Tag Archives: eBay

New technologies Wikileaks will inspire

Wikileaks is back in the news again today, with more information on its threat to disclose information on Bank of America. Any responses to block this will likely be followed with more DDoS attacks by Operation Payback. In light of this, it is easy to fall into the pattern of focusing on the “tax” that hackers impose on the cost of IT and information security.

However, there is another way to look at this. The good thing about technology is that it always adapts. The technology industry will evolve to the new threats that Wikileaks and is fans have found and develop products to address them. Here are just a few that come to mind:

DDoS “Insurance”

We have the technologies today (e.g., distributed read-only caches, on-demand cloud computing capacity) to handle massive spikes in traffic. What remains is someone who can offer this up as an “insurance service.” Here is how it would work:

  • You buy the service with set traffic thresholds
  • When traffic spikes above these the company calls and asks if it is due to a promotion or and unscheduled event (i.e., DDoS attack)
  • If it is true traffic, the company allocates more computing capacity at a surge charge
  • If it a DDoS attack, it allocates read-only caches to share the load, directing users to the full functionality servers after they have authenticated.

I could see Amazon easily step into this space (they already provide capacity to help Twitter support surges).

Consumer-friendly Security Certificates

We have many technologies to certify that users are valid, from certificates to VPNs to thick local clients. However, most of these technologies are not user-friendly to mainstream consumers. (Some would argue they are not user-friendly to business users as well). What is needed is:

  • Packaging this into a mainstream product that is both consumer friendly and easy to integrate with existing business web sites
  • Establishing a partner network with businesses to accept the certificates
  • Setting up the customer service infrastructure to support consumers

Many would argue that this would remove much of the anonymity of the Internet. However, as the rise of social media has shown, consumers are less scared of disclosing personal information to companies than many of us thought.

I could see a company like PayPal making this work. They have the security expertise and a network in place that combines it with identity protection.

Data Watermarks

We have digital watermarking and rights management for multimedia (e.g., pictures, videos, music). We will eventually need to incorporate this into raw data. This would allow use to track the chain of custody for all data—making it harder for people to download confidential data and bring it home to share. It would have to–

  • Be integrated into the data itself, in a manner that destroys the integrity of the data if removed
  • Incorporate the time and point of access from which the data ware removed or accessed
  • Include the option to force inclusion of the logged in identity of users accessing the data (for businesses, government, etc.)
  • Capture and append this whenever the data is written

This is a tricky one. I see groups ranging from MIT to the US NSA figuring out how this would work. However, organisations using sensitive data would love it (and pay much for it).

Acceleration of the InfoSec Arms Race

Once these products are place, people like Julian Assange will quickly find new ways around them. However, technology providers will counter these with new and improved services. The net result of this “InfoSec Arms Race” will be improved control and security of our information. It will also create wealth for creative professionals and savvy investors.

Isn’t innovation wonderful?

Skype’s ‘fraud’ problem

Skype is a great technology and compelling product. However Skype has not set up the appropriate protections within their network to make it a safe place to do business (as viewed by multiple major financial institutions). It must address this if it wants to generate a large, recurring revenue stream.

Skype IS a great online conferencing service

200px-Skype_logo2.svg_1Skype is a great online conferencing service. I use it daily to conduct online video conference calls with friends and colleagues all over the world. As long as they have a Skype account and a video camera and Skype software installed, I can see them, speak with them, send them files, and text chat with them—all free of charge. It is far easier to use than services other online teleconferencing services.

Skype COULD BE a great telephone conferencing service as well

Skype provides the ability to do call and conference with telephones as well (landline and mobile). This is where Skype has positioned itself to generate more than simple online advertising revenue. To make a Skype-to-Telephone call, I need to buy and use Skype Credits. Why would I want to do this (instead of using my mobile phone number)? For one major reason: Skype is VoIP-based. As such, I can make international calls much more cost-effectively—and in a more user-friendly fashion—than setting up a separate internationally dialing plan (or separate VoIP account). This prospect becomes even more use friendly as Skype be used from my Smart Phone (as long as I am connected to any Wi-Fi network).

Unfortunately, this theory does not execute well in practice…

It turns out Skype does not have a good reputation with major banks

I travel a lot and have many friends in Europe, Latin America and the Middle East. This week, I bought some Skype Credits so I could call them at a low rate and wish them Happy New Year. My plans did not work out well…

nocreditMy first credit card (a major UK-based bank that I use when I travel outside the US) immediately denied the charge. My second credit card (a major US-based bank) also denied the charge. My third credit card (a regional US-based bank) correctly processed the charge and allowed me to purchase the credit. Within minutes, my test call to the France worked (at less than $0.03 per minute). I was a little miffed that it took three card attempts (I pay my credit card bills online monthly in full), but was relatively pleased with the service I purchased. Then I went to the supermarket 2.5 miles from my house…

At the supermarket, all of my cards were turned off due to a Fraud Alert (a rather embarrassing situation). When I called each company, every one said the exact same thing:

“You purchased something on a web site called ‘Skype-dot-com’;
this triggered a fraud alert and caused us to block your account.”

I have been using ecommerce sites since 1997; I have never had this happen with any other web site.

This is a major problem

I immediately turned off auto-replenishment on my Skype account. I cannot risk having them repeatedly shut off my credit card due to a fraud alert. It would take a lot to get me to turn this back on. This is a major problem that limits Skype’s ability to grow recurring revenue.

How Skype can address this

The new owners of Skype should invest in creating a broad human- and technology-based security infrastructure:

1. Enable member policing supported by a Community Action Team

Enable Skype Members to report suspicious or threatening behavior (e.g., all those “Contact List” requests from “SexyBettyXYZ”) to a Community Action Team empowered to review and terminate accounts in response. In addition, Skype should automatically suspend accounts that receive a threshold number of reports within a time window.

2. Create a member security call center

Create a Call Center where Members can call and report problems, ask questions and check to ensure their account is secure. This immediately puts Skype on the level of any other telco. The beautiful thing is that Skype can do this with lower IT costs than any other business.

3. More aggressively monitor and block suspicious IP addresses

Skype probably already has many automated safeguards to protect against password phishing and intrusion detection. It should take this a step further and block suspicious IP addresses from their network. Yes, this is an endless “Chess Game.” However, it will make Skype a less appealing target to many hackers and phishers.

4. Create security threat reporting relationships with “The Authorities”

Create business reporting and forensic information exchange relationships with authorities like the FBI and INTERPOL. Make it easy to escalate suspicious behavior (and electronic evidence) to these authorities to go after hackers, phishers and online-based abusers. This not only makes Skype safer; it also provides Skype access to a broader set of resources to resolve security issues.

5. Create fraud reporting and processing operations in conjunction with financial services institutions

Create business processes, virtual call centers, reporting frameworks, credit and debit processing operations and forensic information exchange frameworks to make it easy for financial services institutions to verify transactions, report fraud and take care of victims of fraud. Without this investment, many people will simply not be able to use Skype for recurring paid transactions.

None of these approaches are new. They were all pioneered in the early days of the Business-to-Consumer Internet where they were critical to establishing safe, online business environments.

Yes, these investments are expensive. However, they will pay off in the long run by enabling direct consumers, small businesses and large enterprises to use Skype as an all-in-one telephone and video conferencing provider.