In November 2011, Xbox 360 and PayPal users were hit by a phishing attack. The attack stole the users' passwords and then transferred money to the scammers accounts.
Microsoft had to refund their users and send out warnings to thousands of Xbox Live subscribers who may have had credit card details stolen. Microsoft also urged their users to change their passwords immediately and issued various notices on how not to fall prey to phishing attacks.
But there are many viruses and trojans that steal passwords, and they do it in many different ways to make fraudulent transactions. Some inject themselves into a computer's memory.
So even copy-pasting a password is not safe nor is using a virtual keyboard to access your bank account. "The password system is broken," says Mohan Sundaram, CEO of Red Force Labs in Bangalore. Red Force Labs is building solutions that help verify identities and transactions reliably from any computing device and taking away the vulnerabilities that password systems have.
Red Force's solution is a small piece of hardware that acts as a token. This token needs to be plugged into a device -- mobile or PC -- via a USB port when you are undertaking an online transaction on the device. And when a transaction is being made, the token asks for an authentication for the transaction. If someone tries to do a transaction without the token being plugged in, the software on the bank's data centre would simply time them out.
"It is impossible to stop trojan viruses on a computer. The idea is, let the trojans be and you can still fearlessly make a transaction," says Sundaram, who studied at IIMAhmedabad , and who previously worked at HCL and as a consultant at venture capital firm Artiman Ventures.
Red Force Labs was incubated at IIM, Bangalore, in 2009. Sundaram is also a mentor at the Nadathur S Raghavan Centre for Entrepreneurial Learning at IIM-B. Red Force Labs receivedfunding of Rs 25 lakh from the department of information and technology in 2010.Security tokens have also been used in another way globally. These are tokens that provide onetime passwords when a transaction needs to take place.
But this technology has shown vulnerabilites. In March 2011, security firm RSA's SecureID tokens were hacked, and several defence contractors including Lockheed Martin and L-3 were attacked. RSA had to make huge changes to their encryption at great cost. Sundaram's tokens can be provided by banks to its customers. He says the service can extend to any service that needs authentication and verification. It can extend to even virtual currencies such as Bit Coins, Facebook Credits and Xbox points. The company has filed for a patent for this technology .
Pramod K Varma, a former chief architect of the UID (Unique Identity) programme of the government , says he found Redforce Labs work very innovative and unique to resolve one of the most common attack use cases of today. "Most other solutions address authentication using extra factors such as one time passwords. But this solution also addresses transaction level authorization which is really smart," he says.
Microsoft had to refund their users and send out warnings to thousands of Xbox Live subscribers who may have had credit card details stolen. Microsoft also urged their users to change their passwords immediately and issued various notices on how not to fall prey to phishing attacks.
But there are many viruses and trojans that steal passwords, and they do it in many different ways to make fraudulent transactions. Some inject themselves into a computer's memory.
So even copy-pasting a password is not safe nor is using a virtual keyboard to access your bank account. "The password system is broken," says Mohan Sundaram, CEO of Red Force Labs in Bangalore. Red Force Labs is building solutions that help verify identities and transactions reliably from any computing device and taking away the vulnerabilities that password systems have.
Red Force's solution is a small piece of hardware that acts as a token. This token needs to be plugged into a device -- mobile or PC -- via a USB port when you are undertaking an online transaction on the device. And when a transaction is being made, the token asks for an authentication for the transaction. If someone tries to do a transaction without the token being plugged in, the software on the bank's data centre would simply time them out.
"It is impossible to stop trojan viruses on a computer. The idea is, let the trojans be and you can still fearlessly make a transaction," says Sundaram, who studied at IIMAhmedabad , and who previously worked at HCL and as a consultant at venture capital firm Artiman Ventures.
Red Force Labs was incubated at IIM, Bangalore, in 2009. Sundaram is also a mentor at the Nadathur S Raghavan Centre for Entrepreneurial Learning at IIM-B. Red Force Labs receivedfunding of Rs 25 lakh from the department of information and technology in 2010.Security tokens have also been used in another way globally. These are tokens that provide onetime passwords when a transaction needs to take place.
But this technology has shown vulnerabilites. In March 2011, security firm RSA's SecureID tokens were hacked, and several defence contractors including Lockheed Martin and L-3 were attacked. RSA had to make huge changes to their encryption at great cost. Sundaram's tokens can be provided by banks to its customers. He says the service can extend to any service that needs authentication and verification. It can extend to even virtual currencies such as Bit Coins, Facebook Credits and Xbox points. The company has filed for a patent for this technology .
Pramod K Varma, a former chief architect of the UID (Unique Identity) programme of the government , says he found Redforce Labs work very innovative and unique to resolve one of the most common attack use cases of today. "Most other solutions address authentication using extra factors such as one time passwords. But this solution also addresses transaction level authorization which is really smart," he says.
No comments:
Post a Comment