Stuart Sumner, Computing, Tuesday 2 November 2010 at 17:41:00
Ethical hacker Jason Hart blames consumer devices and home working
Some 2,500 web sites with the .co.uk domain are hacked every hour, according Hart, who describes himself as an ethical hacker, blamed the increase in Tony Neate, managing director of "When I looked up the bank in the contacts section of his phone, sure enough But those of us who are more guarded with our passwords are equally at risk, He set up a portable wireless router, with a 3G mobile card connected to it, He showed how simple it was to gather information on user names, passwords "Once you have a user name and password, you're invisible," said Hart. Once a cyber criminal has access to user names and passwords, they are able The answer, according to the panel, lies in two-factor authentication. For Hart explained that varying levels of security can be applied in a scaleable
to Jason Hart, senior vice-president of authentication specialist
Cryptocard,
who was speaking at the 'Cyber-Proofing the British Enterprise' event in London
today.
attacks on the proliferation of consumer devices and the growth of home working.
He argued that organisations and users are also to blame for being too relaxed
over password security.
GetSafeOnline,
a joint initiative between government, enterprises and law enforcement agencies
to provide free security advice, agreed. Neate provided the example of a friend
who had the link to his personal online banking tool on his iPhone.
there was his user name and password," Neate said.
as Hart demonstrated, with a live hack at the event.
and simply named the network 'BTOpenzone'. IPhones are set to connect to any
network with this name by default, and don't differentiate between the real BT
network and rogue networks, such as Hart's.
and IP addresses from this network, leaving no trace of the malicious activity.
to take data or even complete control over web sites. Hart showed a web site
where hackers go to brag about their conquests,
called
Zone H, where Berkshire council is near the top of a list of victims, having
been hacked this morning.
example, where a user name and password is combined with a one-time code from a
secure token. Security can be further enhanced by adding mutual authentication,
where the other party also sends authenticating data back to the user, or
out-of-bound authentication, which could send a code via a different medium,
such as SMS.
manner depending on the individual, and the sensitivity of data they are likely
to access.
Full story at http://www.computing.co.uk/computing/news/2272643/500-uk-websites-hacked-every
Posts
No comments:
Post a Comment