Presentation is loading. Please wait.

Presentation is loading. Please wait.

‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”"— Presentation transcript:

1 ‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”

2 Security vs Usability Too many web sites, so –Weak, memorable passwords –Single passwords across multiple sites –Undervalued accounts

3 SECURITY Site THREAT

4 Record high Phishing levels Source: Anti Phishing Working Group (non-profit run by David Jevans - IronKey CEO)

5 Threat Landscape Includes Keyloggers XSS vulnerabilities on shared hosting Nefarious sys admins Web application security scanners Your digital identity can be under attack –24 x 7 x 365

6 What is OpenID? An open source standard for a free & easy to use digital identity across multiple sites It is a protocol that OpenID compliant web sites use to talk to OpenID providers Used by Symantec, Microsoft, AOL, Verisign, Sun, IBM, Yahoo, Google, facebook, the entire population of Estonia

7 OpenID Libraries

8 OpenID Demo https://pip.verisignlabs.com/

9 What about Drupal OpenID authentication support –D5 via contrib –D6 in core –D7 in core, planned with Oauth OpenID provider –6.x-1.x-dev by walkah Drupalcon DC OpenID code Sprint

10 SECURITY Site Provider Site THREAT

11 Swekey Demo You can try http://blog.to.ithttp://blog.to.it

12 Site Provider Site ? SECURITY THREAT Multifactor authentication

13 OpenID benefits Reduces site registration barrier Reduces account management overhead Increases usability and security Reduces trust required of site admins (multiply by number of accounts) Barriers?

14 So What?

15 Resources Anti Phishing Working Group (APWG) –http://www.antiphishing.orghttp://www.antiphishing.org OpenID –http://openid.nethttp://openid.net –http://wiki.openid.net/Librarieshttp://wiki.openid.net/Libraries –http://openiddirectory.comhttp://openiddirectory.com Drupal OpenID Provider module (Walkah) –http://drupal.org/project/openid_providerhttp://drupal.org/project/openid_provider Swekey –http://drupal.org/project/swekeyhttp://drupal.org/project/swekey –http://www.swekey.com/http://www.swekey.com/ Walkah’s dc2009 talk –http://dc2009.drupalcon.org/session/openid-drupal-and-open-webhttp://dc2009.drupalcon.org/session/openid-drupal-and-open-web –http://www.archive.org/details/DrupalconDc2009-OpenidDrupalAndTheOpenWebhttp://www.archive.org/details/DrupalconDc2009-OpenidDrupalAndTheOpenWeb Chris Messina, Lullabot discuss OpenID, opennes, identity –http://www.lullabot.com/audiocast/podcast-71-chris-messina-and-open-identityhttp://www.lullabot.com/audiocast/podcast-71-chris-messina-and-open-identity

Download ppt "‘Lord’ was a click away from £229m “They installed software on the company computers allowing them to steal [Sumitomo bank] staff user names and passwords”"

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.

Chapter 1: Computers and Digital Basics 1 Computers and Digital Basics Chapter 1.
@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.

@NEXTXPERT Improvements that Microsoft has made in the Windows platforms have driven BAD GUYS to new tactics.
Securing Insecure Prabath Siriwardena, WSO2 Twitter

Securing Insecure Prabath Siriwardena, WSO2 Twitter
Cross-linking Folksonomies Harith Alani. Multiple SNS Accounts del.icio.us.

Cross-linking Folksonomies Harith Alani. Multiple SNS Accounts del.icio.us.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.

IdM & OpenID Present by Fangli cai Prantap Bedi. The need for IdM &OpenID As the world of e-business gains global acceptance, the traditional processes.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Introduction to OpenID Huanxing Shen WHIM 2009Spring.

Introduction to OpenID Huanxing Shen WHIM 2009Spring.
Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.

Code Access Security vs. Role-Based Security  RBS  Security identity attached to user accounts  Access to resources specified according to user’s group.
Why choose Drupal?

Why choose Drupal?
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.

Single Sign-on Writ Large. What is OpenID?  Open, Decentralized single sign on standard  Allows users to use a single digital identity across multiple.
E-Safety Quiz Keeping safe online! A guide for parents & children.

E-Safety Quiz Keeping safe online! A guide for parents & children.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Similar presentations

Ads by Google