Recently I've been speaking with a lot of reporters and other media-types about the work we at Corillian do on financial services security. It's fun to be taken back to my old journalism days, and I've come to find there are a lot of very smart people out there working the security technology beat. In addition to speaking to the media, I've also been presenting in person at a number of conferences, and have quite a few more coming up over the next several months.

I recently had a chance to speak with one reporter to discuss the state of the industry in terms of online financial services and recent FFIEC mandates on banks to implement strong authentication for their online banking web sites. Eric Norlin is well-known to many, and he writes for some well-respected publications, including Digital ID World and on ZDNet.com. We talked about the risk management components that go into deciding how to solve the authentication problem. The strong authentication software we build at Corillian uses a risk-based model, and Norlin's approach to the story is (I think) spot-on, especially his recognition of the need for an identity-first/identity-risk mechanism:

"Corillian is one of those interesting companies that you hardly ever hear about: several hundred financial institutions as customers; running back-end financial industry specific software; aware of all of the stringent requirements of financial institutions. So, its not like Corillian is just "getting into the game," its more like they're adding to an already deep bench. They're adding their Intelligent Authentication product.

"The interesting thing about Intelligent Authentication is that it begins by recognizing the risk management approach to strong authentication. Accordingly, it uses a variety of methods to authenticate you based upon the interaction (or transaction) that you're having. These methods include: client OS and browser checks, behavioral pattern analysis, geo-location (via a partnership with Quova), challenge and response questions (chosen by the customer), and my favorite - out of band phone authentication (via a partnership with StrikeForce)."

(Link to Eric Norlin's story on ZDNet.com)

He also noted that we at Corillian have already done some early, in-depth work in conjunction with Microsoft integrating a new authentication technology code-named InfoCard, which places the control, proof and credentials used in the authentication process back in the user's hands (in other words, right where they belong) while also helping to solve weak authentication problems. What I especially like about InfoCard is the community support and open-ness, as well and the user/identity-centric approach, which ties directly to Kim Cameron's Laws of Identity and the concept of the Identity Metasystem (an interoperable architecture for identity on the Internet). The security model on the desktop (it will run in Windows XP and 2003 Server and will also ship in Windows Vista) is also very interesting and encouraging. It will be quite interesting to see how, where and when InfoCard is adopted. I'll be speaking and writing here about InfoCard more in the future.

The sun has finally come back out in the Pacific Northwest, which means it's time again to get on the bike. I went riding today with Matt and Dan. We cruised a long loop in Columbia County that goes past my house. It's a great ride with lots of fun turns and rural scenery. It was in the mid to upper 70's today and the next couple days will be much warmer than that.

But spending time on the bike means when the stupid cell phone rings, it goes unanswered. I know what you're thinking - why am I worrying about the stupid phone when enjoying a day on the bike? Yeah, yeah... Okay, I get the point. But since I will probably ride it to and from work more and more now that it's nice out, it would be nice to be able to answer the phone in the helmet - but only if I never have to take my hands off the motorcycle controls. It would also be a very cool way (with free mobile-to-mobile minutes) to do a full duplex intercom between riding partners.

So, today I ordered the Cardco "scala-rider" Bluetooth headset that's made specifically for use in motorcycle helmets. It clamps on (no glue, which is nice) and allows you to answer the phone, as well as (if your phone allows) place calls using your voice. Plus it automatically adjusts its own volume to accommodate for road noise. It's built and designed for use at highway speeds and has some special circuitry to deal with the noise. Plus, tons of standby and talk time, and a good all-around feature set.

• Receive and initiate calls.
• Weather protected headset fits open-faced and full helmets.
• Self-installation within 5 minutes, leaving no traces on helmet.
• High impact balancing microphone for inter-city speed conditions.
• AGC Technology automatically adjusts volume according to noise and speed levels.
• VOX Technology enables you to receive or reject calls by voice control.
• Special clamp allows attachment and release of the headset within seconds.
• Up to 7 hrs. talk time / 1 week standby (recharging from regular outlet).

Once I receive it and have a chance to try it out, I'll post a review.

Anymore I'm not even sure what city I'm in on any given day. It's been a bit hectic in the travel department lately. I shifted jobs at work a few months ago, and as a result of that change and various circumstances I have been flying all over the place. It's tiring, and I have a new-found appreciation for the similar difficulties that others I work with have had to deal with. I do enjoy meting a lot of new people and seeing some nice places, but it will wear you out, for sure. That and my dogs and cat hate me (but at least they like my Neighbor, Mike. Thank God for Mike!).

So this week, I was first off to upstate New York for a couple days, and not I am in Washington DC, followed by two trips to Seattle tonight and again on Monday (home for the weekend), and finally five days next week in Asheville, North Carolina - where we are hosting our company's Security Summit. I'm very much looking forward to that event, which will feature some darned bright and interesting presenters and attendees. Plus Asheville is simply a terrific area.

I'm hoping to be able to stay a week or two at home after that (but I'm certainly not holding my breath on that one, heh). Between the press interviews, customer visits and all the speaking engagements I am involved with, travel has become a bit of a way of life. One thing's for sure - the automatic upgrade United Airlines gives you to some fancy-dancy fly-a-holic status (and which they pinned on me a couple months ago) sounds cool and all, but in reality anyone who is bestowed that "honor" has truly earned it. Having the elite frequent flyer card is a lot like carrying a Blackberry: People who see it think it's cool, but to the person who actually has it, it's just another reminder that your world is significantly consumed by work.

At any rate - although I am pretty well booked, there are some gaps in my schedule in the different places I am visiting. If anyone is around Seattle on Monday, or in the Asheville, North Carolina area the remainder of next week, be sure to let me know, and if time allows I'll buy the coffee (or whatever suits ya).

I lucked out last night - big time. We dropped by the Best Buy store in Beaverton (that's Oregon) after a fun day hanging out at OMSI and cruising Portland, just in case by some random chance they had any of the complete Xbox 360 kits around (as opposed to the "core" system version). Sure enough, a hand-made sign inside the door read "Xbox 360's in stock!"

We headed back to the place where they have the consoles, and sure enough, there were about 15 white and green boxes stacked behind the table. So I bought two - one for me at home and one for work, where all the people that work for me can play during breaks (I have been promising them one for quite awhile now - they work hard, they should play hard now and then). Added a few games and extra controllers, and walked out poor (for what it's worth, the funds have been set aside for some time waiting for a store to stock them and for me to show up before they got bought up), but also a bit excited and with a feeling of accomplishment. Finally!

I hooked mine up at home last night. I played Battlefield 2 and Need for Speed: Most Wanted. I also got Quake 4, but have not played it yet. Maybe tonight. The graphics, digital sound and animation on this thing are all freakin' A-MA-ZING.

And today, my Xbox 360 decided to start blogging. Yes, seriously. My console has it's own blog. Go figure. I guess new posts will start showing up soon. And you thought those blogging Aibos were cool eh? Nahhh... Heh.

I have to say, this is one seriously nice gaming and home entertainment console. Projected on my wall at 120 inches, that's some serious game play, and of course DVD movies look and sound great, too. I need to fire up the Media Center PC (need to fix a hard drive issue first) and tie these things together - that will be a killer combo for sure.

(Thanks, Trevin for the blogging link)

Thanks to Omar for the links: I had already seen Stephen Colbert's roast of President Bush from the 2006 White House Correspondents Dinner, but I didn't know about Bush's own roast of Bush from the same event, until now.

Now that's pretty funny. Heh...

I've been a Vonage VoIP phone service customer for quite a while now, and I'm on their unlimited calling plan. It works great. I am quite happy with the service. And as of today, even more reason to be happy.

They've announced that Unilited plan members can call Italy, France, Spain, the UK and Ireland for free (not cell phones or 900-numbers or anything, but pretty much everything else counts).

So, if you do a lot of calling to those countries (or wish you could afford to on you old-skool regular phone service), you might want to take a look at Vonage. Let me know and I can refer you - then we both get some free credits toward service, which is nice, eh? My email info is over there on the right.

I saw United 93 last night with a friend. Watching the film and knowing it was more documentary than drama, re-living the events that happened on September 11th, 2001 from the viewpoints of people in the air traffic control centers, on the planes, and having to make hard, nearly impossible decisions... Well, it was powerful.

View the trailer here. And then go see this film. Don't expect any fancy special effects, cliche character development or high-drama storyline. Do expect to be taken back and to live a little of what others were experiencing while you were in your kitchen, office, bedroom, car - or wherever you were when airliners hit the trade center and the Pentagon. And, of course, that field in Pennsylvania.

Powerful. Upsetting. Respectful. Well-done. Important.

Sona Mobile has announced they will release a media player for newer model Blackberry devices that enable users to partake of wirelessly updated "BerryCasts" and wireless streaming media.

Sona Mobile Holdings, Corp is launching a BlackBerry Media Player software application, designed to offer multimedia applications on the latest generation of RIM devices. The new application will offer near TV quality playback of synchronized video and audio files, and will bee showcased at the Wireless Enterprise Symposium May 16-18.

"We are thrilled to be first to market with a media player for BlackBerry devices. For the very first time, BlackBerry users can receive either BerryCast (PodCasts wirelessly updated) or streaming video on their mobile devices," said John Bush, CEO and president of Sona Mobile. "And being able to announce CanWest MediaWorks as our first customer who will supply news content daily for a Sona Mobile BerryCast, lets RIM customers take advantage of a download-and-play method of delivering multimedia files to BlackBerry devices. We believe that this application will be well-received in the marketplace."

Should be interesting!

What rolls out on day-one with more than 300 million users and nearly a BILLION authentications per day?

The new Windows Live ID, that's what. And that's exactly what happened, while you were using it and going about your daily business.

Microsoft's completed the roll-out of Windows LiveID to replace its Passport network infrastructure. It was all happening behind the scenes recently, and the next steps are for Microsoft and its partners to start rolling out some of the new technologies - some of which you can see and some of which is under the covers - to show off and leverage the new service.

"You'll start to see the new sign-in experience and all the goodness within a few weeks when we light up some partners," said Trevin Chow, Lead Program Manager on the Windows LiveID team.

So, what exactly is LiveID?

Well, you can read a whitepaper that was recently published to get all the salient details, but basically it's a new component in the Identity Metasystem that replaces Passport. It will eventually support both self-issued and third-party managed/issued InfoCards as credentials, and a SDK will be available.

What this all means is that Passport has grown up, and control of personal information will be more and more in the hands of the end users. In the future, Live ID will leverage InfoCards, which means more individual control of the claims used to identify users to online apps. Participation in the Identity Metasystem and following it's governing standards - the Laws of Identity - mean end users can leverage a centralized service but still maintain control over - and make decisions about - what specific information is sent to what services.

It's good news. Check out http://login.live.com - you'll notice the new footer on the signin section.

I've used Mike Singer's little SysSense tool to keep an eye on my Google AdSense for quite a while now. He keeps it up to date whenever Google changes their AdSense system, and I really appreciate that. Since I was over at his site upgrading the tool today to a new version he just released, I looked around at some of the other software he has built.

I downloaded one of the apps, called Weather Watcher, because it looks very cool and seems to be a great little app that displays things is a very usable and concise manner. Turns out it's really very cool, very configurable, and very free. Use it and if you like it, make a donation.

Victor Garza over at the InfoWorld Zero Day Security weblog wrote a bit about his experience with his Verizon EVDO card. He recently switched over to the Kyocera KPC650 PC card (which is the one I have) after complaining to Verizon about the performance of his older card, which had an integrated antenna, and says he has seen some real improvements.

What really caught my eye in his blog entry, though was this:

"I've also heard that several speed improvements are coming to Verizon's EVDO marketplace. Requiring only a firmware update to existing EVDO cards this update will kick speeds up to the megabit range..."

Hmmm - anyone heard about this? If this happens - and I sure hope it does - I will be one very happy Internet addict. Looks like the reference is to EVDO Rel. A, which promises upgraded speeds of up to 3.1mbps downstream and 1.8mbps downstream - much faster than today's EVDO networks speeds. Fingers crossed here that a firmware upgrade will be available, and we don't all have to buy new cards!

Also, you can read a bit more about the history and future of EVDO here.

If you have a Blackberry and want to make custom wallpapers for your device (for example, I have the 8700 and wanted to make my own backgrounds with a few image files I have on my computer), check out the Blackberry Wallpaper Generator on the Blackberry Cool web site.

Just upload an image, and the site will let you send the pic link in email to your BB device. Click on the link to view the image on the handheld, then save it and - if you like - make it your wallpaper.

Nothing too complicated, but this is a quick and easy way to get it done.

I thought this was just about the coolest thing ever when I saw it a couple weeks ago in Florida.

Many people park their boats in the water at a marina. But at the place where my aunt and uncle keep theirs in Florida, the boats are all stacked in these huge racks in a warehouse and are moved around by great big fork-lifts. Want to take your boat out on the water? No problem, they'll get it for ya. They drop it right in the water alongside the dock and pick it up from the same place. High, dry, and presumably safer from storms than if it was stored outside in the water. Sure keeps the boats nice and clean and secure. Pretty cool.

A couple weeks ago I visited my aunt and uncle, Gail and Scott, in St. Pete while I was in Florida for a work conference. We went out on the boat and hung out for a while on the beach. It was a great weekend.

Scott pilots the boat:

... and cleans it afterward:

Me and my aunt Gail on the beach - you can tell I'm not from Florida eh? I didn't pack any shorts.

Back before the iPod was in anyone's hands, Steve Jobs introduced the new product to the world. It's interesting to look back at his introductory speech, which was presented back in 2001, in the context of what's happened between then and now.

View the video here.

I'm glad we've been able to switch from FireWire to USB 2.0 though.

Apple had a powerful vision back then, and made it came true. It's returned them to the true center of the stage. The company is three times the size it was just a few years back  (and they're building a whole new campus in Cupertino - click for video) and - of course - it's once again the major household name it used to be back in the 80's. It will be interesting to see what else they come up with next in order to completely define an industry. And I mean define an industry and a market that does not exist yet, much like they did with the iPod.

(via Presentation Zen)

Chris Corio, a program manager on the Windows Security team, has put together an article for the May/June 2006 issue of TechNet Magazine that takes a first look at the new security features that will be included in Windows Vista. Items covered in the article are:

• User Account Control
• Consent and Credentials
• Code Integrity
• Data Encryption
• Application Isolation
• Data Redirection
• Cryptography
• Credential Providers
• Service Hardening
• Windows Defender
• Rights Management Services

It's a good summary all in one place of many of the security improvements that will be built into or will ship with the new OS. From reduced privileges to improved use of strong cryptography and other new features, Vista looks like it will be a major step forward in the Windows security world - a welcome set of core changes.

Read the article here.