eBusiness
- +
Fighting Phish, Fakes and Frauds 06/10/2004 12:10:14
The Internet makes identity theft almost laughably easy. Phishing - or the practice of sending e-mails and using fake Web sites that spoof a legitimate business in order to dupe unsuspecting customers into sharing personal and financial data - requires minimal effort and capital.Companies on the front lines of the phishing wars share tactics for making their sites spoof-proof and protecting online transactions.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
At next week's RSA Conference in San Francisco smart card vendor Gemalto will introduce new technology designed to give online shoppers an easy way to log on to their accounts using a smart card device that plugs into any PC.
Gemalto, based in Amsterdam, is already a major provider of smart cards to government and the enterprise, but the company hopes that its new system, called the Network Identity Manager, will be easy enough to use that it will appeal to consumers.
The USB devices will not require any specialized software and will work with standard browsers and use the same Transport Layer Security (TLS) mechanisms already used by Web sites. Network Identity Manager will also use a "token management system" that will sort out which credentials need to be supplied to different Web sites, and will support Verisign's VIP Network Identity federation framework, according to Gemalto's Web site.
Because the user has to have the smart card device plugged into the PC before logging onto an online bank or e-commerce site, the device will thwart many common identity theft tactics including phishing or keylogging, according to Amol Deshmukh, a marketing manager with Gemalto. "It can create a much stronger link with whatever back-end you're trying to connect with," he said.
Gemalto may face a tough sell, according to Avivah Litan, a Gartner analyst. While, products like the Network Identity Manager will provide protection from many types of attacks, but so far U.S. banks have not been clamoring for this kind of USB device, she said.
Still, as phishing losses continue to rise, U.S. financial institutions have been offering their customers more secure ways to log on to their Web portals. In 2005 ETrade Financial began giving customers RSA Security's SecurID tokens, which generate a random numerical identification number that users must enter in order to log onto the ETrade network. EBay's PayPal plans to introduce a similar system to its customers in the coming months.
But the USB device vendors said that consumers will not be willing to lug around too many of these devices. "It seems very complicated," said Ron LaPedis, a product manager with Sandisk. "Users don't want a plethora of tokens."
Like Gemalto, Sandisk will be promoting USB products that can be used to simplify key management at next week's show, but the Sandisk products will have more of an enterprise focus.
"We're going to be introducing a product that can centrally manage and secure Sandisk USB flash drives and enable secure remote access to the enterprise," LaPedis said.
Sandisk already sells a USB smart card product called the mToken, but unlike Gemalto's Network Identity Manager, the Sandisk device uses flash memory to store applications on the USB device.
Sandisk acquired the mToken technology as part of its November purchase of Msystems and the RSA Conference will give the flash memory maker its first opportunity to discuss what it plans to do following the US$1.5 billion acquisition.
Computerworld Member Login
Realise Your VMware Vision: Storage Consolidation and Virtualization for Small to Medium Businesses
10:30 - 11am (EST, Sydney, Australia)
Wednesday, 4th June 2008
Screening live at your PC
Join Computerworld and our expert speakers:
- Jean-Marc Annonier, Research Manager, IT Spending, IDC
- Howard Porter, SMB Channels Manager, VMware
- Clive Gold, Product Marketing Manager Australia/New Zealand, EMC Corporation
to learn about the various virtualization technologies available today and what factors are driving it in small to medium businesses. Discover use cases and technologies that allow successful virtualization and storage consolidation for a more flexible IT infrastructure.
- +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years. - +
IT Security Edition #9: Inside the bug trade. 16/04/2008 09:08:12
This week guidelines are released for the mandatory reporting of security breaches and we go inside the black market bug trade.
F-Secure Represented On The International Advisory Board IMPACT 2008-05-16 13:42:00+10
Quantum announces General Availability of Industry's First Solution Designed to Match De-Duplication Functionality to Specific B 2008-05-16 10:44:00+10
Hansen Technologies Extends Contract With Tokyo Electric Power Company 2008-05-16 09:44:00+10
More Than 140 Higher Education Institutions Worldwide Use RightNow on Demand CRM 2008-05-15 18:06:00+10
DST International Names Rob Gould as Director of Business Development and Strategy for Australia 2008-05-15 15:40:00+10
How to Protect Business from Malware at the Endpoint and the Perimeter
Financial motives are triggering a massive explosion of malware variants and spam designed to evade traditional signature-based detection mechanisms. Protect your organization against Malware with four essential tips and best practices from independent industry research analyst firms worldwide.
