ZeuS-like malware outpaces all other online threats
Nearly one billion people worldwide use the Internet for work, socializing and entertainment. With the widespread adoption of Web services such as Internet banking and social media, more personal and private data is vulnerable to malicious attacks, including the deadly Zeus or Zbot banking Trojan.
Zeus can be considered a “weapon of mass destruction” for the unsuspecting user. It installs itself on a computer and burrows into the operating system. Zeus then gathers and sends back to a command server the user’s online credentials that enable Internet banking and other functions like email. It also can inject HTML into legitimate web pages that trick the user into inputting credential information the site doesn’t actually require, or that defeats client-side security techniques.
Logging keystrokes to capture passwords is only one of several tricks employed by cyber-criminals. Phishing, man-in-the-middle and man-in-the-browser attacks also put private data at risk. The username and password authentication process, used on so many “secure” web sites, can become unwieldy: the more sites an individual wants to use, the more credentials he has to remember. For individuals accessing hundreds of sites, the only options are a password management program which is vulnerable to hackers, or reuse of the same username and password throughout the Web, which is not secure.
The OpenID system, which attempts to address the problem of password fatigue, allows web users to create a single online identity that can be used to access many different sites requiring authentication. This system consolidates information for a simplified online experience but is no more secure than multiple separate site passwords. In fact, if a malicious attack compromised an individual’s OpenID security information, the attacker would have access to every site the user registered with the OpenID provider.
These risks are expected to remain for the foreseeable future -- unless the password can be re-invented. What if users could generate a “Universal Cloud ID” to the cloud simply and easily? A simple-to-use authentication system that’s less reliant on the user himself would enhance security and eliminate many forms of web-based fraud. If consumers couldn’t readily reveal their security information to third parties even if they chose to, it would be close to a perfect solution.
Ohanae…The Password Reinvented
Even though cyber-crime is a real, documented and imminent threat, consumers remain unwilling to sacrifice convenience for security. And although steps are being taken to create trusted frameworks for online identity verification, formal worldwide adoption may take years. The question in the meantime is how to provide identity services between people, websites and organizations that do not necessarily have a formalized relationship.
“If a criminal can take over your browser or your computer, entering password or PIN into your browser is only opening up your accounts for criminals to steal from. What makes defense difficult is that the compromise is likely to be at the user's endpoint. Has anyone thought about reinventing the password to enhance the security of Web applications, ‘Software + Services’, and OpenID federated single sign-on, while maintaining compatibility with antivirus suites of your choice?”, said Greg Hauw, founder and CEO.
Ohanae Universal Cloud ID
Ohanae research concludes that for many purposes the ideal dynamic identity protection model is a hybrid (identity software + services). Heavy duty client-side identity protection allied with on-going cloud-based services — auto updates, Web reputation (anti-phishing protection) checks, device reputation checks, and high assurance OpenID services.
Ohanae has reinvented the password to enhance the security of Web applications, “Software + Services” and OpenID federated Single Sign-On. Ohanae delivers password based strong user authentication with built-in data privacy protection and identity theft prevention. Ohanae is resilient to offline dictionary attack and server based reading attack. Ohanae value proposition lies in its ability to provide a novel password user authentication solution that is scalable, easy to use, and effectively eliminates keylogging, phishing, man-in-the-middle, and man-in-the browser threats. Users need to install Ohanae client-side software on their Windows PCs, USB mass storage devices, and Windows Phones. Upon successful signup and activation, users may use their Ohanae account to sign in and register at sites that support OpenID. Users need only type ** to log in to any website or popular application, and type *+ to generate strong passwords unique to each account.
Ohanae protects sessions seven ways: by generating strong password on-the-fly, by intercepting then neutralizing both phishing and key logging attacks; by encrypting the working sessions, then deploying its dynamic endpoint sanitization system to rigorously monitor all live user interactions and to continually protect the operating environment. The system then scrubs all session footprints after the session is ended. All files saved in the secure drive on the user device are strongly encrypted to AES256.
Pricing and Availability
Ohanae Universal Cloud ID is available now for download to be installed on Windows PCs and USB mass storage devices. Users may download the Ohanae client from Ohanae.com. Ohanae furthers the objective of offering Universal Cloud ID solution – free and premium software. Our free and premium versions are identical in terms of the level of dynamic identity protection. The free version is suitable for Internet users up to five logins of their choice. While the premium version priced at $9.99 per user (may be used to activate up to 3 authorized devices) per year offers unlimited number of logins, Securworkplace™ (leaves no traces), Securdrive™ (encrypted drive) and high assurance OpenID services.
About Ohanae
Ohanae focuses on high assurance user-centric identity, addressing the technical and adoption challenge of how people can manage their own identity across the range of websites, ‘software + services’, and government agencies that they interact.
Ohanae pioneered the concept of Universal Cloud ID, assuring user identities while focusing on simplicity and value. Ohanae delivers password based strong user authentication with built-in data privacy protection and identity theft prevention for Web applications, ‘Software + Services’ and OpenID federated single sign-on.
Headquartered in Los Gatos, CA. Ohanae is a privately held company founded in Oct 2006. Ohanae was named a Red Herring top 100 global company in Jan 2009 and finalist in the most innovative company at RSA Conference 2009.
|
