Wednesday, July 30, 2008

Online Threats come faster

More evidence that a new approach to security is required if user's hope to stave off the threats caused by conventional browsers and PC vulnerabilities...

While the security community has a responsibility to act as a watchdog and report the vulnerabilities that are discovered, these alerts are increasingly becoming a hand-book for even amateur hackers.

...online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary.

In Web browsers — an area heavily targeted by hackers — hacking exploits were available within a day after flaws were discovered 94 percent of the time, up from 79 percent in 2007, IBM's report said.

For all PC vulnerabilities, over 80 percent of the exploit code was released the same day — or even before — the holes were publicly disclosed. That's up from 70 percent last year, according to the IBM study.


It would seem to me that a more private, well-vetted consortium of experts/companies should form a closed reporting system that prevents exploits (as much as possible) from becoming public until after they are addressed. It'll never fully stop the publication of "proof of concept" hacks, but a 'silent whistle' system that is endorsed by all involved could make a dent in the problem.

More importantly, it's clear that security can't be a 'reactive' system, patching exploits and issuing virus signatures in response to hackers. Instead, security should be an active solution that 'allows' the good rather than seeking to prevent the bad. SafeCentral is just one example of this new paradigm in security.

Friday, July 25, 2008

Firstrade Partnership Launches.

The entire SafeCentral team is thrilled to have announced the formal launch of our partnership with Firstrade this week. Firstrade is providing SafeCentral access to Firstrade accounts free of charge, granting their customers the most secure trading environment available in the world. We are proud to partner with Firstrade's consistently top-rated online brokerage, and to work with them to make trading even safer.

This is significant when you consider the unique risks posed by account compromise in the trading markets. After all, the exposure of your credit card or bank account information typically impacts just you, while the compromise of trading credentials can lead to stock price manipulation that could affect millions, and the very fabric of the market. An example of this occurred recently, with the 'pump and dump' scheme executed using stolen credentials from two other trading firms. The resulting $22 Million in losses could have been prevented if users had been using secure browsing tools like SafeCentral.

Wednesday, July 23, 2008

PCMag.com Reviews SafeCentral

In my line of work, you grow accustomed to product reviews and opinions that either praise or punish the monumental efforts of the company. Most reviews are fair, and most are conducted with integrity and impartiality. However, nothing is more rewarding or satisfying than a review or opinion piece that begins by understanding and validating the fundamental purpose of a product or service correctly. Such is this review from PC Mag.com's Neil J. Rubenking; which truly 'gets it' with regard to SafeCentral's raison de etre.

We're already working on a few of the small requests noted in this review (Password Manager coming soon!), while the rest of Neil's analysis captures and validates SafeCentral's revolutionary security promise superbly. Please give it a read and share your comments.

Monday, July 7, 2008

Take the Guided Tour!

I've posted a 5-part "Guided Tour" on the release version of SafeCentral. This is the most complete and compelling look at the entire service, and should help even SafeCentral veterans understand the service a little better.

http://www.safecentral.com/howitworks/Guided_Tour.html


Your feedback and comments are appreciated.