Results 1 to 7 of 7

Thread: eBay acquires VeriSign Security and Payment Services

  1. #1
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    Post eBay acquires VeriSign Security and Payment Services

    VRSN press release
    eBay note from PayPal president
    San Jose, Calif. and Mountain View, Calif, Oct. 10, 2005 –
    eBay (Nasdaq: EBAY) and VeriSign (Nasdaq: VRSN) today announced a strategic alliance that calls for the two companies to collaborate on payment services and security initiatives for e-commerce. Under the terms of the agreements, PayPal, an eBay company, will acquire VeriSign’s payment gateway business and combine it with PayPal’s leading merchant services platform. VeriSign will also provide eBay and PayPal with a suite of security services that includes the deployment of two-factor authentication, a security system that gives customers a one-time password or digital certificate to help protect against online identity theft.
    With the acquisition of VeriSign’s payment gateway, which processed more than $40 billion in total payment volume in 2004, PayPal plans to accelerate its merchant services business by expanding its customer base to tens of thousands of new small and medium-sized business customers online. The payment gateway is a real-time, scalable Internet payment platform that allows merchants to authorize, process and manage online payments. The combination of VeriSign’s payments gateway with PayPal’s existing services will provide merchants with multiple processing choices from a single provider, including VeriSign’s gateway, PayPal’s Website Payments Standard, Express Checkout or Website Payments Pro.
    Wow. Big news for some of us. I am intrigued by the eBay/PayPal deployment of multi-factor authentication tokens. They'll be eBay branded tokens, but will be VeriSign Unified Authentication Service devices. RSA and AOL made an annoucement last year that they were doing this, but I haven't heard or seen anything about it since then. I saw a web mock up of an AOL token...basically the SecurID SD600 in a baby blue tinge with AOL branding.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Zen,

    It's late and i'm halfway through a very poor bottle of Shiraz, but how does this help secure the average web punters financial transactions?

    VeriSign will also provide eBay and PayPal with a suite of security services that includes the deployment of two-factor authentication, a security system that gives customers a one-time password or digital certificate to help protect against online identity theft.
    I one time password is only going to be effective if the bonafides of the recipient are genuine?
    As for certificates they are being stolen all the time.

    And exactly how does two factor authentication work over the net? do we all get retina scanners?

    This just looks like alot of make the punters feel safe BS to me. With a little monopoly building thrown in.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by jinxy
    Zen,

    It's late and i'm halfway through a very poor bottle of Shiraz, but how does this help secure the average web punters financial transactions?

    I one time password is only going to be effective if the bonafides of the recipient are genuine?
    As for certificates they are being stolen all the time.

    And exactly how does two factor authentication work over the net? do we all get retina scanners?

    This just looks like alot of make the punters feel safe BS to me. With a little monopoly building thrown in.
    Enjoy the shiraz, poor as it may be. I'll be cracking open an very fine $4 (USD) bottle of Gallow Merlot. With luck, it'll be potent enough that I won't care by the 3rd glass...

    I don't forsee PayPal or eBay giving tokens to John Q. Enduser at all. They agreed to 1,000,000 tokens, I believe. I'd bet money they will give them to 'premium' or 'business' members. Folks who do a fare amount of volume through PayPal's coffers. The online companies that buy and sell professionally through eBay, Ubid.com, etc.

    Retina scanners? Why, no...if you've got a laptop, its built in. Just lean way over the cd-rom tray and look right into the laser lens... j/k don't do that, unless you want to be featured in the next Darwin Awards as an honorable mention.

    It's useful as I described above, to authenticate into an account or service located elsewhere. Point-to-point communications, at the level of individual private person to person, isn't very effective with 2 factor. Digital IDs would be much better at that, but they've never really caught on as far as I've seen.

    As for cert's being stolen...if your parameters around cert usage are not strict, and it is used in a framework that isn't downright zealous about checking CRLs, then yes, cert's are just glorified passwords that might trip up the scriptkiddies, but not a pro.

    These are all measures to provide 'defense in depth', our InfoSec mantra. You can't make your car unstealable...but you can make it so hard to steal that the typical car thief will take your neighbors instead.

    /* Edit... had to qualify that closing statement */

    Ok, so before I get spammed with messages about that....you *CAN* make your car unstealable. Just take it to the junk yard and have them smash it. Or fill it with concrete. You cant make it unstealable but STILL USEABLE AS INTENDED.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    Banned
    Join Date
    Oct 2005
    Posts
    6
    good job ebay...more security!!!!

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    I don't forsee PayPal or eBay giving tokens to John Q. Enduser at all. They agreed to 1,000,000 tokens, I believe. I'd bet money they will give them to 'premium' or 'business' members. Folks who do a fare amount of volume through PayPal's coffers. The online companies that buy and sell professionally through eBay, Ubid.com, etc.
    That is exactly the point I was trying to make. Those who need the most InFoSec are the ones who will not benifit.

    I would hate to assess the amount of people I know who do not no what the little padlock means
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I couldn't agree more. But wth are we ever going to be able to do about it? Take driving an automobile, for example.

    How many people have a license to drive? Now, how many people have been trained to properly drive defensively and react properly to all the various situations one can encounter behind the steeringwheel of a car?

    And you want to do that for everyone in the Internet? Christ, we can't keep my GRANDMOTHER from driving (and she has no business, let me tell you.)
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    How many people have a license to drive? Now, how many people have been trained to properly drive defensively and react properly to all the various situations one can encounter behind the steeringwheel of a car?
    Having never driven defencivly in my life, handbrake turns and J turns being the norm.

    When computer usage becomes as ubiquitus as the driving license maybe a license should be in order?

    One of the nets greatest assets is; accessability for all: Infact there is whole caurses that deal with the issue of the digital divide.

    But that is also the greatest problem from a commercial perspective?

    Zen,
    Have you worked traffic?
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •