Group items tagged

Amazon's cloud services are vulnerable to attack via a "massive security gap" that enables hackers to access user accounts and data, a team of German researchers has revealed.

Security researchers from Ruhr-University Bochum (RUB) found that Amazon (NSDQ:AMZN) Web Services was vulnerable to different methods of attack, including signature wrapping and cross site scripting, Those security holes have since been closed.

But similar security holes may still be open in other cloud infrastructure offerings, the RUB team found.

Isis, the near field communication mobile wallet venture from Verizon, AT&T and T-Mobile, took another step forward with the announcement that it has selected SIM card maker and digital security specialist Gemalto as its trusted service manager (TSM) for the wallet. The deal means Gemalto will manage the secure element on Isis phones, overseeing the transfer of payment credentials from banks and payment services to the Isis wallet application on phones.

Gemalto will essentially hold the payment keys for Isis, controlling which service providers are able to tap Isis for contactless payments. It won’t participate in the actual transactions but will enable a host of applications, from payments to coupons and loyalty cards.

The deal is an important step for Isis, which is moving ahead toward a launch in the first half of 2012 in Salt Lake City and Austin before a larger nationwide roll out. The joint venture will compete with Google Wallet, which launched in September with partners Sprint, MasterCard and Citibank and First Data as its trusted service manager.

Late last month, I ordered the beverage at Sightglass Coffee in SoMa, grabbed it from the counter and walked out without cracking my wallet.

Nobody chased me down because, when I first approached the cafe, the Card Case app on my iPhone detected the store's perimeter and automatically switched on. It broadcast my picture to the barista, who could then tap my pre-entered credit card number to cover the bill. The phone never had to leave my pocket.

It felt a lot like buying in the one-click environments of iTunes or Amazon, which is to say it didn't feel like buying at all. Square, the San Francisco startup behind the app, has come close to replicating the frictionless online buying experience in the brick-and-mortar world.

The best of mobile technologies are now combined to offer hoteliers the most advanced front desk bypass solution that is 100% deployable today, 100% future proof, 100% compatible with the major electronic locks and 0% dependent on Mobile Phone Operators/Carriers

Modern travelers are expecting self-service options to make their journey easier. Who did not dream to one day be able to arrive at the hotel and go straight to the room without having to go through the burden of the check-in process? Thanks to Mobile Key by OpenWays, guests can already choose to proceed straight to their room upon arrival and securely open their door with their cell phone. They are no longer forced to wait in line at the front desk – unless they want to.

100% Deployable Today / 100% Future Proof / Truly Ubiquitous "Mobile Key works TODAY with ALL cell phones worldwide. With NFC (Near Field Communication) enabled cell phones gradually hitting the market in larger volumes during 2012 and 2013, we are pleased to announce Mobile Key DUAL© with Pure NFC™," said Pascal Metivier, Founder and CEO of OpenWays. "Mobile Key DUAL© combines the established and highly ubiquitous CAC™ (Crypto Acoustic Credential) technology with both RFID and NFC technologies so we can offer the only 'fully deployable today' while 'fully future proof' solution to our customers. Thanks to Mobile Key DUAL©, hoteliers can offer today a mobile-based front desk bypass solution to all their guests while being sure that the investment they are making is made for the long run."

Those freaked out by facial recognition technology have fresh fodder: a study from Carnegie Mellon University in which researchers were able to predict people’s social security numbers after taking a photo of them with a cheap webcam.

For those participants who had date of birth and city publicly available on their account, the researchers could predict a social security number (based on the work from their 2009 study). The researchers sent a follow-up survey to their student participants asking them whether the first five digits of the social security number their algorithm predicted was correct. One problem with this part of the study was that “60% of the CMU students were foreign and don’t have social security numbers,” said Acquisti. Though researchers were still able to tell them all about their interests and favorite movies based on what they got from their Facebook profile pages.

So I think that one of the biggest problems that Google has, taking Google as probably the best example of someone trying to build a reputation currency, is that as soon as Google gives you any insight into how they are building their reputation system it ceases to be very good as a reputation system. As soon as Google stops measuring something you created by accident and starts measuring something you created on purpose, it stops being something that they want to measure. And this is joined by the twin problem that what Google fundamentally has is a security problem; they have hackers who are trying to undermine the integrity of the system. And the natural response to a problem that arises when attackers know how your system works is to try to keep the details of your system secret—but keeping the details of Google’s system secret is also not very good because it means that we don’t have any reason to trust it. All we know when we search Google is that we get a result that seems like a good result; but we don’t know that there isn’t a much better result that Google has either deliberately or accidentally excluded from its listings for reasons that are attributable to either malice or incompetence. So they’re really trapped between a rock and a hard place: if they publish how their system works, people will game their system; if they don’t publish how their system works it becomes less useful and trustworthy and good. It suffers from the problem of alchemy; if alchemists don’t tell people what they learned, then every alchemist needs to discover for themselves that drinking mercury is a bad idea, and alchemy stagnates. When you start to publishing, you get science—but Google can’t publish or they’ll also get more attacks.Read more at craphound.com

The first of these changes is BYOD (Bring Your Own Device) computing. BYOD is a much better term than “consumerization” and really portrays the meaning that many of us are buying smart phones, tablets or laptops to use them on a work network. The tension this creates is predictable.

In 2012 and beyond, we’re going to see more and more different devices coming into the workplace.

If you use PayPass, Tap & Go, or other contactless credit cards, that’s NFC. In fact, NFC hardware already is appearing in smart phones and tablets. There are relatively few devices with NFC today, but there will be more in 2012.

Vantiv, a provider of mobile payment solutions, announced a new point-of-sale product on Friday that it will be rolling out in partnership with Verizon Wireless. The product, which is currently in field testing, includes custom tailored applications and an Android-based point-of-sale solution for accepting payments. The applications will be available in Verizon’s Private Application Store for Business. “Merchants and consumers are seeking greater mobility, control and timely access to data,” said Bill Weingart, Chief Product Officer of Vantiv. “We’ve teamed with Verizon to combine our payment and security expertise with Verizon’s ability to tailor development of mobile technologies to address those needs.” Verizon Wireless is also a member of ISIS, an initiative in which it has partnered with AT&T and T-Mobile to provide customers with NFC-based mobile payment options. Vantiv’s full press release follows after the break.

Vantiv Introduces Next Generation Mobile Payment Solution Teams with Verizon to Develop and Deliver More Flexibility and Opportunity for Merchants to Grow Their Businesses CINCINNATI, Jan. 31, 2012  — Vantiv, LLC (formerly Fifth Third Processing Solutions, LLC), a leading integrated payment processor, today announced that its customers will be the first to use an innovative point-of-sale device and system that will help merchants more effectively conduct business.

Vantiv is conducting a field trial of a new mobile payment solution developed in collaboration with Verizon. The new solution is architected on the Android operating system and features end-to-end, secure point-of-sale payment capabilities and business applications using Verizon’s Private Application Store for Business. As a result, Vantiv customers can tailor point-of-sale applications to meet their needs while taking advantage of remote device management.

People fed up with the proliferation of credit cards, IDs and key cards that fill their wallets to bulging may soon have an alternative. New technology could bundle such functions into just one item: your cell phone.

Near Field Communication technology, jointly developed by Sony and Royal Philips Electronics, lets wireless devices connect to other devices nearby and transfer data, from payment information to digital pictures. Samsung Electronics and Philips say they are developing cell phones with embedded NFC chips that could double as debit cards or electronic IDs. The companies plan to begin field trials toward the end of the year.

Such phones are already available in Japan and Korea, where users can charge their phones with virtual cash, then wave them near NFC-enabled machines to buy anything from a soda to lunch. But it remains to be seen how Americans will react to the devices, which are not yet available outside Asia, said wireless technology analyst Allen Nogee of In-Stat/MDR.

SAN JOSE – September 15, 2010 – VeriFone Systems, Inc. (NYSE: PAY), today announced that Global Payments Inc.,(NYSE: GPN), leader in electronic payment processing services, will distribute and support VeriFone’s PAYware Mobile secure card payment system in Canada. Global Payments is the first payment processor to offer Canadian customers VeriFone’s unique card processing solution for the iPhone mobile digital device.

Global Payments will begin immediately to make the PAYware Mobile card encryption sleeve available to merchants. VeriFone’s sleek and durable card reader slips over iPhone 3G and 3GS to accommodate secure card swipes and allow individuals and businesses with new or existing merchant accounts to qualify for lower-cost “card present” transaction fees.

“VeriFone has created a market-leading mobile payment solution that will expand electronic card acceptance to a broad range of merchants and small businesses for which a payment-enabled, multipurpose smartphone is the best option for electronic payment transactions,” said Jeff J. McGuire, Vice President, Product Development and Marketing for Global Payments Canada. “We’re delighted to be first to introduce this first-class payment solution for iPhone into the Canadian market.”

URL-shortening sites are often criticized as an easy way to snare unsuspecting users into clicking malicious links - but a new report says it's not that common

wrote about their dangers in 3 Ways Twitter Security Falls Short), Zscaler's Julien Sobrier found otherwise.

The experiment only looked for malicious sites such as phishing sites, malware, etc., and did not include spam.

Currently NFC is seen as one of the most exciting areas in our industry in terms of revenue generation: projections show up to 700 million NFC-enabled mobile phones will be sold by 2013, according to Jupiter Research. At Nokia, however, we would argue that the industry's current focus on secure NFC may be at the expense of realizing the potential of open NFC. As pioneers in NFC technology, and as a founder of the NFC Forum, Nokia believes that open NFC will have a far greater impact on consumer behavior and the NFC ecosystem than secure NFC will. Open NFC has the potential to spur a vast number of business opportunities for developers, retailers, advertisers, electronics manufacturers and others.

NFC tags, which cost only a few cents, offer huge potential for advertisers, retailers and others to reach, reward and stay in touch with their customers. These tags can be promoted at any location, including a phone retail point, a coffee shop, or even at the local supermarket, with immediate and measurable results.

Open NFC will benefit consumers on a much larger scale and get people familiar with using their device for NFC interactions, before secure NFC reaches a high level of penetration. As more and more NFC phones come to the market in 2011 and 2012, open NFC will change the way consumers interact with each other and open up a host of opportunities for developers both large and small.

“While other vendors are fighting over no monthly fees, but higher processing costs for mobile transactions, we’re still saying ‘no’ to mobile transaction surcharges,” said Hammermaster. “With Sage Mobile Payments, businesses have the option to pay no more than they would to process regular credit or debit card transactions on a standard credit card terminal.” 

Enhancements built into Sage Mobile Payment 2.0 include an updated user interface, signature capture capabilities, a tax and tip calculator, and a free Sage Mobile “app store” download.

“In 2011, 25 percent of worldwide mobile PC shipments were tablets, and upwards of 75 percent U.S. small and midsized businesses plan to purchase tablets in the next year,” said Greg Hammermaster, president of Sage Payment Solutions, the payments division for Sage. “Mobility has truly become a must-have in today’s business world. Businesses using Sage Mobile Payments have a great opportunity to expand their sales and customer service opportunities, and with the confidence of a commercial-grade mobile payments solution. Sage Mobile Payments will help businesses evolve into this next phase of mobile payments.”

How does Netswipe work? Camera + Credit Card = Secure payment Jumio’s patent pending technology turns the camera of a computer or mobile device into a card reader. The most secure form of online payment possible. Step 1 Scan your card with your webcam or phone camera. Actual card needed. (online card present transaction) Step 2 Enter security (CVV) code to complete transaction. You’re done. Netswipe – the online card present transaction, a new technology product from Jumio.

How Netswipe uses the webcam as a credit card reader Your webcam or phone camera is turned on during the payment process to scan your credit card and verify its authenticity. Hold the credit card in front of your camera as illustrated below. Jumio’s Netswipe scans and verifys your card details. No details are stored upon completion of the payment and the camera will be turned off automatically.

"Smartphone security recommendations seem to boil down to Windows-like practices: install an antivirus, run updates, and don't execute apps from untrusted sources. On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus. What rules should I adopt on my soon-to-be-bought Android device? Can I use it purely with open-source apps and still make the most of it? Are Android's fine-grained permissions (accessing the network, contacts...) reliable? Can apps be trusted not to scan your files and keyboard for passwords and emails? What precautions do security-conscious Slashdotters take to keep control of their phones?"

"There are good passwords and bad passwords, but none of them are totally secure. Researchers at the American University of Beirut, Lebanon, are working on strengthening an approach to password security that's not just about what you type, but how you type it (abstract)." Note that the actual paper appears to be behind some crappy paywall: hopefully the research exists elsewhere on-line.

A significant security hole has been discovered in Google’s Android operating system for smartphones, which can allow attackers to gain access to users’ personal information without their permission. The flaw, which was discovered by three research assistants at Ulm University in the southern part of Germany, affects approximately 97% of Android users. In a recent blog post, the researchers found that users of Android devices running versions 2.3.3 and below could be susceptible to attack when they are connected to unencrypted Wi-Fi networks. Anyone else on that network could gain access to, modify or delete Android users’ calendars, photos and contacts.