Full RSS Feed
Receive
the Free CMSWire NewsletterThis week, SAP brings business analytics to GRC, researchers in Germany say they have identified a security hole in Android, Autonomy has bought the digital assets of Iron Mountain, VMWare has been on the acquisition trail and Compliance 360 releases Universal Assessments.
SAP Releases EPM 10.0
Following major new releases in its business analytics portfolio in March, SAP (news, site) has announced the latest version of its enterprise performance management (EPM) solutions that aim to help companies ensure decisions and actions are aligned with business aims.
According to SAP, EPM 10.0 ensures that central corporate strategy and an understanding of risk guides all business decisions.
With new, shared user interfaces across many applications, learning curves are reduced and people can more quickly become productive with the tools. Among the new features are:
- Deeper integration between EPM and GRC applications for risk-adjusted planning capabilities
- Extended capabilities for financial consolidation, including consolidation monitoring, enhanced control and validation capabilities, incremental consolidation and new journal features
It also encompasses the new SAP BusinessObjects Disclosure Management application, designed to establish a collaborative, flexible and compliant process for filing financial and non-financial statements and regulatory disclosures, as well as corresponding extensible business reporting language (XBRL) submissions.
The new release uses a good deal of the functionality that we saw in the analytics release recently and that after only two months. SAP hasn’t really said where it will be going with this next, but has been busy recently with a whole range of releases, so we can reasonably expect to see more on this soon.
Is There a Hole in Android?
Researchers in Germany may have found what appears to be a considerable risk factor in using Android phones. In a recent blog post, researchers from the University of Ulm said they wanted to see if reports of impersonation attacks against Google services were possible.
“The short answer,” they said, “is yes, it is possible, and it is quite easy to do so. Further, the attack is not limited to Google Calendar and Contacts, but is theoretically feasible with all Google services using the ClientLogin authentication protocol for access to its data APIs."
In fact, the research says, 99% of Android devices are vulnerable to attack when they're used to log into a site on an unsecured network.
According to the research, devices running on Android 2.3.3 or older are vulnerable because of a faulty ClientLogin authentication protocol.
ClientLogin is used for authentication by installed applications and Android apps. Basically, to use ClientLogin, an application needs to request an authentication token from the Google service by passing an account name and password via a https connection.
However, if this authToken is used in requests send over unencrypted http, a hacker can easily sniff the authToken. Because the authToken is not bound to any session or device specific information the attacker can subsequently use the captured authToken to access any personal data.
The best protection at the moment is to avoid open Wi-Fi networks at all when using affected apps. If you’re interested in more, check out the blog post.
Continue reading this article:
Email It
