Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hypothetical Security Scenarios Panic IT Users Says SecurEnvoy

SecurEnvoy : 28 January, 2011  (Technical Article)
SMS based phishing scare is a manufactured hypothetical set of conditions that is designed to panic handset users according to SecurEnvoy who believes the industry should focus more on solving existing problems in the industry
SecurEnvoy has warned IT security providers to concentrate on providing effective authentication, and less on panicking end users with hypothetical scenarios such as SMiShing.



According to Andy Kemshall, Technical Director at SecurEnvoy: “It’s up to the user to choose the product that best fits their business needs. For authentication firms and IT security manufacturers to simply assume they know best is extremely condescending.”



“Taking SMS-based authentication as an example, it’s patronising to assume that people will fall for a phishing attempt, just because it arrives on their mobile phone. Building hysteria around ‘SMiShing’ – the latest scaremongering security story fuelled by companies touting hardware tokens – is at best naïve, and at worst damaging to the wider efforts of the IT security community.”



“Analysts, think tanks and journalists all consider 2011 to be a breakthrough year for mobile computing. However, fears are rife that the next wave of Zeus, for example, is allegedly going to infect mobile devices and take over SMS use. Numerous stories are also claiming that cybercriminals will soon be sending out rogue text messages with apps to download at the user end, while taking control of SMS gateways inside corporations.”



“But while it’s theoretically possible for an attacker to inject a rogue login panel to a banking website and steal some details, the security flaw there is due to the website and not the mobile authentication.”



“It’s also naïve to assume people are going to download an app sent to them from a malicious yet anonymous cybercriminal. And while it’s perfectly possible for a telephony denial-of-service attack to occur, modern two-factor SMS authentication would preload a passcode – making the attack unlikely and, more importantly, irrelevant.”



“Two-factor authentication is still the benchmark in security, and doing it by SMS is not only the most convenient but the most pragmatic approach. The industry must stop creating fantasy scenarios that are only going to frighten users and ultimately hold businesses back, and focus on explaining the value of effective authentication.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo