rich media info

Details are still sparse (and primarily in Japanese), but our Tokyo bureau just let us know that Sony’s announced a fairly severe security vulnerability on the PlayStation Network, which would actually allow an attacker to access your account, personal information, and Wallet — but not your credit card on file — as well as change your password. More on this as it develops; in the mean time, keep a close eye on that account.

Update: More information is on the US PS3 site. Apparently the issue has been resolved and security is restored.

The system from SecurEnvoy offers two-factor authentication that transforms mobile phones into virtual network tokens.

Instead of using tokens or smart cards, the SecurAccess system sends a passcode to users’ mobile phones.

When users wish to log on to the corporate system, they enter their Microsoft User ID and password, and then the passcode that has been pre-enabled on their mobile phone.

Once the passcode has been used, it is superseded with a new one sent to the phone.

This pre-loading function eliminates the need to install any software on to the mobile device, and provides users with access to their passcode as soon as they need it, rather than having to wait for an SMS message to be delivered.

John Lewis expects to make considerable savings by swapping from token-based two-factor authentication to SecurAccess.

The user licence is cheaper than purchasing, replacing and distributing tokens, and deployment costs are lower with no need for training courses.

Matthew Clements, principal programmer for John Lewis, said, “We have been using traditional token based two factor authentication for remote access systems since the late 1990s.

“However, after reviewing the capital, revenue and administration costs associated with the existing system, we decided to look for a cheaper alternative, and found SecurEnvoy’s tokenless approach to be far superior, and a cost effective solution.”

Source: ComputerWeekly