iGB North America magazine IGBNA Aug/Sep | Page 20

Compliance and Technology

Patrick Barker revealed that the Microsoft
auto update feature has been disabled
on many Samsung personal computers.
Naturally, auto update is there to reduce the
amount of time an end user is exposed to any
new exploits found on the Microsoft suite
of products and is an important part of any
security regime.
Gmail, Hotmail, and Yahoo Mail.
Symantec revealed an interesting social
engineering attack on unsuspecting users
of these accounts. The attacker only needs
to know the victim’s email address and cell
phone number for the attack to be attempted.
Using the password recovery tool for these
services, an attacker clicks the “forgotten
password” link on the mail website. The
mail provider offers an option for the user to
receive a SMS PIN to reset the password. The
real user receives a text message from their
mail provider, the attacker then sends the
user a text purporting to be from Google or
whoever is the mail provider along the lines
of “There has been unauthorised activity on
your mail account, please reply with your
authorisation code”. The account can then
be compromised if the user replies to the
attacker’s message with the PIN, enabling the
attacker to reset the mail account password.
Deja vu. Some older readers will
remember the time when the US classed
encryption software as a military product,
effectively prohibiting the export of stronger

encryption algorithms from the country.
During the 90s this restriction resulted
in many pieces of software having to be
released in two versions; the domestic
version having strong encryption and the
international, or export, version having
much weaker protection. Lobbying by civil
libertarians during the 90s was successful in
persuading the US Government to move the
classification from the Munition List to the
Commerce Control List, eventually leading
to the full export of stronger encryption key
lengths by the turn of the millennium.
We are about to find ourselves in a
very similar situation. The Wassenaar
Arrangement, agreed by 41 nations covering
most of Europe and the US, is intended
to place export controls on arms and
also Dual-Use Goods and Technologies.
The Arrangement allows for certain
interpretation by countries implementing the
rules. So far the suggested drafting by the US
seems to be leading us down the same path
as we were in during the 90s, with certain
code, encryption and exploits requiring a
licence before being allowed to be exported
or published. As was evidenced by the
dumbing down of crypto in the 90s, these
restrictions are bad for the security industry,
consumers in general and particularly
damaging for small security firms who may
not have the resources in place to go through
the lengthy licencing process in order to

20 | iGamingBusiness North America | Issue 20 | August/September 2015

commercially export their products.
This concludes this edition of our security
round up. Please do ensure that you take the
time to check in with your system admins
if your company uses any of the software
mentioned above and do look out for your
personal security if you own any of the
devices or code.

Justin Bellinger is Director
of Strategy and Business
Transformation at Sure CIIM,
Channel Islands & Isle of Man. He
has been integral in driving forward
the company’s global iGaming strategy,
and his portfolio includes some of the biggest brands
[