Password management software company PasswordBox appears to have quickly spent some of its recent $6M funding on acquiring a complementary offering. 'Legacy Locker' is a digital afterlife service that – should you pass on without passing on your passwords – grants access to your online assets to friends and loved ones.
Or as GigaOm puts it - the land grab for cyber security rages on. HyTrust, a provider of products to secure virtual environments, has bought HighCloud Security, a specialist in encryption and key management. HyTrust has previously received some $29m dollars in VC.
Intellectual Ventures, the notable patent troll, is demanding $310m from Symantec and Trend Micro for the use of patents it has the rights to, according to Computer Business Review . I should imagine this will strke fear in a lot of cyber security companies.
I am not sure about their defence though, based on the idea that a patent acquired for less than a million dollars could not be worth so much. Until the legal process is resolved this may, however, raise the price of cyber security patents on the market.
The MACH37™ Cyber Accelerator has been set up at the Centre for Innovative Technology at Virginia Tech. It is modelled on existing accelerators, such as Y Combinator, TechStars and 500 Startups, but specializes in cyber security start-ups. A number of new companies were announced as the first intake, and benefiting from a $2.5m investment.
Security related patent portfolios for sale from ICAP patent brokerage. The assets available for sale disclose innovations including: •Message Authentication •Gesture Recognition System •Secure Data Access •and more Read more: http://www.digitaljournal.com/pr/1448042#ixzz2dvVsESYD
Royal Holloway has announced that their Information Systems Security Group (ISSG, as it is widely known) has launched new technology to protect against password theft and phishing attacks. The technology is dubbed Uni-IDM but the only real information about it is provided through a link to a paper on one of the author's personal web site. However, the paper, by Chris Mitchell and Haitham Al-Sinani, does seem to have been peer reviewed, having been published at EuroPKI 2011. In an interview on slashdot, "Digital IDs Designed to be More Secure Than Passwords", Professor Mitchell is reported to be aiming to develop an open source prototype, though he offered no schedule for when that might happen.
Let's hope it's soon. The rationale for the work looks spot on - it does not involve proposing any new cryptographic protocols or inrastructures, but wants to make existing systems resistant to phishing, as well as privacy-enhancing through an explicit user consent procedure. They propose 'IDSpace' as an architecture for a client-based ID management tool that operates in conjunction with a client web browser. The paper is worth a read if you are interested in ID management.
FireEye, a Californian company that was started up in 2004 by a former Sun Microsystems engineer, has raised around $100 million from venture firms, including $50 million earlier this year. Its SEC filing reveals that it has more than 900 employees. It seems quite rare to see an IPO for a cyber security company, especially one that is 9 years old. I think FireEye have hit the big time with their focus on Advanced Persistent Threats. The fight against APTs required a radical re-think of optimal security measures.
Accumuli, a serial acquirer of early stage cyber security companies, has announced another UK acquisition, Cambridge-based Signify Solution. Signify is a managed service provider of hosted two factor authentication solutions.
There's a coincidence! In my post before last I commented on the release by Cronto of a new system to combat online banking fraud. Barely a month later and Cronto, a Cambridge University spin-out, has been acquired by Vasco.
New system to combat online banking fraud: A security solution from a Cambridge University spin-out which protects against 'man-in-the-browser' trojans is being rolled-out by two German banks. The system works with the bank web site sending a 2d barcode-style picture that contains the transaction information. The user decodes it with a mobile app, or dedicated device, which also generates a transaction authentication code for the user to enter to confirm the transaction.
I've long thought that smartphones would be the route to secure transactions over the internet. Using them as out-of-band communication routes for passcodes, or validation checks, has security potential but means the user must have a mobile connection. Attacks on this mode have already been developed.
You can try out the CrontoSign technology by downloading the CrontoSign mobile app for iOS or Android devices and try it with a demo account at www.crontosign.com.
An interesting report from 'The Register' about BT's Adastral Park - where our security futures practice, in BT Research and Technology, is based. BT is working on plans to create 2,000 new jobs and provision for up to 2,000 homes by 2025, by opening up areas of Adastral Park as a science campus. The idea is to create a Suffolk research centre - a regenerated research and development facility that encourages the growth of an ICT cluster in Suffolk.
Spanish startup, Qustodio, raises $1m to allow parents to monitor Facebook chats and searches, as well as view browsing histories and which applications have been opened in a given session on their childrens devices. There is one dashboard for parents to control all devices, which may include tablets, smartphones, and home computers per child.
And Quorum pulls in $11M to help small businesses recover from hardware failure.
Startup Remotium was named the Most Innovative Company at the start of the RSA Conference on Monday. Unsurprisingly it's a security technology for mobiles addressing the bring-your-own-device (BYOD) trend. It runs mobile applications on public or private clouds, and streams the visualization elements to the device so that enterprise data is never stored on it. Return of the thin-client?
The company has apparently not yet raised any venture funding.
The MIT review reports on a startup aiming to protect printers, phones, and other devices from hackers. It will announce the first device running its defensive code this week. This is an important development. Embedded devices are typically poorly protected, run legacy software and are rarely designed to be patched. They are inviting targets for advanced persistent threats, as we saw with Stuxnet.
Yet another startup, Nok Nok Labs, is hoping to sway users away from insecure passwords. It has developed a security protocol that asks end users to substitute stronger authentication tools such as fingerprints and voice recognition, for usernames and passwords.
Named after the classic knock-knock joke, Nok Nok Labs' CEO was a founder of well respected encryption company PGP. Nok Nok has apparently taken $15 million in venture capital.
Minteye, an Israeli start-up has come up with a new form of CAPTCHA - those annoying squiggly alphanumeric patterns that supposedly allow a web site to be sure that the user is human. What's more it has a business model attached to it. Minteye's variant is known as SLIDING CAPTCHA. The user adjusts a slider until a distorted image looks like something recognisable. The business angle is to include adverts in the human resolved image. Whether it is taken up will probably depend a lot on how well it can discriminate the human user but sometimes a good business model will trump security in the market. However, only last week it seems a short Python script was concocted to defeat it. But these things can never be perfect. And if a machine ever passes the Turing test how can CAPTCHAs hope to work?
10 Signs You’ve Been Working In Information Security Too Long
When your mum calls you ask her three security questions to verify her identity;
Your pet’s name consists of at least 20 characters, and contains a mix of numbers, uppercase letters, and at least one special character;
Sometimes you can’t understand your own thoughts because they are encrypted.
12 Must-Watch Security Startups for 2013 - an interesting selection of mainly cloud-based security and security monitoring technologies. Some, although still in stealth mode, have already picked up significant investment.