Biometrics give a false sense of security.
On Sept 23, 2015, Office of Personnel Management (OPM) revised the number of stolen fingerprint files to 5.6 million! Why should you care?
Some security pundits believe that biometrics are far more secure than passwords. They argue that since everyone has unique identifiers like their voice, iris, face and fingerprints, why not use these to authenticate a user in to a computer network? Sounds logical and from a theoretical perspective, it’s true. But major flaws become apparent during implementation. Read More→
87% of all business owners who seriously inquire about Power LogOn® end up buying it. Before I go into why, here are some new findings from Javelin Strategy & Research’s latest report 2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters:
- Identity fraud incidents and amount stolen increased—The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud every 3 seconds. Read More→
Copyright: Walt Disney Productions
USB Smart Card Readers for Network Access Authentication are Still Safe.
A number of online computer news sites are abuzz about a security team’s prototype malware that hijacks USB smart card readers. It seems that a research team out of Luxembourg has issues a “Proof-of-Concept” malware attack that can take over your USB smart card reader. While any malware notice is important and needs to be monitored, business may be wondering the severity of the attack and if they need to rip out their smart card infrastructure because their network access authentication is in jeopardy.
Here are my thoughts:
- This is only a proof-of-concept and not a deployed attack.
- Every piece of computer hardware and software are susceptible to malware.
- Security relies on many barriers and layers. If you’re vulnerable to one attack you probably are vulnerable to many others.
- If the computer is vulnerable to malware, then other more dangerous programs will more likely be installed like key loggers or the Zeus Trojan Horse. In that case there is probably no need to attack the smart card since these other programs are far more destructive.
Companies don’t need to rip out all their smart card readers and replace them with the expensive keypad ones. Smart card reader companies will look into the potential malware vulnerability and make whatever driver modifications necessary. IT needs to keep an eye out for any driver updates and install them.
Finally, security has many levels and points of attacks. If you are concerned about your company’s vulnerability then contact a consultant and ask for a security assessment. We list some leading companies on our site under the partners tab.
Ingersoll Rand Security Technologies / Access Smart Provide Cyber Security with Smart Cards
Affordable, smartcard based, enterprise password manager for Windows solution for network access authentication
CARMEL, Ind – Sept. 6, 2012 – Ingersoll Rand Security Technologies, a leading global provider of security and safety solutions and manufacturer of contactless smart credentials and readers, announced that its aptiQ™ smart card users can now deploy the Access Smart® Power LogOn® as their password manager for Windows. No longer will employees have to self-manage their passwords, a practice which can easily lead to an expensive company security breach.
“When employees self-manage their passwords, the network access authentication becomes very insecure. Passwords are written down, simple passwords are used and the same password is used for multiple sites and applications,” explains Dovell Bonnett, Access Smart founder and CEO. “IT administrators using Power LogOn in combination with aptiQ smart cards can now easily add secure network access authentication. Businesses of all sizes must comply with state and federal privacy protection laws and cyber criminals are aggressively targeting businesses. Power LogOn securely authenticates a user before they are allowed past the firewall.” Read More→