The first UEPS transaction was performed on Sunday, August 3, 2008, in Baghdad, Iraq, during the official launch of the UEPS smart card technology with the two state banks namely, Rafidain Bank and Rasheed Bank.

The official launch, attended by invitees from Rafidain Bank, Rasheed Bank, the Iraqi Government, War Victim Ministry and Martyrdom Ministry, demonstrated smart card registration, biometric enrolment and issuing of UEPS cards, offline loading of wage payments and government grants to the UEPS cards and dispensing of cash.

The pilot project involving 100,000 beneficiaries is now ready for implementation across selected bank branches and will enable the distribution and payment of government grants to war victims and martyrdom beneficiaries, as well as salary and wage distribution and payment to employees of the two state banks.

Brenda Stewart, Net1 Senior Vice President Sales and Marketing, said, "From the entire team at Net1, we congratulate the Iraqi consortium on this historic achievement and look forward to the successful implementation of the various projects already identified for implementation, as well as the projects currently in business development. Net1 is proud that the development of its core technology, from which it creates end-user products that satisfy the requirements of its customers, can change the way business is conducted leading to the improvement of people's lives. We share the belief of our Iraqi partners that our technology can play a fundamental role in the upliftment of the economy. The success of any technology should be measured, not only by the profits it generates for its inventors, suppliers and users, but also by the difference that it makes to the lives of people," Stewart concluded.

I have been preaching for some time about what I call complete NAC. That is a complete network access control solution, not just network admission control and certainly not end point access control.  It is not an evil plot to extend Cisco/Microsoft dominance and most importantly Richard, no one and let me say this again, no one has ever said that NAC negates the need for a layered security model.  NAC is just another layer in that model.  Richard’s comments deriding the .edu and .mil markets were also laughable.  Richard, have you ever heard the term military grade?  Are you seriously trying to say that enterprises take security more seriously than the military does?  Come on now Richard.

The bottom line is Joel Snyder is not only a sharp dude technically, but is street savvy enough to run circles around my friend Richard.  He made Richard stay focused on the question at hand, did not let him wander and so Richard had to face reality a bit. I am sure Richard will still say NAC is useless and will admonish people about hanging out with the likes of the StillSecure crowd, but I guess some things will just never change.  Except, I don’t think Richard will be in anymore of these bouts.  Maybe he can start selling a grill that takes the fat out of meat or perhaps a reality TV show like the other washed up palookas ?

I know many of you think I am like a pavlovian dog the way I respond to Richard Stiennon's anti-NAC vitirol.  After my last article, I really decided to just lay off Richard.  But just to show you that it is not me, I wanted to point out Richards recent attack on Grant Hartline, CTO of Mirage Networks.  Grant blogs and put up an article regarding the latest exchange between Richard and I.  Both Richard and I commented.  Check out Richards expective laced reply that I think shows just how unhinged he has become on this subject.  Richard rambles and stumbles taking shots at anyone he can.  I am telling you, he is really losing it.

In the meantime based on this, I am going to change my prediction on the great debate and say Joel Snyder in 2!

I am not sure what it is with Richard Stiennon.  Maybe his mom beat him with a NAC stick when he was young.  Hence his Jack Nicholson looks (more like the Joker in Batman, than Col Jessep in A Few Good Men) and his total disdain for NAC.  In any event Richard never seems to miss a chance to take a pot shot at NAC.  I have fired back and debated him many times on this.  In fact I am convinced that Richard's problem with NAC is that like Uncle Joe, he is just moving a little slow.  Richard still thinks of NAC as Cisco???s network admission control, circa Dec ???03.  He has not gotten up to speed on anything happening with NAC since.  Richard is going to debate NAC with Joel Snyder according to this article by Tim Greene today. My prediction is Snyder by a knockout in 3 rounds or less.

Richard???s latest NAC knock comes on a comment to an excellent article by the Hoff.  Chris takes a bold stand for someone working for a vendor and calls BS on the whole analyst thing (I will write more about that later in this article). Richard being an ex-analyst himself (lets face it, with Richard you can take the man out of the analyst job, but you can???t take the analyst out of the man), takes exception to Hoff???s ???whining??? (Richards words, not mine) and tries to tell Hoff that giving up is not the answer and the way to show up analysts, is to prove them wrong.  Great Richard you try to prove them wrong, when because of what they report you don???t have a market, can???t get any capital and have no visibility.  I guess that is when it is time to move on to the next gig, right? Then Richard has a bad NAC deja vu and feels it necessary to write this:

???Look how easy it is to one up the analyst firms, who as near as I can tell support Network Admission Control universally. Everyone except the folks at Updata Ventures know how seriously flawed NAC is with only one viable market, edu.???

I assume Richard is referring to Updata recently leading the Bradford Networks VC round. But more importantly Richard it is time to call a code red on you and give you the cold hard truth.  Richard the fact is that the edu market is not the only viable market for NAC.  In fact, one of the biggest customers of NAC is the DoD.  That is right Richard at least 3 of the 4 armed forces use NAC in helping to secure their networks. To paraphrase my friend Col Jessep - Richard, you want the truth, you can???t handle the truth!  You sleep securely under the blanket of protection that NAC provides.  If it is good enough to help ???clean the sand??? out of laptops coming home from SWA (that is SouthWest Asia, like in Iraq and Afghanistan, in case you don???t know Richard), it should be good enough for you. Think about that next time you are about to bad mouth NAC.

Let me give you some other truths you may not like Richard.  Why do you think every switch vendor (of which we partner with many of them) is lining up and bringing out NAC solutions?  Why has Microsoft put such a big push on NAP?  Why despite the Luddites like you does NAC still draw crowds at conferences like Interop (ask Joel about that).  Richard we are still signing new major OEM partners.  I am afraid you are the one sadly out of touch on this one Richard.  Just as you are out of touch in missing Hoff???s point in his article.

As to Hoff???s article, as I said I give Chris credit for speaking his mind. I spend an ungodly amount of my time speaking with analysts and trying to ???learn??? from them while at the same time trying to educate them.  I am constantly amazed that so many analysts (and press for that matter) just take a vendors word as gospel. I have seen research reports from analysts big and small, that I am sure did not have any more research done than calling a handful of vendors and listening to their spiel. Too many of these vendors if they do speak to customers, base their findings on such a small sample that it is impossible to have an accurate picture.

Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts.  Take the payola out of the equation the way they did to the DJ/Radio business in the late 50s. Next analyst reports have to come with metrics to back up the findings. I want to know how many customers they spoke to, how big they were, how they were found, etc.  A vendor giving an analyst a real live???pet??? customer is not real research. I want to know if the customer pays the analyst. It is a dirty business.

Hey let me be clear, I play the game as well as the next guy.  But I agree with Hoff we need to clean up the rules to make the whole analyst thing more fair, viable and valuable.

I am not sure what it is with Richard Stiennon.  Maybe his mom beat him with a NAC stick when he was young.  Hence his Jack Nicholson looks (more like the Joker in Batman, than Col Jessep in A Few Good Men) and his total disdain for NAC.  In any event Richard never seems to miss a chance to take a pot shot at NAC.  I have fired back and debated him many times on this.  In fact I am convinced that Richard's problem with NAC is that like Uncle Joe, he is just moving a little slow.  Richard still thinks of NAC as Cisco’s network admission control, circa Dec ‘03.  He has not gotten up to speed on anything happening with NAC since.  Richard is going to debate NAC with Joel Snyder according to this article by Tim Greene today. My prediction is Snyder by a knockout in 3 rounds or less.

Richard’s latest NAC knock comes on a comment to an excellent article by the Hoff.  Chris takes a bold stand for someone working for a vendor and calls BS on the whole analyst thing (I will write more about that later in this article). Richard being an ex-analyst himself (lets face it, with Richard you can take the man out of the analyst job, but you can’t take the analyst out of the man), takes exception to Hoff’s “whining” (Richards words, not mine) and tries to tell Hoff that giving up is not the answer and the way to show up analysts, is to prove them wrong.  Great Richard you try to prove them wrong, when because of what they report you don’t have a market, can’t get any capital and have no visibility.  I guess that is when it is time to move on to the next gig, right? Then Richard has a bad NAC deja vu and feels it necessary to write this:

“Look how easy it is to one up the analyst firms, who as near as I can tell support Network Admission Control universally. Everyone except the folks at Updata Ventures know how seriously flawed NAC is with only one viable market, edu.”

I assume Richard is referring to Updata recently leading the Bradford Networks VC round. But more importantly Richard it is time to call a code red on you and give you the cold hard truth.  Richard the fact is that the edu market is not the only viable market for NAC.  In fact, one of the biggest customers of NAC is the DoD.  That is right Richard at least 3 of the 4 armed forces use NAC in helping to secure their networks. To paraphrase my friend Col Jessep - Richard, you want the truth, you can’t handle the truth!  You sleep securely under the blanket of protection that NAC provides.  If it is good enough to help “clean the sand” out of laptops coming home from SWA (that is SouthWest Asia, like in Iraq and Afghanistan, in case you don’t know Richard), it should be good enough for you. Think about that next time you are about to bad mouth NAC.

Let me give you some other truths you may not like Richard.  Why do you think every switch vendor (of which we partner with many of them) is lining up and bringing out NAC solutions?  Why has Microsoft put such a big push on NAP?  Why despite the Luddites like you does NAC still draw crowds at conferences like Interop (ask Joel about that).  Richard we are still signing new major OEM partners.  I am afraid you are the one sadly out of touch on this one Richard.  Just as you are out of touch in missing Hoff’s point in his article.

As to Hoff’s article, as I said I give Chris credit for speaking his mind. I spend an ungodly amount of my time speaking with analysts and trying to “learn” from them while at the same time trying to educate them.  I am constantly amazed that so many analysts (and press for that matter) just take a vendors word as gospel. I have seen research reports from analysts big and small, that I am sure did not have any more research done than calling a handful of vendors and listening to their spiel. Too many of these vendors if they do speak to customers, base their findings on such a small sample that it is impossible to have an accurate picture.

Personally, like Hoff says, who watches the watchers is the truth. I would like to see a code of conduct among analysts. I would start by dictating that vendors cannot pay analysts.  Take the payola out of the equation the way they did to the DJ/Radio business in the late 50s. Next analyst reports have to come with metrics to back up the findings. I want to know how many customers they spoke to, how big they were, how they were found, etc.  A vendor giving an analyst a real live“pet” customer is not real research. I want to know if the customer pays the analyst. It is a dirty business.

Hey let me be clear, I play the game as well as the next guy.  But I agree with Hoff we need to clean up the rules to make the whole analyst thing more fair, viable and valuable.

With the release of Firefox 3.0 there has been a bit of controversy over how it handles self-signed certificates.  It seems that Firefox makes it difficult to use self-signed certificates and some people are complaining about it.  Here at StillSecure we use self-signed certs in our products and we had to change how we do things to make it work.  However, there are than people like Lauren Weinstein who says that this is a step backward for Firefox because it makes it harder to send encrypted traffic. While I understand that it does make it harder, I think Lauren misses the forest for the trees here.  The whole point of certificates are to prove identity. In fact they are called identity certificates. 

The underlying reason for certificates is to ensure that the identity of the person or entity sending it is in fact genuine. It enables the the encryption function.  In Weinstein's rant, somehow he has this bass akwards. Identity is secondary to encryption.  He says, "Firefox is now putting so much emphasis on identity confirmation".  For good reason I say!  If we allow the whole idea of identity certs to be subverted for ease of encryption we are opening ourselves up to a whole range of bad things like phishing attacks, man in the middle, etc..

I say in our fervor to encrypt everything, lets not forget the importance of trust of identity that certificates enable.  Without that the whole system crumbles.  Now that being said, I agree that Firefox's GUI around handling these certificates could be better. It appears to be confusing to say the least.  But again we can fix that without sacrificing the validity of certificates.

I should mention that I ran some of my ideas on this issue by Joel Snyder and StillSecure's own Andrew Grealy. 

With the release of Firefox 3.0 there has been a bit of controversy over how it handles self-signed certificates.  It seems that Firefox makes it difficult to use self-signed certificates and some people are complaining about it.  Here at StillSecure we use self-signed certs in our products and we had to change how we do things to make it work.  However, there are than people like Lauren Weinstein who says that this is a step backward for Firefox because it makes it harder to send encrypted traffic. While I understand that it does make it harder, I think Lauren misses the forest for the trees here.  The whole point of certificates are to prove identity. In fact they are called identity certificates. 

The underlying reason for certificates is to ensure that the identity of the person or entity sending it is in fact genuine. It enables the the encryption function.  In Weinstein's rant, somehow he has this bass akwards. Identity is secondary to encryption.  He says, "Firefox is now putting so much emphasis on identity confirmation".  For good reason I say!  If we allow the whole idea of identity certs to be subverted for ease of encryption we are opening ourselves up to a whole range of bad things like phishing attacks, man in the middle, etc..

I say in our fervor to encrypt everything, lets not forget the importance of trust of identity that certificates enable.  Without that the whole system crumbles.  Now that being said, I agree that Firefox's GUI around handling these certificates could be better. It appears to be confusing to say the least.  But again we can fix that without sacrificing the validity of certificates.

I should mention that I ran some of my ideas on this issue by Joel Snyder and StillSecure's own Andrew Grealy.