• 4toner4
  • Print
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
  • big-banner-ad_2-sean
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • mse-big-new-banner-03-17-2016-416616a-tonernews-web-banner-mse-114
  • 2toner1-2
  • Video and Film
  • 7035-overstock-banner-902x177


 user 2005-06-06 at 10:18:00 am Views: 60
  • #9534

    How To Harpoon A Cyber Shark
    New technology could thwart ‘phish’ e-mails that
    seek consumers’ private data

    The corporate battle against cybercrime is
    unending. And phishing — bogus e-mails designed to trick consumers into
    coughing up personal info — is among the most insidious of foes. Just ask
    Ambika Gadre, director of security and threat prevention at IronPort Systems
    Inc., an e-mail security firm. Gadre and her team, relying in part on a
    promising new authentication technology from Yahoo! Inc.  called DomainKeys,
    spot an ever rising tide of bogus e-mails slinking across the Web. “Phishing is
    so damaging,” says Gadre.

    With the phish epidemic starting to sap
    confidence in online commerce, e-tailers and banks alike are scrambling to beef
    up defenses. Amazon.com Inc.is expected to begin testing an IronPort system soon
    that verifies if e-mail pitches sent to consumers under its name are real. Bank
    of America Corp. is rolling out technology that helps customers ensure they have
    reached the bank’s real site — rather than a fake one set up by the phishers to
    capture their user IDs and passwords. And the anti-phishing effort got a big
    boost June 1, when Yahoo! and Cisco Systems Inc. announced plans to merge
    competing technologies — clearing the way for a DomainKeys technical

    It’s a counterattack against phishing that may at last have
    teeth. “When evil folks with malicious intent send an e-mail that purports to be
    from BusinessWeek.com, we’ll know,” says Andrew R. Spillane, an exec in the
    e-mail unit of Yahoo!, which rolled out the technology last year.

    The key
    to countering phishing, say experts, is making sure consumers know which e-mails
    are real and which are not. Since last year, many banks, e-commerce sites, and
    others who send e-mail have relied on a free software developed by Microsoft
    Corp. and others called Sender ID. The technology uses the coordinates of
    Web-connected PCs and servers, known as IP addresses, to trace the origins of
    e-mail. Some 750,000 company domain names around the world have been registered
    under Sender ID, according to Microsoft. Trouble is, say security analysts, the
    bad guys can route phish through many servers to disguise who originally sent
    them. “Sender ID is the first step,” says Ryan Hamlin, Microsoft’s general
    manager of technology care and safety. “But it’s not the end game.”

    Enter DomainKeys — a more robust
    authentication technology. Here’s how it works: When a bank or e-commerce firm
    sends out e-mail, the mailing contains a signature that corresponds to a unique
    code allocated to the sender. When an e-mail firm or an ISP receives a message
    to transmit to its users, it can check to see if the signature on the e-mail
    matches that of the bank or e-commerce site it claims to be from. If it does,
    the person getting the e-mail will be told it’s legit. If not, the ISP will warn
    the customer not to open it.

    That’s not the only way banks are beefing up
    Internet security. Some are putting in place technology that helps online
    customers ensure they are visiting the real Web site, as well as keep fraudsters
    out. Bank of America’s SiteKey system shows online customers a picture when they
    visit its site. If the image they’ve chosen doesn’t pop up, they will know
    they’ve reached a bogus site. And if fraudsters try to access a customer’s BofA
    account from an unrecognized PC, they will have to answer a predetermined

    Still, such technologies face hurdles. With Yahoo! and Cisco
    just agreeing on common standards for DomainKeys, many companies may resist
    investing in the technology until the kinks are worked out. Price is another
    issue. Both Yahoo!’s and Cisco’s products can be downloaded for free online. But
    an e-mail security system with DomainKeys for a mass e-mailer costs $500,000, on
    average, says IronPort. For a big company, that’s not much to stymie forged
    e-mails that can damage reputations and clog up millions of e-mail accounts. But
    smaller businesses may hesitate to upgrade until the price drops. With consumers
    increasingly wary about buying and banking online, however, they may have little