Convenience Over Security is Often Not the Best Policy

Now NIST says SMS authentication is a “no-go” Forget your password?  No problem, just click “reset password” to receive a one-time code sent via SMS to your registered mobile phone.  From there you can create a new password to access your account. Inexpensive and Convenient?  Absolutely! Secure?  Maybe. Well, for federal agencies, “maybe” does not make the grade when it comes to security and the National Institute of Standards and… Read more


How to win Pokémon Go (by cheating)

What RASP can do for your app The hottest game in the market today is the new release Pokémon Go, developed by Niantic.  The game forces you to go outside and interact with the real world (in a safe manner, hopefully).  As you walk around, Pokémon appear and allow you to toss Pokéballs at them in an attempt to catch them all.  The more you walk the more you can… Read more


August 8, 2016 - John Gunn
5 Ways That DEF CON Totally Owned Black Hat

The world’s most influential IT security gatherings just concluded and it was bigger and badder than ever. It is magnificently convenient that the two most important conferences, Black Hat and DEF CON, happen the same week in the same city. For two confabs serving the same industry, you won’t find two more distinctly dissimilar events anywhere else. While the overlap in audience is huge (it seemed like every attendee at… Read more


SMS is insecure, and is no longer suitable as a strong authentication mechanism.

The news is in that the National Institute of Standards and Technology has finally stated what both security professionals and hackers alike have known for years: SMS is insecure, and is no longer suitable as a strong authentication mechanism.  SMS Messages are not protected from the wrong eyes seeing them, and there is no assurance that they will actually go to the intended recipient.  So everyone knew this day was… Read more


eIDAS smart card

Now that the eIDAS Regulation is in full effect, the ease of cross-border digital business is a reality in the EU. The new Regulation comes at an opportune time to make trusted communications between businesses, citizens and public authorities easier in Europe – removing the previous hurdles and fragmented legal frameworks from the Regulation’s predecessor, the EU Directive. Many people believed that the Directive mandated the use of the Qualified… Read more


eIDAS: Making Cross-border Digital Business a Reality – Today

A new e-signature Regulation in the European Union comes into effect today, July 1, 2016, which will have an immediate and positive impact on cross-border commerce across Europe. Replacing the existing EU Directive, Electronic Identification and Trust Services for Electronic Transaction (eIDAS) now uniformly recognizes all forms of e-signature – regardless of local interpretation – making it easier to do business across the continent and creating a single, digital market…. Read more


FFIEC-mobile-financial-Guidance

The debate over the relative importance of mobile banking was settled long ago. Mobile banking is already the number one channel for many customers of financial institutions, it is being used by about half of those with a banking relationship, it has grown to become the number two preferred channel overall and will soon become number one, and there is nothing on the horizon that can reverse these trends. Unlike… Read more


The impact of data breaches within the Healthcare Industry

The integration of technology within the healthcare sector continues to create seismic changes in how individuals receive medical care. Yet in their rush to adopt technology designed to improve the consumer’s experience, organizations within the healthcare industry face the very real threat of sensitive patient data ending up in the hands of cybercriminals. When it comes to the value of stolen data within the criminal underground, the more personal the… Read more


May 31, 2016 - Jodi Schechter
Face Recognition for Mobile Apps – As Easy As Taking a Selfie

Next time you take a selfie, it could be used for your own protection. Face Recognition is a simple, secure and user-friendly security feature that utilizes multiple facial data points to accurately authenticate end users and next generation likeness detection to defeat hacker spoofing techniques. The basic premise of biometric authentication is that everyone is unique and an individual can be identified by their intrinsic physical or behavioral traits. Much like fingerprints, face… Read more


A Shift in the Wind – Securing Patient Portals

I thoroughly enjoyed my time at HIMSS16 in Las Vegas. It was great to be back, see old friends and make new ones. The landscape, as it relates to security has certainly changed since my first HIMSS Conference in 2008. I recall walking the exhibit hall discussing multi-factor authentication and identity management only to receive blank stares or interesting comments from prospective partners and customers.   I heard, “we use usernames and… Read more