It just doesn't exist. Once in awhile, someone thinks it does, but then after a closer look (or by the time it's actually implemented), the anonymity no longer exists.
I expect that given recent P2P legal battles, this will be even more likely to prove as being another blighted failure.
It's analogous to all those other falsehoods, that people still claim to hang onto and that marketting folks use for selling:
What benefits does port knocking give over a simple password on a known port?
I can only suggest it's another security by obscurity tool.
The person who has this installed, probably has it on a home server, in a room with magnetic field protected doorways, ready to wipe the disks if the feds come to haul it away.
It's overkill like this that makes me rethink the whole point of privacy and security. Maybe we would all just be better off sharing everything in the clear (no confidentiality-breach prevention tools), while watching for data misuse (detection and response).
Well, that's probably to idyllic, so as always, we're stuck somewhere in the middle...
C'mon. Everyone knows space travel's main purpose is to find a suitable new place to live after humans turn Earth into a desolate wasteland with an unsustainable atmosphere.
But, how would Earth be any different then than the moon or Mars?Tell me... Have you noticed recently that the moon and Mars are desolate wastelands without a sustainable atmosphere?!?!
I propose we spend the money on learning how to survive on our planet after those idiots destroy it with fossil fuels. Biosphere, desert survival trips. They can be high-tech without a fourth of the expense!
Anti-Spyware exists for bad user rights models. You should be able to set up a static configuration for the machine and user settings. If a program tries to change those on your behalf, you are prompted to re-authenticate prior to making those changes. There's your anti-antything-bad-ware.
For the conspiracy theorists out there ...
on
SHA-1 Broken
·
· Score: 1
NIST announced on 2/7 (days before) that an upgrade from SHA-1 is being forced, but that "SHA-1 is not broken... and there's no reason to believe it will be in the near future."
... but the question really is "Just how much better?" and "How long will it take for such improvements?"
Has anyone ever noticed that in Windows XP, a normal user can create/write new files/dirs to the root of C:\? It's things like this that will need to be corrected if MS really wants to meet their goals of maintaining a secure, stable OS solution. ActiveX controls need to be revisited. Default NTFS ACLs as well...
Sure, there have been improvements. And for all of our sakes, it would be best not to rest on the laurels, but to continue the improvements.
Competition is good. Especially in this case. Granted, if I was forced to choose, I may not choose MS for the majority of software I use (if any at all), but I refuse to close the book on them (perhaps I'm just optmistic)-- I think they could someday arrive and live down their bad reputation.
Sociologists have proven it takes a minimum of 3 generations for social change. How long will it take for security to be cultured into MS?
FF should not allow xpi's to install without significant headaches to the end user if no sig exists. And the trusted CA should probably be a Mozilla cert... that way the Mozilla community can keep it clean, which is one of the focuses on the whole moz project right-- a clean, safe (that only makes it better by itself) browser?
Back in the day when DVD players first came out, and people would buy them but had no place to hook up SVideo or RCA on their TV (not to mention no component video), they would always hook it up over coax into their VCRs. Of course that did not work on most VCRs, the copy protection caused the signal to fade in/out and the colors never looked right.
Working for a major electronics retailer at the time, we saw a lot of DVD players get returned for PECI reasons (Product Exceeds Customer's Intelligence-- unofficial acronym). So we recommended that they buy a Philips brand VCR, which bypassed that copy protection feature and allowed the DVD playback to look OK when daisy chained through their VCR to their TV.
So MS just invested in backwards technology from 1990 then?
Using biometrics as a single factor at home locally for a child too young to type well to log on to a PC without keyboard interaction...
Well, let's put it this way: That's probably about the only good use-case scenario for a device like that mentioned in these posts. Especially since kids love playing and touching things... Wanna play Barney's Adventures? Put your thumb on the little black box, Susie.
The example of single factor bio in the hospital-- still about convenience (typing passwords 800 times/day).
Single factor Bio to access cached accounts/passwords for web surfing-- also lazy convenience. For that matter, it's no different than a Password Safe.
So, in conclusion: Single factor Biometrics are good for convenience when the user is either a young child (and something they know is something they cannot spell), a person suffering from memory loss (what good is something they know in five minutes?), or a really, really stupid person. Anything else borders on laziness.
(Biometrics) + (0 other factors) = [CONVENIENCE] (Bio) + (1 or more other factors) --> hashed --> passed to authentication mechanism > [Password Only Security]
When will people learn that identity factors are not the same as authentication factors?!?!
A Fingerprint is something you are
It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.
The biggest deal here (not mentioned very much in these/. posts) is that the store is keeping your CC info, and obviously stored in some format that they can recover (i.e. either plaintext or symmetrically encrypted (not hashed) ). Assuming the authentication was secure, would you even want them to keep that info for convenience purposes?
That makes their DB such a huge target... forget the claims that they have 0% fraudulent transactions... all the transactions are happening on customers CC from other merchants because their DB traffic was spoofed, hijacked, usurped, or the DB was just plain owned!
Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.
And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!
Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.
The problem is so pervasive that the GRE board has switched from computers back to paper and pencil.
So, there is no computer generating those paper exams anywhere then, right? Oh, that's right... there is, so it could still be keylogged (just not as likely)... that's no solution to a problem like this!
If you do it always, then all activity seems to have the same sensitivity.
If you do it sometimes, then those few times stand out sorely.
That's one of the biggest reasons why you should show your parents, siblings, aunts, uncles, grandparents, neighbors, etc., how to use PGP or x509. That way all traffic looks the same.
But is it really possible to surf anonymously?
You have to trust the proxy you're using, and nowadays a Fed could just as easily subpoena the proxy logs (or maybe get that without a Judge's involvement as the article suggests). About the only thing you could really do would be to proxy-hop from one proxy to the next, routing all traffic through umpteen (yes umpteen) proxies-- thereby making it difficult to track down the traffic. But who really has the time and bandwidth for that?
Don't mean to reply to my own, but I thought I might add that the windows version also provides "auto-typing" the "user -tab- pass" keystrokes for you in the last app that had focus. It's not perfect, but designed for coping in a less than ideal situation.
All those artsy "mac-only" people have a hard time with their left's and right's... so in the interest of a simple UI we have the reft mouse button, er, the light mouse button... I mean... the mouse button.
Slashdot Mirror
in my next big project?
In all seriousness, I believe Schneier's right. We need a competition for a new hash function.
Nah, let's just wait for 24 to drop the words "MD5" before we know it's really bad.
Doesn't that qualify more as "The Sociology of Star Wars"?
Last time I checked, the "ology" in Sociology did mean the scientific study of
So your distinction is just more detailed. It's still science, even if it's not neutrons and physics!
Internet Anonymity is a perpetual motion device.
It just doesn't exist. Once in awhile, someone thinks it does, but then after a closer look (or by the time it's actually implemented), the anonymity no longer exists.
I expect that given recent P2P legal battles, this will be even more likely to prove as being another blighted failure.
It's analogous to all those other falsehoods, that people still claim to hang onto and that marketting folks use for selling:
Unbreakable encryption
100% Security
Completely confidential
Completely Anonymous
If you TCP handshake with a 'trusted' third party on a P2P network, it can be logged. Who actually trusts the people they P2P with anway?!?!?
What benefits does port knocking give over a simple password on a known port?
...
I can only suggest it's another security by obscurity tool.
The person who has this installed, probably has it on a home server, in a room with magnetic field protected doorways, ready to wipe the disks if the feds come to haul it away.
It's overkill like this that makes me rethink the whole point of privacy and security. Maybe we would all just be better off sharing everything in the clear (no confidentiality-breach prevention tools), while watching for data misuse (detection and response).
Well, that's probably to idyllic, so as always, we're stuck somewhere in the middle
C'mon. Everyone knows space travel's main purpose is to find a suitable new place to live after humans turn Earth into a desolate wasteland with an unsustainable atmosphere.
But, how would Earth be any different then than the moon or Mars? Tell me
I propose we spend the money on learning how to survive on our planet after those idiots destroy it with fossil fuels. Biosphere, desert survival trips. They can be high-tech without a fourth of the expense!
Anti-Spyware exists for bad user rights models. You should be able to set up a static configuration for the machine and user settings. If a program tries to change those on your behalf, you are prompted to re-authenticate prior to making those changes. There's your anti-antything-bad-ware.
NIST announced on 2/7 (days before) that an upgrade from SHA-1 is being forced, but that "SHA-1 is not broken
here's the article.
Has anyone ever noticed that in Windows XP, a normal user can create/write new files/dirs to the root of C:\? It's things like this that will need to be corrected if MS really wants to meet their goals of maintaining a secure, stable OS solution. ActiveX controls need to be revisited. Default NTFS ACLs as well
Sure, there have been improvements. And for all of our sakes, it would be best not to rest on the laurels, but to continue the improvements.
Competition is good. Especially in this case. Granted, if I was forced to choose, I may not choose MS for the majority of software I use (if any at all), but I refuse to close the book on them (perhaps I'm just optmistic)-- I think they could someday arrive and live down their bad reputation.
Sociologists have proven it takes a minimum of 3 generations for social change. How long will it take for security to be cultured into MS?
XPI's should be digitally signed. Period.
FF should not allow xpi's to install without significant headaches to the end user if no sig exists. And the trusted CA should probably be a Mozilla cert
Back in the day when DVD players first came out, and people would buy them but had no place to hook up SVideo or RCA on their TV (not to mention no component video), they would always hook it up over coax into their VCRs. Of course that did not work on most VCRs, the copy protection caused the signal to fade in/out and the colors never looked right.
Working for a major electronics retailer at the time, we saw a lot of DVD players get returned for PECI reasons (Product Exceeds Customer's Intelligence-- unofficial acronym). So we recommended that they buy a Philips brand VCR, which bypassed that copy protection feature and allowed the DVD playback to look OK when daisy chained through their VCR to their TV.
So MS just invested in backwards technology from 1990 then?
Using biometrics as a single factor at home locally for a child too young to type well to log on to a PC without keyboard interaction
Well, let's put it this way: That's probably about the only good use-case scenario for a device like that mentioned in these posts. Especially since kids love playing and touching things
The example of single factor bio in the hospital-- still about convenience (typing passwords 800 times/day).
Single factor Bio to access cached accounts/passwords for web surfing-- also lazy convenience. For that matter, it's no different than a Password Safe.
So, in conclusion: Single factor Biometrics are good for convenience when the user is either a young child (and something they know is something they cannot spell), a person suffering from memory loss (what good is something they know in five minutes?), or a really, really stupid person. Anything else borders on laziness.
from TFA:
"An Internet-delivered movie, downloaded to a PC, can now be protected on analog video playback out of a PC"
They're actually concerned with someone outputting a digital format (MPG, DIVX, WMV, etc.) to an Analog source like a VCR? C'mon
I thought the purpose of ripping the media was to have a perfect (or near perfect) digital copy
When will people learn that identity factors are not the same as authentication factors?!?!
A Fingerprint is something you are
It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.
The biggest deal here (not mentioned very much in these
That makes their DB such a huge target
Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.
And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!
Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.
Previously on
Arsonist: I didn't buy those flammable items.
Police: Yes you did, your frequent shopper card and your bio give you away.
The problem is so pervasive that the GRE board has switched from computers back to paper and pencil.
So, there is no computer generating those paper exams anywhere then, right? Oh, that's right
They employ Google's Pigeon technique to identify the 'bad' stuff.
Always Encrypt, shred, proxy, etc.
If you do it always , then all activity seems to have the same sensitivity.
If you do it sometimes , then those few times stand out sorely.
That's one of the biggest reasons why you should show your parents, siblings, aunts, uncles, grandparents, neighbors, etc., how to use PGP or x509. That way all traffic looks the same.
But is it really possible to surf anonymously?
You have to trust the proxy you're using, and nowadays a Fed could just as easily subpoena the proxy logs (or maybe get that without a Judge's involvement as the article suggests). About the only thing you could really do would be to proxy-hop from one proxy to the next, routing all traffic through umpteen (yes umpteen) proxies-- thereby making it difficult to track down the traffic. But who really has the time and bandwidth for that?
I guess it's good enough for some things
MSN
Google
And the Weapons of mass destruction on MSN works better than Google
FP? Site's down ...
Try using a different subset of characters of pi encoded in hex.
To cash in more often for chocolate bars!!!
Don't mean to reply to my own, but I thought I might add that the windows version also provides "auto-typing" the "user -tab- pass" keystrokes for you in the last app that had focus. It's not perfect, but designed for coping in a less than ideal situation.
For the Windows folks
For the *nix folks
Read the packaging, there's a disclaimer: Do not use to protect anything you really care about.
Also, you should always remember that any use of biometrics without additional factors is for convenience-- never about security.
All those artsy "mac-only" people have a hard time with their left's and right's ... so in the interest of a simple UI we have the reft mouse button, er, the light mouse button ... I mean ... the mouse button.