Users Prefer Device Fingerprinting Over Passwords – InternetNews.com.

Not surprising, IT needs to wake up and realize that people will almost always choose the path of least resistance.  If we make security easy to implement then people will behave in accordance.  Making passwords that are super complex and often need changing only          makes users more apt to be frustrated when they need to contact the helpdesk to reset their password.

Using tools like Smartcards, Biometrics, and two-factor authentication like Phonefactor IT can convince users that security can be easy and worth the effort.

This integration enables the two environments to share such things as network connections, clipboard content, printers, USB devices, Smart Cards, and external storage.

Accessing Your Windows 7-based PC’s Network Connections
When working in Windows XP Mode, you can use the network connections of your Windows 7-based PC to access the Internet from your virtual machine. This means that many of your older Windows XP applications can access the Internet as needed, without any additional effort on your part. If your company has a corporate network, you can domain-join the virtual machine to that network just as you would the physical machine.

Sharing Files and Folders Between Environments
Because the Clipboard is shared between physical and virtual machines, you can copy and paste any data you want between Windows XP applications and their counterparts in Windows 7. Although drag-and-drop operations are not permitted between the physical and virtual machines, you can access your physical machine’s hard drive from the virtual machine. In addition, the physical machine’s My Documents folder will appear on your Windows XP Mode desktop as well, for easy access to any files you may require.

Accessing External USB Devices — Desktop Mode
Windows XP Mode for Windows 7 supports the use of external USB devices that are attached to your Windows 7-based PC. USB storage devices, scanners, and Smart Cards whose drivers are installed on the Windows 7 host and the virtual machine are automatically shared with the virtual machine if the integration features are enabled. You can also easily access the host CD drive, and print on a local or network printer from within your Windows XP applications.

If an attached USB device does not appear in the My Computer window, you will need to make it available to the virtual machine. This is done by going to the USB drop-down menu that appears either in the upper-left hand corner of the Windows XP desktop window (Desktop Mode), or at the top of the desktop (Full-Screen Desktop Mode). Click on the device’s name to capture it for use by the virtual machine. To release the device for use once again by the physical machine, click on the device name once more in the drop-down USB menu. It is now ready for safe removal from the host PC.

Accessing External USB Devices — Seamless Mode
When working with a Windows XP applications in Seamless Mode (that is, launched directly from the Windows 7 Start Menu, desktop, or Taskbar), you can access external USB devices through the application’s regular File Menu commands, such as Open and Save As. If a USB device is not compatible with Windows 7, you can still use it in Seamless Mode. To do this, simply attach the device in Desktop Mode, as specified in the section above. Then when you run your application in Seamless Mode, you will have access to the device.

            Do you remember the days when you used to carry a cell phone around and it would be very heavy, wouldn’t fit in your pocket, or be bigger than a pocketbook that you would carry? Those days are long gone now with today`s cell phones being smaller, lighter, and faster than ever. The type of technology that we have put into our cell phones is astonishing considering the short time period we did it in.  The Future of Cell Phones discusses how far our cell phones have come in the last decade, and offers ideas of what might take place in the future. The one key element to the evolution of the cell phone is the 3G network. The 3G network is like a modem that makes your computer really fast except it’s in your phone. Today`s top cell phones such as Blackberry `s, and Iphones offer various applications such as games, cameras, video cameras, internet service, and much more. In the future, cell phones will be geared up to do much more than we could ever imagine. Also, as the 3G network evolves, it will allow video phones where you can watch your favorite shows while going to school, allow us to play video games with people across the world, and allow us to use a GPS wherever we are. All of these new systems in place will make the cell phone more valuable than ever before. The new devices can even help out our Digital Literacy class by enabling Skype onto the phone too. Besides consumer use, other areas such as Business have taken the initiative to include Smart phones into their everyday lives. Smart Phones make inroad to Business talks about how business is making smart phones part of their Information Technology Strategy more than ever before. Instead of just using phones for calls, and calendars, now they use them for e-mails, presentations, and other specifications made for business. Most business men today cannot work without their phones because they store so much information in them. All of these new tools can improve our everyday lifestyle, but the tool that can help us the most is Mobile Commerce.

            M-Commerce is the process of buying items right through your own cellular device. The process is amazing because the technology has evolved so much, and will continue to evolve over the years. With M-Commerce, people can go on the Internet through their phone and buy items from virtually any commercial retail store. Holiday Cyber Shopping 2008 shows us what stores have taken the initiative this holiday season to get people to buy through M-Commerce. Wal-Mart, Amazon, Sears, and Zappos all offer M-Commerce through their websites. Also, Amazon runs a program called “Textbuyit” where you can go to their website on your phone, order the product you want, and they will text you when it is ready to be picked up from the store you choose. Also, the program allows you to take a picture of a product and send it to the website in order to see if that store carries it. If they don’t, then they will show you similar products they have in stock. This new system of commerce has definitely helped out these stores and have made many people `s holiday shopping less stressful. M- Commerce has allowed people to spend less time shopping in the store, and less time shopping on their own computer.  It has also allowed us to create new secure ways of buying products, and making money transactions.

            In order to improve security for your M-Commerce, Giesecke & Devrient has brought the invention of the Smartcard to the table. They offer various cards that specify to your standards and these Smartcards offer unique abilities with microchips in order to make your transactions the safest possible. This type of transaction exists in Europe and Asia but should make its way over to the United States soon. The evolution of M-Commerce has brought on Banking and other large transactions in order to make our lives easier. Make Way for M-Commerce says that people want more security than the average credit card if they are going to make transactions over a phone. The article says that companies have answered and these Smartcards offer that security with Biometrics. Now, when you swipe this new card for any transaction, they will need an eye scan, a fingerprint, or voice recognition. This seems like something coming from a movie, but it will be coming soon too. These cards can be swiped into phones right now to make bank transaction, or shop online by using MobileSwipe.  The part attaches to your phone, plugs into your charger area, and allows you to swipe your card in order to make a transaction on your phone. Also, to integrate the smartcards into our cell phones in the future, we may not need a card at all. New Scientist Tech talks about Nokia and Visa creating a method where all you would have to do is to put your phone near a scanning device and it will read your phone and charge your account. They use this method over in Japan where it has been successful due to their advanced technology. This method sounds good, but how are we supposed to trust that our money will be safe and our personal information will be safe?

            In any electronic product, there will always be a threat of invasion or a threat of security because many people are greedy in this world. M-Commerce is no different than electronic commerce; products are bought online, and transactions are done online as well. As M-COMMERCE SECURITY mentions, there are three ways your security can be breached while using your phone to buy products. The first issue is transaction. We make transactions all the time on the computer and we make transactions in stores, but through mobile devices it’s a little more difficult. Some websites you visit may not have anti-virus protection and your money could be stolen in the blink of an eye. If you are not familiar with your phone and are doing transactions on it, then mistakes may come about too. Furthermore, BBC News M-Commerce Fraud Fears says that gaps exist in these mobile networks that can be easily breached in order to steal your money. The bandwidth, speed of the mobile network, isn’t strong yet. If you are in the middle of a transaction and you lose service then your money and information could be lost. The next issue is information. Information is held by the websites you make transactions with in order to buy a product. If the website is somehow breached, then hackers can steal your credit card numbers and other personal information that could lead to identity theft. Some websites we just can’t trust because they are not well known, they might not have a secure system of payment, or they might be a fake site just trying to your money. Finally, the Infrastructure in place for M-Commerce is not that secure right now causing all of these security issues with transactions, and stolen information. They need to work out some technological issues such as billing information, site certificates, and other technological problems before M-Commerce can be fully launched in the United States. Once M-commerce develops, I think overtime we will overcome these problems just like E-Commerce has overcome most of its obstacles. With any technology, change is on the way in order to make our lives more secure while using new cellular devices to make a transaction.

            BBC News M-Commerce Fraud Fears says that as long as our technology grows, there will always be some issues with security. We can make different systems and programs in order to stop or hinder the hacker’s attacks, but this will be an ongoing process that we will have to deal with. We all want new and improved technology, but sometimes that comes with a cost. As long as the consumer takes the initiative to make smart decisions on which websites they buy from, and take care of their personal information then we can overcome these security issues in order to enjoy M-Commerce, and to enjoy our new and improved Smart Phones.

Sources:

BBC News M-Commerce Fraud Fears                                                                                     

M-COMMERCE SECURITY

New Scientist Tech

Make Way for M-Commerce

Giesecke & Devrient

“Textbuyit”

Holiday Cyber Shopping 2008

Smart Phones make inroad to Business

The Future of Cell Phones

MobileSwipe

 Video:

]

All in the companies today became without paper with technological advances presenting the email, the Internet, sweeping and others. However, one essential paper article required for companies and contractors who continues to be used indeed is a professional calling card of visit. A professional calling card of visit is very important to leave customers, the possible customers and investors take your information with them and remember you when the moment comes. Were you ever in a situation where you bought something of somebody and then you cannot remember where the store is located or what it called? These businesses provided you a service or the product which you would have wanted to still employ or buy. Since you cannot remember the details you will be probably some share other will buy this product or service. This should not arrive at you and your business and thus the professional calling cards of visit ensure you that the customers will remember you. If you are in businesses which require to often exchange information with customers having then a professional calling card of visit will be useful.

The professional calling cards of visit must be perfect so that others obtain the good first impression about you. It is a manner of saying others what is your profession, to give them an idea in the way in which you will be able to help them and which services you can provide. An occupational calling card of visit should reflect that you are a professional, make you your well of work and you know what you made. There are many various models for professional calling cards of visit but it is important to choose a model and a provision which is organized and calling upon the eye. The basic bases that a professional calling card of visit should contain are your first and family name, your title or designation in the businesses, the name of the businesses, the service you provide if they are not obvious, and options to contact you. The information of contact should at least have a land phone number of line, a number of cellphone so available, the email address, the Web site of the businesses, and forwarding addresses it. You recall, your professional calling card of visit is not a booklet, thus does not make it confusing by enumerating too many services and products. If you really must enumerate some services you also have the option to thus enumerate them on the back of the professional calling card of visit your stays of the information of contact lights and orderly.

The majority of the professional calling cards of visit follow the horizontal design of provision because it is easier to read and provide enough part to space indeed outside each information on the professional calling card of visit. Your name should be the information most underlined on your professional calling card of visit and should be called with a police force �BOLD� and large. It is also important to envisage the design of provision for your professional calling card of visit because it is the difference between somebody who thinks your business will be useful and making throw your chart in the refuse. It would be also wise to follow the ideal size of 3.5 of 2 inches which will adapt in any small pocket. The quality of paper used should also be taken into account thus it will be durable and will not tear easily. People also judge you by paper that you employ for your professional calling card of visit. If you employ the paper of good quality for your chart they will suppose that you take your business with serious and are a devoted professional. Some even take time to thus laminate their professional calling cards of visit they better and last longer are preserved. Single ideas are also followed like professional calling cards of visit of impression on wood, metal or the plastic. The most recent tendency is to thus magnetize professional calling cards of visit it can have 3 goals: people employ it on their refrigerator like magnet, it creates a manner so that the people often see your information, and thus they will not lose your professional calling card of visit.

The type of ink employed to print your professional calling card of visit should be durable and the constant thus if it obtains moist ink should not function. One should think outside of the colors used on your professional calling card of visit carefully. According to your profession more or less of colors will be necessary. For example, if your business is a store of trade and arts then you could plan to employ more innovating colors and police forces to produce a creative provision which exemplifie your business. However, you must know if his outward journey to represent your business in the ideal way. If you are a doctor or a lawyer you would tend to employ less color and police forces and to depict a professional calling card of crunching and concise visit. The size of selected police force should not be too small differently it will be difficult so that somebody reads your details and information. It should be in a police force which is easy on enough the eyes and free space that details can be quickly included/understood. The information of contact should make provide the majority of information thus to you a series of options so that the people contact you.

It is certainly an good idea to invest in professional calling cards of visit of quality. You ensure that when you made, follow you the directives adapted thus they will be employed with their full capacity, bringing in more businesses for you and your company.

CNET News reports,

A federal judge on Saturday granted the Massachusetts transit authority’s request for an injunction preventing three MIT students from giving a presentation about hacking smartcards used in the Boston subway system.

It seems interesting that MIT is even taking legal steps to prevent its students from indulging in any activities, that might not be in the best interest of the government and the nation at large. While at the same time, “21″ is creating waves throughout the world.

(PS: For those who live in another world, “21″ is the fact-based story about six MIT students who were trained to become experts in card counting and subsequently took Vegas casinos for millions in winnings. It is inspired by the true story of five students who changed the game forever.)

Of course it happens to be in Germany, but we are globally aware when it comes to the wisdom of the opinionated crowd.

In Germany this week doctors and civil rights activists joined forces to organize a boycott of the German smartcard program, attracting huge media interest, including national TV.

The new alliance claims that smartcards in healthcare are the first step towards a system of national “mega-servers” which contain aggregated patient data in centrally stored shared electronic patient records.

Interestingly, one partner of the new anti-smartcard alliance is the ‘Chaos Computer Club’, an association of hackers that 18-months ago managed to ‘free’ – gain access to – the only independent cost-benefit analysis of the German smart card project yet carried out.

The key goal of the anti-smartcard alliance is to persuade citizens to boycott the roll out of the new cards by, for example, not sending in the photographs necessary to produce the cards.

Given the considerable media attention, reactions from official bodies have been muted. “The arguments of the critics do not become better by repeating them again and again”, said a spokeswoman of the German Ministry of Health.

Is this an example of our privacy friends running amok? Or, as there usually is in these cases, some thread of valuable insight into a future that we might want to think about.

Hallo Leute,

für mein Studium beschäftige ich mich derzeit damit wie man auf Smartcards (I2C – 2KBit) Daten schreiben kann und wie man sie wieder auslesen kann. Was sich eigentlich ganz einfach anhört, ist es in Wirklichkeit nicht. Zumindest nicht ohne jegliche Vorkenntnisse.

Um ein Bisschen rumspielen zu können, hab ich mir heute einen Cardreader (Towitoko Chipdrive 120) und nen Packen Smartcards (oben erwähnte I2C-Karten) bei eBay bestellt und freu mich jetz wie Bolle darauf, dass das Zeug ankommt.

Was braucht man aber als Vorkenntnisse? Zu allererstmal muss man wissen, wie man mit dem Cardreader seiner Wahl kommunizieren kann – soll heißen über welche Libraries. Dann sollte man sich (so hab ich es zumindest gemacht) mit der CT-API beschäftigen. Dabei handelt es sich um einen Satz standardisierter Funktionen mit standardisierten Parametern, die allgemein die Kommunikation mit dem Cardreader ermöglichen. Im Detail handelt es sich hierbei um:

• ct_init , welche die Kommunikationspipeline zum Cardreader aufbaut
• ct_data , welches Befehle an die Smartcard sendet. Zu diesen Befehlen gehören auch Befehle zum Auslesen und Schreiben von Daten
• ct_close , welches die Kommunikationspipeline wieder schließt

Was also letzendlich wieder von Interesse ist, ist wie die Befehle mit ct_data an die Smartcard gesendet werden. Das geht mittels sogenannter Command-ADPUs. Dabei handelt es sich um fest definierte Bytefolgen. Die Wichtigsten dieser Bytefolgen (als gebräuchliche Konstanten im C-Code) sind:

• REQUEST_ICC , welches überprüft, ob eine Karte (Integrated Circuit Card = ICC) eingelegt ist
• SELECT_FILE , welches eine bestimmte Datei auf der Smartcard auswählt. Die Dateinamen sind dabei 2Bytes lang
• READ_BINARY , welches (wer hätte es gedacht) eine bestimmte Anzahl an Bytes ausliest
• WRITE_BINARY , welches eine bestimmte Anzahl an Bytes schreibt
• EJECT_ICC , welches die Karte wieder ‘auswirft’

Wer nun ein wenig Quellcode lesen will um zu schauen, wie das ganze wohl gehen könnte, dem empfehle ich diese Seite. Um sich eine Übersicht über die ADPUs zu verschaffen, kann man sich dieses PDF ab Seite 45 durchlesen

Ich hoffe der grobe Überblick den ich mir jetzt selber verschafft habe (und euch vielleicht auch) ist einigermaßen nützlich

Auf jeden Fall freu ich mich schon auf die Ankunft meiner Nerdspielzeuge

Ottawa Business Journal Staff

The City of Ottawa is joining with transit agencies in the Greater Toronto Area (GTA) to make smartcard technology a reality by 2010, the city said in a release Friday.

With Presto – a contactless, automated fare system developed with the Government of Ontario – the project will result in “significant savings” to the City of Ottawa, according to the release.

The need for such a payment system here featured strongly in the conversations at Transit camp last weekend. This story came out on Friday but did not make Google news alert until today.

One of the reasons that we do not have such a system here now is that none of the financial institutions has shown any interest in small denomination transactions, though Translink and its predecessors have been trying, several times, to get something going. The big banks just see no reason to get involved – it is far too easy for them to keep on making huge profits doing what they do now – basically charging their customers an arm and a leg for very little. They also lend out money at high rates that they have borrowed very cheaply – or even charged people for looking after.

Other larger cities with much greater mode share on transit have a bigger market – and this the people who make ticket machines all fall over themselves to try and sell them fare systems. Other merchants who deal in small amounts see cashless payment as a way to retain customer loyalty. There are a whole lot of store and gift cards out there – some reloadable, all driven at present by magnetic stripes. And the main reason stores like them is the amount of money people have to pay them up front, and the not insignificant sums that get left unspent.

North America is going to have to catch up with the rest of the world soon as most other advanced countries now have chip embedded cards. This is being driven mainly by the amounts lost to fraud. Again, Canadian banks have such a huge cash cushion they simply accept this as a cost of doing business. The money either goes to thieves or system vendors – and as long as the system vendors want more than the thieves are taking … But the big change comes from the use of devices that do not physically have to be inserted or swiped – or even touched. Proximity readers are the next big thing in technology and are already making progress in things like inventory control systems using tags and readers.

All this stuff is very enthralling for systems people and they burble on about “systems architectures” and data capture and similar stuff – and have been doing so for years, with very little to be seen as a result.

For transit systems ideally we need a system that protects our privacy – where we go and when is nobody’s business but our own – and can be reloaded easily. Cell phones and Paypal both seem to be acceptable in their different spheres – and cell phones can already be used to pay for parking both on and off street (something no-one predicted back in 1984 when I started looking at cashless parking on-street – although phone cards seemed promising). What I also thought was interesting was that some people at Transitcamp liked the idea of pay by distance. Most transit systems abandoned that here years ago in favour of flat fares and no change cash or token, and I suspect that transit trips got longer as a result. I still think that passes – paid up front, freedom of the system for a specified time – work best to get car users hooked on transit. But maybe a cashless electronic purse you can use to ride the bus, buy a paper and a cup of coffee would also work. And short rides would cost less. Trouble is we would need an intermediary and so far they are not playing nice with others. Maybe the social conscience of the credit unions could be tweaked?

UPDATE Montreal is getting smart cards