http://emergentchaos.com/archives/2008/07/on-banking-security.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2008/07/on-banking-security.html/comment-page-1#comment-4843 Tamzen Thu, 03 Jul 2008 16:49:57 +0000 http://emergentchaos.com/?p=2818#comment-4843 And Blizzard sold out of the Authenticator in 2 days. They are working to ramp production up but clearly they had no idea that this would sell out so fast. And they are making it available for what looks like less than it costs them. $6.50 is really cheap for something like this. For them to move to this model probably means they are really bleeding out mucho $$ on tech support for people being hacked and having all their stuff stole and sold. It was VERY funny reading on the forums where the few clueful people were trying to explain 2-factor authentication and RSA Secure ID and how, no this can't be hacked in 3 days and yes it is secure. And Blizzard sold out of the Authenticator in 2 days. They are working to ramp production up but clearly they had no idea that this would sell out so fast. And they are making it available for what looks like less than it costs them. $6.50 is really cheap for something like this.
For them to move to this model probably means they are really bleeding out mucho $$ on tech support for people being hacked and having all their stuff stole and sold.
It was VERY funny reading on the forums where the few clueful people were trying to explain 2-factor authentication and RSA Secure ID and how, no this can’t be hacked in 3 days and yes it is secure.

]]> http://emergentchaos.com/archives/2008/07/on-banking-security.html/comment-page-1#comment-4842 nick owen Thu, 03 Jul 2008 13:36:31 +0000 http://emergentchaos.com/?p=2818#comment-4842 As I referenced in my blog, which I am too lazy to link to directly (half day at best today :), I think that the banks must be waiting for better technology. They need protection from MITM attacks and MITB attacks which means mutual authentication and some form of transcation auth or signing. It probably makes economic sense to wait for a better solution. As I referenced in my blog, which I am too lazy to link to directly (half day at best today :), I think that the banks must be waiting for better technology. They need protection from MITM attacks and MITB attacks which means mutual authentication and some form of transcation auth or signing. It probably makes economic sense to wait for a better solution.

]]> http://emergentchaos.com/archives/2008/07/on-banking-security.html/comment-page-1#comment-4841 Davi Ottenheimer Thu, 03 Jul 2008 13:13:18 +0000 http://emergentchaos.com/?p=2818#comment-4841 I do not see why this makes banks look any worse, or how it is "funny". Bank issues with two-factor (e.g. usability and cost) are very different from a gaming company. Gamers love gadgets and rapid development/change -- if you really want to play THIS game, you need to use the cool new two-factor authentication, and you have to pay for it. You can easily see how the device can become another part of the status/group symbolism. That is an entirely different world from banking. I do not see why this makes banks look any worse, or how it is “funny”.
Bank issues with two-factor (e.g. usability and cost) are very different from a gaming company.
Gamers love gadgets and rapid development/change — if you really want to play THIS game, you need to use the cool new two-factor authentication, and you have to pay for it. You can easily see how the device can become another part of the status/group symbolism.
That is an entirely different world from banking.

]]> http://emergentchaos.com/archives/2008/07/on-banking-security.html/comment-page-1#comment-4840 Nathaniel H. Thu, 03 Jul 2008 12:07:49 +0000 http://emergentchaos.com/?p=2818#comment-4840 I've noticed this enhanced security in games published by IGG. They're one of the big players in the MMO arena and leading the way in 'micropayment' style revenue streams. Upon logging in you can either manually type in your username and password, or use a provided virtual keyboard/keypad. I also remember something about the ability to use a PIN for character deletion. This is a far cry from the old Everquest and Ultima days, that's for sure. I guess Blizzard cares about its customers unlike most banks. This brings up a question I have, though. Has anyone seen any research relating the economies of developing countries to the number of 'hacking attempts' (for lack of a better phrase at the moment) coming out of those countries? I wonder if that just has to do with computer crime such as this not being worth it in the developing world, where as developing nations have a reasonably good economic sector based around selling virtual currency? I can't even begin to bring up some of the fascinating sociological issues raised by third world gold sellers. I’ve noticed this enhanced security in games published by IGG. They’re one of the big players in the MMO arena and leading the way in ‘micropayment’ style revenue streams. Upon logging in you can either manually type in your username and password, or use a provided virtual keyboard/keypad. I also remember something about the ability to use a PIN for character deletion. This is a far cry from the old Everquest and Ultima days, that’s for sure. I guess Blizzard cares about its customers unlike most banks.
This brings up a question I have, though. Has anyone seen any research relating the economies of developing countries to the number of ‘hacking attempts’ (for lack of a better phrase at the moment) coming out of those countries? I wonder if that just has to do with computer crime such as this not being worth it in the developing world, where as developing nations have a reasonably good economic sector based around selling virtual currency? I can’t even begin to bring up some of the fascinating sociological issues raised by third world gold sellers.

]]>