The SmartSwipe Online Security, Shopping and Technology Blog

A new report from McAfee argues that if a computer user navigates to his/her favourite search engine and searches for "MySpace", he/she has up to a 50% chance of visiting a dangerous website. This report, titled "The Web's Most Dangerous Search Terms" (.pdf) sent a chill down my spine and made me want to write this article.

The researchers who wrote this report (Shane Keats and Eipe Koshy) should be commended for how they designed this experiment. To start, the researchers collected a list of extremely popular search terms from services like Google Zeitgeist and Yahoo Buzz. After they collected a list of keywords, they took these terms and plugged them into five major US-based search engines. Then, they looked at the first five pages of the search results and flagged the pages deemed dangerous. And finally, they ranked how dangerous a search was in two different ways. "Average risk" refers to the total number of dangerous sites divided by the total number of sites over the twenty five pages. "Maximum risk" refers to the single page with the highest percentage of dangerous sites.

Is it just me or is this shocking? A company that has been at the forefront of promoting identity theft awareness (and profiting from it) for many years is effectively being shut down. They have been lauded and made famous by the act of posting the CEO's social security number on their website. That is not the problem, however.

A California Judge ruled the whole idea of their business is illegal. LifeLock would place fraud alerts on their customers credit profiles if there was suspicious activity so the customer didn't have to do it themselves. LifeLock was accused of trying to "game the system" by one of the three big credit reporting bureaus, Experian. The service cost consumers $120 a year.

Our developers are putting the finishing touches on SmartSwipe Version 1.6.1 and we hope to be able to release that version very soon. SmartSwipe has seen some incredible changes over the last few months and our Internet Explorer project is almost complete. This means that it is time to look towards the future and our next major update.

With that in mind, I am very pleased to announce that we have been making tremendous strides in putting together our first Firefox version.  Such tremendous strides that I now have the privilege of giving you a sneak peak at our Firefox Version!

Last Tuesday, I wrote a short article about some great research that Microsoft and Carnegie Mellon University performed on how secret 'secret questions' really are. Today, I was reading Schneier on Security (amazing blog) and (finally) found a link to the full report.

Microsoft is hosting "It’s no secret: Measuring the security and reliability of authentication via ‘secret’ questions" and it is a very interesting read on how secure backup authentication is. Much of this report is rather terrifying. For example, check out this quote:

In my spare time/quasi-professional life, I am something of a search dork. I speak of Google with reverential tones normally reserved for religious figures, Sphinn drama almost always makes me laugh, and I have been known to spend entire weekends investigating Google's site link algorithm in tandem with Google's one line site links.

Certain things are expected of search dorks. Search dorks generally love statistics and linguistics. We read disgusting amounts of information. We 'understand' (and have felt the pains of) Google Voodoo (I think we should start calling it 'goovoodoo'). And we read Matt Cutts' blog with more than passing interest.

Dynamic SSL is an endpoint security technology that takes the end user's vulnerable computer out of the equation. That means your computer doesn't have any knowledge of the information being transferred. Therefore, it is the ideal way for sensitive information to be transferred. In its current formation SmartSwipe uses Dynamic SSL to transfer credit card information from an online shopper to the merchant site. Keyloggers, Spyware, memory sniffers and more are no longer able to retrieve credit card data.

The security aspect of SmartSwipe is great, but what really gets me excited is its compatibility. SmartSwipe can be used on almost all shopping sites.

Do you own/operate an online shopping website? Have you ever wondered what kinds of things shoppers look for before they decide to buy something on your site? If you answered 'yes' to those questions, this article is for you.

If you follow this space regularly, you will remember that I talked about a report that the United Kingdom's Office of Fair Trading released. "Findings from consumer surveys on Internet Shopping" is full of information that online retailers should pay attention to. However, here is some of the most useful information in that entire report.

Microsoft and Carnegie Mellon University are presenting some research at the IEEE Symposium on Security and Privacy. Researchers look at a very common authentication technology with a critical eye and ask, 'just how effective are those secret questions that we fill out for online banking, email, etc?'

The research suggests that these secret questions are not very reliable. In their study, which involved 130 participants, the researchers discovered that 28% of people who knew (and were trusted by) the participant could guess his/her 'secret answers'. 17% of people who the participant did not trust could guess his/her 'secret answers'.