VeriSign Identity Protection Team Bloggers The VeriSign Identity Protection team bloggers demonstrate their spelling skills.

"V" = Alin Mutu
"I" = Vijai Shankar
"P" = Jeff Burstein
"!" = Kerry Loftus
Unamused spectator = Fran Rosch

April 21, 2009

VeriSign Shares Strong Authentication Development Tools with Mobile Developers in the Fast Lane

We announced our new "Mobile Developer Test Drive" program today at the 2009 RSA Conference. By leveraging the VIP Access for Mobile SDKs, developers can easily and quickly create a pilot version to transform personal mobile devices into two-factor authentication credentials.

The pilot allows developers to test the functionality of the mobile application to see how simply they can integrate strong authentication with any J2ME and iPhone applications. Developers of mobile payment, mobile banking, m-Commerce and mobile social networking can also easily incorporate VIP open standards two-factor authentication into their applications and protect their users with extra layer security that goes beyond standard secure log-ins.


To find out more about our new VIP mobile developer test drive, please visit vipdeveloper.verisign.com. Please also send us your success story and feedback. We'd love to hear from you!


April 20, 2009

VeriSign Identity Protection for Mobile Expanded to Leading Mobile Phones

With the success of VIP Access for iPhone, we are adding many leading phone models into our mobile credential family. In addition to iPhone, VIP Access for Mobile now supports more than 90 popular mobile phone models including all the popular BlackBerry models as well as the Motorola, Nokia and Sony Ericsson.

VIP Access for Mobile is an easy-to-install application that transforms leading mobile phones into strong authentication credentials. To discover the benefits of the easy-to-use and cost-effective VIP Access for Mobile, download VIP Access for Mobile from m.verisign.com.


We continue adding popular feature phones into our phone family each month. If there is a popular phone model you do not see on our current official supported phone list that you would like to be considered, please let us know!

VIP Access for Mobile home page s1.gif

April 16, 2009

VIP Access for iPhone Downloads Reach Record High

We are very excited to share that our VIP Access for iPhone downloads has reached a record high. Downloads grew three times more than our previous record high this week.


We appreciated all the constructive feedback from our VIP users. Many users also wish more online banks, gaming and social network sites would sign up with VIP Network, so they can use one VIP Access credential anytime anywhere to secure their online accounts and online identity.

 
We also have had many iPod touch users ask to be notified when we include support for the iPod Touch. Although in our first release, we leverage SMS as part of activation process, we are reviewing other alternatives to enable iPod Touch users in the near future. Stay tuned.


If you have any suggestions, please email to vipmobile@verisign.com. We love to hear from our users.

April 14, 2009

VIP for iPhone is HOT at the App Store!

What are the hottest applications you can get for your iPhone this week?


Check out Apple's App Store "What's HOT" category. You will see "VIP Access" for iPhone recommended for iPhone users. This is the only security application to receive the coveted endorsement from the App Store - What's HOT category this week.


This great mobile application turns your iPhone into your personal security device and adds an extra layer security for your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and GEICO.

Check out VIP Access on your iPhone and tell us what you think.


AppStore - What's HOT.gif

March 31, 2009

VeriSign App for iPhone lets you Protect Your Identity

Starting today, millions of iPhone users can now protect their online identities with VIP Access! A free download from the Apple app store, VIP Access turns your iPhone into a VIP credential, which adds an extra layer of security to your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and GEICO.


+ Read the New York Times Article

+ Read our press release


Download the app using iTunes or your iPhone here.

vip_iphone.jpg

---Updated April 3, 2009---

Here is the latest coverage:

4/2/2009: Two-factor authentication using an iPhone: Killer security app? – Andrew Patrick

4/2/2009: How to turn your iPhone into unbreakable security token – TG Daily

4/2/2009: VeriSign release iPhone VIP Access security app – Geek.com

4/1/2009: VeriSign App Turns iPhone into Security Device – Mac Evangelism

4/1/2009: Move Over Token! My iPhone Can do The Trick – Celent Banking Blog

4/1/2009: VeriSign VIP Access for iPhone Provides Additional Authentication Security - Mobile Content Today

4/1/2009: VeriSign ships OTP generator iPhone app – Finextra.com

4/1/2009: New VeriSign app offers better online security – TECH.BLORGE

4/1/2009: VeriSign releases online security application for iPhone – The Paypers

4/1/2009: New iPhone App Reduces ID Theft by Unique Password - InfoPackets

4/1/2009: VeriSign Offers Two-Factor Authentication for iPhone – IT Business Edge

4/1/2009: VeriSign app turns iPhone into security device - MacWorld

4/1/2009: VeriSign Powers iPhone Two-Factor Authentication - InternetNews

4/1/2009: VeriSign's free iPhone app secures passwords - InfoWorld

3/31/2009: An iPhone App for Security - BusinessWeek

3/31/2009: VeriSign Brings Authentication Tokens to iPhone - TidBits

3/31/2009: A safer iPhone – SiliconBeat

3/31/2009: What’s the Password? Only Your iPhone Knows– The New York Times Technology Bits Blog

3/31/2009: VeriSign Launches Online Authentication App For iPhone- WebGuild

3/31/2009: VeriSign password generator app for Apple iPhone- RSS For Gadgets

3/31/2009: Verisign launches secure password app: VIP Access - Textually.org

3/30/2009: VIP Access - iGoApps


---Updated April 21, 2009---

Additional News Coverage of VeriSign's new iPhone App

February 25, 2009

Broken Trust II: another victim on Facebook


A quick update on the Broken Trust: when a criminal becomes your friend on Facebook story I posted a few days ago: as it turns out, it sounds like there are more victims of this scam other than my friend Beny and his friend Bryan. As you can see from this WPIX report Eileen Rodriguez also had her facebook account broken into and her friend Shaila lost $650 when she wired money to someone that she thought was her distressed friend.


Interesting to note that scam details were similar and the destination account was in the UK in both cases, which hints at the possibility that both scams were perpetrated by the same people. More troublesome was that Beny's case happened in Jan whereas Eileen's, according to WPIX, happened on Feb 8th which may show that Facebook was not able to block the attackers even after they got notice of the first incident.


The public tally so far is: 2 Facebook identities stolen, 2 friends scammed and $1793 stolen. I suspect there could be more, leave a comment here if you know of anyone else that may have been victimized by this scam.

February 20, 2009

Broken trust: when a criminal becomes your friend on Facebook


Can you get scammed and lose money when you rely on social network sites to connect with friends ? Unfortunately the answer is yes.


A few weeks ago, my friend Beny stepped up to help one of his friends, Bryan, who was robbed at gunpoint in a foreign country.


We've all heard about friends getting in trouble during a trip, but what was new here was the fact that the distress call and help request came via Facebook status updates and instant messages.


As it turns out, the distress call was fraudulent and my friend ended up wiring a total of $1,143 to some fraudster account in England.


How could this happen ? Somehow, a fraudster got a hold of Bryan's Facebook username and password, studied his profile and started to reach out to his friends with the harrowing news and the request for help. The fraudsters were able to sound legitimate when instant messaging to Beny as they casually dropped bits and pieces of personal information that only Brian would know. Or, shall we say, only anyone with access to Brian's account would know. They went so far as leaving voice messages on Beny's phone asking for more money for Brian. After that, all that was left between the fraudsters and the money was Beny's good heart and a wire transfer.


Why are we seeing an increase in these types of attacks against non-financial sites (see also Twitter and Yahoo) ? Well, the answer is that fraudsters and criminals are always looking for the weakest link that can help them get access to your wallet.


Over the last 3 years, banks have stepped up their online banking security with measures such as second factor and risk based authentication. The bad guys did take note of that and are now trying to use the same tools they used against the banks to get access to your email, social network or work applications. There they can find information that can help them get access to your money without having to face the bank's security systems.


What is interesting about social networks is that it doesn't matter that you protect your own passwords, use the latest and greatest anti-virus or only transact with well authenticated EV sites. If any of your social network friends make a mistake and lose their Facebook or MySpace password, now your private information is exposed to a stranger or maybe even a criminal.


All that said, I'm a strong believer in the value of social networks and the hundreds of millions of people accessing them cannot be wrong: the power of sharing information online is really here to stay and we have only seen the beginning of this social fabric that we are building on top of the Internet.


What social network providers need to realize is that the growth and eventual monetization of these networks will depend on how well the user's data, identity and privacy is protected.


Beny will soon forget the $1000 or so that he lost, but I bet he won't recover his trust on social networks for a long time to come.


For more details on Beny and Bryan's case check the following video:

February 3, 2009

Watch out for the "Evil Twin" - Coming to a Hot Spot Near You

Imagine this scenario. You have a couple of hours to kill, so you log onto the free wireless access at an Internet cafe and check your personal email, maybe even make sure your latest check won't bounce by logging on to your banking site. (Whoops, that's just me).


What if a fraudster had set up that free WiFi you just logged into? How much of your personal information was just compromised? Well, this nightmare scenario is coming true. It's so widespread that it has even earned its own nickname: The "Evil Twin." Fraudsters can easily set up a fake hub and even name it to look legitimate, by using the name of a nearby store or cafe. Some people have noticed this in airports.


But don't lose hope: the "good guys" at the WiMAX Forum have defined a security model using two-way mutual authentication and they are creating standards that will protect us from this kind of scam. WiMAX is one of the standards for mobile broadband. It's not fully adopted anywhere yet, because only some providers have adopted it as a standard. But some of the big chip makers will be baking it into devices in the coming years so it will become more widespread.


Today we are announcing that the WiMAX Forum has chosen VeriSign as the Certificate Authority to secure the certificates that will go on WiMAX-enabled servers and devices.


Our PKI Product Manager, Charul Sadwelkar took a few moments to answer some of my questions about VeriSign's role in the WiMAX ecosystem. Charul used to work in the mobile industry so he knows all the jargon and he explained all the competing standards.


Question: "Are there any competing standards to WiMAX today?"
Answer: "There are competitive technologies that are in various stages of evolution. The one most commonly cited is the "Long Term Evolution" (LTE) roadmap, which is the path taken by the GSM and the GPRS service providers. But we believe that they are a little bit behind WiMAX which is spearheading the high-speed mobile Internet access revolution."


Question: "As part of VeriSign's PKI service for WiMAX, are we using any proprietary technologies?"
Answer: "VeriSign takes pride in the fact that we are a standards-based PKI provider. For the WiMAX ecosystem, we are not doing anything proprietary, these are very standard certificates with profiles as specified by the forum."


Question: "When will WiMAX be widespread?"
Answer: "It is in pilot roll-out in a couple cities in the US and in some Asian countries where the landline infrastructure is not particularly strong. We expect that WiMAX will be available in a widespread in a year or two from now."

Listen to the interview with Charul

Learn More:
White Paper: Helping to Secure the WiMAX World: VeriSign WiMAX PKI
Service

Data Sheets: VeriSign WiMAX Public Key Infrastructure Service for Device
Manufacturers
, and VeriSign WiMAX Public Key Infrastructure Service for Service
Providers

January 28, 2009

Welcome Name.com!

Lately I seem to be posting notices about hacks and identity theft - like Monday's Monster.com news. Today's entry has a happier note - I'm proud to welcome Name.com to the VIP Network. Check out the press release and some of the reaction in the blogosphere.

January 26, 2009

A Monster Problem

It seems like every day there's another headline about a major site being hacked with stolen usernames and passwords. Today it's Monster.com, which has compromised the passwords and personal details of thousands of recruiters and job seekers.


How many more of these breaches will it take for people to realize that just plain passwords aren't good enough?