This article peaked my interest earlier today given I’ve spent the last 8 years building host intrusion prevention system for a living.
http://www.pcworld.com/businesscenter/article/154378/microsoft_yanks_fake_security_software.html
While we have to applaud Microsoft for cleaning up nearly one million systems infected with W32/FakeSecSen, otherwise known as "Advanced Antivirus," "Spyware Preventer," and many other fake names, don’t we also have to ask why such large-scale infections are still occurring?
As my Gran always use to say "Prevention is better than cure".
Fake security programs have been a major arsenal for the cybercriminal as far back as 2004, helping the criminal deliver countless Trojan’s, Spyware programs and enabling phishing attacks. The interest to the team at PINoptic is the report in June 2008, MSRT sniffed out 1.2 million PCs infected with a family of password stealers.
Implementing a one-time password solution removes the threat of password stealers, especially where you have server side authentication for web applications.
Corporate and consumers alike spent vast sums on complex security applications which fail constantly to deliver the protection required. Programs which generally degrade system performance and take 10 hours to scan systems are not providing the security required, yet still they are top priority for security budgets.
It’s interesting in the case of password security how little is implemented other then “implement best practices” policies relying on users not to implement weak passwords or disclose them to friends and family. Simple one-time password authentication solutions are readily available but few IT solutions make use of this technology.
At PINoptic we aim to address this through the use of a simple visual approach to authentication, making the solution language independent and without the need for costly token devices to be distributed. A simple low cost security solution to integrate into any existing application allowing a much more secure password to be set and used in open spaces without fear of shoulder surfing.
Watch this space!
Monday, 24 November 2008
Sunday, 9 November 2008
Middle Eastern Banking Fraud
Have you wondered why the major banks still continue to use ageing and insecure technology such as Chip-n-Pin and ATM systems to try and protect our hard earned money? Ageing I hear you say? but it's only just been introduced, very true, however these projects take years to progress through the corporate system and consequently are out of date by the time they are implemented.
As an arms race against the bad guys it’s vital for the security of the customer for organisations (and not just banks) to ensure they keep ahead and provide sufficient security.
Why do we therefore see more and more fraud from stolen credit cards and witness the ease at which pin numbers can be obtained.
The recent discovery in the Middle East banking sector is yet another example:
http://www.theregister.co.uk/2008/09/12/uae_atm_hacking_attack/
When simple more secure solutions exist such as one time password authentication why do we still have insecure implementation of banking security? At PINoptic we hear considerable investment “skin in the game” in the current solutions, we hear the losses aren’t high enough (almost £600 million last year in the UK alone?) for the lack of will to improve security.
At PINoptic we view the customer as surely the major drive behind reducing the level of fraud. Anyone who has had payments taken illegally from their bank accounts or credit cards will know the personal inconvenience this creates.
It’s time for more secure solutions to be implemented!
As an arms race against the bad guys it’s vital for the security of the customer for organisations (and not just banks) to ensure they keep ahead and provide sufficient security.
Why do we therefore see more and more fraud from stolen credit cards and witness the ease at which pin numbers can be obtained.
The recent discovery in the Middle East banking sector is yet another example:
http://www.theregister.co.uk/2008/09/12/uae_atm_hacking_attack/
When simple more secure solutions exist such as one time password authentication why do we still have insecure implementation of banking security? At PINoptic we hear considerable investment “skin in the game” in the current solutions, we hear the losses aren’t high enough (almost £600 million last year in the UK alone?) for the lack of will to improve security.
At PINoptic we view the customer as surely the major drive behind reducing the level of fraud. Anyone who has had payments taken illegally from their bank accounts or credit cards will know the personal inconvenience this creates.
It’s time for more secure solutions to be implemented!
Friday, 31 October 2008
France Top Man gets Hacked
Did anyone see this article last week? Even in a highly security conscious country such as France the top man can have his bank account freely accessed online by hackers!
http://www.digitalcommunitiesblogs.com/international_beat/2008/10/frances-booming-online-banking.php
Why aren’t we surprised at Pinoptic? With simple username and password details required for most online banking (and a few personal details collected from the trash can) it’s no wonder online fraud continues to grow in frequency. It’s time the banks gave everyone a more secure method of authentication online to reduce the risk to us all.
http://www.digitalcommunitiesblogs.com/international_beat/2008/10/frances-booming-online-banking.php
Why aren’t we surprised at Pinoptic? With simple username and password details required for most online banking (and a few personal details collected from the trash can) it’s no wonder online fraud continues to grow in frequency. It’s time the banks gave everyone a more secure method of authentication online to reduce the risk to us all.
Monday, 15 September 2008
Braingame to yield cognitive data
We’re all aware of the popularity of Dr. Karashima’s brain training games for handheld games consoles. This summer PINoptic configured its one-time-password solution into a cognitive game which exercises the users’ perception skills, lateral thinking and dexterity. PINoptic decided to offer the game free of charge via the internet and award a prize every month for the player who progressed furthest, fastest. Interest from the public has, unsurprisingly, been intense. The first monthly prize was awarded at the end of August with another £500 up for grabs at the end of September. We’re encouraging people to compete on a regular basis. As well as providing a cognitive workout to keep those brain cells ticking it gives people the chance of winning a prize too! The marketing department have promised lots more prizes over the coming months. If you fancy a go, visit www.pinoptic-challenge.com
Tuesday, 15 July 2008
The view so far - WorldComp 2008
From my privileged position as co-chair and session organiser I have a good view of the big picture at WorldComp in Las Vegas. It seems from the levels of attendance and the intensity of post-presentation discussions that two areas are standing out as hot topics at this year's Security and Management conference:
- Digital forensics is a field that is just transforming into a discipline with a substantial push towards process and procedure. Professor Erbacher from Utah State University explained the complexity of issues surrounding digital forensics and stressed that this is far from a solved problem. Interested parties are looking forward to his tutorial tomorrow evening.
- The second hot topic, represented in half a dozen papers, is the one-time password systems of which the theoretical discussion by the PINoptic team has been the best attended session thus far. Other researchers from the US and India have also addressed this area with an excellent review of related work presented by Kenrick Mock from the University of Anchorage in Alaska. Interested researchers in this area are using the conference to establish informal relationships to make sure the advantages of the approach are best utilised commercially. Definitely an idea whose time has arrived!
With a busy schedule of talks, discussions and technical meetings still to come there's plenty more to look forward to.
Signing off for now, Mark Bedworth CTO PINoptic Ltd.
SAM'08 Kicks Off
SAM '08 started and the first keynote lecture was from Dave Patterson,
Pardee Professor of Computer Science at University of California,
Berkeley. He presented an interesting insight into computing several
years from now, but warned that the sector is facing a crisis.
Computing power increases are no longer following Moore or 2 x Moore,
since a physical barrier has been reached. Patterson urged more
development effort in parallel computing, especially in the area of
software capable of using the parallel processor environment. He also
suggested that those experienced in programming for parallel computing
produce a structure embodying the tools to enable those less able, to
port their existing and new software maybe developed in a single
processor environment to make use of the power of parallel computing.
There are those who argue that parallel computing is not the solution,
but Patterson put up a convincing argument.
Tuesday, 1 July 2008
The start of blogging
Hardly had we begun pushing PINoptic, then along came the opportunity to present 3 papers at the SAM '08 conference in Las Vegas in July 2008. This conference is one of the premier world conferences for security and access management. Peer review of our submissions produced some very positive reactions and valuable feedback on the suitability of the papers for the conference.
Subscribe to:
Posts (Atom)