Friday, 23 August 2013

A universal client-based identity management tool?

Royal Holloway has announced that their Information Systems Security Group (ISSG, as it is widely known) has launched new technology to protect against password theft and phishing attacks. The technology is dubbed Uni-IDM but the only real information about it is provided through a link to a paper on one of the author's personal web site. However, the paper, by Chris Mitchell and Haitham Al-Sinani, does seem to have been peer reviewed, having been published at EuroPKI 2011. In an interview on slashdot, "Digital IDs Designed to be More Secure Than Passwords", Professor Mitchell is reported to be aiming to develop an open source prototype, though he offered no schedule for when that might happen.

Let's hope it's soon. The rationale for the work looks spot on - it does not involve proposing any new cryptographic protocols or inrastructures, but wants to make existing systems resistant to phishing, as well as privacy-enhancing through an explicit user consent procedure. They propose 'IDSpace' as an architecture for a client-based ID management tool that operates in conjunction with a client web browser. The paper is worth a read if you are interested in ID management.

Wednesday, 7 August 2013

APT fighter FireEye files for $175M IPO

FireEye, a Californian company that was started up in 2004 by a former Sun Microsystems engineer, has raised around $100 million from venture firms, including $50 million earlier this year. Its SEC filing reveals that it has more than 900 employees. It seems quite rare to see an IPO for a cyber security company, especially one that is 9 years old. I think FireEye have hit the big time with their focus on Advanced Persistent Threats. The fight against APTs required a radical re-think of optimal security measures.