1 / 15

‘Lord’ was a click away from £229m

‘Lord’ was a click away from £229m. “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”. Security vs Usability. Too many web sites, so Weak, memorable passwords Single passwords across multiple sites Undervalued accounts.

brice
Download Presentation

‘Lord’ was a click away from £229m

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”

  2. Security vs Usability • Too many web sites, so • Weak, memorable passwords • Single passwords across multiple sites • Undervalued accounts

  3. Site Site Site Site Site Site Site SECURITY THREAT

  4. Record high Phishing levels Source: Anti Phishing Working Group (non-profit run by David Jevans - IronKey CEO)

  5. Threat Landscape Includes • Keyloggers • XSS vulnerabilities on shared hosting • Nefarious sys admins • Web application security scanners • Your digital identity can be under attack • 24 x 7 x 365

  6. What is OpenID? An open source standard for a free & easy to use digital identity across multiple sites • It is a protocol that OpenID compliant web sites use to talk to OpenID providers • Used by Symantec, Microsoft, AOL, Verisign, Sun, IBM, Yahoo, Google, facebook, the entire population of Estonia

  7. OpenID Libraries

  8. OpenID Demo https://pip.verisignlabs.com/

  9. What about Drupal • OpenID authentication support • D5 via contrib • D6 in core • D7 in core, planned with Oauth • OpenID provider • 6.x-1.x-dev by walkah • Drupalcon DC OpenID code Sprint

  10. Site Provider SECURITY THREAT Site Site Site Site Site

  11. Swekey Demo <site used for talk is taken down> You can try http://blog.to.it

  12. ? Site SECURITY THREAT Site Site Site Site Site Provider Multifactor authentication

  13. OpenID benefits • Reduces site registration barrier • Reduces account management overhead • Increases usability and security • Reduces trust required of site admins (multiply by number of accounts) Barriers?

  14. So What?

  15. Resources • Anti Phishing Working Group (APWG) • http://www.antiphishing.org • OpenID • http://openid.net • http://wiki.openid.net/Libraries • http://openiddirectory.com • Drupal OpenID Provider module (Walkah) • http://drupal.org/project/openid_provider • Swekey • http://drupal.org/project/swekey • http://www.swekey.com/ • Walkah’s dc2009 talk • http://dc2009.drupalcon.org/session/openid-drupal-and-open-web • http://www.archive.org/details/DrupalconDc2009-OpenidDrupalAndTheOpenWeb • Chris Messina, Lullabot discuss OpenID, opennes, identity • http://www.lullabot.com/audiocast/podcast-71-chris-messina-and-open-identity

More Related