Language Selection

English French German Italian Portuguese Spanish

RSA Security Sees Hope in Online Fraud

Filed under
Security

It was a Friday afternoon for the computer encryption folks at RSA Security Inc., and summertime greenery filled the countryside view from Art Coviello's office.

Even so, the RSA chief could have been excused if he didn't seem relaxed. RSA had just announced its second straight set of quarterly results that didn't dazzle Wall Street analysts, and RSA's stock was flirting with a 52-week low.

But Coviello shrugged it off. Analysts, schmanalysts. More importantly, he said, lots of factors are about to turn in RSA's favor, namely the need for more secure, traceable financial transactions in a world beset by online fraud and identity theft.

"The whole thing's moving a lot more slowly than it ought to," Coviello said. "We've got to keep pounding and pounding until we reach a tipping point, and we will take advantage of it."

The lack of an obsession over quarterly results isn't the only unusual thing about RSA, which still bears the marks of an academic past despite being a $300 million company with 1,200 employees and customers in government, banking and health care.

RSA is named for three Massachusetts Institute of Technology professors, Ron Rivest, Adi Shamir and Len Adelman. Though they are no longer involved with the company they founded in 1986, their invention of a seminal method of cryptography set the tone for the company and is crucial in online commerce.

Today RSA is perhaps best known for staging a prestigious annual security conference and for selling 20 million little devices that display a six-digit code computer users must type to gain access to computer networks. The code, which changes every minute as determined by an RSA-created algorithm, is unique to each "SecureID" token, making it useless to a snoop.

The requirement that users enter the code in addition to a password is known as two-factor authentication, an approach that figures to gain ground over simple passwords as more and more sensitive data move online.

Indeed, RSA's sales of authentication products jumped 16 percent last year, as RSA's overall profits more than doubled, to $35 million. E-Trade Financial Corp. and America Online Inc. began offering SecureID devices to some customers over the past year. The Associated Press also uses the tokens for network access.

"It is the Kleenex or Q-Tip of two-factor identification," said Gregg Moskowitz, an analyst with the Susquehanna Financial Group. "SecureID is the brand name."

But wide deployment in consumer applications has come slowly.

In theory, every institution that does business on a Web site could increase its security by offering its users RSA tokens.

But practically, it would be a nightmare to have 20 different devices with their own codes. And banks apparently don't trust one another enough to accept a competitor's authentication token.

RSA hopes to smash such hang-ups by acting as an intermediary, launching a new "hosted" service this fall in which its servers will check whether a consumer entered the proper token code - even if the token was made by an RSA rival - then relay the "yea" or "nay" back to the bank. RSA already provides such a service for companies' internal access control, but has yet to offer it for consumer applications.

Investors will be watching closely. Although Coviello is confident that wider trends in access control - such as rampant identity theft and abuse of Social Security numbers - should play to RSA's strengths, he acknowledges that RSA needs to do more to push the market rather than wait for it.

That means RSA has to be much more than the company known for authentication tokens - a product that some analysts say is coming down in price because of competition. RSA also hopes to expand its sales of software and security consulting services, where heftier rivals such as VeriSign Inc. and International Business Machines Corp. also lurk.

"When you consider all the identity theft that is taking place now, the challenge for RSA is to monetize that," Moskowitz said. "It's easier said than done."

RSA believes one key differentiator can be its research arm, including the eight people in "RSA Labs," a group so focused on the advanced mathematics behind cryptography that it is described as an academic institution within the company.

RSA researchers are expected to dream up ways to expand the use of two-factor authentication, though sometimes that puts the company a bit ahead of the market.

One system being developed would use radio-frequency chips in keyless office access cards so employees wearing one can automatically access their secured computers as soon as they near them. Such a system would use a fingerprint reader on the computer to confirm identity. That product won't be ready, though, for a year or two.

Then there's an effort, led by labs director Burt Kaliski, to give users a better way to confirm the legitimacy of Web sites - and avoid "phishers" who set up phony sites to lure passwords and account information from the unsuspecting.

Kaliski envisions a system in which Web browsers or even computer operating systems act as an intermediary between a user and a site. Through the principles of encryption, the intermediary software could tell the Web site that the user entered the proper password without sending the actual password.

In another realm, RSA has created a "blocker tag" that ensures that radio-frequency identification chips can be scanned only by designated readers. It could be an elegant answer to the question of whether RFID chips, which are designed to streamline corporate inventory systems, might pose privacy risks for consumers. (The chips also are coming to U.S. passports, raising fears that American travelers overseas could be surreptitiously, remotely tracked.)

But for now this and other RFID solutions sit on the shelf, since the deployment of such tags has been slower than predicted.

"That is the hardest thing for a technology company to do," Coviello said. "You have to anticipate a market, not get too far ahead of customers, but you want to be there when they come around."

But he quickly added: "We've been around 20 years, and I think the market opportunity ahead of us is richer than ever before."

By BRIAN BERGSTEIN
Associated Press

More in Tux Machines

today's leftovers

  • ‘Crush Them’: An Oral History of the Lawsuit That Upended Silicon Valley

    The then-23-year-old giant, which ruled the personal computer market with a despotic zeal, stood accused of using monopoly power to bully collaborators and squelch competitors. Its most famous victim was Netscape, the pioneering web browser, but everyone from Apple to American Airlines felt threatened by late-’90s Microsoft. The company was big enough to be crowned America’s most valuable firm, bold enough to compare attacks on its domain to Pearl Harbor, and, eventually, bad enough to be portrayed as a (semifictionalized) cadre of hypercapitalist murderers in a major motion picture. The “don’t be evil” optics that colored the rise of today’s tech giants (and have recently lost their efficacy) were a direct response to Microsoft’s tyrannical rule.

  • Michał Górny: Empty directories, *into, dodir, keepdir and tmpfiles.d
  • FRAMED Collection, a noir-styled spy adventure where you rearrange comic tiles is now out
    It's actually a compilation of FRAMED and FRAMED 2, games that have been widely praised and previously only available on mobile platforms. It has you moving around slices of an animated comic book, to put the noir-styled spy adventure story together. It actually sounds hilarious, as it's not a basic "this one has to go here" type of game, as it changes what happens based on where you put the tiles creating some amusing sounding failures:
  • Paradox’s grand strategy titles will be getting more content soon
    At their annual convention, Paradox Interactive have announced new expansions for their current grand strategy titles. There’s a little bit of everything for fans of these games.
  • Why OpenShift Is The New OpenStack For Red Hat
  • Help the Debian kernel team to help you
    I gave the first talk this morning at Mini-DebConf Hamburg, titled "Help the kernel team to help you". I briefly described several ways that Debian users and developers can make it easier (or harder) for us to deal with their requests. The slides are up in on my talks page, and video should be available soon.
  • UbuCon Europe 2018: Analysing a dream [English|Spanish]
    The idea of organising the Ubucon in Xixon, Asturies was set two years ago, while participating in the European Ubucon in Essen (germany). The Paris Ubucon took place and in those days we uderstood that there was a group enough of people with the capacities and the will to hold an European Congress for Ubuntu lovers. We had learnt a lot from German and French colleagues thanks to their respective amazing organizations and, at the same time, our handicap was the lack of s consolidated group in Spain.
  • 19-year-old Developer at the Forefront of TRON (TRX) Opensource Wallet DApp
  • 19-years-old German developer Spearheads TRON (TRX) Opensource Wallet DApp
    No doubt that Tron community is preparing for mainnet launch, with different ideas coming in from all roads. As part of its readiness, Tron has unveiled its Opensource Wallet DApp developed by 19-year old German developer, Marius Gill, who has been programming since 13 years old. The DApp is an outcome of Project Genesis, which was launched in March 2018 purposely to encourage TRON’s community engagement in bringing in new things into Tron ecosystem. The project provides a bonus pool of 2 billion dollars for active members around the world have lent their hands in implementing ideas for the community.
  • Collabora and GStreamer spring in Sweden
    Earlier this month, a few of us from Collabora, Olivier Crête, Nicolas Dufresne, George Kiagiadakis and I attended the GStreamer Spring Hackfest in Lund, Sweden. Hosted by Axis Communications (who uses GStreamer in their surveillance cameras for many years now), it was a great opportunity for the GStreamer community to touch base and work on open bugs and pet projects. [...] As for myself, I mainly worked on (or rather started to work on) split-field interlacing support in GStreamer, adding relevant formats and modes in the GStreamer video library. In addition, as a Meson developer (Nirbheek Chauhan) was present, I took the opportunity to discuss with him the last bit of porting build system of Geoclue to Meson, a side project I've been working on. It helped me get it done faster but also helped Nirbheek find some issues in Meson and fix them! All in all, my first GStreamer hackfest was an awesome experience (even though I was not feeling well). It was also very nice to hangout and socialize with old and new friends in the GStreamer community after a long time. Many thanks again to Axis for hosting us in their offices! See you at the GStreamer Conference this fall!
  • Reality Redrawn Opens At The Tech
    The Tech Museum of Innovation in San Jose was filled on Thursday with visitors experiencing new takes on the issue of fake news by artists using mixed reality, card games and even scratch and sniff cards. These installations were the results of Mozilla’ Reality Redrawn challenge. We launched the competition last December to make the power of misinformation and its potential impacts visible and visceral. Winners were announced in February.
  • Tangerine UI problems
    I've been a big fan of Tangerine for a while, it's a bank that doesn't charge fees and does what I need to do. They used to have a great app and website and then it all went a bit wrong. It's now a HTML app for Desktop and mobile. This isn't the fault of the tools used, but there's some terrible choices in the app across both. [...] The overall feel of the app is that its full of spinners, far too cluttered and just to confusing. Hey not everything I've built is perfect, but even I can spot some real problems with this app. I pretty sure Tangerine can do better than this. And yes, I'm writing this while drinking a beer I recently bought, as shown on my transaction page.
  • Majority of software plagued by vulnerabilities as open source adoption soars [Ed: More of Black Duck's FUD]
  • SiFive Releases 'Expansion Board' to Build Interest in RISC-V Processor
  • FreeBSD 11.2 Beta 2 Available For Testing, Brings PTI Optimization
    The second beta release of FreeBSD 11.2 is now available for weekend testing. FreeBSD 11.2-BETA2 is now available with a variety of bug fixes, a fix to restore boot support for the Banana Pi ARM board, a context switch optimization for page table isolation (PTI), DTrace improvements, various build fixes, and a range of other system fixes.
  • Sony Is Working On AMD Ryzen LLVM Compiler Improvements - Possibly For The PlayStation 5
    One of Sony's compiler experts has taken to working on some tuning for the AMD Ryzen "znver1" microarchitecture support within the LLVM compiler stack. This begs the question why Sony is working on Ryzen improvements if not for a future product.
  • Popular YouTuber Says Apple Won't Fix His iMac Pro Damaged While Disassembled

    The damage resulted when they dropped the display while attempting to reattach it to the aluminum chassis. Towards the end of the video, Sebastian also says the iMac Pro requires a new logic board and power supply unit, suggesting there may have been a short circuit that caused damage to internal components as well.

  • Most dangerous new cyber security threats [iophk: "Windows TCO, yet neither Microsoft nor Windows get a mention"]

Steam Controller Kernel Driver Is Landing In The Linux 4.18 Kernel

The Linux 4.18 kernel will feature the initial Steam Controller kernel driver that works without having to use the Steam client or using third-party user-space applications like the SC-Controller application. A few months back we reported on a kernel driver being worked on for the Steam Controller by an independent user/developer outside of the gates of Valve. In part through reverse-engineering, Rodrigo Rivas Costa has been working on this native Steam Controller Linux kernel driver that works for both USB cable and wireless modes of the Steam Controller and is a proper HID driver. Read more

Video of AsteroidOS

KDevelop 5.2.2 and 5.2.3 released

KDevelop 5.2.2 and 5.2.3 released We today provide a stabilization and bugfix release with version 5.2.2 and 5.2.3. 5.2.2 was tagged 6 weeks ago, but we never managed to release it because we did not have the patience to fix the Windows installers in time due to a broken CI. Windows installers are provided for 5.2.3 again. We'll only provide source tarballs for 5.2.2 and we encourage everyone to just skip this release and use 5.2.3 which contains a few more bug fixes. This is a bugfix-only release, which introduces no new features and as such is a safe and recommended update for everyone currently using KDevelop 5.2.1. Read more Also: This week in Usability & Productivity, part 19