 |
|
 |
| |
|
BioExchange Security Editorial Report: How Safe Is Your Genome?
|
|
|
|
|
|
BioExchange Security Editorial Report: How Safe Is Your Genome?
|
|
| SAN FRANCISCO, CA -- (INTERNET WIRE) -- 12/21/2000 -- The following is a security report issued by BioExchange.com.
With the escalation of Internet-based genomics and proteomics products and tools and the inevitable rise of so-called “personal genomic” technologies, it is increasingly important to insure genomic security and privacy to both companies and individuals. There is currently a half-dozen online genomics companies focused on providing commercial-grade research tools and proprietary data sources of not just human, but fly, worm, mouse, pig, and other model organisms. Other companies want to analyze and store your own personal genomic information for research and health.
As the popularity and utility of genome-searching databases, outsourced protein simulations, reaction kinetics, and other “online science” technologies emerge as distinct products or ASP type services, privacy and security become issues at the forefront of everyone involved in the discovery process, including even the patients and volunteers themselves. As personal genomics and online medical information become utilized throughout the Internet, high-grade security measures must be implemented including client, or personal digital certificates, smart cards, and biometric technologies.
BioExchange.com has conducted an in-depth assessment of the current security implemented on today’s most popular Internet-based genomics tools and services. Utilizing three sets of criteria, BioExchange.com analyzed the current online genomics services and judged the state of their security based upon SSL encryption, password protection, and the sensitivity of information that is transferred via direct e-mail mechanisms.
Every one of the sites reviewed failed in providing support for encrypted e-mail. In many circumstances, e-mail is used to receive results from genomic pattern searches, where the researchers are forwarded e-mails of results from many sets of experimental data as it is processed. Some sites displayed search results within secure, SSL connections; however, e-mail security is virtually unimplemented throughout.
Additionally, user accounts rarely had password restrictions beyond a minimum amount of characters, and no site implemented restrictions on choice of user passwords. Though a common security fault throughout the Internet, requiring complex passwords with numbers, special characters, and checks against “easy” passwords (such as the user name) insure greater levels of security.
The results are discussed and compared in this report and presented in alphabetical order:
BioNavigator: Rated overall an excellent site in terms of security, BioNavigator insures that users’ identity and information are private through the use of 56 and 128-bit SSL encryption, which is activated during the initial registration and then is optional through the use of a toggle switch, which leaves the level of security and speed up to the user.
Celera Genomics (NASDAQ: CRA): Unfortunately, the Celera web site was unable to perform a complete SSL connection due to server installation problems. There is no working encryption on the entirety of the Celera web site, where genomic information is proxied to their teraflop supercomputers containing their proprietary databases of the Human Genome. We contacted the Celera web staff to inquire about the state of their SSL security, and received a response from Celera web staff, who did not give out any accurate information, only that they were very “busy”. Guess Celera is too busy to insure the privacy and security of their clients data, and their own…
DoubleTwist: DoubleTwist rated as an excellent site in our security review, providing state-of-the-art 56 and 128-bit encryption. DoubleTwist doesn’t require strict password validation, however, loosing your password means that you will have to manually request the site administrator to disclose or reset the password. Information from the site relies greatly on e-mail, a general flaw against most of the sites reviewed.
GeneSolutions: GeneSolutions, a division of HySeq (NASDAQ: HYSQ), was the worst site reviewed in terms of privacy and security. There is no secure server, so don’t go looking for an SSL-encrypted sign-up form, there isn’t one. Furthermore, passwords are simply sent over e-mail if you forgot yours, just enter your e-mail name in the very dangerous form fields, nothing is encrypted. GeneSolutions was unavailable for comments.
Incyte (NASDAQ: INCY): Providing Enterprise-grade security of the same level as banking institutions, Incyte takes a very strict approach to site security and privacy, requiring 128-bit encryption as a minimum for any client browser to connect to the LifeSeq application. Although users are able to select their own passwords initially, forgetting a password results in the generation of a new password after confirming password hints. Had Incyte implemented a type of e-mail security, this site would have earned a Superior rating, however, this is an excellent-rated site.
LabOnWeb: Overall, the site rates as a good site. Although SSL is fully implemented as both 56 and 128-bit support and a 1024-bit public key encrypted SSL certificate from RSA security, the reliance on e-mail for search results compromises security. Additionally, the lack of a hint feature for password recovery and the automated password e-mail system make LabOnWeb only a good site in terms of security and privacy.
For a free Enterprise security assessment, contact security@corp.bioexchange.com, or call Eric Stone, 888-320-7090 x402 for further details.
SSL Certificate
BioNavigator Excellent: 56/128-bit Excellent: Thawte 1024-bit
Celera Poor: improperly configured Good: Verisign 512-bit
DoubleTwist Excellent: 56/128-bit Excellent: Verisign 1024-bit
GeneSolutions None None
Incyte Superior: 128-bit only Excellent: Verisign 1024-bit
LabOnWeb Excellent: 56/128-bit Excellent: RSA 1024-bit
Password Security E-Mail Security
BioNavigator Good: hint and manual e-mail None
Celera Fair: no hint and manual e-mail None
DoubleTwist Fair: no hint and manual e-mail None
GeneSolutions Poor: no hint, auto e-mail password None
Incyte Excellent: hint and online SSL re-issue None
LabOnWeb Poor: no hint, auto e-mail password None
--------------------------------------------------------------------------------
Contact: Eric Stone
Phone: 888-320-7090 x402
Email: security@corp.bioexchange.com
|
|
|
|
Source:
Internet Wire
www.internetwire.com
|
[
Back
] |
|
[
Top
] |
|
|
|
|
|
|
|
