plurilock's blog

The last decade has seen a significant increase in the number of institutions offering e-learning programmes, and coincidentally in the number of students involved in online education. While a variety of tools and resources have been developed in support of online education, issues pertaining to academic integrity in online education have not been dealt with adequately. The reality is that most people have hard time imagining how students can cheat during online exams. While cheating on exams has been around for a long time regardless of the context, there is no doubt that it can be exacerbated in online education due to the openness of the Internet and the difficulty of monitoring and restricting online activities.

Likewise, there are many diffe... [ Read the rest ]

DARPA (Defense Advanced Research Project Agency) has launched early this year (January 12, 2012) a new funding program for the research and development of innovative software-based biometric modalities. DARPA is the research arm of the US Department of Defense (DoD), which has been at the forefront many breakthroughs in science and technology for several decades. The new funding program is being implemented through a Broad Agency Announcement (BAA), which is a technique used by US Agencies to contract for certain R&D tasks.

According to the DARPA announcement, the main rational behind the new program is the fact that traditional approach for “validating a user’s identity for authentication on an information system requires humans to do something that is ... [ Read the rest ]

The last several months have seen a rise in the number of hacking incidents. Several high-profile incidents targeting government institutions as well as well-known corporations have been reported. While many of these incidents were based on known attack vectors, some were based on new modus operandi. New attack vectors are the ones that pose the greatest threats, because most existing products are designed with well understood threats in sight. This creates a situation, where security vendors are always fighting the last battle, while hackers are several steps ahead. At the same time, this makes the task of Chief Information Security Officers (CISOs) even more complicated, because, they are ultimately responsible for keeping their organizations safe regardless of whether the attack vectors are known or new. 

While there is no unique answer to dealing with t... [ Read the rest ]

Happy new year to all our readers, customers, partners, and visitors.

The year 2011 has been very rich in malicious security events, and there is no reason to believe that 2012 would be different. The latest in a long series of incidents was the recent breach of the website of US security firm Stratfor by the hacker group known as Anonymous on December 24th, 2011, exposing personal and financial information of thousands of customers. Strafor is a global security intelligence firm whose customers include the US department of Defense and Bank of America.

The Stratfor hacking was preceded by a string of several high profile incidents including (but not limited to) the following:

- RSA SecurID comprom... [ Read the rest ]

The last couple of years have seen a significant increase in the number of attacks against powerful institutions (e.g. Pentagon, Canadian Treasure Board) and corporations (e.g. Sony, Epsilon, Citi). Many attacks have been directed against online financial services and retail firms. Likewise the demand for web fraud detection software has exploded. According to Gartner’s 2011’s Magic Quadrant on Web Fraud Detection, the web fraud detection market grew 35% in 2010.

It is expected that more growth is ahead for this market in the next eighteen months, especially with the updated FFIEC’s guidance, that will take effect in early January 2011, and requires securing Internet banking environment by monitoring the customer behavior and history, and triggering timely response in case of fraud. 

[ Read the rest ]

A lot has been said about weaknesses inherent in traditional alphanumeric passwords. By design, passwords can be broken using dictionary or brute force attacks. They can be forgotten, stolen, or shared. As an alternative, it has been recommended to use strong passwords schemes based on biometrics or generated using tokens, or a combination of multiple authentication factors. 

Likewise the Federal Financial Institutions Examination Council (FFIEC) issued a regulation in 2005 requiring the use of multifactor authentication for Internet banking. For several years, a widely held belief has been that using a strong password scheme (e.g. biometrics, variable password) or multifactor authentication scheme would be enough to block hackers at the gate. 

The recent string of hacking incidents targeting high profile organizations (e.g. Sony... [ Read the rest ]

We discuss in this  blog how recent developments in the security landscape have exposed deep flaws in existing protection strategies, which call for a new security paradigm. We analyze the role played by Continuous Authentication (CA) in this paradigm shift, and highlight three key areas where this technology is essential.

Need for a Paradigm Shift

In the last eighteen months, we have seen a succession of high-profile hacking incidents (e.g. Canadian Government’s Finance Ministry and Treasury Board, RSA, Sonny, Citi, and Epsilon), with 1 or 2 new high-profile incidents being reported every month. The victims in these attacks were big corporations and powerful government institutions with sizable security budget in place. The succession of the attacks and the ease with which they were carried has left many people scratching their h... [ Read the rest ]

In a recent blog post, we discussed about the seriousness and pervasiveness of automated attack sessions also referred to as malicious automated software codes or malware. According to studies, millions of machines around the world are victims of malicious automated codes.  

Just recently, the German hacker group Chaos Computer Club (CCC) reported on its website that they have obtained a copy of a new piece of automated code that the German government has been using to spy on their citizens without their cons... [ Read the rest ]

Cloud computing represents undoubtedly one the most dramatic shifts in computing since the invention of the Internet. Cloud computing is an on-demand information technology service provision scheme using virtualization and distributed computing technologies. Many organizations have already migrated part or all of their computing infrastructure to the cloud in order to benefit from the unprecedented cost saving and scalability offered by the cloud environment. It is expected that to remain competitive organizations will be forced to conduct, in the near future, most of their online transactions in the cloud. 

Existing cloud architectures are usually divided into three categories: public, private, and partner. While public clouds have no restriction on which organization can subscribe, private clouds are restricted and can be accessed only within a private ne... [ Read the rest ]

It is customary for most online service providers to require their users to register by creating their personal accounts and then login to the site using the same accounts. This allows service providers to identify users connecting to the services and deliver the services in a more controlled and personalized ways. More importantly, it allows paid online subscription service providers to generate their revenues by tracking and charging accordingly service consumption.

It happens that users may share their login information to the accounts for particular services. This is referred to as account sharing. Account sharing is more often than not detrimental to service providers, as it limits their ability to deliver personalized and quality services, and decreases profits generated through paid or premium accounts.

A [ Read the rest ]