Sony hacks may force companies to eliminate passwords

This article is the first of a year-long series of articles looking at outsourcing services and how they are no longer just a means of saving money.  We look today into the arena of cybersecurity and a startup using contract software design to create a new security paradigm.

By Lou Covey, Editorial Director

gty_computer_password_ll_131204_16x9_992The hack and subsequent terror threat of Sony Pictures laid bare the inherent weakness of cyber security in the world. Even the most powerful firewall technology is vulnerable to the person with the right user name and password (credentials).  In the case of Sony, the administration credentials were stolen through an unsophisticated phishing attack, allowing the hackers to bypass the Sony firewalls and storm the corporate castle.  This is the most common way hackers take down a system.

We have all heard stories of new technologies that overcome this basic flaw, from biometric technology to two-step verification, none of which seems is taking significant hold in the cyber world. According to Jack Wolosewicz, CTO and co-founder of Eurocal Group, corporations are reluctant to move beyond the familiar.  Articles in the Harvard Business Review and Fast Company lean toward agreeing with him.  Companies are dedicated to giving customers what they are willing to accept, not necessarily what they need, and they won’t force new paradigms on them.  But Wolosewicz says here is no such thing as a strong password.

“All passwords are weak because they are easily stolen and their complexity is irrelevant once a hacker has a copy of the password,” he explained. “This enables the hacker to masquerade as an administrator and, snap, the passwords, personal data and credit card numbers of millions of users are now in the criminal domain.”

However, Wolosewicz said, in the area of cybersecurity, that reluctance may give way to necessity. “We may be at the pain point where all of us are willing to look at something significantly different.”

Wolosewicz has a deep background in computer security and after working as CTO with the team at EuroCal Group, he realized he had the engineering resources to create a security system eliminating the password paradigm. And he could do it without the startup costs and headaches.  Certus was born.   Wolosewicz serves as the CTO of Certus, as well, managing the Eurocal engineering resources for both companies.

The Certus cryptographic protocol is based on a “one-time pad” cypher, proven unbreakable in 1945. The system creates a sonic digital handshake between a mobile phone and any device wishing to authenticate the user. If the phone is stolen or lost, the user just deactivates it. High security applications may be reinforced with 2nd factor authentication, so a lost cell phone in the wrong hands does not pose a threat.

“The Certus authentication system eliminates user credentials that can be separated from the user and misused in an attack,” Wolosewicz claimed. “It is significantly easier to use than two-factor verification and more reliable than biometrics. The cell phone has become an appendage for most of us and now it can become a universal key to the Internet. It’s keyless entry for the Web”. In payment systems applications, Certus never stores user credit card information, so even if a corporate system is somehow compromised, no credit card numbers or passwords can be stolen.

For the past few years, and going even further at this year’s CES, consumer electronic devices, from mobile phones to automobiles are filled with easily hacked technology, even if it isn’t currently activated.  There are already reports of smart TVs being used to harvest data on customers, without their knowledge, while they watch their favorite programs.  The rapidly growing popularity of streaming entertainment means a growing number of online accounts protected by the same user names and passwords for personal computing devices all of which makes individuals vulnerable to national cyber attacks.  For example, let’s say Sony does decide to release The Interview on streaming media.  It would be relatively easy right now for those same Korean hackers to collect the names and personal information of anyone who watches it.

We may have reached a pain point in electronic device security that goes so far beyond bandwidth, speed, latency, capacity and power usage it makes all those issues irrelevant to the current problem of security.

See part one of the interview.

This article sponsored by Blaylock Engineering, EuroCal Group, MeBox Media and Busivid.

CES and 4KTV: The industry has it backward again

COMMENTARY By Lou Covey, Editorial Director Many tech media outlets (as well as several general media pubs like the WSJ) are predicting that 4K television will be a very big deal this year at the annual tech echo chamber known as CES.

The question I keep asking, however, is “Why?” So far, I’m not getting an answer.creatingcomics_clip_image002

In truth, most of the media is focusing on technology that is driven by sponsors and advertisers at CES, and 4K TV is a big deal for the companies making the TVs as well as the component manufacturers and embedded software/hardware design companies. All of them have big money riding on the success of 4K TV... just like they did for 3D TV for the past three years. The problems with those hopes and dreams for 4K are the same as for 3D, however.

HDTV took a long time to get into general distribution, basically because HD content took a long time to develop. It was only last year that Netflix actually streamed HD content for the first time... if you had an internet connection strong enough to handle it and most people don’t. No streaming media service can support 4K content now or for the foreseeable future, nor can most ISPs. While Blu-ray disks can hold more content than DVDs, they lack the capacity to handle any 4K content longer than 30 minutes, upgraded to 4K. So we are going to need significant upgrades to content delivery systems before any current 4K TVs are going to be able to show what they can do.

But that’s just the content problem.

When HDTVs came out, 40 inches was a big deal and most people went with smaller products simply because they took up less space in the house and they cost so much less. The problem was that the content could only be viewed in full 1080p on a TV at least 42 inches big, viewed from a minimum of 6 feet away, so consumers weren’t getting the full HD experience. That changed when President Obama gave a tax rebate to everyone regardless of whether they paid taxes. That rebate, in most cases, was enough to buy that 40+-inch HDTV... right in time for the federally mandated switch to HD broadcasting.

Like 3DTV, 4KTV lacks the federal subsidy and the regulatory support the HDTV had, so unless some serious back-room lobbying is going on 4KTV is headed for a tough financial road. But let’s say, just for a second, that their is some dealing going on. What does the 4KTV experience look like for the consumer.

There are rumors that CES will feature an announcement of a below-$1000, 60-inch 4KTV for purchase sometime in 2015. According to CNET, to watch an HDTV, at a 20 degree angle, needs 2.5 times the length from the screen to get the benefit of the screen or 12.5 feet from the display. The good news for 4KTV is the ratio is about 1/4 less. So if you buy the smallest available 4KTV (60 Inches) you’ll be fine seated 9 feet from the screen, which is the largest average distance most people sit in front of their TVs. Here’s the problem with that.

Most housing developers are heavily lobbying to reduce the average square footage of their developments with common living areas reduced to 10x10. Not only will a 60-inch monitor consume most of the space, but it may be impossible to sit far enough away to make viewing optimal.

Economics, technology, content and geometry is all working against the success of 4KTV. But that is not stopping the industry from telling a consuming public, that is getting savvier technologically, that this is the next big thing. That focus is what will delay the acceptance and success of the platform.

The industry should be investing in development and promotion of delivery mechanisms for the platform, as well as creation of appropriate content. The latter, in particular, will drive demand for the platform. It’s not a chicken and egg issue. It’s a cart and horse issue.