The power source should not be considered in the security question. That is a reliability and availability issue. With "soft tokens" that can be safely operated from phones and USB thumbdrives, there are already solutions to the perceived problem.
Now, to address the question of security for this new "token", you need to focus on the PIN generation algorithm, and the security of the delivery channel.
Unfortunately in this little PR video, there's not enough technical implementation information to make any deeper analysis of the specific solution. But we can speculate on this type of system, in general.
Obviously, the SecureID type token - where no secret is transmitted to generate the secret - is always more secure than a scheme where a remote display of a secret is generated. The channel can be intercepted enroute, if valuable enough to warrant the effort. There is also the possibility of TEMPEST type attacks on monitor emissions. These have to be evaluated, but I expect they are low-risk, and with the one-time use of the secret, probably not worth the trouble.
More troubling? This is being generated and displayed on demand, when regular credentials are first supplied. That means that an attacker with the regular password can request a new PIN many times, regardless of thier location. They can do this many times, and analyze output well enough to craft an attack on the scheme.
Ultimately, I would view this as a replacement for CAPTCHA technology, which it more closely resembles, than I would an improvement on OTP tokens. Unfortunately, I don't see the value of CAPTCHA justifying the cost and effort in this "passive" OTP.
If the cards were piled on top of each other they would be 150 times as high as Mount Everest -- 1,200 kilometres.
India's legions of local bureaucrats currently issue at least 20 proofs of identity, including birth certificates, driving licences and ration cards. None is accepted universally and moving from one state to the next can easily render a citizen officially invisible -- a disastrous predicament for the millions of poor who rely on state handouts to survive.
It's worse than that. Bish got rid of Habeas Corpus after 800 years. Obama now reserves the Executive Privilege to detain indefinitely, those acquitted and exonerated!
Obama claims right to imprison "combatants" acquitted at trial By Bill Van Auken 10 July 2009
In testimony before the US Senate Tuesday, legal representatives of the Obama administration not only defended the system of kangaroo military tribunals set up under Bush, but affirmed the government's right to continue imprisoning detainees indefinitely, even if they are tried and acquitted on allegations of terror-related crimes.
This assertion of sweeping, extra-constitutional powers is only the latest in a long series of decisions by the Democratic administration demonstrating its essential continuity with the Bush White House on questions of militarism and attacks on democratic rights.
The testimony, given to the Senate Armed Services Committee by the top lawyer for the Pentagon and the head of the Justice Department's National Security Division, came in the context of a congressional bid to reconfigure the military tribunal system set up under the Bush administration.
In 2006, Congress passed the Military Commissions Act in an attempt to lend legal cover to the system of drumhead courts set up to try so-called "enemy combatants," which had been found unconstitutional by the US Supreme Court. The high court subsequently ruled against the congressionally revised system as well.
This latest effort, like the one carried out three years ago, is aimed at fending off successful court challenges to the system. The Senate Armed Services Committee introduced new military commission legislation last month as part of the 2010 military spending bill.
As the committee's Democratic chairman, Carl Levin of Michigan, put it, the aim was to "substitute new procedures and language" that would "restore confidence in military commissions."
As the administration's lawyers made clear, however, any changes will amount to mere window dressing in an Orwellian system where the government decides who is entitled to trial, whether defendants are brought before military or civilian courts, and even whether or not to free those who are found not guilty.
The Justice Department attorney, David Kris, told the Senate panel that civilian and military prosecutors are still debating whether scores of detainees who have been marked for trial will be brought before a military tribunal or a civilian court.
"This is a fact-intensive judgment that requires a careful assessment of all the evidence," Kris said. He acknowledged that some form of trial was preferable to simply continuing to hold the detainees as "unlawful combatants."
What is clear, however, is that this "fact intensive" process is aimed at determining which detainees can be convicted in a civilian court, which of them must be sent to military tribunals because of the weakness of the evidence against them, and which will simply be held without trial because there is no evidence that would stand up in either venue. In such a system, all must be found guilty--the only question is by what means.
Undoubtedly another major concern is keeping out of open court cases which could make public the heinous crimes carried out by the US military and intelligence apparatus in the "war on terror," including acts of "extraordinary rendition," torture and murder.
The Obama White House has repeatedly demonstrated its determination to cover up these crimes, including by defying a court order to release Pentagon torture photos and the Justice Department's attempts to quash legal challenges to the criminal practices of the Bush administration, including rendition, torture and illegal domestic spying.
Appearing with Kris was Jeh Johnson, the chief lawyer of the Defense Department, who made the case for the president's supposed power to continue holding detainees without bringing them before any court and to throw men acqui
Slashdot Mirror
In the 90's, Iran's principal start-up ISP was called neda.net
I can see why the new effort is named after the late Ms. Soltani. Still a coincidence of note.
Iran's gateway out - due to embargo issues - used to be a pair of 9600 Bps USR HST modems, located in Austria. That changed around '95.
So, Sniff my willie!
Make enough to crash the prices, and destroy the profit motive for maintaining a market. Everybody wins! :-)
The power source should not be considered in the security question. That is a reliability and availability issue. With "soft tokens" that can be safely operated from phones and USB thumbdrives, there are already solutions to the perceived problem.
Now, to address the question of security for this new "token", you need to focus on the PIN generation algorithm, and the security of the delivery channel.
Unfortunately in this little PR video, there's not enough technical implementation information to make any deeper analysis of the specific solution. But we can speculate on this type of system, in general.
Obviously, the SecureID type token - where no secret is transmitted to generate the secret - is always more secure than a scheme where a remote display of a secret is generated. The channel can be intercepted enroute, if valuable enough to warrant the effort. There is also the possibility of TEMPEST type attacks on monitor emissions. These have to be evaluated, but I expect they are low-risk, and with the one-time use of the secret, probably not worth the trouble.
More troubling? This is being generated and displayed on demand, when regular credentials are first supplied. That means that an attacker with the regular password can request a new PIN many times, regardless of thier location. They can do this many times, and analyze output well enough to craft an attack on the scheme.
Ultimately, I would view this as a replacement for CAPTCHA technology, which it more closely resembles, than I would an improvement on OTP tokens. Unfortunately, I don't see the value of CAPTCHA justifying the cost and effort in this "passive" OTP.
Summer's here! The Algae's in bloom and love is in the air! Eat, drink and be merry, for tomorrow we die.
They have a burning commitment to the program.
As in, "the Chef is concerned, but the Chicken is committed." :-)
A for-profit, closed-source and highly-profitable company is going to charge real dollars for corporations and businesses that use their software!
How dare they! What gives Microsoft the right to adapt their successful business model to Application as a Service?
When will this outrage stop!
Really now, people. If you want free beer, let Google steal your companies IP and private communications.
If you want a free puppy, go to town on OOo and whatnot. :-)
Personally, I LIKE the puppy option, but not everyone is Caesar, the dog-whisperer.
I have a theory, which is mine. And a theory.
Homer must have bought Lisa's rock, and through misadventure Apu brought it with him on a visit back home...
I thought that I just saw a Unicorn, myself. But it was just a regular horse, with one of the horns broken off.
Loaded into rendering code? I hope this is well-sandboxed! I see nothing about the context in which these are loaded.
I fear this could be a way to load more nasties on yer little incubator.
If the cards were piled on top of each other they would be 150 times as high as Mount Everest -- 1,200 kilometres.
India's legions of local bureaucrats currently issue at least 20 proofs of identity, including birth certificates, driving licences and ration cards. None is accepted universally and moving from one state to the next can easily render a citizen officially invisible -- a disastrous predicament for the millions of poor who rely on state handouts to survive.
Even when accessing key material? C'mon! The Confidentiality, INTEGRITY, ASSURANCE triangle seems to be missing a couple of legs, in this instance.
That's really amateur. Sounds like someone swapped the Smart Cards with Dumb Cards...
What's with the little extra verb?
It was an ass-check. 'Course Mayara was worth a backward glance...
Again, try those DOS mode drivers without loading high memory. This machine has 512Kb RAM!
My Pr0n Has Been Replaced by a Manifesto!
What's next, Rapidshare?
Altering the genetic make up of an organism is now a form of teaching? :-)
Yeah. That'll be the f*cked-up NewSpeak they'll use on the 24-hour news drone, as they splice our children with 'obedience training'.
Your mother is wrong.
It started a long time ago...
Listen, my own Grandmother relied on anecdotal data, and she lived to be 117 years old!
That said, life is anecdotal...
Data is a construct by which we may delude ourselves with the notion that our intellect can transcend experience.
Uhhh... The Pacers?
It seems like JCL gurus might earn a killing, too.
It's worse than that. Bish got rid of Habeas Corpus after 800 years. Obama now reserves the Executive Privilege to detain indefinitely, those acquitted and exonerated!
Obama claims right to imprison "combatants" acquitted at trial
By Bill Van Auken
10 July 2009
In testimony before the US Senate Tuesday, legal representatives of the Obama administration not only defended the system of kangaroo military tribunals set up under Bush, but affirmed the government's right to continue imprisoning detainees indefinitely, even if they are tried and acquitted on allegations of terror-related crimes.
This assertion of sweeping, extra-constitutional powers is only the latest in a long series of decisions by the Democratic administration demonstrating its essential continuity with the Bush White House on questions of militarism and attacks on democratic rights.
The testimony, given to the Senate Armed Services Committee by the top lawyer for the Pentagon and the head of the Justice Department's National Security Division, came in the context of a congressional bid to reconfigure the military tribunal system set up under the Bush administration.
In 2006, Congress passed the Military Commissions Act in an attempt to lend legal cover to the system of drumhead courts set up to try so-called "enemy combatants," which had been found unconstitutional by the US Supreme Court. The high court subsequently ruled against the congressionally revised system as well.
This latest effort, like the one carried out three years ago, is aimed at fending off successful court challenges to the system. The Senate Armed Services Committee introduced new military commission legislation last month as part of the 2010 military spending bill.
As the committee's Democratic chairman, Carl Levin of Michigan, put it, the aim was to "substitute new procedures and language" that would "restore confidence in military commissions."
As the administration's lawyers made clear, however, any changes will amount to mere window dressing in an Orwellian system where the government decides who is entitled to trial, whether defendants are brought before military or civilian courts, and even whether or not to free those who are found not guilty.
The Justice Department attorney, David Kris, told the Senate panel that civilian and military prosecutors are still debating whether scores of detainees who have been marked for trial will be brought before a military tribunal or a civilian court.
"This is a fact-intensive judgment that requires a careful assessment of all the evidence," Kris said. He acknowledged that some form of trial was preferable to simply continuing to hold the detainees as "unlawful combatants."
What is clear, however, is that this "fact intensive" process is aimed at determining which detainees can be convicted in a civilian court, which of them must be sent to military tribunals because of the weakness of the evidence against them, and which will simply be held without trial because there is no evidence that would stand up in either venue. In such a system, all must be found guilty--the only question is by what means.
Undoubtedly another major concern is keeping out of open court cases which could make public the heinous crimes carried out by the US military and intelligence apparatus in the "war on terror," including acts of "extraordinary rendition," torture and murder.
The Obama White House has repeatedly demonstrated its determination to cover up these crimes, including by defying a court order to release Pentagon torture photos and the Justice Department's attempts to quash legal challenges to the criminal practices of the Bush administration, including rendition, torture and illegal domestic spying.
Appearing with Kris was Jeh Johnson, the chief lawyer of the Defense Department, who made the case for the president's supposed power to continue holding detainees without bringing them before any court and to throw men acqui
I don't care if they all look like Natalie Portman.
It's the last whitewash report we expect to receive on the matter.
See you in Baghram!
Movie sucked, but I want the soundtrack... 24 hours a day.
Does the article posting mean this in a topological meaning? :-)
I take that to mean on the chest and face. (.Y.)