News (1) that researchers from Ruhr-Universität Bochum have been successful in circumventing SSO (Single Sign On) systems, deploying SAML (Security Assertion Markup Language), using techniques, that can be easily learned and replicated, is troubling. SSO was offered as a convenient solution by many systems and SAML has been touted as the standard of security.

Fixing these vulnerabilities is not going to be easy. This can crimp the growth of internet commerce as the general public grow increasingly weary of broken promises of the behemoths. From a risk perspective, there are two important attributes to consider – the probability of a loss of information and the severity of such a loss. Unfortunately, convenience and security are becoming orthogonal, providing direct trade-offs – higher convenience (SSO, for example) resulting in lower security.

Innovation in security has been lagging – with many of the large companies who could have a significant impact on it – taking a path to tactical profits at the cost of consumer confidence. Perhaps, it is too much to ask for in a myopic world of profits and bonuses. Those dominating search would rather strip and store any available information, those dominating operating systems would rather incorporate information gathering agents into systems and those dominating social channels shun security as something that does not matter. We have seen this before in other once high-flying and now lagging industries such as pharmaceuticals and investment banking. And, the ending of this movie will not be any different for internet moguls.

If the leaders of the industry do not step forward to provide the public with a higher level of confidence in internet transactions, they will ultimately lose.

(1) Be whoever you want to be! Published: Wednesday, August 15, 2012 - 10:41 in Mathematics & Economics. Source: Ruhr-Universitaet-Bochum