Christine

StrikeForce Technologies showed how they can block keyloggers, with a new product called WebSecure. The demo kicked off with a threatening view into just what keyloggers can 'see' when you are entering data into HTTPS-enabled sites. (They can see everything.) Spyware blockers, virus protection, and firewalls do nothing to protect users against keylogging.

With WebSecure enabled, we saw that as the user types, keystrokes are entered into WebSecure, bypassing the vulnerable areas typically hacked into by keyloggers. I'll head over to the StrikeForce booth during the next pavilion session, since I have one big question: what's to keep these same hackers from cutting into WebSecure? The answer will make all the difference. If there's a good one, then this is an essential tool. If it's no different from hacking into Word, then we've simply moved the target.

Mi5's Enterprise Spygate applicance protects users against a deep list of spyware sites and applications. The company has paying, referencable customers, and they're giving out free audits to DEMO attendees.

ASTAV's fraud protection was quite different. When you go to visit a site, the SignSafe system will call you and ask you to enter the password onto your cell phone, rather than entering it into a web site. So, if someone tries to enter into your account online, the user actually receives a phone call for confirmation. This also acts as an alert that someone is trying to hack into your account. The system also makes calls for confirmation on fund transfers, and makes it easy for the user to alert the institution that fraud is being attempted. In the case of a credit card, trying to use the card in a store would also trigger a call confirmation, asking you by phone for approval (by entering your PIN) or a fraud flag. This was really intriguing, but I'd hope that there was granularity on the triggers so that you could say, turn off notification while you are running errands, or for small amounts at the gas station, or somesuch.

PayWi drives mobile phone-enabled financial transactions. Your phone is linked to your credit and bank accounts, but the information is not stored on the phone itself. Consumers can split bills, pass over the check, etc. Mobile financial services is definitely going to happen at some point, so it's worth learning more about PayWi's security and service requirements.

Pay By Touch provides another alternative for payment and identification. They've installed small fingerprint scanners at point of sale, and rather than needing a card or a photo ID, you simply press the fingerprint scanner to authorize the transaction. Setting up an account requires the consumer to go into a brick-and-mortar site to set up an account and provide a fingerprint. The company has raised close to $170M dollars, so I expect they have a marketing war chest that could get this system into a supermarket near you.

Tags: christine herron christine.net space jockeys demo 2006 strikeforce mi5 astav paywi pay by touch security technology