Mousey
Ueber Meister Mouse
- Joined
- Sep 12, 2004
- Location
- Up$hitCreek
From Dark Reading - Don't know if you can access without account...
You do not have permission to view link
Log in or register now.
Casinos
Casinos By Status
Popular Filters
By Banking Options
Games
All Games
Bonuses
Popular Bonus Filters
Forums
Popular Forums
Forum User Features
Complaints
Submit A Complaint (PAB)
PAB Rules and Guidelines
Browse PABs
Gambling News
Popular News Sections
Citadel Attack Targets Password Managers
- Thread starter Mousey
- Start date
vinylweatherman
You type well loads
- Joined
- Oct 14, 2004
- Location
- United Kingdom
The malware does not appear to infect sheets of A4, so I'm probably OK
Maybe the old way is best, as ANYTHING that is stored on a device connected to the internet could become a target for a malware attack.
The best idea might be a "dumb" device that has password protection, but that cannot connect to any other device, not even by a cable. Even offline storage like a USB stick can be attacked in the time it takes to connect it to a PC in order to look up one of the passwords.
The security industry has created this problem because there are hundreds of sites and services that have "secure login", but there is no overall standard, and each one thinks that they are the only service a user has, thus it should not be a problem remembering all the secure details rather than storing them in a retrieval system.
They should all look at moving to biometric security, so that the user doesn't have to remember anything, their passwords are encoded in their DNA, and "retrieved" through scanning various body parts such as the Iris or fingerprint. More than one method should be used, along with one other offline system such as a key generator that supplies a one off login PIN for each access.
If the user doesn't have to remember hundreds of different passwords and other codes, they won't feel the need to use any kind of retrieval system. Ideally, the iris and fingerprint scanners will only transmit data one way, outward, so that no malware can get in and "infect" the device in order to compromise it. Instead of the scanners being updated over the internet, they will be "chipped" by having the updated EPROM posted out to the user in as secure a manner as possible, and the EPROM itself should have a code key so that it is paired with the unique device it is meant for, so that if stolen in transit, it can't be cloned or compromised between the sender and the recipient.
Our chip & pin machines were "hacked" by having bogus engineers visit the premises and adding extra chips or flashing compromised software onto them. The weakness was insecure management of technical support, rather than a direct malware attack on the device itself.
Maybe the old way is best, as ANYTHING that is stored on a device connected to the internet could become a target for a malware attack.
The best idea might be a "dumb" device that has password protection, but that cannot connect to any other device, not even by a cable. Even offline storage like a USB stick can be attacked in the time it takes to connect it to a PC in order to look up one of the passwords.
The security industry has created this problem because there are hundreds of sites and services that have "secure login", but there is no overall standard, and each one thinks that they are the only service a user has, thus it should not be a problem remembering all the secure details rather than storing them in a retrieval system.
They should all look at moving to biometric security, so that the user doesn't have to remember anything, their passwords are encoded in their DNA, and "retrieved" through scanning various body parts such as the Iris or fingerprint. More than one method should be used, along with one other offline system such as a key generator that supplies a one off login PIN for each access.
If the user doesn't have to remember hundreds of different passwords and other codes, they won't feel the need to use any kind of retrieval system. Ideally, the iris and fingerprint scanners will only transmit data one way, outward, so that no malware can get in and "infect" the device in order to compromise it. Instead of the scanners being updated over the internet, they will be "chipped" by having the updated EPROM posted out to the user in as secure a manner as possible, and the EPROM itself should have a code key so that it is paired with the unique device it is meant for, so that if stolen in transit, it can't be cloned or compromised between the sender and the recipient.
Our chip & pin machines were "hacked" by having bogus engineers visit the premises and adding extra chips or flashing compromised software onto them. The weakness was insecure management of technical support, rather than a direct malware attack on the device itself.
Similar threads
Users who are viewing this thread
-
REGISTER NOW!! Why? Because you can't do diddly squat without having been registered!
At the moment you have limited access to view most discussions: you can't make contact with thousands of fellow players, affiliates, casino reps, and all sorts of other riff-raff.
Registration is fast, simple and absolutely free so please, join Casinomeister here!