Saturday, December 31, 2005

Phishing got better in 2005. Banks are improving too. 

US bank examiners are going to be "strongly encouraging" banks to use something better than passwords to protect online banking. Passwords have the drawback that they're the same every time you use them, so if a crook can trick you into typing your banking password into the crook's website then the crook owns your bank account.

The banks are supposed to use, instead, some kind of technology where you'll have to do something different every time you log in. Some European banks mail you a piece of paper with many disposable passwords. You use one, and then you cross it off because the bank's website will never accept it again. Another system gives you a small handheld box which shows a number that changes unpredictably every minute. You type that number in along with a normal password. The bank website knows what number is correct for you for that particular minute.

These are good things. Unfortunately there's still a problem. All these technologies prevent is the problem of a crook copying down your password and using it later. What happens if they use it right away, meanwhile pretending to be your bank so that you don't notice anything wrong?

Crooks have already started playing tricks like that even though it's technically harder, requires more steps, and keeps them from selling the passwords or striking at a time of their own choosing.

A lot of bright people are trying to invent more complete solutions. Stay tuned.


What changed in 2005 

2005 will stick in our memories as the year we woke up to the threat from "legitimate" companies.

Sony shipped software on some music CDs that created blind spots where your computer couldn't see certain files. That's bad in itself but worse yet creates an opening for bad guys to use, which of course they did.

This wasn't a freak accident either. Computers are machines for reading, changing and copying information. A company that wants to prevent computers from copying their CDs and DVDs needs to cripple the computer one way or another. Expect more stories like the Sony story.


This page is powered by Blogger. Isn't yours?