Stacked Up

So what is the answer for those who can't afford or want an alternative to HSM's?

November 27, 2018 / by Jeremy Spilman posted in BlindHash Technology, password security, ecommerce cybersecurity

0 Comments

BlindHash Cyber Protection is similar to an HSM in some ways -- both are an additive layer of security to protect crucial secrets, even if an attacker is able to access the database. But the BlindHash approach is quite different. Instead of playing the same game of trying to hide a tiny secret key from an attacker, we protect secrets with our patented data pool model. With BlindHash, an attacker would have to physically steal the entire data pool off our servers. Just based on the physics of the size of the pool versus the speed of the network, this process becomes easy to detect and easy to defend against.

Read More

An Alternative to HSMs?

November 27, 2018 / by Jeremy Spilman posted in BlindHash Technology, password security, ecommerce cybersecurity

0 Comments

For years, large sized banks and corporations have been using Hardware Security Modules (HSMs) to help perform their secure cryptographic operations. HSMs are certified by NIST under FIPS 140-2, which is a set of standards and requirements governing the design of the hardware and software components of the HSM. FIPS 140-2 can provide some assurance that the overall system, including hardware tamper resistance, cryptographic primitives, and even user management and configuration, are designed to resist intrusion. HSMs provide a system to generate and store secret keys, and perform cryptographic operations using those keys inside a protected enclave. In short, an HSM holds secret keys inside a closed-source “black box” which in theory an attacker cannot access.

Read More

Private Club Advisor - October 2018

October 5, 2018 / by Maria Holler posted in BlindHash Technology, password security, private clubs

0 Comments

We were honored to be included in the October issue of The Private Club Advisor. You can review the summary of our interview with editor Jackie Carpenter, CCM below. To get a copy of the entire Private Club Advisor, click here to subscribe.

ADDED PROTECTION… A security breach is a significant inconvenience to members, poses a serious
threat to valuable club and member information, and can cause irreparable damage to the club’s reputation
and credibility. Clubs are increasingly targeted by cyber criminals so an attack is likely for all clubs at some
point. The affluent nature of club members means their passwords have a higher value and makes private
clubs a very attractive target for hackers. If a security breach involves member password information, then
members will be forced to reset their passwords. Once this happens, a good portion of members might just
stop using the club website altogether.

Perhaps there is a layer of protection clubs could incorporate to mitigate password breaches. According to
Ray McDonald of BlindHash Cyber, the real problem is not that hackers have access to your club website.
“Most clubs do not store any kind of financial information on the club website. But many club members use
the same passwords repeatedly so if members used the same password for the club website and their bank
account, hackers could potentially gain access to their banking information.” McDonald says hackers take
stolen passwords along with any other personally identifiable information and use it to impersonate the user
on other websites.

When a person initially signs into a website, a password is entered and confirmed and the site authenticates
the user. When the password is confirmed, the site “hashes” it by assigning a random string of numbers (the
hash) and that is what is stored on the server. The vulnerability that all websites in the club industry have is
that they store the hashes in the database. This means that all club websites have a vulnerability to the off line
cyber attack. When a breach involving passwords happens the club has to assume that all passwords could be
compromised and mandate all passwords be reset.

BlindHash Cyber is a patented technology that takes part of the hash and entangles it in a very large offsite data
pool, so the hash is effectively blinded. A key is then sent back to the club website to perform the authentication.
This process makes the site immune to the off line attack vector. “They (the criminals) can’t solve the
puzzle because they don’t have all of the pieces,” McDonald explained.

Some website providers or platform vendors have this security as an upgrade option available to their clubs.
Others may set up this security option for an affordable fee. See the resources box below for more information.

Read More

BLINDHASH CYBER AND CINO SECURITY ANNOUCE STRATEGIC PARTNERSHIP

May 31, 2018 / by Maria Holler posted in password security, ecommerce cybersecurity, private clubs

0 Comments

FOR IMMEDIATE RELEASE

Read More

Should Clubs Be Worried About GDPR?

May 18, 2018 / by Ray McDonald posted in password security, private clubs

0 Comments

Read More

Stats that will open your eyes to the potential cyber threats against your club in 2018.

February 20, 2018 / by Maria Holler posted in BlindHash Technology, password security

0 Comments

Read More

Private Clubs that Have Teamed with BlindHash to Protect their Members' Passwords.

February 9, 2018 / by Maria Holler posted in password security

0 Comments

RECENT LAUNCHES: No we don't mean Spacex! Although that was pretty cool!

The follwing clubs have begun their cyber safe journey by teaming with BlindHash to protect their members' passwords online. 

Read More

Five eCommerce Stats that will Drive Cybersecurity Attacks in 2018

January 24, 2018 / by Maria Holler posted in magento, ecommerce, password security, ecommerce cybersecurity

0 Comments

As 2018 sets up to be a record year of growth for the eCommerce industry, it also sets itself up for another record; increased cyber attacks. Cyber criminals are naturally attracted to markets where they see opportunity and vulnerability and the eCommerce industry fits that profile. According to Richard Mellor, former vice president of loss prevention for the National Retail Federation, “New ideas, concepts, and schemes are developed every day by cybercriminals, and their sophistication often includes virtual escape methods. Therefore, it will be even more important for loss prevention professionals, IT teams and cybersecurity specialists within a retail organization to find the right partners to protect their brand integrity.” Retailers will be faced with finding a balance between capitalizing on the opportunity of increased sales while also making investments that help ensure the protection of their online shoppers’ personal data and the their brand’s reputation.

Read More

What can we Learn from Nick Saban when it comes to Cybersecurity?

January 10, 2018 / by Maria Holler posted in BlindHash Technology, magento, ecommerce, password security

0 Comments

Read More

How to Plan a Magento eCommerce Site - a short guide

January 9, 2018 / by Aspiration Hosting posted in magento, ecommerce, password security

0 Comments



Online shoppers are sophisticated and why wouldn’t they be? They are accustomed to making buying decisions on sites like Amazon and zappos, business that invest millions in studying user behaviour, and then invest billions in building cutting edge functions to serve their client’s desires. Fortunately, the smart Magento eCommerce site serves for both big online retailers and small businesses.

Read More