Week of November 8, 2004
Two factor authentication takes hold
New Zealand banks ASB and Bank Direct are using software called Netcode (from US security vendor RSA) to improve the security of on line bank transfers over $2500.
Customers wishing to transfer more than $2500 into a third party account receive an eight-digit text message to their cellphone, which they have to enter online within three minutes to complete the transaction.
The idea is to put a roadblock in the way of criminals (who have obtained users' passwords and log-in information through various phishing scams, etc) who want to steal from on line accounts. Now they need the eight digit code as well to pull off the scam.
As nothing in life is free, customers will pay 25 cents each time a code is sent to their cellphones. If they don't have, or don't want to spend the 25 cents for the service, they can always use telephone banking, or, perish the thought - actually go into the branch and interact with a live human. read more
Note - 2 factor authentication means using something more secure than a dodgy old password to identify yourself on line or to a network. The trend now is towards using tokens (gizmos that look like key chains, often with memory and the ability to encrypt and store data) or biometrics (iris scanners, fingerprints etc) to augment passwords, and raise the bar for attackers.
Banks are so worried about phishing (see Hot Topics and Tips section) that some are reputedly scaling back Internet banking operations. This seems like a pretty wimpy response, and it is more likely that most will simply ramp up existing security with this type of offering - and,of course, make customers pay for it. They are banks after all.
AOl have recently announced such a service (by subscription). read more.
In a salvo to competitors, they also will offer free McAfee anti virus software to existing customers. read more
Ballmer does law - just not very well
Microsoft CEO Steve Ballmer probably should not give up his day job and turn lawyer any day soon. Chairman Bill Gates, by comparison, has always shown a finely honed appreciation for the finer points of the law (and how to use them to pulverize the competition). Probably got it from his Dad.
Ballmer, in a continued attempt to stop the inroads being made by open source software, has recently claimed that Windows is cheaper over time than Linux, more secure, and in a new twist - that it offers better IP indemnification to customers.
Needless to say, the Net has been buzzing with this story, as the fine print in MS contracts and EULA's (end user licence agreements) flies in the face of this gutsy statement.
The fact is - MS and all the other IT vendors will fight tooth and nail from having to indemnify customers against damage caused by viruses, worms and loss of business resulting from downtime - even if the proximate cause of such damage is their buggy software. see my Globe article that discusses the issues
MS have shown signs in recent days that they may extend very limited indemnification to a broader range of customers - other than huge customers (who can expect in any event to demand and receive more).
But don't be naive and expect a seismic change. And read the fine print. It's almost all bad.
read article on MS indemnification issue
|
Further reading
For an excellent book (and eye opener) on the use of the Law, lobbying efforts, and the manipulation of the regulatory environment to work over the competition, read 'Make the Rules' by Wharton Professor G. Richard Shell (we don't know him; never met him; it's just a good book).
Make your lawyers read it.
|
 |
 |
|
