Paul, Where’s the Beef (The CEP Jobs)?

January 14, 2008

I returned from being locked out of the world’s technology blogs by the Chinese government, insuring a harmonious society, of course ūüôā ¬†; only to tune back in and read this interesting¬†post by TIBCO’s business-rules evangelist, Paul Vincent, Calling all (insert CEP vendor name here) professionals!

Curious, I¬†followed Paul’s link and found¬†no references, or job openings,¬†at TIBCO for CEP or BusinessEvents¬†related positions.¬†¬†

Paul, where are the TIBCO CEP related jobs (the beef!)?

Inquiring minds want to know!

Advertisements

Keyloggers: Why Banks Need Two-Factor Authentication

January 14, 2008

Recently I briefed banking executives in Bangkok on how easy it is to steal userIDs and passwords from their on-line banking customers and why they must have two-factor authentication.   To illustrate my key points, I showed the captive audience various pictures of hardware keyloggers, for example the small black keylogger circled in the figure below.

A Keylogger

There are PS2 keyloggers (illustrated above)¬†and USB keyloggers. There are even keyboards with the keyloggers built into normal looking keyboards, so you have no idea a keylogger is there.¬†¬†¬† Don’t believe me?¬†¬† You can search the net and find so many!

Today I was reminded about my recent meeting in this Network World article, Two-factor authentication: Hot technology for 2008.  This article mentions numerous token-based two-factor authentication (2FA) solutions.  However, it misses a popular and inexpensive two-factor authentication used here in Thailand and APAC:  SMS-based 2FA.

In a nutshell, SMS-based 2FA involves having your on-line banking system send an SMS message with a one-time password (OTP) to your cell phone.   You then must enter the OTP to complete your transaction.

Is this a perfect solution?

No.

But, it is much better than than just passwords!

A ten year old child can easily steal your userID and password, really.

So, the next time you are at an Internet cafe, trusting your SSL link to your bank, don’t forget to take a peek at the computer and look for a small keylogger.¬†¬†¬†

Well, on the other hand, also don’t forget to bring your own keyboard (or laptop) ūüôā