The CookieCrunch

On the 25 May 2011 the UK became the first EU country to bring the new cookie directive into law – and on the same day, the UK Government announced a 12 month delay on any enforcement action being taken.




Last nights Bootlaw event, looked at what the cookie law means for start ups and website operators and what you are supposed to be doing over the next 12 months before the laws are going to be enforced.

The Directive states that ‘explicit consent’ must be sought by website owners before they track the online behaviour of their users using cookies, whereas previously, users simply had to be given the opportunity to opt out. The new law aims to give consumers more control on how their internet browsing is tracked.

The UK government proposes to adopt the wording of the Directive exactly as it stands. It states that consent must be given before organisations place cookies on a user’s computer or retrieve cookies previously stored there. However, the Directive does not provide detail on how this consent is to be achieved and so there remains a large question of interpretation.

They discussed technical solutions which could allow websites to collect user consents to cookies without getting in the way.Businesses and organisations running websites in the UK must wake up to the fact that this is happening.”

LiveEnsure™ is our authentication technology that doesn't store any personally identifiable information such as user names and password, nor does it rely on the browser, Javascript or cookies. It is simply powerful, real-time session authentication.

You can update yourselves on last nights session listen to Danvers Baillieu the Pinsent Masons LLP in London update here.

More audio coverage is uploaded on AudioBoo.

http://audioboo.fm/TheCookieCrunch

Mobile Security Starts with Authentication.

No one could have predicted the rapid evolution of the phone, from the brick phone to the flip phone, the mobile phone has evolved quite a bit in the last 25 years. The overarching trend had been toward smaller and smaller devices, but this preoccupation with size seems to have reached a plateau. The focus now is squarely on adding capabilities.

For many using the mobile device as a phone has become indispensible seldom will anyone leave home without their phone.

New smart phones have the processing capabilities of computers, and they going to play a significant role in identification as applications evolve.

Airlines already enable travelers to download boarding passes to smart phones. Hotels enable guests with to download room keys and bypass the front desk. Corporate users generate one-time passcodes on handsets to gain access to computer networks and authorize transactions. But this is just the beginning.

Two-factor authentication is already happening

For many using the mobile phone for an extra level of authentication may seem futuristic, but it’s already here for some. The use of one-time passcodes with mobile devices is commonplace. Smart phone owners can download an app to generate the codes while other providers send codes via text messages. These one-time passcode systems have been vulnerable to man-in-the-middle attacks. There is an array of these attacks but they all have the same basic premise–a hacker eavesdrops on an individual’s Web activity and changes information or forges a Web site to gain access.
LiveEnsure is leading the way offering Saas Authentication to protect the site, the session and the user.


2011 will be a transition time for mobile phones and what consumers do with them is set to increase. LiveEnusure is authentication for this transition period, replacing what we do with smart cards and tokens … truly authentication for the future.”


Smartphones half of handsets shipped by 2012

With a plethora of apps, their large screens, built-in cameras and plenty of processing power–more than 50% of U.S. handset shipments will be smartphones by 2012, according to research firm In-Stat. Globally, shipments are projected to reach 850 million units by 2015.

By December 2010, U.S. smartphone adoption had surged to 27% penetration, according to comScore. There was rapid adoption of Google Android devices, making Google the second largest operating system by the end of the year.

Security is not a game. Protecting your revenue and your users identities in the mobile space is key - without tracking, storing or trafficking in their privacy information.

With LiveEnsure™ you can verify user, site, device and session in real time.

Layered Approach to Security is the Only Way.

Reading this oracle presentation, it takes you through very clearly multifaceted interactions of employees across a business. The best defense it says is a and I totally agree is multi-dimensional and multi-level approach.

http://slidesha.re/jM0TI2

If nothing else click through to the slide 'obvious but often overlooked' so many businesses focus on firewall and encryption paying little attention to authentication, believing user-name and password are enough, anyone reading my blog will know this is not the case. Identification is most definitely not authentication.

Christian Hessler debates this so well in his blogs:

Top 10 Habits of Highly Effective Security Solutions

1-3 http://bit.ly/f69F9l
4-6. READ ON! http://bit.ly/f91Jyo
7-10 FINALE! http://bit.ly/gSyf3p

An interesting presentation.