Tuesday, April 29, 2008

Finovate 08

Our CTO, Ray Dickenson, was kind enough to send me a live update on today's proceedings at FinovateStartup '08 in San Francisco. Ray and Doug Brunt, our President & CEO, took the stage at 8:00AM to show off SafeCentral. It's really our first public unveiling, so what better than to be first out of the starting gate.

Ray said:

"The software performed well during our demo and Doug did an excellent job as the spokesmodel for SafeCentral.

Authentium was randomly picked to present first thing in the morning. Any concerns I had that the audience would arrive late and not be alert and tuned in for an early start were dismissed when I peered through the curtains before we went on stage and saw about 260 faces alert and ready to see new stuff.

Doug and I performed our patented 5-minute demo that showed me logging into Paypal and getting my credentials and account details stolen. Then we launched SafeCentral. I used the absolute latest build that launches the secure desktop and browser in about 3 seconds. In SafeCentral, I logged in to my Bank of America account, sharing my wife's sitekey with the world. Closing SafeCentral, we showed the blank keylogger screen that is familiar to all of you.

As I mentioned, we are now sitting in the audience watching all the other presentations. In about 15 minutes we adjourn to the hallway where 20 display screens are set up for each presenter to run additional one-on-one demos for attendees.

There's the realtime update for you. More later.

It can be a daunting challenge to attempt to showcase a solution to a problem as complex and multi-faceted as online identity theft in just 5 minutes, but I know Ray and Doug were up to the challenge.

Coverage and Blogs are just starting to come in, including this post from Christophe Langlois. Christophe is one of the most active and respected bloggers in the world of online banking, social media and associated technologies, and there's a wealth of great content over at visible-banking.com.

Monday, April 28, 2008

7 surefire ways to become an ID theft victim

Rarely do you see highly technical computer security articles address the problem in witty, easy to understand terms. I was happy to discover this post from the Bankrate.com 'News & Advice' section (single-page available here). Sheyna Steiner takes on the topic of Identity Theft with a pragmatic, intelligent, and somewhat comical 'in your face' look at the perils we all willingly expose ourselves to when online. It's a great read, and there's a lot of simple yet informative tips for staying safe.

"Experience the hassles of being defrauded firsthand! If you love bureaucracy and the thrill of waiting in line to talk to government and bank employees again and again, becoming an identity theft victim might be right for you."
Sign me up! I wish every day could be a trip to the DMV.
"For maximum risk, commit the computing equivalent of licking a handrail in a New York City subway station and do some online banking on a public computer -- like the one at the library or a public cafe. Bonus points are added if your Social Security number is your user ID for any transactions."
Who hasn't licked the NYC subway station handrail? I thought that's what they meant by the 'flavor of the city'?
"Secret crushes, long lost friends saying "what's up" or strangers hawking cheap drugs -- you'll never know unless you peek at that e-mail."
Thus shattering my fantasy that I had attracted 43 secret admirers today.
"These days one has to assume that any communication with a business or government entity that hasn't been specifically initiated by the consumer with the appropriate authentication process is a complete swindle."
Unfortunate and true.

Tip of the hat to Sheyna and the Bankrate team for this excellent article.

Friday, April 25, 2008

Preview of Upcoming SafeCentral Features

The developers have really been cranking out some great work lately, pushing things forward in the areas we get the most feedback on. Two things at the top of the priority list will be addressed in an upcoming release:

  • Faster Launching
  • Simple suspend/resume and integration into standard Windows environment.
Have a peek at this video for a brief look at these enhancements.
(Looks like YouTube 'chewed' the beginning of the video a bit, but it comes in fine after a moment - apologies)

I'm sometimes blown away but what the coders can do in astonishingly short periods of time.

Wednesday, April 23, 2008

Bitten when browsing

Yesterday's technology blog post at the WallStreetJournal.com is a prime example of how hackers stay ahead of conventional security measures. In the article, Ben Worthen, notes that hackers have migrated their focus from traditional email-based proliferation to more sophisticated and 'silent' means of malware distribution. Just visiting a website can lead to a security breach, as hackers exploit the weaknesses of your web browser and install their nefarious agents on your machine.

This only strengthens our belief that a new paradigm, which breaks away from the reliance on the traditional 'dirty' browser, is required to achieve any semblance of real safety online.

What's most frustrating, as a marketer and someone passionate about our new service, is the summation of Worthen's post - which probably sums up how most people react to news like this:

"The bad news is that there isn’t much individuals can do to protect themselves from these attacks besides using the most recent version of a Web browser and hoping that the attacker’s code is designed to take advantage of an older browser."

Actually, there is something individuals can do. You guessed it: SafeCentral. Since we restrict all untrusted operations, and run our own protected browser, you're vastly more secure when visiting any site from within SafeCentral. More importantly, you're protected from the bugs, viruses, spyware, and other hacker tidbits you picked up while casually surfing in IE or Firefox; so even if the malware is on your machine, it can't be used to steal your identity when using SafeCentral.

How do we get the word out that there is an answer? Feel free to add a comment with suggestions on better communicating the SafeCentral message.

Tuesday, April 22, 2008

A Key to Everything

There's nothing new in the latest survey findings from Accenture; the repeated use of a single password for all online accounts is human nature; who wants to try to remember 17 different username/password combinations in a world as busy and hectic as the high-tech one we live in today?

Nonetheless, it emphasizes how easy we make it for hackers to gain access to our entire life online. Every mail account, forum, banking site, shopping site, easily accessed with that one 'golden key' of a password we use repeatedly. I admit, even as a member of the 'security community', I often repeat my favorite password, or some derivative thereof, on multiple sites. It's just too hard and time-consuming to come up with 15 passwords I know I'll never remember.

We're working on methods to aggregate your passwords into a single, manageable, and encrypted tool within the SafeCentral experience. There are several very useful, encrypted 'password managers' or 'digital wallet' systems available, (as a frequent Mac user, I use the aptly named Wallet; or Roboform when on my PC) and taking the time to incorporate one into your personal data management routine is a great way to improve your personal security, and still keep critical data at your fingertips. Still, gaining access to these encrypted databases is usually accomplished with one 'golden password'. The best protection remains preventing the interception of your password(s) by using a secure, encrypted browser whenever you log on to financial services. All passwords are only as secure as the number of people who know them; we aim to keep that number to just one - YOU - with SafeCentral.

Monday, April 21, 2008

We need more than a seat belt.

PayPal made news at RSA with the publication of a paper that spells out a plan to eventually block older and otherwise "unsafe browsers" from accessing its services. Unfortunately, "unsafe browser" could be an apt description of every standard browser currently in use.

PayPal's plan calls for shutting off access from older versions of Internet Explorer, Firefox (and possibly Apple's Safari, should Apple fail to add the requested features) which don't support the new Extended Validation SSL certificate system. EV SSL certified sites display a green address bar and company name in an attempt to prevent phishing attacks by visually confirming to the user the validity of the site.

It's certainly a better system and a worthwhile addition to the layered security model, but it doesn't solve several underlying issues:

  1. The world's been using SSL certification (those little locks at the bottom of your browser), and other tools for years in an effort to keep users from entering their personal data at falsified sites - and it hasn't stopped the problem from expanding. These visual cues can be spoofed by hackers, and most users simply don't know what they mean, nor pay attention to their existence.

  2. Even if a user could be certain that they're on the actual PayPal site, there's nothing to prevent spyware and other agents from capturing every detail, password, keystroke and screen from that session. The hacker then logs on with the stolen credentials, gets the same reassuring green address bar, and cleans out your account.

The latest browsers, including Internet Explorer 7, and Firefox beta 3, provide no protection against desktop spyware and other tools for 'listening in'. As long as desktop agents are allowed to run unchecked, identity theft - and the resulting fraud - will continue to grow unabated. As long is the industry relies on users to recognize a combination of cues, accept a barrage of alert pop-ups, and navigate the dirty minefield of traditional browsing, the problem will continue to grow. We need a new paradigm, one that separates 'standard' browsing from activities that require real security.

I applaud PayPal's effort to raise the security level on their site by locking out "unsafe browsers", but if it's security they seek, perhaps they should consider locking out all standard browsers and requiring SafeCentral, which supports EV SSL while providing DNS security and desktop malware defense.

PayPal said that allowing unsafe browsers to access its site
"is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts."
True. However, seat belts have been standard in cars since the early 60's; perhaps requiring air-bags, and even accident avoidance systems would be a more appropriate goal in 2008. Our goal in developing SafeCentral is to be ahead of the hackers, responding in advance to tomorrow's threats.

Friday, April 18, 2008

An ounce of prevention...

The old adage says that "an ounce of prevention is worth a pound of cure"; and nowhere is that more true than in the world of Identity Crime. I was encouraged to see that Peter Piazza of NewsFactor pressed this point in his first look at SafeCentral.

There are two terms used seemingly interchangeably to describe the problem: 'Identity Theft', and 'Identity Fraud', but these terms describe two distinctly different events. The difference between these events highlights the reason we created SafeCentral, and why it is such an important factor in the defense of your identity and your money. An ounce of identity theft prevention is worth a pound of identity fraud cure.

According to Webster's Dictionary, theft is "the action or crime of stealing"; fraud is "wrongful or criminal deception intended to result in financial or personal gain". You can't commit identity fraud without first having committed identity theft. It is therefore paramount to one's personal security to safeguard the data that can lead to identity fraud. SafeCentral aims to provide just such protection, isolating your online activities from prying eyes and assuring that your usernames, passwords, and personal credentials remain secure.

The importance of prevention becomes evident when you look at the true cost of a cure. There are several prominent (worthwhile, I might add) services that can monitor your credit and raise an alarm should someone try to conduct a fraudulent transaction or application in your name. In addition, many of these services will go the extra mile and insure you against disastrous financial loss. Unfortunately, they cant make the clean-up after an identity breach any easier. You're still going to spend as long as a year getting all new credit cards, perhaps a new social security number, closing out or migrating at-risk accounts, cleaning your dirtied credit, and realigning all of the payments and pay services that were auto-billing to your various accounts. In short, you're going to pay in sweat and tears what you don't pay in plain cash.

As with all security, a layered approach is best; but nothing can substitute for a SOLID first line of defense. In the case of online identity crimes, that means prevention - which means SafeCentral. Combined with an up-to-date desktop security suite, and adequate credit monitoring or fraud prevention services, SafeCentral can sure up your identity and give you the freedom and confidence to transact online at your leisure, and save you from ever having to fight to recover a stolen identity.

Peter's article is one of the first I've read that accurately differentiates the actions of theft and fraud in the internet age. We at SafeCentral, and the entire team at parent-company Authentium, are excited to be bringing to market the first truly end-to-end identity theft prevention service.

Thursday, April 17, 2008

Launch Day Recap

Wow, what a day.

Fortunately our press release was well-received, which led to a full day discussing SafeCentral's revolutionary approach with press and analysts from across the country. I'm impressed with how quickly people seem to grasp the concept, and how many say they have been waiting for a solution like SafeCentral. Even the most security-conscious and diligent analysts I spoke to said they were going to install SafeCentral for their personal use; which is a reassuring testament to the value of our new service.

Allan Maurer, from TechJournal South, inquired about SafeCentral, offered superb feedback, and had this article up in a flash.

David Utter, from SecurityProNews, has always provided excellent analysis of online security, and took a fresh look at SafeCentral in his recent article.

I'm thrilled to finally have the opportunity to discuss SafeCentral with the public and press, and excited about the opportunities in the days and weeks to come to continue to share our message.

SafeCentral Arrives!

Welcome to SafeCentral!

We officially launched our secure Internet portal a few minutes ago: http://tinyurl.com/3jeh47, and I must say that after over a year of work, it’s great to finally go live.

The main question we get asked by family, friends, and colleagues is:

"What is SafeCentral and why do I need it?"

It’s simple, we created SafeCentral to give users the freedom to surf the Internet in complete privacy and safety. Over 50 percent of PCs are already infected with spyware, even though most have antivirus, anti-spyware, and firewall software installed. Clearly, traditional security products are not enough anymore. By creating this secure portal, we are hoping to restore users’ confidence in shopping, banking, or even filing taxes online and to actually prevent ID theft.

So, how do we do it?

SafeCentral prevents cyber crime and identity theft by locking down PCs, launching a secure browser, and connecting users to a trusted portal of their favorite destinations. We use our patent-pending TSX technology to create what we call a virtual “concrete bunker” that safeguards users from viruses, spyware, Trojan horses, keyloggers, phishers, man-in-the-middle attacks, screen scrapers, DNS poisoning, Wi-Fi interception – you name it. We eliminate the confusing avalanche of threats and free you to use the internet the way you want.

What we love about SafeCentral is users don’t have to change the way they work or waste hours scanning for threats that have already compromised their computers – SafeCentral takes care of your privacy with a single click. Our portal shields desktops from all the nastiest threats without limiting flexibility, functionality, or usability. We believe it is the only answer to preventing ID theft. I'll be blogging more soon about the often confused terms of 'identity theft' and 'identity fraud', because so many other approaches focus on the wrong side of these distinct problems.

Give it a try http://www.safecentral.com. We hope you like it. Let us know if you have any questions or suggestions on how to make it better. We’ll listen and get back to you ASAP.