Friday 30 November 2007

Data Breaches Costing Companies More Than Ever

A recent article on eweek.com outlines that data breaches within companies are costing them more on average in 2006 than in 2005. As a result, most companies security measures’ only increase after these breaches. Instead of losing resources from a costly and time consuming data breach, why not take more a preventative measure to securing your data, network, and other assets?

Monday 26 November 2007

25 Million Records Lost in the UK

The recent loss of 25 million records in the UK has the potential to be traumatic. For instance, with many families putting their trust in the same banks, the potential to have one’s identity stolen has now increased significantly even though the UK government is sure the data has not landed in the wrong hands.

The gigantic mistake was made by junior officials at HMRC, who had ignored security procedures according to the chancellor. These days, one can only be truly at ease in the UK if 2FA, not a static password, is protecting their most invaluable asset – their identity.

Thursday 22 November 2007

Social Networking and Two-Factor Authentication

There is a new social networking site out there (surprise, surprise). It’s called Anne’s Diary and it is specifically for girls between the age of 6 and 14. What makes this social networking site different is that it utilizes biometric technology to ensure the safety of its younger users from pedophiles and hackers. Although this site utilizes one-time passwords to activate accounts, it does not make use of them past that.

It intrigues me to see how the security of social networking will pan out in the near future. As relationships continue to become extended from real life to online, the chances of significant others, friends, family etc. wanting to hack into someone’s social networking account increase immensely. This is why the use of 2FA should be mandatory in the future of social networking. I am not saying biometrics is a weak authentication method but rather it is too hard to roll out on a mass scale. 2FA on the other hand, is not.

As Web 2.0 continues to evolve, 2FA (not biometrics) is the easiest and most secure method to protecting users in the social networking age.

Tuesday 13 November 2007

Salesforce.com’s Reaction to Phishing Attacks

A recent letter by Parker Harris (EVP Technology at Salesforce.com) outlined to customers what they and the company should be doing to prevent future data breaches. Short of posting the letter in its entirety I noticed a few important points Mr. Harris addressed regarding 2FA technology.

Primarily, Salesforce.com makes a promise of “collaborating with leading security vendors and experts on specific threats.” Perhaps a more important point, Salesforce.com recommends that its’ customers “consider using other two-factor authentication techniques including RSA tokens and others.”

Sometimes it takes a major data breach for a company to realize that their current security measures are inadequate. This is an unfortunate but often a necessary occurrence. One by one, businesses are realizing the hard way that 2FA is a requirement in their security measures. Salesforce.com is the latest company to realize this, will you be next?

Don’t let a security breach determine your company’s interest in 2FA. Research it today. Secure your world.

Friday 9 November 2007

It can even happen to the stars…

Grammy winning songstress Alicia Keys recently had her MySpace page linked to a malware server in China. With the addition of a background image, anyone who visited Alicia’s MySpace page and clicked anywhere on this background will cause the browser to load a fake media codec, which is really a disguised Trojan.

It is currently not known how widespread this hack is within MySpace but this exemplifies how web surfing exploits can happen to anyone, even if they are simply browsing their friends on a social networking site.

Although it is not known how the hackers accessed Alicia Keys’ page, a 2FA solution for login definitely would have prevented them from accessing it in the first place.

Thursday 8 November 2007

Data Breach of Salesforce.com

You may have seen that a salesforce.com employee became a recent victim to a phishing scam that resulted in turning over the company’s customer database. As a result, the scammers have been using the names and e-mails to spread an extensive malware attack throughout the company, supposedly sent by the Federal Trade Commission!!!!

Once again the need for users to be educated on what to look for when confronted with a phishing scam. The best security measures in the world cannot compensate for the threat of uneducated users and the inevitable data loss that can follow. But good awareness/education combined with a form of Two Factor Authentication can start to reduce the risks that businesses face.

Tuesday 6 November 2007

Strip-tease for Hacking

Everyone has seen them, those silly little jumbles of letters you need to decipher and type in frantically to buy tickets to events, to create a new e-mail account, or to complete many other internet functions that normally hackers have a heyday on. In fact, these are called CAPTCHA systems and are utilized to distinguish humans from machines.

With a very innovative approach, online scammers have created a virus where an appealing woman will unexpectedly appear on your computer. However, that is not all, as the woman continues by promising to take off an article of clothing each time a jumble of letters is completed. The catch is that the program restarts before the woman can completely undress to possibly persuade users to try the program multiple times.

It is not quite known if scammers are using these cracked CAPTCHA passwords on the fly; however, they are using them to crack anti-virus software and there is a worry that this scam will spread to financial institutions.

As the dark forces of scammers continually become more inventive, online security must evolve over and above that. And no, a strip tease is not required…

Thursday 1 November 2007

Urgency to Fix Online Privacy

These days, good online privacy translates into good business. I recently read an article on zdnet.com that outlined the new “urgency” to fix online privacy. With this, at the meetings of International Association of Privacy Professionals, larger non-tech companies are searching for privacy solutions that actually work. I have known this for years but companies seem to be figuring out now that as the world gets smaller due to increased technology, the frequencies of online security breaches are higher and more imminent.

In my humble opinion, 2 factor authentication would be a great alternative for CPO’s to help lull this newfound “urgency” to secure online privacy.

Two-factor authentication Newbie Cheat Sheet

Two-factor authentication? What's that?
During the past month I have had a number of meeting to discuss security and a number of times senior management have asked what is Two Factor Authentication.

Well that's a question more and more people are asking at the moment as they hear about their bank adopting this new way of authenticating who you are. So Here is a cheat sheet for everyone who is still unsure.

But I know who I am...
I am very please to hear. And how do you prove who you are when accessing your bank or another secure environment such as your computer on the office network?

Well I use my password.
Which is?

pA55w0rd
Exactly. The problem here is that people aren't the best at choosing or protecting their passwords. Too often they go for easily guessable names or words or something so complicated they end up having to write it down. Instead companies are now looking at solutions such as two-factor authentication which typically involves single-use multi-digit numerical codes to complement the existing security as well as the username or PIN.

Sounds even more complicated...
This is where technology comes in. Many companies developing solutions in this space are providing secure tokens – little gizmos, if you like, no bigger than a key-fob (www.cryptocard.com) which generate the random numbers for you. They're good for around as long as it take to log-in - and then they're done-and-dusted.

What are the benefits?
Single-use random numbers are far more secure than traditional static passwords (which admittedly aren't hard to beat or hack). They work by creating a reliance upon something the user knows, such as their username, and something they have, in this case the 6 or 8 digit number – which is far more reliable than a password written on a Post-it note.
 
Copyright 2009 Jason Hart. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan