Last €41.47 EUR
Change Today 0.00 / 0.00%
Volume 0.0
7DG On Other Exchanges
Symbol
Exchange
New York
Berlin
As of 2:16 AM 07/28/14 All times are local (Market data is delayed by at least 15 minutes).
text size: T | T
McClatchy-Tribune  05/06/2014 11:16 AM ET
Manchester's WWPass sees a business opportunity in online security flaws due to Heartbleed bug [The Telegraph, Nashua, N.H. :: ]

May 06--MANCHESTER -- It's an ill wind that blows no good, and a Queen City technology firm is hoping that very ill wind of the Heartbleed bug, an Internet security problem so widespread that its scope is still being determined, will blow them some business.

"We have a number of opportunities that are being worked presently. There's a lot of interest that it," said Joe McDonald, project manager for WWPass -- who said that he has taken on some sales duties in recent weeks as the 60-person firm finds its profile rising in the newly security-conscious world.

The interest comes partly as a result of high-profile data breaches at retailers like Target, but most importantly from the revelation about major flaws in something called OpenSSL, or the open-source version of secure sockets layer, which can allow access to information stored on a retailers' servers, including customer data.

SSL has been the basis of website security almost since the Web began; finding a flaw in SSL that leaves data open to theft has been compared to finding a flaw in the basic design of all combination locks.

"There has been security breach after security breach, but Heartbleed dramatically changes the market -- it shows that hundreds of thousands of servers, millions of websites, are vulnerable," said E.J. Powers, a company spokesman.

By contrast, WWPass said in a release, "If the online retailer had utilized WWPass' cloud-based authentication technology ... the customer's information would not be accessible even if the server was compromised by the Heartbleed bug."

WWPass, which stands for "worldwide pass," was founded in 2008 by Russian-born physicist Gene Shabylgin and moved to downtown Manchester in 2013. It is privately held and does not release sales figures, and so far has depended entirely on financing from Shabylgin.

WWPass has developed a form of two-factor authentication, using a USB "dongle" that with a user's access code interacts with the website of a retailer or firm to gather key information distributed in the cloud. While the need for a physical tool means WWPass isn't going to be a widespread consumer tool, the company says their model answers a lot of concerns about online commerce, including privacy in an era of greater government and law-enforcement activity online.

"If we were subpoenaed, we couldn't tell them" about customers' data or usage habits, McDonald said. "We don't have that information. It's distributed and encrypted among 12 data centers that WWPass has around the globe." It can only be obtained via the user's passkey and access code, he said.

Further, he said, because the WWPass system involves back-and-forth information exchange between the receiving website and the user before authentication occurs, it prevents "spoofing," in which a bad guy's website pretends to be a legitimate site, gathering data from customers trying to place an order.

Finally, because the key itself holds no personal data, if it's lost or stolen, nothing can be done with it, lacking the user's access code.

"Target's a good example of the kind of companies we're speaking with," said McDonald, talking about the massive data breach at the retailer, in which hackers stole customer information by entering the network via connections with a heating and air conditioning contractor.

"(Target) provides two-factor to their larger vendors, so why didn't they do it to the lower ones? I suspect it was the cost associated with competitor's two-factor security systems," he said. He said that the WWPass system is much cheaper to implement and keep updated.

___

David Brooks can be reached at 594-6531 or dbrooks@nashua telegraph.com. Also, follow Brooks on Twitter (@GraniteGeek).

 

Stock Quotes

Market data is delayed at least 15 minutes.

Company Lookup
Recently Viewed
7DG:GR €41.47 EUR 0.00

Industry News

Skimmers Thwarting [Albuquerque Journal, N.M. :: ]

Sponsored Financial Commentaries

Sponsored Links

Report Data Issue

To contact DOLLAR GENERAL CORP, please visit . Company data is provided by Capital IQ. Please use this form to report any data issues.

Please enter your information in the following field(s):
Update Needed*

All data changes require verification from public sources. Please include the correct value or values and a source where we can verify.

Your requested update has been submitted

Our data partners will research the update request and update the information on this page if necessary. Research and follow-up could take several weeks. If you have questions, you can contact them at bwwebmaster@businessweek.com.