In the News: Opinions Abound About the National Trusted Identity Strategy

WWW on GlobeAs expected, a wealth of opinions about the National Identity Strategy are emerging from many of us. For example, a recent article in SC Magazine quotes several IT security pundits as having both positive and negative opinions. Also as expected, their comments applauded the strategy for being a good way to create a trust relationship on the Internet, but others feared the mechanisms on which the strategy is based could and would be hacked and therefore we’ll be worse off than before. These are reflective of my opinion in the last post on this subject…who’d ‘a thought!

The bottom line is that we must get more information on how the strategy will be implemented. As the development process plays out there will be more and more detail that we can use to form an opinion on how well it will work…or not.  Stay tuned!

What are your opinions…so far? Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this post.  If you enter your email address in the Email Subscriptions box on the home page, I’ll send you an email when a new article is posted.  I don’t share your email address with anyone…no one; I hate spam too.  Please share my site with your friends and family.  Thanks.

Remember, home computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulshomecomputing@yahoo.com

Advertisements

4 Comments

Filed under In the News, Internet, security

4 responses to “In the News: Opinions Abound About the National Trusted Identity Strategy

  1. Hi Paul,

    I wrote on the issue of the Blizzard Authenticator – “Protecting Your Online Gaming Assets – It’s No Game!” in August, 2008, so I’m familiar with the problem and the type of Authenticator being used.

    It’s not the Authenticator that’s being hacked directly. In order for a hacker to gain control, the host machine must already have been compromised. Even then, the hacking process is not simple.

    As Mister Reiner’s referenced link explains – “Authenticator codes need to be used within 30 seconds or they expire. A Man in the Middle attack needs to be done in real time with a large amount of timing and accuracy. This sort of attack is possible, but we don’t expect it will happen as frequently as basic keylogging.

    One more time we’re back to the root cause – lack of user knowledge.

    Bill

    • Bill,
      Thanks for that clarification and explanation. I agree that the root of the problem is “lack of user knowledge”–as we’ve discussed in the past, we must somehow educate the masses on at least the basics of how to use the Internet securely. Making the Internet safer is a complex task,…probably the understatement of the year, and will require changes at many levels. One of those changes, as I replied to MisterReiner, is knowing who committed the crime. We would accomplish that by using best practices such as authentification and attribution. As always, thanks for a helpful comment on a complex subject, I appreciate you stopping by.
      Best,
      Paul

  2. Blizzard Entertainment came out with something called the “Authenticator” for World of Warcraft. It’s a device that is suppose to protect an account from unauthorized access. Unfortunately, hackers figure out a way to get around it. (Links to info below)

    While I think NTI is a great idea, the technology just needs one compromise like the Authenticator to bring the whole thing down like a house of cards. NTI is just one piece of a major security puzzle. Without complete end-to-end assured security on both ends (server/desktop), there is always the possibility that a system like this will fail.

    Authenticator FAQ:
    http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660

    Information about the device:
    http://www.vasco.com/products/digipass/digipass_go_range/digipass_go6.aspx

    Stories of how hackers were able to exploiting a weakness in the technology:
    http://www.wow.com/2010/02/28/man-in-the-middle-attacks-circumventing-authenticators/

    http://www.mmocrunch.com/2010/02/28/world-of-warcraft-authenticator-hacked/

    • Mister Reiner,
      Your comment echoes a real fear that the solution will be hacked. However, in light of this we must try to help come up with a way to avoid it being hacked or at least a way to make it harder or a way that will allow us to identify the hackers when they do break it. I see this as not just a government problem, but one all of us share because all of us are threatened by cybercrime in today’s environment. Thanks for your insightful comment and for stopping by.
      Best,
      Paul

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s