That just seems odd... 20 milliseconds is a long time when it comes to computers, and having the same "auth code" which can get one user to have another user's token seems like piss-poor design. This never should have been done in the first place.
Android devices didn't use any additional hardware, and some actually wanted you to blink before they would authenticate. However, Apple uses a number of subsystems to do the FaceID authentication, including a processor dedicated to facial recognition. TouchID is a lot lighter, and just requires a home button.
Android devices have another item solved too... with the fingerprint reader on the back. No space on the front needed.
Another reason is that a finger print scan is a deliberate action. Finger goes on a scanner, and it functions as an acknowledgement that I am buying a bag of Dungeon Yums from a vending machine.
A face scan isn't a definite action. You pick up your device to look at it, is different from having TouchID register an explicitly pressed home button.
I would agree that because it is a moving part, it eventually may have issues. However, there are many self-winding watches out there that have long lifespans. Seiko, Bulova, and other brands have been making self-winding watches for many years, and their failure mode rarely is the mechanics involved.
I would assert that some type of flywheel that uses the motion of one's arm, similar to self-winding watches, would bring in more energy over time, and one can use a self-winding watch case to keep the watch at full charge when it is not in use.
For body heat to work, the watch needs a hot side, and a cold side... and a reverse Peltier junction. However, the surface area of the watch just doesn't seem up to the task, especially if the watch is worn in a jacket.
I would rather go with a solar panel (perhaps the transparant type that GE is hawking) under the watch crystal as well as the flywheel.
I wouldn't be surprised to see a move to lattice based algorithms or crypto that is resistant to quantum factoring in the next few years, once there is a significant key factored. Or, perhaps when a key handshake is done, part of it is keeping a shared secret for a later time, so if the public/private part of the encryption is broken, the shared secret, even though not as secure, would still protect the data.
Linux has had its vulnerabilities, but it has done well for an OS that is Internet facing and always bearing the constant slings and arrows from attackers. The only time I've even thought of AV on Linux is because it is to check a box off when it comes to audits or paperwork. I doubt any AV would be useful at all on the platform, other than to catch Windows items on a SMB file server.
Because of Windows's historically crappy programming, this is why AV was created. This isn't just MS's fault. Other operating systems of that time with cooperative multitasking had issues as well, so things like Disinfectant for the Mac that had a program load and run were critical.
However, time has passed. Macs run a pre-emptive OS with MAC and DAC controls. Linux has SELinux and AppArmor. Even Windows, especially with tools to limit what applications can write to what files, is getting there.
There is no real need for AV anymore. In the past, AV's liability of CPU slowness was worth it, as it would catch things. Now, AV is all but worthless because the two primary infection vectors are malvertising (which needs to be handled by the web browser and the sandbox/VM it sits in) and Trojans. AV rarely protects against malicious PDFs or Word documents.
It is worse now, because with the fact that AV autoupdates both signatures and code, as well as sends what the hell it feels like to the mother-ship, AV can easily become malware in itself in a way that is undetectable.
What needs to be done is to dump AV completely and have the OS handle security. The Qubes OS model is a good example of this done right. Alternatively, one can do this manually via Sandboxie or VMs on the desktop.
Almost all European countries are "Socialist". China is socialist. Russia is socialist. They are running rings around the US when it comes to patents, innovation, products, R&D, and many other items. People can focus on doing cool stuff when they don't have to worry about a roof over their head, or if they will lose their live's savings if they get sick or injured.
The pendulum is swinging. Capitalism has its place, but unchecked capitalism is just as bad as a complete command economy, because the invisible hand will always give the middle finger to people who are not well-heeled.
Google has a good selection of 2FA tools, be it the app (which lets you tap "yes" on your phone), their authenticator, SMS fallback, etc. I'm surprised why more people are not enabling authentication. That way, a revealed password isn't the end of the world, although stealing auth tokens can be still a valid attack, but that is a lot harder to do than a passive keylogger.
It is doable right now. SELinux and AppArmor can do this, Macs have the app sandbox, Windows has privilege and policy restrictions and (as of the last big update) has something along these lines. This just needs to be more prevalent. It is a step to add granularity to security, but it definitely will minimize damage a rogue program can do.
There are buyers agents for Taobao (Taobaoring for example) which make buying from internal Chinese markets relatively inexpensive and safe. I've bought LED bulbs for less than $1.00 each (including shipping), for example as a test.
US retail needs to change, and change away from bulk, throwaway goods. Instead, aim for top tier, well-made items that may be more expensive than stuff fresh off the boat... but would be repairable and indefinitely maintainable. The days of disposable stuff are coming to a close, and people can't afford to replace stuff often, so focusing on selling a good, then selling parts and repairs is the way to survive.
Craftsman lost their good name by offshoring production to China. What is the difference between a Craftsman tool and one from Harbor Freight? Not much.
Sears should have kept their manufacturing in the US, increased the price, and competed against MAC or Snap-on. Sears then would have had a top tier brand where people would pay a top-tier price for. It may not beat Kobalt or Husky by name, but by quality and profit per sale.
Gold is one of those things that comes and goes in value. Both gold and silver have been flat over the past seven years, so you really would not make much, even "as a hedge for inflation". To boot, there isn't anything you can do with gold and silver, except admire the shininess. With a chunk of land, I can lease it out. With stocks, I can get dividends. Why buy something that only is worth anything when it is sold, when you can get something that pays out over time?
This is a worry as well. If can be a vector for compromise, witting or unwitting.
Realistically, we don't need more AV BS. Instead, we need better application separation, snapshotting, ability to roll back, and defense in depth. For example, Excel shouldn't be touching Word documents unless the user explicitly specifies it, and an unknown third party web extension shouldn't be touching anything out of its temp directory.
We definitely don't need third parties and even OS vendors having the ability (and the mandate) to slurp files at will. What is malicious software today can be a MP3 track or movie tomorrow, or perhaps a copy of a dissident's writings the day after.
There is a balance between security and privacy. The gain for allowing all and sundry to suck up documents at will is not worth much, because no AV is good at fighting the zero day attacks anyway. At best, it might catch a Trojan, but I've found that a good ad blocker, running the web browser in a sandbox or VM, and solid backups is a lot more useful than any AV product.
A car example of this would be someone who leaves their keys in an unlocked vehicle. First, someone from Lower Elbonia steals the car. Then, someone from Latveria. Then, someone from Cobra Island, and then someone from the Greater East Asia Co-Prosperity Sphere. Yes, one can blame these countries, but there is also the issue that anyone from anywhere could see the car keys and want to go for a ride.
There comes a point where, yes, a theft is a theft, but there needs to be some culpability in failing to secure things. At least Europe is taking steps to break the "security has no ROI" cycle with the GDPR. It is not perfect, but losing 4% of total earnings is a pretty big incentive to actually spend some on basic security design [1]. Security isn't rocket science. Good security practices have been around since the Cold War era, and OPSEC practices have been around since people started trying to kill each other in groups.
Good security can be done. It is just bothering to spend the resources to do so.
[1]: For example, it isn't hard to secure a database. I've seen a startup use transparent encryption through a HSM to ensure that an intruder isn't going to be able to dump the DB and make off with the goodies. If those guys could do it, a well-heeled company can easily implement this, plus many other defense in depth measures. To secure AD, it isn't hard to set up policies requiring 20+ characters for service accounts, and a short (3-5 minutes) lockout period for user accounts, coupled with a real time monitoring system to catch brute force attempts.
Maybe we need something similar to a SIM card (in both form and function) that can be moved between PCs? It would function as a low level HSM allowing for encryption/decryption/signing/verification in a place physically off the main computer, and in a container that is both resistant to physical attacks, and narrows down the attacks that can be done from remote.
Agreed here. The Google "fastboot oem unlock" approach has worked extremely well for years. With that, I'd like to see an easy way to "sanitize" a machine, where I can do a "fastboot oem lock", install a signed OS, and have all factory security items intact.
Secure UEFI has its benefits. It stops attacks like NotPetya cold, for example.
I would assert the whole fantasy genre came from Tolkien. His writings may not have been as intriguing as other authors, but his universe is often used by others.
There have been two other major fantasy paradigms that have followed after that. The roles of elves, orcs, etc. changing due to Warhammer and World of Warcraft (which is heavily influenced by that style.) Then, the butchery style of George R. R. Martin where before that, the named characters would survive, perhaps with one being the sacrifice to be remembered. GoT brought on the paradigm of anyone being able to be killed, anywhere.
Things are changing though. The classic Tolkien fantasy is boring, and in general, we are seeing a move to less magical, but more gritty, combat oriented universes, like GoT, or even Gor.
I wouldn't be surprised to see more devices wind up using this, perhaps offering "functionality" like bridging/IP forwarding so the IoT's maker's tech support (or anyone who hacks it) has free reign into that subnet.
I do agree about IoT regulation, be it something like a UL listing, to GDPR-like laws on what data can be transmitted. Ideally a law requiring the 3G card to have the option to be obviously disabled by the user and the device function without it without issue.
That goes without saying. If one buys a device with special offers, they have agreed beforehand that there will be ads on the device.
However, if a TV that was bought with no pre-arrangement beforehand, other than maybe some dialog of, "Do you accept the EULA?" that starts slinging ads and requires an always-on connection to function is a device that the maker has deliberately misrepresented its function. Those go back as defective.
There is a line between, "you are getting a price break, because you agree to ads" versus, "you are paying full price, AND we are going to sling shit your way because we get a second revenue stream." We have this happen with cable TV, where initially, one paid for a cable sub and had no ads on TV. Then it would happen between shows, now, one pays for TV and the ad frequency are in come cases worse than OTA TV. If one, as a consumer doesn't take a stand and show a zero tolerance on this, all TVs will become ad machines.
If that happens, return the TV to the store as defective, because it is unable to do its primary function. If even a relatively small amount of people do this and make sure it is know that the TV will be sent back if it requires an internet connection, then all new TVs will not require it. In fact, if a TV requires a EULA, it goes back, which is legal, because you are not accepting their Draconian terms and conditions.
The ironic thing is flashing a TV's firmware can be easily done via a SD card. The process can be either a menu for firmware, or just checking if the SD card has a signed image that is greater than the one on the TV, and that the image is for that specific model and features. If that is correct, start the flash process.
A TV needs zero Internet connectivity to function.
I read about people putting the TV on its own VLAN, or other ways around it. However, I prefer something simpler than that. If the TV has network functionality it gets disabled. If it requires to be connected to the Internet to work, it goes back to the store as defective. It technically is legally defective, because this is not an internet appliance, this is sold as a TV. Because it fails to do its primary function, it is defective, and goes back.
As of now, there are many other choices of TVs that I don't have to deal with yet another potentially insecure, spying device.
Slashdot Mirror
That just seems odd... 20 milliseconds is a long time when it comes to computers, and having the same "auth code" which can get one user to have another user's token seems like piss-poor design. This never should have been done in the first place.
Android devices didn't use any additional hardware, and some actually wanted you to blink before they would authenticate. However, Apple uses a number of subsystems to do the FaceID authentication, including a processor dedicated to facial recognition. TouchID is a lot lighter, and just requires a home button.
Android devices have another item solved too... with the fingerprint reader on the back. No space on the front needed.
This is why I prefer TouchID.
Another reason is that a finger print scan is a deliberate action. Finger goes on a scanner, and it functions as an acknowledgement that I am buying a bag of Dungeon Yums from a vending machine.
A face scan isn't a definite action. You pick up your device to look at it, is different from having TouchID register an explicitly pressed home button.
I would agree that because it is a moving part, it eventually may have issues. However, there are many self-winding watches out there that have long lifespans. Seiko, Bulova, and other brands have been making self-winding watches for many years, and their failure mode rarely is the mechanics involved.
I would assert that some type of flywheel that uses the motion of one's arm, similar to self-winding watches, would bring in more energy over time, and one can use a self-winding watch case to keep the watch at full charge when it is not in use.
For body heat to work, the watch needs a hot side, and a cold side... and a reverse Peltier junction. However, the surface area of the watch just doesn't seem up to the task, especially if the watch is worn in a jacket.
I would rather go with a solar panel (perhaps the transparant type that GE is hawking) under the watch crystal as well as the flywheel.
I wouldn't be surprised to see a move to lattice based algorithms or crypto that is resistant to quantum factoring in the next few years, once there is a significant key factored. Or, perhaps when a key handshake is done, part of it is keeping a shared secret for a later time, so if the public/private part of the encryption is broken, the shared secret, even though not as secure, would still protect the data.
Linux has had its vulnerabilities, but it has done well for an OS that is Internet facing and always bearing the constant slings and arrows from attackers. The only time I've even thought of AV on Linux is because it is to check a box off when it comes to audits or paperwork. I doubt any AV would be useful at all on the platform, other than to catch Windows items on a SMB file server.
Because of Windows's historically crappy programming, this is why AV was created. This isn't just MS's fault. Other operating systems of that time with cooperative multitasking had issues as well, so things like Disinfectant for the Mac that had a program load and run were critical.
However, time has passed. Macs run a pre-emptive OS with MAC and DAC controls. Linux has SELinux and AppArmor. Even Windows, especially with tools to limit what applications can write to what files, is getting there.
There is no real need for AV anymore. In the past, AV's liability of CPU slowness was worth it, as it would catch things. Now, AV is all but worthless because the two primary infection vectors are malvertising (which needs to be handled by the web browser and the sandbox/VM it sits in) and Trojans. AV rarely protects against malicious PDFs or Word documents.
It is worse now, because with the fact that AV autoupdates both signatures and code, as well as sends what the hell it feels like to the mother-ship, AV can easily become malware in itself in a way that is undetectable.
What needs to be done is to dump AV completely and have the OS handle security. The Qubes OS model is a good example of this done right. Alternatively, one can do this manually via Sandboxie or VMs on the desktop.
The fewer moving parts, the better.
Almost all European countries are "Socialist". China is socialist. Russia is socialist. They are running rings around the US when it comes to patents, innovation, products, R&D, and many other items. People can focus on doing cool stuff when they don't have to worry about a roof over their head, or if they will lose their live's savings if they get sick or injured.
The pendulum is swinging. Capitalism has its place, but unchecked capitalism is just as bad as a complete command economy, because the invisible hand will always give the middle finger to people who are not well-heeled.
Google has a good selection of 2FA tools, be it the app (which lets you tap "yes" on your phone), their authenticator, SMS fallback, etc. I'm surprised why more people are not enabling authentication. That way, a revealed password isn't the end of the world, although stealing auth tokens can be still a valid attack, but that is a lot harder to do than a passive keylogger.
It is doable right now. SELinux and AppArmor can do this, Macs have the app sandbox, Windows has privilege and policy restrictions and (as of the last big update) has something along these lines. This just needs to be more prevalent. It is a step to add granularity to security, but it definitely will minimize damage a rogue program can do.
QubesOS comes to mind as an idea.
There are buyers agents for Taobao (Taobaoring for example) which make buying from internal Chinese markets relatively inexpensive and safe. I've bought LED bulbs for less than $1.00 each (including shipping), for example as a test.
US retail needs to change, and change away from bulk, throwaway goods. Instead, aim for top tier, well-made items that may be more expensive than stuff fresh off the boat... but would be repairable and indefinitely maintainable. The days of disposable stuff are coming to a close, and people can't afford to replace stuff often, so focusing on selling a good, then selling parts and repairs is the way to survive.
Craftsman lost their good name by offshoring production to China. What is the difference between a Craftsman tool and one from Harbor Freight? Not much.
Sears should have kept their manufacturing in the US, increased the price, and competed against MAC or Snap-on. Sears then would have had a top tier brand where people would pay a top-tier price for. It may not beat Kobalt or Husky by name, but by quality and profit per sale.
Gold is one of those things that comes and goes in value. Both gold and silver have been flat over the past seven years, so you really would not make much, even "as a hedge for inflation". To boot, there isn't anything you can do with gold and silver, except admire the shininess. With a chunk of land, I can lease it out. With stocks, I can get dividends. Why buy something that only is worth anything when it is sold, when you can get something that pays out over time?
This is a worry as well. If can be a vector for compromise, witting or unwitting.
Realistically, we don't need more AV BS. Instead, we need better application separation, snapshotting, ability to roll back, and defense in depth. For example, Excel shouldn't be touching Word documents unless the user explicitly specifies it, and an unknown third party web extension shouldn't be touching anything out of its temp directory.
We definitely don't need third parties and even OS vendors having the ability (and the mandate) to slurp files at will. What is malicious software today can be a MP3 track or movie tomorrow, or perhaps a copy of a dissident's writings the day after.
There is a balance between security and privacy. The gain for allowing all and sundry to suck up documents at will is not worth much, because no AV is good at fighting the zero day attacks anyway. At best, it might catch a Trojan, but I've found that a good ad blocker, running the web browser in a sandbox or VM, and solid backups is a lot more useful than any AV product.
A car example of this would be someone who leaves their keys in an unlocked vehicle. First, someone from Lower Elbonia steals the car. Then, someone from Latveria. Then, someone from Cobra Island, and then someone from the Greater East Asia Co-Prosperity Sphere. Yes, one can blame these countries, but there is also the issue that anyone from anywhere could see the car keys and want to go for a ride.
There comes a point where, yes, a theft is a theft, but there needs to be some culpability in failing to secure things. At least Europe is taking steps to break the "security has no ROI" cycle with the GDPR. It is not perfect, but losing 4% of total earnings is a pretty big incentive to actually spend some on basic security design [1]. Security isn't rocket science. Good security practices have been around since the Cold War era, and OPSEC practices have been around since people started trying to kill each other in groups.
Good security can be done. It is just bothering to spend the resources to do so.
[1]: For example, it isn't hard to secure a database. I've seen a startup use transparent encryption through a HSM to ensure that an intruder isn't going to be able to dump the DB and make off with the goodies. If those guys could do it, a well-heeled company can easily implement this, plus many other defense in depth measures. To secure AD, it isn't hard to set up policies requiring 20+ characters for service accounts, and a short (3-5 minutes) lockout period for user accounts, coupled with a real time monitoring system to catch brute force attempts.
Maybe we need something similar to a SIM card (in both form and function) that can be moved between PCs? It would function as a low level HSM allowing for encryption/decryption/signing/verification in a place physically off the main computer, and in a container that is both resistant to physical attacks, and narrows down the attacks that can be done from remote.
Agreed here. The Google "fastboot oem unlock" approach has worked extremely well for years. With that, I'd like to see an easy way to "sanitize" a machine, where I can do a "fastboot oem lock", install a signed OS, and have all factory security items intact.
Secure UEFI has its benefits. It stops attacks like NotPetya cold, for example.
Likely never, with the way copyright laws are today.
I would assert the whole fantasy genre came from Tolkien. His writings may not have been as intriguing as other authors, but his universe is often used by others.
There have been two other major fantasy paradigms that have followed after that. The roles of elves, orcs, etc. changing due to Warhammer and World of Warcraft (which is heavily influenced by that style.) Then, the butchery style of George R. R. Martin where before that, the named characters would survive, perhaps with one being the sacrifice to be remembered. GoT brought on the paradigm of anyone being able to be killed, anywhere.
Things are changing though. The classic Tolkien fantasy is boring, and in general, we are seeing a move to less magical, but more gritty, combat oriented universes, like GoT, or even Gor.
I wouldn't be surprised to see more devices wind up using this, perhaps offering "functionality" like bridging/IP forwarding so the IoT's maker's tech support (or anyone who hacks it) has free reign into that subnet.
I do agree about IoT regulation, be it something like a UL listing, to GDPR-like laws on what data can be transmitted. Ideally a law requiring the 3G card to have the option to be obviously disabled by the user and the device function without it without issue.
That goes without saying. If one buys a device with special offers, they have agreed beforehand that there will be ads on the device.
However, if a TV that was bought with no pre-arrangement beforehand, other than maybe some dialog of, "Do you accept the EULA?" that starts slinging ads and requires an always-on connection to function is a device that the maker has deliberately misrepresented its function. Those go back as defective.
There is a line between, "you are getting a price break, because you agree to ads" versus, "you are paying full price, AND we are going to sling shit your way because we get a second revenue stream." We have this happen with cable TV, where initially, one paid for a cable sub and had no ads on TV. Then it would happen between shows, now, one pays for TV and the ad frequency are in come cases worse than OTA TV. If one, as a consumer doesn't take a stand and show a zero tolerance on this, all TVs will become ad machines.
Or just having a 3G/4G card. Those are dirt cheap.
If that happens, return the TV to the store as defective, because it is unable to do its primary function. If even a relatively small amount of people do this and make sure it is know that the TV will be sent back if it requires an internet connection, then all new TVs will not require it. In fact, if a TV requires a EULA, it goes back, which is legal, because you are not accepting their Draconian terms and conditions.
The ironic thing is flashing a TV's firmware can be easily done via a SD card. The process can be either a menu for firmware, or just checking if the SD card has a signed image that is greater than the one on the TV, and that the image is for that specific model and features. If that is correct, start the flash process.
A TV needs zero Internet connectivity to function.
I read about people putting the TV on its own VLAN, or other ways around it. However, I prefer something simpler than that. If the TV has network functionality it gets disabled. If it requires to be connected to the Internet to work, it goes back to the store as defective. It technically is legally defective, because this is not an internet appliance, this is sold as a TV. Because it fails to do its primary function, it is defective, and goes back.
As of now, there are many other choices of TVs that I don't have to deal with yet another potentially insecure, spying device.