Phishing

In the Inside ID Conference report (part 4) I mentioned "phishing" as one of the types of fraudulent activity that is happening on the Internet. Today I received an example personally. This is such a blatant example of fraud I hope and suspect that the Federal Trade Commission is taking swift action. I also hope sharing this here will make more people aware of this kind of sham, and I urge all to let their friends and families know. According to people at the conference I just attended, the positive response rate — people who actually provide their personal information to the phishers — is 30%. That is extraordinarily high compared to spam or legitimate advertising. (read more)

Tags: fraud, fraudulent, phishing, security, spam

Inside ID Conference – Part 5

I am planning this and one more story about things I learned at the Inside ID conference in Washington, D.C. and then I will continue to write stories that are part of the Privacy and Trust series. There were more than sixty exhibitors at the conference. Naturally, they all claimed to have *the* key ingredient needed to solve the identity management and authentication issues of the world. I was quite impressed with a number of them and this story will summarize what I learned about four vendor solutions. Three of them offer biometric technology. If one thing is clear from the conference it is that all government entities are looking to biometrics as the way to tie a person’s body to their credentials. (read more)

Tags: biometric, face scan, hologram, iris scan, skimmer, skimming

Linux In School – Part 2

It was privilege once again to be able to speak to students at the IT Leadership Academy program at Naugatuck Valley Community College. A show of hands indicated that about 20% of the students had some familiarity with Linux. Michael Mino, the program director, had provided a laptop with Red Hat Linux to each of the seven school groups so they could learn more about it. After my talk the students broke into groups and I looked over the shoulder of some of them to see what they were doing. One student was using Red Hat and I asked him how it was going. "I am figuring out how to use it", he said. The point is that he didn’t have a reference manual, had never been to a class, and didn’t need to ask any questions. He was just "figuring it out." (read more)

Inside ID – Part 4

The next story in the Privacy and Trust series will be coming shortly, after a couple more updates from the Inside ID conference in Washington, D.C. In my keynote on the opening day of the conference I asserted that organizations and individuals should be spending more time and money on the security of their systems. I said that we don’t leave our homes for the weekend with doors and windows open and yet we effectively leave our "always on" network-connected PC’s wide open. In John Gould’s talk he took this to the next level and discussed specific vulnerabilities of the PC including
viruses, worms, hacking, phishing, and spyware. It was a wake-up call for me and I immediately headed for the Net with my ThinkPad to get some new software. (read more)

Inside ID – Part 3

The next story in the Privacy and Trust series will be coming shortly, but first will be an update or two from here in in Washington, D.C. at Inside ID. The conference has an exhibit area where dozens of vendors are showing digital identify solutions including smart cards, biometric technology, and middleware. There are almost 100 speakers from government, academia, and the private sector. I gave a talk at the opening general session where I
shared a big-picture view about the shape of the future of the Internet. I talked about what the Internet has in store for our business and personal lives and why trust, in the form of secure digital identity and authentication, is critical. Since I have a meeting in Washington on Thursday, I decided to stay in town to visit the exhibition hall and attend as many of the seminar sessions as possible. I am very glad I decided to do that — I have learned a lot. (read more)

Inside ID – Part 2

The next story in the Privacy and Trust series will be coming shortly, but first will be this update on the Inside ID conference in Washington, D.C. The conference has an exhibit area where dozens of vendors are showing digital identify solutions including smart cards, biometric technology, and middleware. There are almost 100 speakers from government, academia, and the private sector. I gave a talk at the opening general session where I
shared a big-picture view about the shape of the future of the Internet. I talked about what the Internet has in store for our business and personal lives and why trust, in the form of secure digital identity and authentication, is critical. Since I have a meeting in Washington on Thursday anyway, I decided to stay in town to visit the exhibition hall and attend as many of the seminar sessions as possible. I am very glad I decided to do that — I have learned a lot. (read more)

Inside ID – Part 1

On Tuesday morning I will be speaking at Inside ID in Washington, D.C. They are calling this conference a "Mega Show" because there will be dedicated sections of the exhibit hall branded to reflect the major tools used in modern identification solutions. These "shows within the show" include: Inside Identity Management,
Inside Digital Identity,
Inside Card Technology,
Inside Biometrics, and
Inside Document Security. I am extremely interested in the content of the show and will be reporting more on it later. My talk will be called "The Future Of The Internet: A Distributed Web of Trust". The
talk will be based on my views as expressed in a story in Network World where I wrote an 850 word summary, called "The Ultimate Internet".

Tags: identity, PKI, privacy, security

Privacy And Trust – Part 4

Mention the word trust and many people immediately think of security. We hear so many negative questions about Internet security. Is it strong enough? What will happen to my credit card number? What about hackers? We would like to implement this or that application but we can’t because of ?security?. The list goes on. This is one area where some ?old fashioned? attitudes are actually healthy. Security is critical and needs to be taken very seriously — but not in a restrictive sense. In fact the question that business and government leaders should be asking is about how security on the Internet can become the enabler of global commerce, the enabler for enabling people to control the email they get, the enabler for more secure and efficient processing of healthcare information, and the enabler for trusted transcations. (read more)

Tags: authentication, authorization, ca, certificate authority, digital id, encyption, integrity, key, non-repudiation, passphrase, PKI, privacy, security, smart card, trust, usb

Linux In School

Two IBM colleagues, John Boutross and Craig Fellenstein, are helping out as volunteers in a program called the IT Leadership Academy. The program is sponsored by the Governor of Connecticut and is designed to bring 180 public High School students together to work on IT related projects during the school year. The participating high schools include both suburban and urban. The Naugatuck Valley Community College in Waterbury, CT is the host for the sessions. I was fortunate to be guest speaker this morning. (read more)

UPS On Demand

I have written some stories about e-business on demand extolling the virtues and acknowledging that we have a long way to go to get there. Today I witnessed a good example of the potential. I had a business document that needed to be overnighted so I went to myups.com and made a request for a pickup at my side door. Five minutes later a big brown truck pulled in the driveway and a young man went to the side door and picked up the envelope. UPS is committed to building an infrastructure to make them a truly on demand e-business. E-business On Demand is very profound but my simple definition of it is that it enables all constituencies of an organization to access any business process they need whenever they need it from wherever they are using whatever kind of device with which they are connected to the Internet. Easy to say. Much to do.

Other
patrickWeb stories about e-business