"Security improvements including two factor authentication on the Webservice Provider End may not improve the security of online users from phishing attacks!"
Sydney, Australia, January 18, 2006 -- The number of Spyware/Trojans that attempt to steal user names and passwords from a compromised computer increased drastically in 2005 – with more and more focusing on online banking information. (See e.g. PWSteal.Bankash.G(1)) This is backed by findings of the various Anti Virus Vendors that the trend continues to target smaller but specific groups rather than performing large scale phishing attempts (2)(3).
This fact, together with the findings of the AOL/NCSA Online Safety Study in December 2005 (4), that a horrific 81% of the home computers are lacking core protection (like Antivirus or Spyware Protection),suggests that 2006 will be ill-fated.
“While the Security Improvements of the online banks are greatly appreciated e.g. the two factor authentication, it is becoming obvious that none of the deployed systems can be a general solution of the underlying problem. It just makes the task a bit harder for the bad guys. Bank of America’s new Sitekey Feature for example does a good job protecting against old-style Phishing Attempts, however sophisticated Trojans can easily circumvent this security measure by additionally stealing the information of the corresponding cookie – which is an easy task to do!” said Alex Horst, Chief Security Architect.
Horst proceeds: “This problem will only be solved by integrating the home user’s computer into the overall security chain to make sure that no malicious software is running during an online banking session. The recent Windows WMF vulnerability – the worst ever found on the Windows platform – proves that online banks and other online business providers can not assume that the home user’s computer is safe, in fact, they must assume the opposite”
Paul Pepper, Managing Director – Esendex Australia says that “The TrustDefender Solution confirms to the user that they are genuinely connected to our site and confirms to us that the user’s computer is safe and secure and conforms to our security policies”
TrustDefender will launch its Secure Policy Engine in the first quarter 2006 where Online Businesses can define and enforce Security Policies for the home user’s computer – including only allowing specific software groups. Everything else – including possible malicious programs will be denied by default! A live demonstration is available at http://www.trustdefender.com/movies/gap-securelockdown.htm
For a free evaluation version of TrustDefender or for more information on protecting yourself against the increasing number of internet threats, please visit http://www.trustdefender.com
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.g.html
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=379
http://www.staysafeonline.info/pdf/safety_study_2005.pdf
Media Contact
Ted Egan
Ph: +61 2 8221 9765
Web: www.trustdefender.com
###
Press Contact: Ted Egan
Company Name: TrustDefender
Email: email protected from spam bots
Phone: +61 2 8221 9765
Website: http://www.trustdefender.com
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.