FixNix Blog

CIOs not very open to “Open Source Software”

Aug 29, 2014 1:18:15 AM / by Shanmugavel Sankaran posted in information security, Blog, CIO, open source, open source software, OSS

0 Comments

By Salvi Mittal

Read More

Forget Passwords: A Look at the Future of Logging In

Aug 27, 2014 6:26:15 AM / by Shanmugavel Sankaran posted in hackers, information security, IT security, LOGIN, Blog, cyber crime, cyber insurance, cyber security, cyber threat, password

0 Comments

Good news: you're not forgetful, your passwords are just too hard to remember. Now, researchers across the world are working on a whole raft of solutions to make a password-less future a reality.

"With passwords, you are required to use a different one for every site, it can't be a dictionary word or a name, it must have a long enough mixture of lowercase, uppercase, digits and symbols, you are not allowed to write it down, etc... but, if they get hacked, then they get blamed for not having followed the rules." University of Cambridge Computer Laboratory's Frank Stajano told CNBC via email.

Forget passwords: This is the future of logging in

Image credit: Shutterstock

Stajano's elegant solution to this problem is the Pico, a small electronic gadget that remembers your login credentials on your behalf.

Instead of typing a password, you scan a code with your Pico and this initiates a cryptographic protocol that logs you in.

Pico only works in "an aura of safety" created by proximity to a set of even smaller gadgets, called Picosiblings, that can be carried on your person or embedded in clothing. This makes it difficult to steal, as the device locks outside of its aura of safety.

It also backs itself up every time you recharge it meaning you don't lose access to your services if you lose the device.

"Pico aims to eliminate the requirement to remember any secrets in order to log in, be they passwords, PINs, passphrases, images, finger squiggles or whatever," says Stajano.

Stajano's is not the only solution in the pipeline: across the world other security companies are rushing to solve the password problem.

A space age handwriting match

A good example is Sweden-based BehavioSec, a security company that has created software that can identify you by how you type your password.

The idea has gained traction with European banks, as an unobtrusive way to validate whether the user is authentic or not.

"We're looking for the rhythm of how they type, not exactly what they type but how they do it." BehavioSec CEO Neil Costigan told CNBC in a phone interview. "We then compare that to how you've used your computer or device in the past."

Any anomalies are then flagged up, which starts a further validation.

The system, which has a 99.7 percent accuracy rate at identifying users, makes it very difficult for hackers to use a stolen password.

"Consumers are quite comfortable with pins and passwords and things like our technology makes those more secure" says Costigan.

 

Less is more

Another possible solution is a zero-interaction authentications (ZIA) system, where users do not need to interact explicitly with a machine or system in order to authenticate their credentials.

A team of researchers at the University of Alabama, led by Nitesh Saxena, an associate professor in the Department of Computer and Information Sciences, is working on safe and easy to use a ZIA system that they hope will eliminate the need for passwords.

Their system gives users a security token -- such as a mobile phone or a car key -- using an authentication protocol over a short-range, wireless communication channel, such as Bluetooth. It eliminates the need for a password and diminishes the security risks that accompany them.

"Given the usability and security advantages of our ZIA mechanisms, we believe that they may serve as an attractive alternative to traditional password-based authentication, if not completely eliminate it." Saxena said.

In their system a user need only be in close proximity to the device that requires log in credentials to be allowed access, which is rather handy, if it turns out that you are forgetful, after all.

Read More

6 trends that will shape Information security in 2014

Aug 25, 2014 2:05:57 PM / by Shanmugavel Sankaran posted in hackers, information security, IT infrastructure, IT security, malware, security services, Blog, cyber, cyber attack, cyber crime, cyber security, entrepreneur

0 Comments

Worldwide spending on information security will reach $71.1 billion in 2014, an increase of 7.9 percent over 2013. The data loss prevention segment will record fastest growth at 18.9.

Read More

Don’t Let Software be a Leaky Tap in the Organization: BSA

Aug 22, 2014 6:10:28 AM / by Shanmugavel Sankaran posted in information security, software, software asset management, software vendor, Unlicensed software, audit management, Blog, cyber security

0 Comments

Unlicensed software can become a huge liability for an organization. BSA recommends considering software asset management for efficiency and cost-effectiveness.

Read More

US Nuclear Regulatory Commission hacked 3 times in 3 years

Aug 22, 2014 12:04:20 AM / by Shanmugavel Sankaran posted in hackers, information security, united states, US, Blog, cyber, cyber attack, cyber crime, cyber security, Nuclear Regulatory commission, phishing

0 Comments

 

Read More

Why CISO have one of the toughest jobs in business world

Jul 21, 2014 3:05:00 PM / by Shanmugavel Sankaran posted in information security, security breach, security officer, Blog, CISO, cyber, cyber security

0 Comments

By Nicole Perlroth

Read More

89% executives say cybercrime major threat for businesses: KPMG

Jul 21, 2014 8:15:46 AM / by Shanmugavel Sankaran posted in hackers, information security, Blog, cyber, cyber crime, cyber security

0 Comments

NEW DELHI: Cybercrime has emerged as a major threat for businesses across the country, with an overwhelming 89 per cent of executives surveyed believing such attacks could hamper not only the financial dealings but also damage the brand value and market reputation, says a KPMG report.

Read More

Transitioning to ISO 27001:2013 – An Interview with Alan Calder

Jul 21, 2014 12:28:43 AM / by Shanmugavel Sankaran posted in information security, information security standard, ISO, ISO 27001, ISO 27001 training, Alan, Blog, cyber threat

0 Comments

With the release of ISO 27001:2013 last October, organizations that are already certified to the 2005 version of the ISO 27001 Information Security Standard will be looking to transition to the new 2013 version over the next 12 months. The updated Standard contains changes that will affect the way you maintain your Information Security Management System (ISMS). Alan Calder, a globally recognized expert in information security and ISO 27001, is holding an online training course on July 30, 2014, which aims to help delegates successfully transition their organization to the updated version of the Standard.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts