Statement from Yubico CEO on Zappos.com Security Breach

“A security breach of the magnitude experienced by Zappos.com is a serious concern for any business that relies exclusively on Internet orders for sales,” said Stina Ehrensvard, CEO, Yubico, Palo Alto, California and Stockholm, Sweden, commenting on how hackers exposed 24 million client records in a security breach over the weekend.  “While it appears Zappos’ securely protected the database that housed credit card information, hardware security modules (HSMs) could have prevented the exposure of Zappos’ customer password data that were compromised from the organization’s servers in Kentucky.  The exposure of email addresses and password hashes of weak and duplicated passwords leaves customers exposed across potentially many sites.  The perception is HSM and related services are very expensive, but the cost and complexity for this needed technology has fallen dramatically to a few hundred dollars and the cost of not deploying it is very high as Zappos has shown.”

“Additionally, Zappos has reset and expired their customers passwords and is helping them choose new passwords.  We believe a better solution is the new breed of consumer-friendly one time passcode tokens that users can keep on their key chains to replace weak and duplicated passwords,” Ehrensvard continued.

The growing security needs of Smartphones

Guest post by Britney Baker 

Setting the Scene: Why Hackers Might Target Phones

For a long time, viruses and security issues have been limited to traditional computers. Although a number of other types of devices have computer chips and can even run software, they were hard or impossible for a hacker to get into, and there wasn’t much benefit to hacking them. However, as smartphones have gotten more popular recently, and have become more complex, they have begun to offer another platform for hackers to attack. Smartphones have a couple of key features that make them good for hackers to attack. For one thing, the software is complex, and there is an open application platform, so they have the ability to write malware or to exploit a phone. Secondly, the phones are all connected to the internet, so there is an easy way to attack the phones. Lastly, the phones have things of value - they may have personal information, passwords, even banking information. These factors make phones a good medium for malicious hackers to attempt to exploit.

How Viruses Get to Your Phone

There have been some issues related to security and smartphones, but to date few of them have been actual viruses. For instance, Android had a scare with a wallpaper application that got millions of downloads, and was secretly sending personal information to a site in China. RIM, maker of the BlackBerry, has been in the news recently due to conflicts with several countries who wanted access to certain BlackBerrys’ information. The ironic thing about the story is that BlackBerry was so secure that RIM literally didn’t have the private information to hand over to the governments. The compromise that they came to was to have RIM run servers in these countries, so that the governments could spy on encrypted messages.

Protecting Your Phone

The thing we should all remember with smartphones is that they possess a great deal of personal information, and should be treated with the same care or better that we would use with a computer. Beware of unknown applications, don’t go to bad websites, and protect important files. Here’s a list of some security applications that are being developed for smartphones :

·         DroidSecurity Android Antivirus

DroidSecurity has distributed over 2 million copies of their free antivirus software, and they also offer a premium version.

·         McAffe

McAffe is known to currently be working on an antivirus program for the iPhone, but it has not been released to the public yet.

·         Norton Antivirus

Norton, a very popular security company, currently makes a mobile antivirus program for Symbian and Windows Mobile Phones.

When she’s not getting excited about new gadgets, Britney Baker writes about prepaid cell phones for PrepaidCellphones.net. Her latest article took a look at the GoPhone from AT&T.