Sign-on Authentication Methods Insufficient to Prevent Attacks
In attempts to show their improvement at securing the online transactions, companies are adding multiple authentication devices at sign-on, for instance, site keys. However, according to experts, even if there are ten different authentication processes, users could still be vulnerable to attacks.
Companies think everything is Ok once they authenticate a user. But instead, they create an artificial feel of security for them and false encouragement to carry out business transactions, according to David Burns, CEO, 2factor Inc., Maumee, Ohio. Computerworld.com published this in news on August 28, 2007.
According to Burns, who holds the responsibility of one of many initiatives that address this problem, the real danger for the online transactions today arises from intra-session attacks, where a hacker captures a safe session without the user knowing about it. These generally happen either in a piggyback hit or in an attack through a hoax server.
Joel Snyder, security expert, who is also a senior ally at Opus One in Tucson, Arizona, explains a piggyback hit as one by a hacker who attacks on the basis of some other person's credentials that he obtains by using a malicious code. Computerworld.com published this in news.
On the other hand, in an attack through a hoax server, the hacker poses to be an entity that the user believes in, say his bank, assuming which he tricks him into visiting the hoax site rather than the real one by sending a seemingly authentic e-mail. When the user goes to this site and enters his login details, the hacker seizes the victim's username and password, says Snyder.
While advancements in technology have benefited enterprises, it has not been able to prevent cyber crime, agree cyber security professionals. Though these new technologies help organizations to adopt new methods to counter online attacks, it is also enabling hackers to find new ways to carry out their criminal activities.
According to Avivah Litan, analyst at Gartner Inc., more is required beyond methods of sign-on authentication. Computerworld.com published this. Litan added that even the latest methods of security sometimes fail to deal with the new problems such as "man in the browser" attacks.
Related article: Sixem Worm Striking World Cup
» SPAMfighter News - 11-09-2007