REGISTER
 
Auburn Mountain
SearchMinimize

 Minimize
Article ArchivesMinimize
Order Licensing & CE Minimize

  Articles              First Time Here?

Published: Wednesday, January 02, 2008  

WATCH THE CARS NOT THE TRAFFIC LIGHTS!
By Jim Robinson

 Watch For The Cars Not The Traffic Lights!

When training our young ones to cross streets and intersections we know that it is a very smart thing to train them to watch for cars and not focus entirely on the traffic lights for obvious reasons.

When you are sending e-mail using instant messaging or transmitting client information on the Internet.....WATCH THE CARS NOT THE TRAFFIC LIGHTS!

Ok...You are on your favorite website and you decide you will buy that item you must have! You hit the BUY button and complete the form and press send. Your credit card info and other personal and sensitive information are transmitted with privacy. You saw a pop up box (some are a little more colorful than others) telling you being protected by SSL. Most sites that are e-commerce enabled use SSL encryption.

 
Many Internet users may not be aware that SSL comes in three strengths, 40-bit and 128-bit, which refer to the length of the session key generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Industrial strength 128-bit SSL encryption used to be the world's strongest. Encryption technology has recently delivered higher encryption strength of 1024-bit key encryption.

My question to you: Are You Watching The Traffic Light Or Are You Watching For Cars? Translation: You completed the form before you press the send button. The phone rang while you were doing this. So you took the call. 5 minutes. You realized your coffee was getting cold. You got up and poured a new cup..2 minutes. So 10 minutes later you pressed send. Are you aware that your information was exposed to the entire World Wide Web up to the point you pressed the send button ? If fact if you press the back button you will see the lock (that appears in the lower right hand corner of the your screen) disappear when you go back to the page just before you pressed send. Many websites have this vulnerability. This is only one of many vulnerabilities that you many not be aware of.

By the way, most Company Intranets are safe. Some are safer than others. We are moving from Company Intranets to the web. One example would be the life career agency system that has a population of 190,000 and the independent agents with a growing population of 300,000. If you add the independent brokerages and boutique shops of Financial Services Practitioners, this numbers swells to over close to 750,000 plus.
This trend indicates that enormous amount of conversations and communications are occurring on the World Wide Web and not Company Intranets. At the same time, the privacy of information exchanged online is one of the leading concerns voiced by consumers and organizations.

How do you ensure your information is protected and private? Today, some Company Intranets are using basic privacy. Basic Privacy is delivered by a web server certificate which enables SSL. Typically it is combined with User Name/Password authentication and it protects information submitted between browser and server. This is not enough..

In January 2000, an attacker accessed and stole CD Universe customer records including credit card information. SSL encryption only provided protection of sensitive information for part of the way only to the Web server. The fact is that information or data is vulnerable at multiple points.
 
Other Interesting Invasions
  • Yahoo - EBay - Amazon.com: In February 2000, the FBI was on the hunt for a hacker who calls himself "mafiaboy" and another who calls himself "coolio" about attacks on some of the net's most popular sites i.e. Yahoo, E-bay and Amazon.com. Yahoo, the second busiest Internet site was down for more than three hours. Yahoo users trying to get e-mails and personal calendars found themselves smurfed out. 
  • E-bay: Smurfing is when hackers slam Internet sites with bogus requests for a certain Web page or information. Hackers do this by breaking into computers and planting software instructing the computer to send traffic to a Web site. The request can come from a single computer or several computers anywhere in the world. The bogus request jams the Web site, making it impossible for the real users to get through. One of the largest online stock broker i.e. E-Trade also fell victim to the online attacks. Customers trying to trade stocks at a profit or buy stock at a discount found themselves locked out.
 
This could be disastrous for online trading sites that rely on quick access and security of investments. Internet trading is one of the fastest growing e-commerce businesses on the net. If traders are unsure of online trading, those companies can lose thousands of customers. Source: PBS NewsHour
  • Western Union: Hackers made electronic copies of the credit and debit card information of 15,700 consumers. 
  • Credit Cards: A teenage hacker cracks thousands of computer networks and gains access to more than 23,000 credit card numbers, posting them to the web leading to roughly $2.8 million in fraudulent charges, including purchases he made to the credit card of Bill Gates.

SSL encryption ?
It appears that SSL encryption is not enough for Financial Service Practitioners online needs. You must look at Invasion of Privacy while you are on the Internet as if an advancing conquering army is invading your fortress. The attacks come in waves. First they are the outright attacks on the fortress and then they are the covert and stealthy activities that are ongoing after the army retreats.SSL encryption helps in authorization and validation but in real time dynamic environments more help is needed. Again...don't relax your guard just because a site says it is secured with SSL.

Did You Do Any Of The Following Today:

  • Have you used e-mail to discuss a case or client issue with an associate that happens to work for another company. 
  • Have you had a casual conversation using Instant Messaging in which you mentioned a client's situation?
  • Did you transfer a client file via your ISP (Internet Service Provider such as AOL) because your company's network was down and you had to get it there!
  • Did you transfer a client file or send a e-mail using a School, Airport and or Hotel connection ?
  • Do you use wireless Internet networks that is a must for the stay-connected crowd. 

If you did, you may have placed subsequent online communications with clients and prospects in jeopardy:  This could also increase your errors and omissions liability and E&O coverage!

The Financial Services Professional will need to do due diligence on webites before using their collaboration and communication services. The professional should seek out those sites that use persistent encryption i.e. protection throughout your entire communications, collaborative situations and applications. Beyond the web server right to the back-end application. Coupled with active managed intrusion and protection services, the Financial Services Practitioner will have SafeHarbor for Internet communications and collaboration activities with clients and prospects.

By the way...Watch For The Cars Not The Traffic Lights! 

This article appeared in Financial Services Online in September 2001

Views: 165 :: Comments: 0 :: Rating:
Categories: Internet Security

Comments

You must be logged in to post a comment. You can login here

Currently, there are no comments. Be the first to post one!
Important Disclosures and Public StatementsMinimize

PLEASE READ - MUST READ

Disclosures
The articles published here represent the personal views of the author(s), and not necessarily the views of any securities firm, insurance company, FINRA, SEC or organization with which he or she may be affiliated. All statements made in these articles are for general information only and are not intended to provide, nor should they be relied on as, legal or investment advice.  Readers must consult with their qualified investment, tax or legal advisors before relying upon any content contained herein. Statements made in these articles may be incorrect for your state or jurisdiction. Also keep in mind that at the time when you read such statements the underlying rules, regulations and/or decisions may no longer be controlling or persuasive as a matter of investment or insurance law or interpretation.
Copyright 2006 - 2008 by Auburn Mountain   Auburn Mountain  Terms Of Use  Privacy Statement