You may have seen the recent articles highlighting flaws in some of the Biometric scanner implementations from vendors such as Toshiba, Asus and Lenovo. See:
http://arstechnica.com/security/news/2009/02/black-hat-blank-face-researchers-crack-biometric-scanners.ars
It's clear from the evidence being presented there is considerable improvement to be made in the technology and therefore shouldn't be relied on as a single source of authentication. It raises concerns over the drive to implement biometrics in high security solutions such as boarder controls, when the technology is still unproven in the security market.
We at PINoptic have always viewed biometric as a technology for the future and needing more time to prove it's capabilities. We do believe it will become a dominate means of authentication in the future, but until then we recommend the use of multiple layers of authentication for access control.
Thursday, 19 February 2009
Saturday, 31 January 2009
Monster.com Hacked Again and Passwords Stolen
What a surprise another major online website having its customer data violated and stolen. Users of Monster.com can now expect to be recruited into one of the many botnet’s, and not just into new employment. See: http://blog.absolute.com/monstercom-hack-3/
This of course isn’t the first time, or second time, but in fact the third time Monster.com has had customer information stolen. Surely someone should have learnt by now changes need to be implemented? see: http://news.bbc.co.uk/1/hi/technology/6956349.stm
The breach into major websites is seemingly still all too frequent with vulnerabilities still too common in the IT industry allowing carefully coordinated online criminals to gain access with impunity. The more complex security solutions become the more frequent it seems are the vulnerabilities allowing the criminals access. What a nightmare for the overworked underpaid IT Manager.
It’s vital to implement security throughout the organizations and provide strength in depth with a layered approach. Vulnerabilities in one solution would not necessarily expose the rest of the organization with strength in-depth. Plenty of border solutions are available from firewalls, email/spam/virus/trojan/phishing filters through to the more complex IPS gateway devices.
End point security is critical in an organization to ensure the mobile work force do not bring into the secure network perimeter malware with the ability to rapidly infect other internal users. End point security requires protection of the entry points to the system namely logon, browser, network, email and hardware. Many solutions exist but the basic of implementing a firewall, AV program and browser protection provide the quick wins with plenty of free solutions available for the SMB market.
Simple password protection solutions such as PINoptic’s One Time Password authentication system would alleviate the concerns over password security and prevent many forms of security breaches. Vulnerable websites such as Monster.com would certainly have benefited from an OTP implementation to reduce the impact of their customer data being stolen.
This of course isn’t the first time, or second time, but in fact the third time Monster.com has had customer information stolen. Surely someone should have learnt by now changes need to be implemented? see: http://news.bbc.co.uk/1/hi/technology/6956349.stm
The breach into major websites is seemingly still all too frequent with vulnerabilities still too common in the IT industry allowing carefully coordinated online criminals to gain access with impunity. The more complex security solutions become the more frequent it seems are the vulnerabilities allowing the criminals access. What a nightmare for the overworked underpaid IT Manager.
It’s vital to implement security throughout the organizations and provide strength in depth with a layered approach. Vulnerabilities in one solution would not necessarily expose the rest of the organization with strength in-depth. Plenty of border solutions are available from firewalls, email/spam/virus/trojan/phishing filters through to the more complex IPS gateway devices.
End point security is critical in an organization to ensure the mobile work force do not bring into the secure network perimeter malware with the ability to rapidly infect other internal users. End point security requires protection of the entry points to the system namely logon, browser, network, email and hardware. Many solutions exist but the basic of implementing a firewall, AV program and browser protection provide the quick wins with plenty of free solutions available for the SMB market.
Simple password protection solutions such as PINoptic’s One Time Password authentication system would alleviate the concerns over password security and prevent many forms of security breaches. Vulnerable websites such as Monster.com would certainly have benefited from an OTP implementation to reduce the impact of their customer data being stolen.
Subscribe to:
Posts (Atom)