PC's are insecure and hackers constantly exploit flaws in their security.  This article provides some insight as to why software based solutions designed to run on a PC are sitting ducks for potential hackers... which, once again, is why HomeATM has taken a personal swiping device approach to bringing PIN debit to the web.  It's how they've done it in the stores, and it's how it should be done online.  Keep in mind that the Internet was not designed for eCommerce, it was originally designed as the "information highway." 

With our approach, the transaction is done "outside" the browser space, therefore "man-in-the-browser" attacks are nullified, as are keylogging, screen capturing and a symposium of  other hacking methods designed to drain  data from your PC.

Someone's eventually going to be swipin' your credit/debit card data...shouldn't you be the one doing the SwipePIN?  Any doubts?  See how easy it is..."to hack a PC"  

This, from the Wired Blog Network:

SecuniaImage via WikipediaHardly anyone runs a PC without known holes that hackers can exploit, a Danish security company reports. Of those who run the company's free security-scanning tool, nearly half have more than 11 out-of-date programs.

Secunia Software's Personal Software Inspector checks programs installed on a user's computer to see if the latest, patched version is installed. More than 98 percent of users had at least one program that wasn't the latest version, the company found in a study of 20,000 users of its software.

The sobering statistics are not surprising, but they come as malware makers turn from simply exploiting easy holes in Windows.

In addition, hackers have been finding vulnerabilities in browsers, media players and file-reading software as a way into other people's computers.

While it may not seem likely that a hacker would rig a website to exploit a patched hole in a lesser-known media player like VLC, hacking tools make it increasingly easy for an infected webpage to check for many vulnerabilities in a person's computer.

Number of insecure programs per PC/user:
0 insecure programs: 1.91% of PCs
1-5 insecure programs: 30.27% of PCs
6-10 insecure programs: 25.07% of PCs
11+ insecure programs: 45.76% of PCs

Secunia's Mikkel Winther says the study shows that its just as important to keep programs up to date, as it is to have a good firewall and anti-virus programs. He also says the real numbers in the general populace are likely worse, because their sample is of people who have looked for security software.

"The results are shocking and prove as well as emphasize the need for a patching solution for private users," Winther said. Keeping up with software updates can be quite tedious and annoying, even as software makers like Microsoft and Mozilla have built better update tools. Those who don't care to download Secunia's software can try it's online scanner, though it only checks version numbers on a hundred or so programs.

Secunia does not sell security software to individuals, but does market a networked version of this scanner to companies.

Reblog this post [with Zemanta]

Posted by John B. Frank Wednesday, December 24, 2008

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers