Risk

5/12/2005
06:20 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Phones Fight Phonies

On Tuesday, VeriSign hosted a dinner for journalists at Le Colonial in San Francisco to help get its message out about strong authentication. Representatives from AOL, IBM, and Intuit also were in attendance. The idea is that journalists get good food and the hosts get good press. Of course, it's not officially quid pro quo, but it's hard to imagine companies sponsoring such events without some hope that what goes around comes around. Coincidentally, Bite public relations managed the affair.

On Tuesday, VeriSign hosted a dinner for journalists at Le Colonial in San Francisco to help get its message out about strong authentication. Representatives from AOL, IBM, and Intuit also were in attendance.

The idea is that journalists get good food and the hosts get good press. Of course, it's not officially quid pro quo, but it's hard to imagine companies sponsoring such events without some hope that what goes around comes around. Coincidentally, Bite public relations managed the affair.Anyway, VeriSign had come to town for a conference called Digital ID World 2005, where the company explained its plans to make two-factor (strong) authentication cheap and affordable.

Strong authentication involves using something one has-an ATM card, example-in conjunction with something one knows-a personal identification number or PIN. It generally provides better security than weak authentication, which utilizes just one of those two components, such as a password or a door key.

It's a potentially useful technology that could help reduce identity theft and fraud.

The challenge for VeriSign and other security companies is that authentication tokens are expensive and there's no established open standard. In the absence of such a standard, it's doubtful that consumers would be thrilled to carry different tokens for every commercial Web site they deal with.

The answer, it seems, is the cell phone. They're everywhere already. Using them as authentication tokens just makes sense, to me at least.

VASCO Data Security, an enterprise security company, is doing just that. The company said today that it's now offering its Digipass software security token for Java-enabled mobile phones.

Sounds promising.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.