flaws in web browsers when a victim visits a compromised website that is used to install the Trojan.

Trojan-infected computers are also used by fraudsters to render a credit or debit card transaction anonymous, which is why many of the top-ranked suburbs were not necessarily crime hot spots, but where victims of Trojan-infected computers lived, Mr Hooper said.

Tapping into a Trojan-infected computer allows a fraudster to become untraceable, using the victim's IP address - the unique sequence of numbers assigned to each computer, website or other internet-connected device - instead of their own.

"So we find out via IP address location [of suburbs]," Mr Hooper said. "Which ... means that it could be the actual fraudster sitting at the end of that IP address or it could be someone proxying though an infected machine. And there's no real way to break that down."

Mr Hooper said there was "definitely a correlation between high-crime areas and online fraud". He said he expected that "a lot" of the 6.9 per cent of e-commerce fraud being committed at Fairfield during the reporting period was "genuine" and not fraudsters using victims' computers in that suburb "because there's a lot of ... crime out in [Sydney's western suburbs] ... so it's not surprising to see genuine fraud attempts out in those areas".

He also said Mascot, which is near Sydney Airport, would be where "you'd get a lot of fraud attempts on public machines", especially on internet cafe computers at the airport.

"If you're a fraudster then you don't want to be caught, so it's better if you're going to commit fraud ... to do it from public Wi-Fi or from a public machine," Mr Hooper explained.


May 2, 2011

Depressed staff in tolerance battle | The Australian

"Only 51 per cent of professionals are comfortable managing the work performance of someone with depression or an anxiety disorder, and only 61 per cent feel comfortable working with a colleague who has a mental health condition," beyondblue deputy chief executive officer Clare Shann said.

"The results of the survey show quite a high awareness of the nature of depression and its impact on work, which is great," she told The Australian.

"But we don't see that same pattern around anxiety disorders, which are twice as common as depression in the workplace."

The report finds only one in three professionals know anxiety disorders such as obsessive compulsive disorder or post-traumatic stress disorder are more common than depression.

And it notes young people are less tolerant of those with the mental health issues that afflict more than three million Australians every year. "Professionals aged 20-29 were consistently more likely to hold stigmatising views about people with depression," the report says.

Ms Shann said the report showed those professionals who had undergone training in how to respond to mental illness in the workplace were more confident about handling employees or co-workers with depression or anxiety issues. "Yes that training has a cost, but there is a very significant cost of doing nothing.

"Depression costs the Australian economy $12 billion a year in lost productivity and employment related costs."