If you think you are seeing a pattern over the last two days, about how insecure the internet is, especially when it comes to financial transactions, then you'll also notice that the Paradigm Shift I've been talking about is starting to take shape. 

It's becoming increasingly clear. 

• Internet Security Broken
  
• No Website is Safe
• Online Transactions aren't safe
• Use the Internet for browsing, use another device for payments.  

Read more about those bulletpoints in the related articles section below.  In the meantime, there's only one "another device" in the world designed for online transactions to be is PCI 2.x certified.  I think it's the one HomeATM built.  Yup, it is!    Does that mean we can fix web security.  We can when it comes to transactions.  Here's yet another article proving our methodology:

Security researchers: Online transactions aren’t as safe as we thought


If this sounds familiar it’s because just a year ago, Dan Kaminsky (pictured left) found a flaw in the Internet’s address book, the Domain Name System, where hackers could fool DNS servers into redirecting traffic to bogus sites. The tech industry pulled together quickly to patch the hole and minimize the vulnerability.

The same thing happened here, as Kaminsky rounded up a coalition of companies to deal with a weakness in X.509, a cryptographic system used to create digital certificates. The digital certificates are the way that a web site can verify the identity of a unique users who is visiting the site and wants to do a transaction. It’s a lot like using a passport photo to identify someone standing in front of you. Everyone from Amazon.com to Microsoft uses it in so-called digital handshakes that precede e-commerce transactions.

When Kaminsky walked into the standing-room only auditorium where he talked about the flaws in X.509, he got a lot of applause. You would never know that a day earlier his own personal web site, Doxpara.com, got hacked.

But Kaminsky held the crowd spellbound as he elaborated in great technical detail. Then he got started describing what he called the “crisis of authentication.” He showed that by altering a line in a digital certificate, hackers could fool users into believing that a site is legitimate when it really isn’t.

Businesses have invested hundreds of millions of dollars in the public key infrastructure system that was developed in the 1990s. Now Kaminsky, as well as grad student Len Sassaman (second from right) says we need to reboot the system. Tim Callen, (pictured far right), a vice president at Internet infrastructure authority VeriSign, pretty much agreed.

Continue Reading

RELATED

Separate Machines Needed for Web Surfing and Transactions
Arenowned researcher has stated our case: "The best strategy to defendagainst Clampi is to use separate machines for Web surfing and fundstransfer" - Joe Stewart, one of the world's foremost...
Jul-30 - 2009 | More ->

No Websites, Legitimate or Not Can Be Trusted
Websense: This Past Month in Web ThreatsSTATE OF THE THREAT ABSTRACT:Theconjunction of technologies and the monetizing of hacking have resultedin a web environment where no websites,...
Jul-30 - 2009 | More ->

• Is Logging In with Username/Password "Careless and Negligent?
  
• Viruses, Malware and Botnet Zombies at an all time High!
• No Website Can Be Trusted!   STATE OF THE THREAT ABSTRACT:
  The conjunction of technologies and the monetizing of hacking haveresulted in a web environment where no websites, legitimate or not canbe trusted.
  

 

More Related articles

• Noted Security Pros Hacked (wired.com)
• On eve of security show, vendors say they're mending Internet security flaws (venturebeat.com)
• Security researchers expose weaknesses in authenticating most Internet transactions (deals.venturebeat.com)
• Vulnerabilities Allow Attacker to Impersonate Any Website (wired.com)
• More holes found in Web's SSL security protocol (macworld.com)