Mobile Security Starts with Authentication.

No one could have predicted the rapid evolution of the phone, from the brick phone to the flip phone, the mobile phone has evolved quite a bit in the last 25 years. The overarching trend had been toward smaller and smaller devices, but this preoccupation with size seems to have reached a plateau. The focus now is squarely on adding capabilities.

For many using the mobile device as a phone has become indispensible seldom will anyone leave home without their phone.

New smart phones have the processing capabilities of computers, and they going to play a significant role in identification as applications evolve.

Airlines already enable travelers to download boarding passes to smart phones. Hotels enable guests with to download room keys and bypass the front desk. Corporate users generate one-time passcodes on handsets to gain access to computer networks and authorize transactions. But this is just the beginning.

Two-factor authentication is already happening

For many using the mobile phone for an extra level of authentication may seem futuristic, but it’s already here for some. The use of one-time passcodes with mobile devices is commonplace. Smart phone owners can download an app to generate the codes while other providers send codes via text messages. These one-time passcode systems have been vulnerable to man-in-the-middle attacks. There is an array of these attacks but they all have the same basic premise–a hacker eavesdrops on an individual’s Web activity and changes information or forges a Web site to gain access.
LiveEnsure is leading the way offering Saas Authentication to protect the site, the session and the user.


2011 will be a transition time for mobile phones and what consumers do with them is set to increase. LiveEnusure is authentication for this transition period, replacing what we do with smart cards and tokens … truly authentication for the future.”


Smartphones half of handsets shipped by 2012

With a plethora of apps, their large screens, built-in cameras and plenty of processing power–more than 50% of U.S. handset shipments will be smartphones by 2012, according to research firm In-Stat. Globally, shipments are projected to reach 850 million units by 2015.

By December 2010, U.S. smartphone adoption had surged to 27% penetration, according to comScore. There was rapid adoption of Google Android devices, making Google the second largest operating system by the end of the year.

Security is not a game. Protecting your revenue and your users identities in the mobile space is key - without tracking, storing or trafficking in their privacy information.

With LiveEnsure™ you can verify user, site, device and session in real time.

LiveEnsure introducing Authentication to The Game Developers Conference.

LiveEnsure is attending the GDC – The Game Developers Conference (GDC), San Francisco the world’s largest professionals-only game industry event.

http://www.gdceurope.com/


Authentication is an essential layer of security for companies who are active in the online, mobile, betting, bingo, casino, lottery and street gaming sectors.

Christian Hessler will be discussing our authentication solution with programmers, producers, game designers, audio professionals and others involved in the development of interactive games.

The exhibition is packed with hundreds of genuine gaming innovators who will be launching thousands of new products and technologies.

This short video gives a short introduction into how we protect gamers online.

http://bit.ly/etggX6

Digital Fingerprinting is an essential part of authentication!

The Wall Street Journal headlines last week announced the Race Is On to 'Fingerprint' Phones, PCs. Device fingerprinting is a powerful emerging tool in internet security trade, and LiveEnsure™ is leading the way with its SaaS authentication offering for web and mobile.

It might seem that one computer is pretty much like any other. Far from it: Each has a different clock setting, different fonts, different software and many other characteristics that make it unique. So it makes perfect sense to uses Digimetric™ technology to uniquely identify computers, cellphones and other devices, without building and sharing profiles of the people who use them.

I can't understand why more websites and apps are not more rapidly embracing digital device fingerprinting technology for authentication. It adds an altogether new layer of security for the user, the site and the session. The "fingerprinting" data is challenged "outside" the browser, its data is *not* shared, and the process is session/commerce context specific, i.e. purpose-built keys - the "smarter" and "safer" version of a universal fingerprint. This architecture is based on years of study - finding that trusting purely general-built keys is great for convenience but not worthy for security.

LiveEnsure™ sits in the gap - providing strong, real-time authentication, using a universally unique digital footprint of a laptop, ipad, device or smartphone. There is nothing for the user to download, install and no out of band/dongle/token to look after. The login process is seamless the clever device recognition happens without the user being aware, checking the device fingerprint in real time as part of a secure triangulation.

Low price high strength, developers can mash up today at http://www.liveensure.com/

Secure the entry point of Cloud...

Cloud computing is one of the most widely adopted IT trends of recent years. Flexible, low-cost and easily scalable IT, many businesses are relying more and more heavily on cloud-based applications, storage and security. The big issue is of confidence remains a barrier to adoption for many businesses, and significant questions remain unaddressed around key issues affecting this, one of the key being that of security.

The cloud security debate rages on fiercely is the fact that issues or breaches have the potential to be catastrophic – to the extent where they transcend business departments to become a major business issue.

But the issue of cloud security is not necessarily as hugely complex as some assert. One of the basic premises for cloud security is the fact that securing the cloud itself is an almost impossible task due to the numbers of providers involved and the level of sharing that is inherent with many cloud-based services.

The fact is that by the time data has reached the cloud, it’s normally too late. The potential for data getting in to the wrong hands starts from the moment it leaves an organisation, and it’s therefore at this boundary point between the organisation and its external environment that security has to be the key priority for those looking to use cloud-based services.

The key priority for improving security of cloud computing lies in the routes between a business and the cloud, not the cloud itself. LiveEnsure is the affordable, accessible, authentication layer for that.

Addressing the security of a company’s specific cloud entry and exit points is the best – and simplest – way to get a grip on the potential issues involved to enable businesses to take advantage of all that the cloud has to offer.



Tweet

Facebook a month of security breaches

Its been a bad month for Facebook and I hope this is a sharp nudge l for those who make decisions regarding our security and privacy. Facebook should first commit to a full audit of its systems to make sure it complies with its own policies, and then spend some time listening to its customers' feedback.

To date, Facebook insists it has not intentionally released this information and has made changes to prevent this data leakage. Social networks are entrusted with people's personal data this should requires an embedded sense of responsibility.

As with PleaseRobMe.com, it is easy for people to determine from your IP address that you are trapped away from home in a European ash cloud, or that you are lying about your activities and location. Using online services and social media for communications carries with it the same risks as sending emails, in my opinion a great deal more.

Hopefully Facebook is listening to all of the commentary related to their users' concerns over privacy, and will make changes to their system. They are clearly aware that including the IP is a bad idea, considering their move to begin hiding it, albeit trivially.

So this weekend when you upload your photos or share an event, check your privacy settings and don't go into too much detail as you don't know who will be reading or looking at your items.

Fairly scary stuff.

http://www.sophos.com/blogs/chetw/g/2010/05/08/facebook-notifications-leak-ip-addresses/

Twitter-in a Twist- lost followers

Twitter has an embarrassing bug on its hands – one that allows users to make anyone follow them. Mashable reader Ozan Yılmaz emailed mashable this morning, writing “[tweet] accept [username]” then the [username] immediately starts following you.”

Initially I noticed that my main Twitter account was following lots of new people that I had not manually followed. That means that if peopel chose to exploit this bug, their tweets could show up in anyone’s timeline — at least until the issue gets resolved. Well it appears the powers to be from twitter have resolved it with a mallet... I now have no followers, no one I am following and my lists have disappeared.

Other reports confirm that this exploit is currently being used by many users. No word yet from Twitter on when this might be fixed and if they’ll be able to do undo the damage, but I’ll update here when I know more.

Twitter is experiencing the same problem OpenID will have, or any "federated" approach where a true factor is not involved in authenticating requests such as this. The balance is, most solutions are too "expensive" (meaning hit to processing, user experience - not just cost) for such lightweight, high-scale things based on the social network site usability or cost model.

Twitter needs to find a strong simple to embed authentication technology that - gives the best of both: strength and validation with SAAS utility ease and integration, cost; but without the thin "browser-only or service-only" rigor that can enable such "over the transom" requests.

Not surprisingly 3 the top 10 trending Twitter topics at the moment have to do with the bug and the zeroing of followers.

Read what the press is saying:

http://www.informationweek.com/news/software/web_services/showArticle.jhtml?articleID=224701415

People are becoming too relaxed about privacy on social media!

People are sharing so much on social networks, new services on these sites look appealing and it is human nature to try them according to The New York Times Yesterday :

"This is all part of one big trend: People are becoming more relaxed about privacy, having come to recognize that publicizing little pieces of information about themselves can result in serendipitous conversations — and little jolts of ego gratification."

But no one on social networking sites expected to have their credit card numbers publicised. Except that is what happened this week — or at least what was discovered this week.

Many people are quite rightly wary of sharing intimate information online because they are not sure how it will be handled, users assume they are secure. The 'Blippy' story highlights how the data protection laws have not yet started protecting our transactions on line and online services are not implementing effective online security.

http://econsultancy.com/blog/5802-bippy-publishes-credit-card-information-on-google

Protecting Vaccination Records Online

Why is it everyone else has the good ideas! Like today this new portal we are working with for vaccination records, this is a GREAT IDEA in action not only is this well constructed site a place for all the advice a traveller needs about vaccinations but you can save your vaccination details on the site free.

Vaccination records are important and increasingly required for global travel. If like me over the years you have lost the red child record book for your children, or the pieces of paper in purse detailing the date of tetanus or hep b shots have become illegible or lost. MyVaccs provides a free web-based solution to store vaccination records for you and your family. MyVaccs complements rather than replaces the records systems used by your medical professional and allows you to access your records instantly for reference or in medical emergencies.

www.myvaccs.com

My Vaccs is talking to us about our authentication they want to protect the identities of people using their free online storage portal. I am looking forward to working with more companies who are beginning to understand they have a responsibility for looking after visitors identity on their sites.

First Entry - a toe dipping exercise

I have started this blog because like writing, I have spent my adult life in industries where it has been essential to be able to write clearly. This is my first business creation it is a blog about safety on-line, the boring word is security. I will try to write things that people who need internet security will find useful.

I am working for a new technology company in the sphere of internet security, in government terms we are a micro company... yes 4 cornerstones and then a team of developers. I am the marketeer grappling with social media to launch the new proposition.

Keep it short and sweet, it says in the tips list... so short it is.