Tuesday, 30 August 2011

The World is waking up to the need for internet Security.

Today's Telegraph's headline:

It's no good putting security systems in place after a major data breach !


Businesses need to set up systems and processes to enable them to operate watertight security. When moving businesses into the cloud authentication at every level is essential.

Businesses need to be seen to take care of their customers whilst not burdening them with more security steps and sending environmentally unfriendly dongles/card readers.

Only reacting when a breach occurs is not the sign of a strong business.

I had to add in this breaking news story the hacker had a sense of humour, possibly Nokia have not seen the funny side.



Thursday, 30 June 2011

The CookieCrunch

On the 25 May 2011 the UK became the first EU country to bring the new cookie directive into law – and on the same day, the UK Government announced a 12 month delay on any enforcement action being taken.

Last nights Bootlaw event, looked at what the cookie law means for start ups and website operators and what you are supposed to be doing over the next 12 months before the laws are going to be enforced.

The Directive states that ‘explicit consent’ must be sought by website owners before they track the online behaviour of their users using cookies, whereas previously, users simply had to be given the opportunity to opt out. The new law aims to give consumers more control on how their internet browsing is tracked.

The UK government proposes to adopt the wording of the Directive exactly as it stands. It states that consent must be given before organisations place cookies on a user’s computer or retrieve cookies previously stored there. However, the Directive does not provide detail on how this consent is to be achieved and so there remains a large question of interpretation.

They discussed technical solutions which could allow websites to collect user consents to cookies without getting in the way.Businesses and organisations running websites in the UK must wake up to the fact that this is happening.”

LiveEnsure™ is our authentication technology that doesn't store any personally identifiable information such as user names and password, nor does it rely on the browser, Javascript or cookies. It is simply powerful, real-time session authentication.

You can update yourselves on last nights session listen to Danvers Baillieu the Pinsent Masons LLP in London update here.

More audio coverage is uploaded on AudioBoo.


Wednesday, 8 June 2011

Mobile Security Starts with Authentication.

No one could have predicted the rapid evolution of the phone, from the brick phone to the flip phone, the mobile phone has evolved quite a bit in the last 25 years. The overarching trend had been toward smaller and smaller devices, but this preoccupation with size seems to have reached a plateau. The focus now is squarely on adding capabilities.

For many using the mobile device as a phone has become indispensible seldom will anyone leave home without their phone.

New smart phones have the processing capabilities of computers, and they going to play a significant role in identification as applications evolve.

Airlines already enable travelers to download boarding passes to smart phones. Hotels enable guests with to download room keys and bypass the front desk. Corporate users generate one-time passcodes on handsets to gain access to computer networks and authorize transactions. But this is just the beginning.

Two-factor authentication is already happening

For many using the mobile phone for an extra level of authentication may seem futuristic, but it’s already here for some. The use of one-time passcodes with mobile devices is commonplace. Smart phone owners can download an app to generate the codes while other providers send codes via text messages. These one-time passcode systems have been vulnerable to man-in-the-middle attacks. There is an array of these attacks but they all have the same basic premise–a hacker eavesdrops on an individual’s Web activity and changes information or forges a Web site to gain access.
LiveEnsure is leading the way offering Saas Authentication to protect the site, the session and the user.

2011 will be a transition time for mobile phones and what consumers do with them is set to increase. LiveEnusure is authentication for this transition period, replacing what we do with smart cards and tokens … truly authentication for the future.”

Smartphones half of handsets shipped by 2012

With a plethora of apps, their large screens, built-in cameras and plenty of processing power–more than 50% of U.S. handset shipments will be smartphones by 2012, according to research firm In-Stat. Globally, shipments are projected to reach 850 million units by 2015.

By December 2010, U.S. smartphone adoption had surged to 27% penetration, according to comScore. There was rapid adoption of Google Android devices, making Google the second largest operating system by the end of the year.

Security is not a game. Protecting your revenue and your users identities in the mobile space is key - without tracking, storing or trafficking in their privacy information.

With LiveEnsure™ you can verify user, site, device and session in real time.

Friday, 3 June 2011

Layered Approach to Security is the Only Way.

Reading this oracle presentation, it takes you through very clearly multifaceted interactions of employees across a business. The best defense it says is a and I totally agree is multi-dimensional and multi-level approach.


If nothing else click through to the slide 'obvious but often overlooked' so many businesses focus on firewall and encryption paying little attention to authentication, believing user-name and password are enough, anyone reading my blog will know this is not the case. Identification is most definitely not authentication.

Christian Hessler debates this so well in his blogs:

Top 10 Habits of Highly Effective Security Solutions

1-3 http://bit.ly/f69F9l
4-6. READ ON! http://bit.ly/f91Jyo
7-10 FINALE! http://bit.ly/gSyf3p

An interesting presentation.

Tuesday, 8 March 2011

Remote Working - simplified with LiveEnsure- Unified Communications Show.

LONDON, March 8, 2011

A key subject at todays Unified Communications Expo 2011 http://www.ucexpo.co.uk is the new era of the 'remote worker' Today new research indicates that remote working is still a controversial topic in the UK.

Research among delegates who pre-registered to attend illustrates that there's still a difference of opinion when it comes to remote working in the UK. Almost exactly half of those surveyed claimed that people are accepting of remote working and that home working can be just as productive, indicating that attitudes here are almost perfectly split down the middle. There is however a marked difference between the technology- and business-focused attendees with 61% of the technology audience against just 45% of the business audience agreeing that it's acceptable.

79% of respondents agreed or strongly agreed that smartphones are essential to their business, implying that, even if attitudes towards home working are divided, attitudes towards mobile integration are not.

LiveEnsure™, is able to provide secure multi-factor authentication for a variety of corporate network resources for internal and external security.

Remote Access / VPN
Protecting remote access mechanisms in the corporate network is crucial to prevent unauthorised access by external users. LiveEnsure™ is able to protect these resources with strong authentication and is easily integrated by your web developer or digital agency. It is a mashup.

Web- Authentication Security- Protecting Login.
LiveEnsure™ is the solution for providing convenient, strong authentication to an external user base which accesses a web service or application, such as internet banking, e-commerce sites, commercial portals or document repositories. LiveEnsure™ can be deployed directly from our portal it easy is to deploy and manage, and will integrate simply into your web infrastructure.


Full Article

Wednesday, 2 March 2011

LiveEnsure introducing Authentication to The Game Developers Conference.

LiveEnsure is attending the GDC – The Game Developers Conference (GDC), San Francisco the world’s largest professionals-only game industry event.


Authentication is an essential layer of security for companies who are active in the online, mobile, betting, bingo, casino, lottery and street gaming sectors.

Christian Hessler will be discussing our authentication solution with programmers, producers, game designers, audio professionals and others involved in the development of interactive games.

The exhibition is packed with hundreds of genuine gaming innovators who will be launching thousands of new products and technologies.

This short video gives a short introduction into how we protect gamers online.



Wednesday, 23 February 2011

Phone Apps Insecure!

It is becoming more clear to me that as we move into the mobile age, companies need to move to the next generation of identity security. Even the big brands are still burying their heads in the sand, majoring on what the password is its format etc rather than adding another factor to their security.

The world we live in today is fastly moving to mobile, ipads, tablets and phones are the way we all transact, the normal username/password credentials are just not enough to protect us. Yet apps and retailers still expect us to hang our 'assets' on the line when interacting with them. Only yesterday I read that the Starbucks app is insecure, why are they missing that necessary authentication layer.

Mobile barcode scanning apps have come under fire recently. Earlier this month, security researchers found that the Starbucks iPhone app – which embeds a customer’s payment information in a picture of a barcode – can be hijacked in about 90 seconds. See Christian's Hesslers feature on Privacy Daily.


Brands who are developing mobile apps and websites can simply deploy LiveEnsure to protect their users from phishing, pharming and man in the middle attacks.LiveEnsure™ uses Digimetric™ technology to uniquely identify computers, cellphones and other devices, without building profiles of the people who use them.