Design Simulation Systems Ltd


You've just seen a password being entered.

Two Questions:

1. What was the password?

2. How long was the password?

If your answer contains any of the letters obscured by each click, you're wrong.

If you think the password contained 6 characters, you're wrong.

Another Question:

3. Do you remember the order of the clicks?

Sorry, but that won't do you any good either, as it'll be different next time

Last Question:

4. Was the password sent off to be authenticated, or authenticated in the device?

Neither. The actual password is never sent anywhere, or it might be intercepted. It isn't authenticated at the device, in case that gets stolen.

That was just one of the three factors DSS Enterprise uses to authenticate you.
The screen-scraper malware saw no text in the frame buffer. It doesn't know the password
The resident key-logger malware on the device saw what you saw. There were no keystrokes, so it doesn't know the password either
Find out more

DSS Enterprise. The Cybersecurity Authentication Solution

  • Authentication, Access Control, Authorisation
  • Self-hosted identity-as-a-service
  • Central control with user self-service
  • Installs out-of-the-box
  • Configures on your smartphone
  • Easy migration from legacy systems
  • Keyboardless password entry
  • No learning-curve burden on users
  • Frictionless Two or Three Factor Authentication
  • No SMS, no tokens, no typing, no biometrics
  • 2-Tier single sign-on session protection

Interactive SSO Demo

Croesus & Midas sell diamonds. The diamonds are sold from four different stores, each of which only sells one colour

The four stores sell Red, Green, Blue and White diamonds respectively.

To make things easy for their many customers, Croesus & Midas permit a single password to give access to more than one store.

The ID's of users authorised to access the diamond stores, together with their passwords, and instructions on how to run the demo can be found here

Find out more

Secure Data At Rest with Virtual Key Encryption

Even though the confidential user details and password data in your database might all be encrypted, the Enemy Within knows the location of the encryption keys and can steal the database, decrypt the data, and publish it on the internet.
Not with DSS Enterprise. Once the virtual keys are set, not even we can access them. Even though the root user can change the keys, he's never told their value.
Find out more

Content Driven IDS/IPS

Our interest in intrusion protection has been fostered by the fact that this site has been under (unsuccessful) attack by parasites trying to implant viruses since 2009, and by a botnet since Christmas Eve 2012. The hackers have thus donated over 10000 hack queries, ranging from SQL injection, to dumb PHP and WordPress hacks, to attempted bash exploits. You can download these files to create pen-testing scripts.
Our IDS/IPS, has successfully defeated every single hack attempt and, by reporting the IP addresses to their ISP's, has helped to remove over 100,000 of these parasites from the internet - and counting...
You can see a (live) chart of incoming defeated hack attempts by clicking on "Hackers' Graveyard Graph" but, if you're interested in trying the IPS to protect your website, you need to be running on a Sun server. Different versions of Linux use different firewalls, and MSWin is too proprietary. Porting it is just too much hassle.
Hackers' Graveyard Graph Download the hack queries

Unix, Oracle and Security

We include here, a pot-pourri of Unix articles, with a leaning towards database and security applications. If you're not that good a programmer, they'll either help, or put you off, for good... Read 'Real Programmers' to see if you qualify or, if you're not a programmer, try 'WordImperfect'
Find out More

Powerpoint Presentation for Management

Blog: Random Ramblings On System Security

Blog: Identity As What Service?

Blog: The Choice of a Second Authentication Factor?

Blog: The Choice of a Third Authentication Factor?

What next?
I need more technical information
I need pricing information
I'd like a free 3-month trial

Still interested in the legacy analog simulation stuff?

Copyright © 1999-2017 Design Simulation Systems

All rights reserved for their respective owners.