Friday 10 December 2010

Digital Fingerprinting is an essential part of authentication!

The Wall Street Journal headlines last week announced the Race Is On to 'Fingerprint' Phones, PCs. Device fingerprinting is a powerful emerging tool in internet security trade, and LiveEnsure™ is leading the way with its SaaS authentication offering for web and mobile.

It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. So it makes perfect sense to uses Digimetric™ technology to uniquely identify computers, cellphones and other devices, without building and sharing profiles of the people who use them.

I can't understand why more websites and apps are not more rapidly embracing digital device fingerprinting technology for authentication. It adds an altogether new layer of security for the user, the site and the session. The "fingerprinting" data is challenged "outside" the browser, its data is *not* shared, and the process is session/commerce context specific, i.e. purpose-built keys - the "smarter" and "safer" version of a universal fingerprint. This architecture is based on years of study - finding that trusting purely general-built keys is great for convenience but not worthy for security.

LiveEnsure™ sits in the gap - providing strong, real-time authentication, using a universally unique digital footprint of a laptop, ipad, device or smartphone. There is nothing for the user to download, install and no out of band/dongle/token to look after. The login process is seamless the clever device recognition happens without the user being aware, checking the device fingerprint in real time as part of a secure triangulation.

Low price high strength, developers can mash up today at http://www.liveensure.com/


Wednesday 1 December 2010

Tis the Season of Scammers...


This December, figures from the Interactive Media in Retail Group (IMRG) forecast that UK shoppers are set to spend 16 per cent more online this year than last. Across the web security vendors, the e-crime unit and consumer associations are warning of the pre-christmas spike in e-crime.



The guardian highlighted the risks to businesses and consumers http://gu.com/p/2y257






ISACA has issued a series of tips for workers using company computers or devices for online shopping:

• Do not click on an email or web link from an unfamiliar sender or looks "too good to be true".

• Be careful with company information that can be accessed through your mobile device (it suggests using a privacy screen shield). Authenticating your staff is key to data security on devices.

• Password-protect your mobile device and its memory card.

• Make sure the security tools and processes protecting your work-supplied mobile devices are kept up to date.


In preparation for the expected increase in web activity businesses are looking to secure sites, access points and apps to protect themselves, staff and customers.


The majority of employees and consumers are still not security savvy and the e-criminals will plunder from your site or data if you don't secure your logins. It is simple to implement LiveEnsure™ so your customers can then trust your site - and all surprises will be strictly for under the tree. LiveEnsure™ . http://www.liveensure.com/

Our Customer Charter: Affordable, Accessible, Authentication for Web and Mobile.

Live Ensure™ secures your credentials and accounts protecting you online.
LiveEnsure™ the strong online authentication solution for Web and Mobile.
LiveEnsure™ deployed by your developer or agency from our portal.

Customers recognise and trust our comprehensive authentication provision, you can increase their confidence throughout the online retail journey with LiveEnsure™. Our authentication adds privacy enhancing security to your existing set up building trust and loyalty with your customers.








The LiveEnsure™ badge increases consumer confidence, the technology protects identities, information and transactions for online users.

The UK’s banking and retail industries are backing the Be Card Smart Online campaign. Their online campaign is raising awareness in consumers and educating them of the risks, they have published good advice on their site. http://www.becardsmart.org.uk/

If you are a consumer read a couple of these links it help you be safer on line, businesses mash up our freemium account to see how easy it is deploy authentication security.

‘tis the season to secure your sites’

Tuesday 23 November 2010

The New Social Rules- Authentication is Essential

The New Social Rules - 24th November 2010

November has been non stop with Facebook launching a new service, offering email to its user base and opening more data about ourselves to a large organisation, what does this mean to The New Social Rules now?

I am looking forward to some interesting debate tomorrow with 100 people registered social media speakers from PayPal, ex Managing Director of MSN UK, Ketchum Pleon, Twitjobs and an angel investor the panel will be sharing their insights. The new rules of communication are constantly changing, social media impacts our outlook, the decisions we make now ,our future career, children and financial well being.

I urge you to take a few minute to crash through these slides on the new digital age, Tony Fish as ever has his finger on the pulse and is spot on:

'Reputation is all you have and your name is a good identity so don't abuse or loose either'

'Your digital footprint is worth more than your salary'

'Your password is the weakest point in your armour'

I will tomorrow be flying the flag for the need for communities, businesses and organisations to authenticate their users to protect not only the users but themselves.


'Don't sack the person who has the corporate login for your facebook fanpage, group, twitter accounts, linkedin profiles, until other people have access and admin rights- or you will be held hostage'

Wednesday 17 November 2010

Get Safe Online Week! in time for the Christmas Rush of Fraudsters


Get Safe Online is an annual event to raise awareness of internet safety issues.

A government initiative is reaching out to raise awareness of internet crime in consumers and small businesses through competitions, events and PR activity. The annual Get Safe Online Summit which has kicked off this week in central London.
Just in time for the busiest online sales season of the year, consumers need to take care they are on 'real' sites and not impart credit details to fake ones.
Action Fraud:launched by the National Fraud Authority (NFA), is the UK’s first national fraud reporting centre that provides a single point of contact for fraud victims where they can both report a fraud and seek guidance and advice.
Partner site: http://www.actionfraud.org.uk/

Online Christmas Shopping Tips Shoppers can make sure that gift buying online is stress-free by doing the following:

•Only deal with reputable sellers – use sites you can trust.Be particularly wary when buying from overseas. Be prepared to ask questions before buying. (Look for the LiveEnsure authenticate badge)
•Be sure you know who you are dealing with – always access the website you are planning to buy from by typing the address into your web browser. Never go to a website from a link in an unsolicited email and then enter your personal details or PIN.
•Trust your instincts – if an offer looks too good to believe then there is usually a catch. Be suspicious of prices that are too good to be true.
•Check delivery timescales and keep records – print out your order and keep copies of the retailer’s terms and conditions, returns policy, delivery conditions, postal address (not a post office box) and phone number (not a mobile number). Having this information will help if you subsequently encounter difficulties with your order.
•Section 75 protection – if you are buying something between £100 and £30,000 consider using a credit card, as you will then have extra protection through Section 75 of the Consumer Credit Act – for transactions in the UK and abroad. This states that should a problem subsequently arise, such as the company going out of business, you can claim your money back from your credit card company.
•Keep receipts and check these against your statement – if you spot a transaction you did not authorise speak to your card company immediately. If you are the innocent victim of any type of card fraud you will not suffer any financial loss.
The link above offers useful information if you are an online fraud victim this christmas.

Thursday 11 November 2010

Like Car Brakes? The Future for Security

Like car brakes? The future for security

I cannot agree more with Bruce Schneir of BT, the push for security is coming directly from consumers.Consumers assume they are secure... and now when they are not they are moving their custom.

The provider is going to be the website, application, community of whatever technology service is in operation. They will have to consider and build in the security, so seamlessly that the end user never has to think about it.This is where new technologies like LiveEnsure come into their own they are easily implemented across the consumer online experience.

I’ve talked about security being part of everything for years, I am pleased to say rising tide of user expectation is now forcing the reality. As this article from last weeks Gartner Symposium says Security will become a B2B market where security and solutions providers work together to create the magic. We are currently working with Virtual Technology Group, Global Mobile Solutions and FabriQate to make this a reality.

More and more, this makes security specifically, and IT as a whole, a utility.

Fear has been the best way to sell security.

Many vendors have tried to develop ROI models to prove value and build desire, but that’s never really worked, a great number stick with old products giving packaging and promotion regular facelifts. As the market moves to utility models like LiveEnsure, they’ll be much less need to prove the value of the “investment” as initial outlay is low.
Brands will spend the money because they have to.

In this new world we are selling reputation and the benefit of the solution, with strength of security as an assumed feature.

Just like the brakes on your car.

Inspiration taken from Ellen Ferrara who was reporting live from the Gartner Symposium/ITxpo. http://www.blog.bt.com/gartnerITxpo-cannes-2010/?p=174


To Learn more about LiveEnsure authentication for web and mobile: http://events.linkedin.com/LiveEnsureTM-Technology-Session/pub/407646

Wednesday 10 November 2010

Mash Up Security - making authentication safe for all!


On an Analyst Call yesterday our new technology, LiveEnsure™ came in the spotlight as new ways of doing things always do. We are making security available for developers to download and use without a long winded sales trail or price tag to match.

The Mash Up Question:

" I am concerned that as a mash-up - which is the combining of two different apps/services to create a new one that - this new " app" is somehow compromised because of a side door / opening created inadvertently in the process.. "

Answer:

LiveEnsure™ is a side-chain mashup, not a front-door mashup like openID, Google or Facebook login.

The communication, session and credential exchange are private to the site and LiveEnsure™, not the user. The user cannot "inadvertently" do anything outside or beside the site/app from their own volition. In addition, the ONLY the the user does is react and respond to the challenge, they are not initiators.

The process of authentication with LiveEnsure™ is a multi-factor "verification" of the primary "identification" process already resident in the existing site or app.

LiveEnsure™ does not "identify" users, which removes all possibility of false positives/negatives, or "letting someone in via side/back door".

The site identifies, we authenticate. We step outside the browser, app or session in a side chain, and merely verify the credentials of the site or app, session, device and user. The site then polls LE directly (outside of the user communication at either the site/app or Live endpoint) for authentication status. Status is not propagated or forced up the chain from LE to the site or user, thus also prevent unrequested or illegitimate status notification and possible bypass, hack, spoof or replay.

For these two fundamental reasons, LiveEnsure™ is:

a) additive security, not replacement or reduction (in the case of backdoor, "other" way in)
b) completely under the control of the site at all times, as there is no user session sharing or user initiation capabilities
c) side-chain logic, vs. front door, side door or back door "identify/detect" logic, thus immune to brute force
d) only adding security by its presence, not removing it by its absence (above what was initially there, i.e. user/pass, OpeniD, sso, etc).

LiveEnsure™ affordable, accessible authentication for web and mobile.

http://www.liveensure.com/

Cast your vote for LiveEnsure in the mashable awards... best newcomer:

Wednesday 20 October 2010

IP Expo Update from Today Earls Court

Today, in Westminster, Chancellor George Osborne unveiled plans to cut public spending by £83 billion. I was among the thousands of IT professionals crowded into Earl's Court 2 to discover how IT investment can help their organisations survive the new era of fiscal austerity, and emerge financially stronger, more competitive and more profitable.

They were not disappointed.

Addressing a packed audience for the opening keynote address of IP EXPO 2010, Acadia Enterprises CEO, detailed how the new age of cloud computing is set to revolutionize IT service delivery and the business effectiveness of the organisations that adopt it.

"Cloud" said Capellas "will be mainstream within 24 months."

"This bus has already left the station. You can either be under it, or on it," he said.

The same message, with different emphasis was heard from other quarters. In the seminar theatres, VMware's Paul Strong detailed some of the technical challenges that still lay ahead.

Freeform Dynamics' Jon Collins offered timely advice on how to distinguish marketing hype deliverable reality in today's increasingly competitive IT infrastructure markets.

Meanwhile, I enjoyed talking directly to the latest compute, storage and network infrastructure product and technologies showcased by more than 230 exhibitors. LiveEnsure partnered with The Virtual Tech Group Basingstoke were busy as they talked to Cloud providers who need authentication to secure entry points of their systems.

Far sighted organisations are ready to invest in their future, and those who are will be looking closely at the security aspects of their cloud provider.

Thursday 14 October 2010

Ecommerce Expo, National Hall Olympia..Next week

National Identity Fraud Prevention Week  12th - 18th October I am looking forward to attending next weeks, E Commerce Expo it is the industry event for the UK and, increasingly, Europe. It ranks as one of the largest gatherings of E Commerce professionals in Europe and boasts over 140 exhibiting companies plus a comprehensive conference programme.

http://www.ecommerceexpo.co.uk/page.cfm/Action=Seminars/SeminarDate=10_19_2010/goSection=4


Scanning the session list there are really great people telling their stories, I am looking forward to hearing from:

Steve Willey, Group Head of Product Development, moneysupermarket.com

Joe Leech, Principal Consultant, cxpartners

Matt Henderson, Director of Merchant Services, Amazon

Tjipto Sugijoto, Managing Director for Americas, Intershop.

Very surprised to see we are the only best of breed security vendor in attendance... and that there is no session talking about authenticating and protecting your user. With consumers being targeted by hackers, phishing and pharming attacks I would have expected at least one session.

"Relying on static, user-generated passwords to outwit expert hackers leaves ecommerce site severely at risk for data theft," said Christian Hessler, CTO, LiveEnsure™. "Ethical organizations are recognising the need for authentication security. We have made our solution affordable, accessible and quickly deployable for ecommerce sites."

http://www.liveensure.com/getit.html


NOTE to Show organisers... the regulators are really coming down on companies who don't protect their online consumers. A Session would have been good, Christian our CTO would have covered the importance of online authentication and I am sure Stewart Room the leading legal light in data protection would have covered changes in Legislation.

www.christianhessler.com/

http://www.stewartroom.com/

Monday 11 October 2010

LouiseRobertson@Innovate 10


The UK Technology Strategy Board is hosting Innovate 10 the leading networking, conference and exhibition event for businesses to meet other businesses, government and academia with the aim of making innovation happen – creating opportunity and growth for the future.

Innovate 10 will address all aspects of technology innovation, with a special focus on the commercial exploitation of the DIGITAL economy, HEALTHCARE markets of the future, ENERGY generation and supply and the SUSTAINABILITY economy.


I was surprised to see that cybercrime and fraud are not main discussion subjects at this forum.

I will be introducing LiveEnsure™ accessible, affordable authentication SaaS solution for web and mobile to attending digital and creative agencies who are looking to secure and protect the websites they are building. LiveEnsure™ is authentication solution, designed to protect consumers as they transact. LiveEnsure™ provides a revolutionary, multifactor, authentication solution for a multitude of applications, using unique Digimetric™ technology to recognise user’s mobile devices and laptops as part of triangulation process that secures the session. LiveEnsure™ takes the inconvenience out of bulky hardware token or sms-based authentication solutions.

Wednesday 6 October 2010

Cyber Criminals, New Job Option....


e-crime Mid-Year Meeting 5 October 2010, Victoria Park Plaza, London.

As we all know Technology is continuing in it relentless advance at such a rapid pace that even 10 years ago anyone predicting our current technology-enabled capabilities would have been considered crazy. We are all living in a world that is totally connected 24/7. We are the martini generation of computers, anytime, anyplace and anywhere, just like martini time we are very relaxed about our security.

The e-criminal- A Growth Profession!
These quantum changes are matched in the way e-criminals operate, singularly or as very sophisticated groups. Their objective is to find a way around website, apps and mobile protection. E-Criminals are the cyber equivalent to burglars who pick locks and break windows. There is one obvious area where commercial organisations are ‘holding the door’ open for the e-criminal, and that is around login and authentication, research tells us that the 2 factor username and password is not enough you may have left your door open for the e-criminal.
The Cost of CyberCrime to business.
Studies by the Ponemon Institute reveal that a security breach costs a company:
• an average of £64 per file
• £10,000-£120,000 of admin costs
• An ICO fine
• Reputation Damage.

Pro-actively investing in security can help a business avoid potential costs, loss of resource and productivity that security violations can have on a company. Attacks on organisations are becoming more frequent and the attacks are moving outside of the financial sector into all sectors that transact on the web. (Retail, Gaming and Social Networks)

Cloud Computing its coming... well actually everyone is going that way!


The sessions focused on cloud computing, the buzz words of revolutionary cost and savings and operational flexibility, were tainted with concerns for security. Realising the cloud’s benefits is determined by the trustworthiness of the Cloud Infrastructure- in particular the software applications that control, access, private data and automate critical processes. Assuring the inherent security of your associated software is a key factor to successfully embracing cloud options.

The pan-European survey by Portio indicates that 75% of CIO’s viewed security as a barrier to adopting cloud computing, more than 65% said they would move between 21% - 60% of their applications to the cloud in the next year.

STATS
I love all the stats, and they make great colourful graphs but the fact is businesses are moving into the cloud, they need to protect themselves and their users . There is a growing need for effective non invasive security like LiveEnsure authentication.

The content of this mid -year meeting was exceptional, delivering practical advice focussing on how security can help businesses to adapt to change, take advantage of opportunities and remain secure.

http://www.e-crimecongress.org/forum/

Thursday 23 September 2010

No Excuses Now!



The First Authentication Summit for LiveEnsure


Well attended, the audience included, Analysts, Press, Digital Agencies, Web Developers and Investors.







21st September 2010, LiveEnsure™ launched it is accessible, affordable authentication SaaS solution for web and mobile. We have announced the release of the LiveEnsure™ authentication solution, designed to protect consumers as they transact. LiveEnsure™ provides a revolutionary, multifactor, authentication solution for a multitude of applications, using unique Digimetric™ technology to recognise user’s mobile devices and laptops as part of triangulation process that secures the session.
LiveEnsure™ takes the inconvenience out of bulky hardware token or sms-based authentication solutions.



Our patented technology allows any user with a mobile device or laptop to be protected. Applicable for a wide variety of scenarios, the system is targeted at all businesses looking to minimise damaging identity fraud and lower administration costs.


Affordable pricing, a one off £99 cost, then pay as you go charges for authentications. Accessible immediately and scalable. The coding is deployed directly from the portal and developers can have a site login protected in less than 30 minutes.
The solution is the brainchild of prominent technologist Christian Hessler, and was devised by a team of leading software developers, led by technical architect, Marc Loy. LiveEnsure™ is designed to allow seamless integration into existing business systems. Companies can use the LiveEnsure™ technology to protect their existing user base, without purchasing costly new systems or hardware platforms.
“LiveEnsure™ is a layer of authentication for web and mobile that whilst quick to deploy ensures a heightened security barrier that is cost-effective and simple to use.” Christian continues, “The appeal of LiveEnsure™ is it’s adaptability – whether it’s used for remote VPN in a large corporation, as an authentication method for websites or as a security solution for SME’s – anyone can take advantage of its benefits to protect their users and create transactional trust.”
Set to revolutionise the authentication scene, LiveEnsure™ provides a cost-effective, secure solution for local and international businesses. And, with issues around security topping the boardroom agendas of most companies, LiveEnsure™ is just what the market has been waiting for.
For more information, please visit :
HTTP://WWW.LIVEENSURE.COM/GETIT.HTML

Thursday 16 September 2010

LiveEnsure™ Authentication for the Future Summit


Authentication for the Future- Summit


London-21st September 2010


The first LiveEnsure™ Authentication for the Future Summit in London next week will cover the development and deployment of LiveEnsure™ secure authentication. LiveEnsure™ is ground breaking privacy enhancing technology that protects, sites, sessions and users.

Michel Poignant, CEO of Paymotech will talk of the deployment of LiveEnsure™ and how it will build confidence and trust in their services. Paymotech is growing rapidly delivering secure accessible payment solutions to an ever-growing mobile community. This initiative will build customer loyalty and trust in Paymotechs growing portfolio of services.

Christian Hessler CTO of Palm Tree Technology will take a deep dive into the technology with sessions for Analysts, Press and Developers.
The session content can be followed on http://www.liveensure.com/blog.php

The live analyst and attendee commentary can be followed on Twitter- #LiveEnsure

Thursday 9 September 2010

Secure the entry point of Cloud...


Cloud computing is one of the most widely adopted IT trends of recent years. Flexible, low-cost and easily scalable IT, many businesses are relying more and more heavily on cloud-based applications, storage and security. The big issue is of confidence remains a barrier to adoption for many businesses, and significant questions remain unaddressed around key issues affecting this, one of the key being that of security.

The cloud security debate rages on fiercely is the fact that issues or breaches have the potential to be catastrophic – to the extent where they transcend business departments to become a major business issue.

But the issue of cloud security is not necessarily as hugely complex as some assert. One of the basic premises for cloud security is the fact that securing the cloud itself is an almost impossible task due to the numbers of providers involved and the level of sharing that is inherent with many cloud-based services.

The fact is that by the time data has reached the cloud, it’s normally too late. The potential for data getting in to the wrong hands starts from the moment it leaves an organisation, and it’s therefore at this boundary point between the organisation and its external environment that security has to be the key priority for those looking to use cloud-based services.

The key priority for improving security of cloud computing lies in the routes between a business and the cloud, not the cloud itself. LiveEnsure is the affordable, accessible, authentication layer for that.

Addressing the security of a company’s specific cloud entry and exit points is the best – and simplest – way to get a grip on the potential issues involved to enable businesses to take advantage of all that the cloud has to offer.

Palm Tree Technology on LinkedIn

Sunday 5 September 2010

What is the Value of Social Media....


What is the Value of Facebook and LinkedIn?


When someone asks me this question, internally I tend to sigh deeply and externally smile, you do have to wonder if they are in business whether they deliberately buried their heads against the social media explosion that we are in the midst of. Many people understand the fact that they NEED to be on social networking sites, but are not sure exactly WHY they need to.

SIMPLY GET SOCIAL - these sites are an excellent marketing tool for business, individuals and students. If you are asking this question you are behind the curve so do it now.

Think about the meetings and exhibitions attended globally every day. These networking opportunities are held by associations, professional groups, local chambers of commerce, etc. While sometimes they can be niche and packed with members of your target market, many times they can be sporadic and unfruitful. But you go all the same and come away with new contacts.

Facebook and Linkedin are electronic networking events. The differences is astounding they are running 24 hours a day, 7 days a week, 365 days a year.
The Social Advantage

*Free CRM System for your contacts
*You to choose the EXACT target market you want to engage and connect to
*No costs just time
*Fantastic Free Tools- Events, Announcements.
*Allows you to be flexible!
*Set up, Communicate get started in less than half an hour.

Facebook and LinkedIn allow you to connect with large masses of people including your old friends and professional colleagues, but more importantly they allow you the opportunity to meet and connect with new quality professionals who are willing and able to build your business, purchase your products, learn from your expertise and spread that all too valuable word-of-mouth.

Get Connected
By connecting with people on social networking sites you are enabling a wide group of people to benefit from your area of expertise while engaging them in conversation, asking/answering questions and gathering valuable information to help you market more effectively to your target audience. To be honest, the opportunities, at times, can be endless.

I will talk in detail about Linkedin and Facebook in my next posts, for now get your name, your business website details up there and do some ‘lurking’. (Join us on Linkedin or Facebook)

Linkedin
http://bit.ly/c5F4jq

And then I get an email for people who get it, with tools that help manage it how can half the business world be in tune and half so not. An email yesterday was from people who get it...
SPROUT Better Manage Your Small Business’s Social Media Presence: http://bit.ly/dfCxQz

Friday 13 August 2010

Creating Trust Online- Needn't cost a fortune!



The best ecommerce sites ensure a satisfactory online experience for their customers through ease of navigation, effective customer service and online security .


SET UP SHOP
An online presence provides a storefront for all the services that customers have come to expect when online. The following are some of web best practices for setting up a website to engage and give a satisfactory online shopping or service experience for customers in terms of navigation, customer service and online security.

EASY NAVIGATION
An ecommerce website's navigation should be intuitive, assisting customers to locate what they need with ease. Products offered should be sorted by type and information about the products that assists the customers in their purchase should be provided.

Provide ONLY Valuable Information (Keep the adjectives for christmas cards)
Provide customers with information about each item or services that are for sale . Show information about delivery time frames and an indication on stock availability.

SEARCH (FunnelBack)
Customers use the website search facility to locate the products they need. The website's search engine needs to provide accurate information, relevant results and also provide users with the choice to sort through their search results by price, type or availability.

Customer Service
Clearly show information about policies and standards relating to deliveries and returns of goods purchased. Offer LiveEnsure protected areas whereby users can log in to track the status of their order.

Confidentiality and Security
The interception of customers’ details can pose a serious risk to sites resulting in loss of customer confidence, website security should be a mandatory consideration.


The highly visible nature of LiveEnsure can have a positive effect on online sales figures.

With a recent survey revealing that:
22% of respondents had fallen victim to phishing attacks,
15% to online scams,
and 21% to identity theft,

Trust online is a real competitive advantage.

www.liveensure.com

Monday 9 August 2010

According to Nielsen, social networking is the most popular activity online.


In the battle for our digital attention, social media appears to be winning

Email now occupies less of our time online than gaming.

According to Nielsen, Americans spend almost a quarter of their time online on social networks and blogs. That's up from 15.8% a just a year ago (a 43% increase).

We are already seeing companies and individuals replacing email with social media using the share and chat facilities to communicate. Email seems set to become more of a utility tool for attachments and formal communication. Extended messaging and interaction between friends and coworkers now happens in other social media, twitter, facebook and linkedin.

Clearswift research shows the importance to employees of social access http://www.fastcompany.com/1650131/clearswift-employees-trust-internet-social-networking-management-pay.

Clearswift even labelled these folk "Generation Standby," and noted that some 57% of 25- to 34-year-olds surveyed already are social networking, shopping, and reading personal email at work. 21% of those surveyed even said they'd turn down the offer of a job that was otherwise good, but forbade access to the web Facebook and Twitter.

With so much emphasis on social interaction our focus is upon authenticating and protecting users. We are already working with intranet developers, web creators, web sites and apps on the Web that want/need strong security but not the hassle of being "sold" a security product. We are engaging with small/medium sites that the big guys cannot afford to chase down.
Finally, we offer no barrier to entry or exit, providing a smooth and seamless decisions process, take-up, integration, clear pricing and simple payment process.
http://www.liveensure.com/

Find out more on Facebook http://bit.ly/cQIp27

Wednesday 21 July 2010

Man-in-the-Middle Attacks: LiveEnsure™ will help to Eliminate the Threat Without Impacting Business.

Man-in-the-Middle Attacks: LiveEnsure™ will help to Eliminate the Threat Without Impacting Business.

A sophisticated type of phishing, man-in-the-middle attacks occur when an attacker attempts to intercept communications between two parties who are transacting online, such as a customer and a retailer, without their knowledge.
By doing so, the attacker becomes "the man in the middle."

Both parties are unaware of the attacker's presence. So, acting as a proxy, the attacker can both review and manipulate the contents of the messages he is relaying between the two parties.

Today I read with sadness that BP claimants have been victim of a phishing scam adding to chaos of the disaster.

Live Ensure™ protects users by securing and authenticating their identities through a synthesized multi-factor approach. Users are confident that their credentials are protected whilst on your site. Your users are protected from phishing, pharming or man-in-middle attacks. There are no complicated, ineffective tokens and cookies. Users can trust the site or application they are accessing cannot login under their identity without their permission. (Insider attack)
www.livensure.com

Developers you can join the beta-test next week simply register on the website.
Learn how to protect your customers now.

Tuesday 13 July 2010

'How to achieve excellence in joined-up marketing'

Embracing Social Media in your Promotional Mix.

Savvy businesses understand the power of social media. It can be very challenging to integrate with traditional marketing.Below is a list of which social media tools can be easily integrated, how to use them in an effective way alongside traditional methods and how to prove they're a good investment.

The Marketing Mix has changed Dramatically

Socialmedia: Twitter:The News Feeder/Seeder

Twitter allows direct contact with the audience, in a simple and effective way: messages are limited to140 characters.
Twitter can be used to perpetuate messages/news, create, support competitions to monitor people’s opinions and market activity. It is proven as an effective media to launch a product on the market. There are automatic tools you can use but the business needs to engage with it to make it successful. (Dell. Sun and BestBuy, Liveensure, are excellent examples)But your followers unless you are a full on A lister are unlikely to be interested in the fact you are enjoying a frapocino as starbucks...keep it real, re-tweet your news, research and information.

Facebook and Linkedin

Social media campaign and communities: Linkedin Network/Facebook Fan Page
Facebook is the biggest social network all around the world with more than 28 million active profiles in the UK representing over 70% of the UK community.

LinkedIn has 50 million business users worldwide and is growing at one new member per second ‘Groups’ are a compelling way to communicate to your end users..
Buzz Words: Tribe, lurk and blurt.(I admit to being a bit of a lurker it comes from my heritage in online customer experience and natural female curiosity).

We have formed groups on both:

Facebook Short: http://bit.ly/cQIp27

LinkedIN :Short: http://bit.ly/c5F4jq

Simply link these to your website and add to email signatures, let people share your information and you will increase your digital footprint.

Blogger Outreach
Direct communication with bloggers is a effective way of increasing buzz online. Certain bloggers are considered experts in their sector and “opinion leaders”: they are the ones to activate the word of mouth viral activity getting too the real influencers. In internet security we have the effervescent Graham Cluley. The main objective is to grab their attention and interest and get them to endorse the product/brand. Create a list of key influencers in your sector and start to engage with them, don't sell- cut and paste will not work with these guys).

Social Success is Measurable

Marketing Analytics, Measurement, Metrics, Social Media, Twitter
More than ever, hard numbers are necessary to demonstrate success. They are all but incontrovertible and easy to communicate, and they can point out what is or isn't working.

There are some leading players in agencies who can help largers organisations get Social:

For new-media Twitter, with its established tweetocracy (and people coining phrases with "tweet" left, right, and center), marketers are finding more tools to help them understand how their efforts are performing in this new medium.
There are many free time saving tools to measure the dynamics of activity.

Social Streams

You can very simply activate,monitor and connect:

ActiveTwitter Profiles,
Active Blog Content ,
FACEBOOK Page,
Viral Videos- You Tube,
Case Studies- video and editorial,
Communities,
MEET UP.

Once activated, communicate alongside your usual email and telephone details, let your customers and staff know you are social.

Summary

The good news facebook pages, linkedin communities and blogs are free BUT the challenge is engaging with internal resource to make the strategy work to ensure the messages are consistent in traditonal and social media. For best results a company needs to as a whole get social.

This post is part of the #JUMPchallenge, a blogging competition designed raise awareness on how to join up online and offline marketing, launched to support Econsultancy's JUMP event

Vote for me at http://advice.perkettpr.com/err-on-the-side-of-caution/

Wednesday 7 July 2010

The First Thing Young Women Do in the Morning: Check Facebook [STUDY]

According to Mashable blog today:
Young women are becoming more and more dependent on social media and checking on their social networks, according to a new study released earlier today by Oxygen Media and Lightspeed Research. In fact, as many as one-third of women aged 18-34 check Facebook when they first wake up, even before they get to the bathroom.

What conclusions can we draw from this data?
It’s not just that young women are using Facebook religiously: it’s that they’re very open with what they post and who they accept as friends.
Combined, it can lead to a privacy mess.

When will networks, retailers and websites start to protect their users identity by implementing authentication.
www.liveensure.com


The First Thing Young Women Do in the Morning: Check Facebook [STUDY]

Monday 5 July 2010

Monday 28 June 2010

Celebrity hacked on facebook

Glamorous Bollywood actress Meghna Naidu has contacted the computer crime police in Mumbai, after her email and Facebook account were compromised by a hacker.

31-year-old Naidu, who is a Bollywood megastar" in the subcontinent, lodged a complant with the Cyber Crime Investigation Cell (CCIC) after friends reported receiving messages from her Gmail account claiming she was pregnant "from a fling with a guy whose name she couldn't remember".

When the messages purporting to come from the actress said that she was planning to abort the child, and used foul language about various Bollywood actors, Meghna Naidu's friends rapidly became suspicious.

"My friends realised that it wasn’t me chatting with them. Then they called me up and informed me. On Tuesday, I registered a complaint in this regard. I want to know who the hacker is and why he maligned me. The IP addresses of the computers from which the chat messages were sent have been traced to Byculla and Pune,"

Naidu was reported as saying that her Facebook account had also been hacked.

As Graham Cluley says in his blogg someone was causing mischief at the actress's expense - no doubt helped by some poor practices when it came to choosing and securing her password.

You may not have as many internet admirers as Meghna Naidu, but do look closely when you login to websites, is there additional security, is liveensure protecting you as you transact. Have you made sure that you have chosen a hard-to-crack password for your online accounts. Running up-to-date security software to defend your privacy will also help.

Website developers need to consider implementing multifactor authentication to protect their uses, if you are a webdeveloper or in the process of building a website site you can register to beta test at www.liveensure.com (Simple strong multifactor authentication).





http://www.sophos.com/blogs/gc/g/2010/06/24/meghna-naidu-pregnant-hacked/

Friday 25 June 2010

Debenhams need to review Customer Service/Online Experience

Like any other female consumer I love an email offer, first day of sale free postage. So I order online and as I have lived the last 10 years on the internet, selling it or latterly of protecting consumers using it I think I know a bit about order forms.

I had a four digit promotional code, but after three attempts could not see the box.
So ordered then sent an email, the rather dictatorial response is below, I had to scroll to the bottom of the page... in delivery page...ridiculous as the offer relates only to postage. I wonder how debenhams will fair in mobile retail as consumers do more on their phones and how they will really engage with vouchering.. I would suggest they rapidly speak to E-commera or a customer experience agency they are falling behind. Miles behind Marks and Spencer, Ocado and Next who have it so right.


Dear Ms Robertson,

Thank you for your e-mail regarding Promotional Codes when ordering on www.debenhams.com.

We have investigated your query with Debenhams technical department and cannot find any reason why the Promotional Code Box would not have been available for you to use during the time you have stated.

For your future reference, please find instructions below as to where the box is clearly located.

When selecting the method of delivery, (e.g. home delivery, collect from store) from the shopping basket, please scroll to the bottom of this section, where you will find the ?promotional code box?

Please ensure the promotional code used is entered in capital letters.

Unfortunately we are unable to honor this discount on this occasion.

Please accept our apologies for any inconvenience this may cause.

I can also confirm that both items on your order have been despatched and should be with you within 3 - 5 working days.

We hope this helps with your query; if we can be of further assistance, please do not hesitate to contact us.

Debenhams for future reference you have lost one online shopper for good.

Monday 21 June 2010

Identity Management and The Law

In online identity management and authentication there has been significant work related to the technical exchange of identity information and the actual authentication processes.

This is the cutting edge of a new area of law that is starting to get real attention. Identity Authentication.

“It varies by jurisdiction but there’s a fair amount of privacy law, particularly in the European Union, but to a lesser extent in the U.S. financial and health care sectors,” Smedinghoff says.

Case law starting is starting to ramp up...

In situations regarding identity theft, case law is beginning to emerge. Courts are starting to point the finger at businesses that did not, in their opinion, do enough to protect personal information. Businesses need to be sure to meet obligations and properly authenticate or identify individuals and make sure not to release personal or confidential information.

If a business is the identity provider within the management process, then they are making assertions about a subject to a third party or a relying party. These assertions can, in theory, be considered warranties or representations.

This is good news for online users, with new 'mashup' technologies and cloud solutions entering the market place it is simpler for website owners to secure their users with technologies like LiveEnsure™ multifactor authentication.(http://www.liveensure.com/). Consumers need to trust that online portals are protecting them to do business, the law is highlighting the need for businesses to set us security systems that do this.


Full Article:
http://www.secureidnews.com/2010/06/01/identity-management-and-the-law

Tuesday 1 June 2010

Privacy in the Digital Society

Next Tuesday sees Europes most influential data privacy conference - A fine Balance in the digital society is at Westminster.

Todays world is powered by complex digital systems that create privacy challenges alongside great opportunities.

• It is estimated that humankind created 150 exabytes (billion gigabytes) of data in 2005. In 2010 we will create 1,200 exabytes. Despite an abundance of tools to capture, process and share this information, data is continuing to multiply at such a rate we need new ways to manage who can see, access and use it.
• There is no current regulatory model for a digital society. We need new rules based on what we already know about privacy, technology and data.
• We need to educate, consult and communicate with the people whose information is on the frontline.

A Fine Balance 2010 features high-profile speakers including from the Information Commissioner's Office, the legal profession, technology companies and civil liberties experts who will debate the latest thinking on how to maintain the integrity of data in a digital world.

Delegates will have the opportunity to ask questions, vote and contribute to a report being developed to influence politicians and decision makers.

If you are transacting over the web this will bring you up to speed with the new legislation around privacy, the law has got tighter.
http://www.pdsfinebalance.com/






Friday 21 May 2010

Facebook a month of security breaches

Its been a bad month for Facebook and I hope this is a sharp nudge l for those who make decisions regarding our security and privacy. Facebook should first commit to a full audit of its systems to make sure it complies with its own policies, and then spend some time listening to its customers' feedback.

To date, Facebook insists it has not intentionally released this information and has made changes to prevent this data leakage. Social networks are entrusted with people's personal data this should requires an embedded sense of responsibility.

As with PleaseRobMe.com, it is easy for people to determine from your IP address that you are trapped away from home in a European ash cloud, or that you are lying about your activities and location. Using online services and social media for communications carries with it the same risks as sending emails, in my opinion a great deal more.

Hopefully Facebook is listening to all of the commentary related to their users' concerns over privacy, and will make changes to their system. They are clearly aware that including the IP is a bad idea, considering their move to begin hiding it, albeit trivially.

So this weekend when you upload your photos or share an event, check your privacy settings and don't go into too much detail as you don't know who will be reading or looking at your items.

Fairly scary stuff.


http://www.sophos.com/blogs/chetw/g/2010/05/08/facebook-notifications-leak-ip-addresses/

Monday 10 May 2010

Twitter-in a Twist- lost followers

Twitter has an embarrassing bug on its hands – one that allows users to make anyone follow them. Mashable reader Ozan Yılmaz emailed mashable this morning, writing “[tweet] accept [username]” then the [username] immediately starts following you.”

Initially I noticed that my main Twitter account was following lots of new people that I had not manually followed. That means that if peopel chose to exploit this bug, their tweets could show up in anyone’s timeline — at least until the issue gets resolved. Well it appears the powers to be from twitter have resolved it with a mallet... I now have no followers, no one I am following and my lists have disappeared.

Other reports confirm that this exploit is currently being used by many users. No word yet from Twitter on when this might be fixed and if they’ll be able to do undo the damage, but I’ll update here when I know more.

Twitter is experiencing the same problem OpenID will have, or any "federated" approach where a true factor is not involved in authenticating requests such as this. The balance is, most solutions are too "expensive" (meaning hit to processing, user experience - not just cost) for such lightweight, high-scale things based on the social network site usability or cost model.

Twitter needs to find a strong simple to embed authentication technology that - gives the best of both: strength and validation with SAAS utility ease and integration, cost; but without the thin "browser-only or service-only" rigor that can enable such "over the transom" requests.

Not surprisingly 3 the top 10 trending Twitter topics at the moment have to do with the bug and the zeroing of followers.

Read what the press is saying:

http://www.informationweek.com/news/software/web_services/showArticle.jhtml?articleID=224701415


Sunday 9 May 2010

I am so tired of hearing about Facebook security issues? Every time I tweet search they have another issue with information leakage. They clearly have serious privacy issues, Facebook is aware it's a problem because they tried to hide it and short term fixes like turning off chat are like a using a fire extinguisher on a volcano.

Most people would agree at this point that we should not expect Facebook to protect our privacy, but with hundreds of millions of users impacted by their decisions, it's important to publicize these issues in the hopes that they will address them.

Sophos, a world leader in IT security and control, is warning social networking users of the dangers of allowing strangers to gain access to their online profiles, following new research into the risks of identity and information theft occurring through global phenomenon Facebook.

Compiled from a random snapshot of Facebook users, Sophos's research shows that 41% of users, more than two in five, will divulge personal information - such as email address, date of birth and phone number - to a complete stranger, greatly increasing their susceptibility to ID theft.

Wednesday 5 May 2010

Online Fraud Protection requires a layered approach.

Identity Management Requires Defense in Depth, Much Like Enterprise Security


I could not agree more with Scott Waddell's blog entry on depth of security. It’s only a matter of time before today super powered cyber criminals find ways to take advantage of the inherent weaknesses in even the best technologies, '2 factor' have been hacked, username and password is not enough... you can google for yourself the stories.

Today’s cyber criminals are so tech savvy and innovative that staying one step ahead of them isn’t always possible. So when it comes to network security, a good defense should be made up of several different layers. That way, even if a hacker is able to exploit vulnerability in one layer of the system, he may be stopped or slowed down by another. This strategy, known as defense in depth, essentially allows organizations to protect the integrity of their systems by slowing hackers down and buying security professionals the time they need to respond to a security breach once it has occurred. This mitigates the damage that malicious hackers can do, even if they are able to make it past initial barriers.

The same basic principle of creating a more comprehensive defense by layering tools and diversifying methods can be applied to fighting online fraud. To successfully combat online fraud, a fraud management system should include the layers of defence including multi-factor identity authentication.

I agree wholehearteldy with Scott that the best offensive against cyber crime today is a multi-layered defense.

http://blog.iovation.com/2010/02/19/fraud-management-requires-defense-in-depth/#more-1580



Survey Reveals Massive Incidence of Credit Card Fraud and Identity Theft Retailers blamed for making people vulnerable to fraud


Working in internet security I am always concerned that the online communities and retailers are not protecting their users and the results of this survey conducted on 26th April 2010 confirm my worst fears.

The researchers at Infosec have published a survey of 1000 commuters in London that has found that a tidal wave of credit card fraud and Identity theft is sweeping the UK:

  • 44 % of people said they have suffered from bank/credit card fraud
  • 42% have had their identity stolen.
  • the average amount stolen was £1448 per person,
  • 37% overall did not get their money back from the bank.
The research shows that people that lost a small amount of money were far less likely to get their money back from their bank than people who lost a large amount of money with 91%of people who lost more than £5000 getting their money back compared to only 41% of people who lost less than £100.

Who do Consumers Blame?

  • Retailers 60%,
  • Banks 12%
  • Own Fault 28%

The place that people said that they were most likely to have their details stolen from was online via websites or email.

Claire Sellick Event Director for Infosecurity Europe said, “The incidence of bank/credit card fraud and ID theft is very high, perhaps this is not surprising given how ingenious criminals have become. This is particularly true for online transactions and interactions as people are easily duped by offers that seem too good to turn down, pass on their details due to email phishing scams, act on phone calls from people claiming to be from their bank, or failing to check what post they throw away. There is a constant battle between the criminals and security experts and Infosecurity Europe is the event where the people who protect us all come to gain an insight into the latest technology and services to keep us safe from the criminals.”

Read the full account below.

http://www.eskenzipr.com/page.cfm/T=m/Action=Press/PressID=632

Wednesday 28 April 2010

Financial Times Says Cybercrime is costing UK £10 bn a year.


April 28th, Today I learn with no surprise, from Maija Palmer, FT Technology Correspondent that there has been a sharp rise in hacking attacks costing UK businesses “at least £10bn” a year – more than double two years ago.

PwC Research - published yesterday
Most of the large British businesses questioned – 92 per cent – experienced some kind of information security incident in the past year.
These included attacks by cybercriminals and accidental leaks of confidential data.

Soaring Costs
The cost of dealing with these incidents is soaring, with the worst cases costing between £280,000 and £690,000 to remedy on average.

Large companies are dealing with an average of 45 incidents a year – up from 15 two years ago.
Dangers of the Cloud
Many companies are shifting to so-called cloud computing, for example, by which business data is hosted remotely in a third party data centre and accessed over the internet. Failure of a net connection could severely disrupt business for such companies.
PwC estimates that about 34 per cent of British companies are critically dependent on externally hosted software services accessed over the internet. However, only 17 per cent of companies using cloud computing are encrypting their data.
“There are some blind-spots. Clearly there are some fundamental issues that companies need to get better at dealing with,” said Mr Potter.
Sixty-one per cent of large companies said they had detected an attempt to break into their computer systems – up from 31 per cent two years ago. About one in six companies said an intruder had managed to get through defences.

British companies are also increasingly concerned about leaks of confidential information, particularly after the national information commissioner was given new powers
this month to fine companies up to £500,000 for any breaches of the Data Protection Act.

Layered Approach
Companies need to look at their whole security set up to ensure they have the layers they need to protect their information, their reputation and their users.

Saturday 24 April 2010

People are becoming too relaxed about privacy on social media!

People are sharing so much on social networks, new services on these sites look appealing and it is human nature to try them according to The New York Times Yesterday :

"This is all part of one big trend: People are becoming more relaxed about privacy, having come to recognize that publicizing little pieces of information about themselves can result in serendipitous conversations — and little jolts of ego gratification."

But no one on social networking sites expected to have their credit card numbers publicised. Except that is what happened this week — or at least what was discovered this week.

Many people are quite rightly wary of sharing intimate information online because they are not sure how it will be handled, users assume they are secure. The 'Blippy' story highlights how the data protection laws have not yet started protecting our transactions on line and online services are not implementing effective online security.

http://econsultancy.com/blog/5802-bippy-publishes-credit-card-information-on-google

Tuesday 20 April 2010

Social Media - Are you at risk of Identity Theft



I am one of the advocates of twitter, linkedin and to a certain degree facebook, with the meteoric rise in social media use comes a whole new opportunity for identity thieves.

“Social media identity theft happens when someone hacks an account via phishing, creates infected short URLs or creates a page using photos and the victims identifying information” explains Siciliano. The Identity Theft Expert.

His prediction for 2010 is that the increase in social networking activity, along with a user’s failure to implement security and privacy settings and protocols, will lead to an increased exposure of not only the user’s personal information but possibly that of their “friends”.

Quite simply, all the experts are saying there will be an increase in identity theft crimes and the number of victims unless significant changes are made in information security. “Our most important asset is our identity. And we are functioning under a completely antiquated system of identification with wide open credit and few safeguards to protect the consumer. ” according to Siciliano.

Companies now need to invest in identity theft protection and prevention as part of their online/ mobile security.

Have you been a victim of identity theft, please click our survey so we can get a real feeling for who is being affected.

Monday 19 April 2010


Protecting Vaccination Records Online

Why is it everyone else has the good ideas! Like today this new portal we are working with for vaccination records, this is a GREAT IDEA in action not only is this well constructed site a place for all the advice a traveller needs about vaccinations but you can save your vaccination details on the site free.

Vaccination records are important and increasingly required for global travel. If like me over the years you have lost the red child record book for your children, or the pieces of paper in purse detailing the date of tetanus or hep b shots have become illegible or lost. MyVaccs provides a free web-based solution to store vaccination records for you and your family. MyVaccs complements rather than replaces the records systems used by your medical professional and allows you to access your records instantly for reference or in medical emergencies.

www.myvaccs.com

My Vaccs is talking to us about our authentication they want to protect the identities of people using their free online storage portal. I am looking forward to working with more companies who are beginning to understand they have a responsibility for looking after visitors identity on their sites.

Thursday 15 April 2010

Building a Portal

Marketing, particularly globally is never dull on the phone to the US until early hours then tasked with content provision for our exciting new portal.
There are three areas for solutions, the "context" for the site is information (the offering, the technology, pricing, integration, ). The classics don't change a site visitor, just like a shopper is a consumer, what have you got? how is it better? how much is it? Will it work with what I already have? Can I have it now?

Our site will be very simple 3 main sections, the site content is a framework -- which points to external content for detail, supporting material, etc - like blogs, video testimonials, white papers, case studies, twittter etc.Ha Ha so it will point to Securati to add content, so I best start a weekly technical/legal update.

Features & Benefits- the challenge is to keep all text short and make this appealing.

Verticals:
- E-commerce
- Social Networking
- Mobile Applications
- Multimedia
- Education
- Gaming
- Healthcare

Case Studies real video one, this is the bit I am most looking forward to working with our customers with no budget possibly a box of Krispy Kremes and my new camera.I have purchased the latest Flip HD Camera and walked around yesterday taking video lets just say Steven Spielberg need not be worried.

Let the fun begin.




First Entry - a toe dipping exercise

I have started this blog because like writing, I have spent my adult life in industries where it has been essential to be able to write clearly. This is my first business creation it is a blog about safety on-line, the boring word is security. I will try to write things that people who need internet security will find useful.

I am working for a new technology company in the sphere of internet security, in government terms we are a micro company... yes 4 cornerstones and then a team of developers. I am the marketeer grappling with social media to launch the new proposition.

Keep it short and sweet, it says in the tips list... so short it is.