VeriSign Shares Strong Authentication Development Tools with Mobile Developers in the Fast Lane
We announced our new "Mobile Developer Test Drive" program today at the 2009 RSA Conference. By leveraging the VIP Access for Mobile SDKs, developers can easily and quickly create a pilot version to transform personal mobile devices into two-factor authentication credentials.
The pilot allows developers to test the functionality of the mobile application to see how simply they can integrate strong authentication with any J2ME and iPhone applications. Developers of mobile payment, mobile banking, m-Commerce and mobile social networking can also easily incorporate VIP open standards two-factor authentication into their applications and protect their users with extra layer security that goes beyond standard secure log-ins.
VeriSign Identity Protection for Mobile Expanded to Leading Mobile Phones
With the success of VIP Access for iPhone, we are adding many leading phone models into our mobile credential family. In addition to iPhone, VIP Access for Mobile now supports more than 90 popular mobile phone models including all the popular BlackBerry models as well as the Motorola, Nokia and Sony Ericsson.
VIP Access for Mobile is an easy-to-install application that transforms leading mobile phones into strong authentication credentials. To discover the benefits of the easy-to-use and cost-effective VIP Access for Mobile, download VIP Access for Mobile from m.verisign.com.
We continue adding popular feature phones into our phone family each month. If there is a popular phone model you do not see on our current official supported phone list that you would like to be considered, please let us know!
We are very excited to share that our VIP Access for iPhone downloads has reached a record high. Downloads grew three times more than our previous record high this week.
We appreciated all the constructive feedback from our VIP users. Many users also wish more online banks, gaming and social network sites would sign up with VIP Network, so they can use one VIP Access credential anytime anywhere to secure their online accounts and online identity.
We also have had many iPod touch users ask to be notified when we include support for the iPod Touch. Although in our first release, we leverage SMS as part of activation process, we are reviewing other alternatives to enable iPod Touch users in the near future. Stay tuned.
If you have any suggestions, please email to vipmobile@verisign.com. We love to hear from our users.
What are the hottest applications you can get for your iPhone this week?
Check out Apple's App Store "What's HOT" category. You will see "VIP Access" for iPhone recommended for iPhone users. This is the only security application to receive the coveted endorsement from the App Store - What's HOT category this week.
This great mobile application turns your iPhone into your personal security device and adds an extra layer security for your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and GEICO.
VeriSign App for iPhone lets you Protect Your Identity
Starting today, millions of iPhone users can now protect their online identities with VIP Access! A free download from the Apple app store, VIP Access turns your iPhone into a VIP credential, which adds an extra layer of security to your online accounts at the 40+ members of the VIP Network - including eBay, PayPal, AOL, and GEICO.
A quick update on the Broken Trust: when a criminal becomes your friend on Facebook story I posted a few days ago: as it turns out, it sounds like there are more victims of this scam other than my friend Beny and his friend Bryan. As you can see from this WPIX report Eileen Rodriguez also had her facebook account broken into and her friend Shaila lost $650 when she wired money to someone that she thought was her distressed friend.
Interesting to note that scam details were similar and the destination account was in the UK in both cases, which hints at the possibility that both scams were perpetrated by the same people. More troublesome was that Beny's case happened in Jan whereas Eileen's, according to WPIX, happened on Feb 8th which may show that Facebook was not able to block the attackers even after they got notice of the first incident.
The public tally so far is: 2 Facebook identities stolen, 2 friends scammed and $1793 stolen. I suspect there could be more, leave a comment here if you know of anyone else that may have been victimized by this scam.
Broken trust: when a criminal becomes your friend on Facebook
Can you get scammed and lose money when you rely on social network sites to connect with friends ? Unfortunately the answer is yes.
A few weeks ago, my friend Beny stepped up to help one of his friends, Bryan, who was robbed at gunpoint in a foreign country.
We've all heard about friends getting in trouble during a trip, but what was new here was the fact that the distress call and help request came via Facebook status updates and instant messages.
As it turns out, the distress call was fraudulent and my friend ended up wiring a total of $1,143 to some fraudster account in England.
How could this happen ? Somehow, a fraudster got a hold of Bryan's Facebook username and password, studied his profile and started to reach out to his friends with the harrowing news and the request for help. The fraudsters were able to sound legitimate when instant messaging to Beny as they casually dropped bits and pieces of personal information that only Brian would know. Or, shall we say, only anyone with access to Brian's account would know. They went so far as leaving voice messages on Beny's phone asking for more money for Brian. After that, all that was left between the fraudsters and the money was Beny's good heart and a wire transfer.
Why are we seeing an increase in these types of attacks against non-financial sites (see also Twitter and Yahoo) ? Well, the answer is that fraudsters and criminals are always looking for the weakest link that can help them get access to your wallet.
Over the last 3 years, banks have stepped up their online banking security with measures such as second factor and risk based authentication. The bad guys did take note of that and are now trying to use the same tools they used against the banks to get access to your email, social network or work applications. There they can find information that can help them get access to your money without having to face the bank's security systems.
What is interesting about social networks is that it doesn't matter that you protect your own passwords, use the latest and greatest anti-virus or only transact with well authenticated EV sites. If any of your social network friends make a mistake and lose their Facebook or MySpace password, now your private information is exposed to a stranger or maybe even a criminal.
All that said, I'm a strong believer in the value of social networks and the hundreds of millions of people accessing them cannot be wrong: the power of sharing information online is really here to stay and we have only seen the beginning of this social fabric that we are building on top of the Internet.
What social network providers need to realize is that the growth and eventual monetization of these networks will depend on how well the user's data, identity and privacy is protected.
Beny will soon forget the $1000 or so that he lost, but I bet he won't recover his trust on social networks for a long time to come.
For more details on Beny and Bryan's case check the following video:
Watch out for the "Evil Twin" - Coming to a Hot Spot Near You
Imagine this scenario. You have a couple of hours to kill, so you log onto the free wireless access at an Internet cafe and check your personal email, maybe even make sure your latest check won't bounce by logging on to your banking site. (Whoops, that's just me).
What if a fraudster had set up that free WiFi you just logged into? How much of your personal information was just compromised? Well, this nightmare scenario is coming true. It's so widespread that it has even earned its own nickname: The "Evil Twin." Fraudsters can easily set up a fake hub and even name it to look legitimate, by using the name of a nearby store or cafe. Some people have noticed this in airports.
But don't lose hope: the "good guys" at the WiMAX Forum have defined a security model using two-way mutual authentication and they are creating standards that will protect us from this kind of scam. WiMAX is one of the standards for mobile broadband. It's not fully adopted anywhere yet, because only some providers have adopted it as a standard. But some of the big chip makers will be baking it into devices in the coming years so it will become more widespread.
Our PKI Product Manager, Charul Sadwelkar took a few moments to answer some of my questions about VeriSign's role in the WiMAX ecosystem. Charul used to work in the mobile industry so he knows all the jargon and he explained all the competing standards.
Question: "Are there any competing standards to WiMAX today?" Answer: "There are competitive technologies that are in various stages of evolution. The one most commonly cited is the "Long Term Evolution" (LTE) roadmap, which is the path taken by the GSM and the GPRS service providers. But we believe that they are a little bit behind WiMAX which is spearheading the high-speed mobile Internet access revolution."
Question: "As part of VeriSign's PKI service for WiMAX, are we using any proprietary technologies?" Answer: "VeriSign takes pride in the fact that we are a standards-based PKI provider. For the WiMAX ecosystem, we are not doing anything proprietary, these are very standard certificates with profiles as specified by the forum."
Question: "When will WiMAX be widespread?" Answer: "It is in pilot roll-out in a couple cities in the US and in some Asian countries where the landline infrastructure is not particularly strong. We expect that WiMAX will be available in a widespread in a year or two from now."
It seems like every day there's another headline about a major site being hacked with stolen usernames and passwords. Today it's Monster.com, which has compromised the passwords and personal details of thousands of recruiters and job seekers.
How many more of these breaches will it take for people to realize that just plain passwords aren't good enough?
We encourage comments and look forward to hearing from you.
Please note that VeriSign may, in our sole discretion, remove comments
if they are off topic or inappropriate.
