Category Archives: securityI know that fingerprints are not exactly foolproof methods of authentication because they are fairly easy to spoof. This video shows an example of how this can be done in order to fool the fingerprint scanner on many laptop computers.
Fingerprint System Nightmare - video powered by MetacafeBottom line, folks: if you want to be safe, […]
If you do anything more than passively read web pages online, chances are, you’ve got an identity somewhere. You have an email address (or 10). You have a login on most every site you interact with (e.g. Google, eBay, Facebook). If you use IM tools, surely you’ve got a name on each of those services.
Even […]
Man, oh man, I wrote a lot of stuff this week. Let’s get straight on with it:
Charge Your iPod With An Onion And Gatorage (From The Gadgets Weblog)
Use Your Nokia N95 As A Lightsaber (From The Gadgets Weblog)
Defensio Launches Comment Spam Filtering Service (From I Got Spam?!)
Skype 2.0 For Linux Adds Video (From The VoIP […]
This was one of those weeks were I felt “needed”–a lot. It made for a stressful week. Ended the work week on a high note, though, which is always a bonus.
Meanwhile, here’s this week’s rundown of what I’ve written:
Receiver Initiated Authentication: The Holy Grail Of Spam Filtering? (From I got Spam?!)
Charge a USB Device By […]
There’s an interesting thread over on Slashdot about parental controls on PCs. Obviously, the crowd on Slashdot is a bit more technical than your average parents. Good thing, as I am in that crowd.
Parental Controls are often seen as a substitute for good parenting. They aren’t. Because the kids will eventually find a way to […]
A couple of people I know got signed up for Quechup. My address was apparently “harvested” from the address book of these folks and I’ve been invited–multiple times, even–to join this service.
I’ve looked through this service and I see absolutely no reason to join this place. It looks like a lame me-too service with no […]
As a guy who has made a living in the network security business, and is really unhappy with the state of security on the Internet, I like to see proper security in the hands of real people.
The PayPal Security Key is exactly that. This key adds a second factor to the authentication process for your […]
In my post about Numbr, someone asked how Numbr makes money when they don’t charge anything to the end users? Simple: they make money on incoming calls.
In most parts of the world, to make a local call, you have to pay a per-minute charge to the local phone company. That is not true in the […]
What is a Cross-Site Request Forgery? Quoting from the Cross-Site Request Forgery FAQ:
Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: http://site/stocks?buy=100&stock=ebay) allowing specific actions to be performed […]
Here is the email from (ISC)2:
Candidate Id: xxxxxx
This is to advise you that your documents have been processed in the system as of today.
We are now printing certificates every day, therefore your certificate should be printed within a day following processing.
Your package will be mailed out within a couple days after the certificate is printed. […]
Today I got word that I passed my CISSP exam. The next phase in the process is getting endorsed by another CISSP. Currently, they also permit being endorsed by holders of other, related credentials, though on 1 October 2007, that will no longer be allowed. Since I’m in the Nokia office this week and one […]
This is one of the most crackpot ideas I’ve seen: create a .bank top-level domain and restrict it only to banks. Will that make phishing for bank information less possible? I don’t think so. The problem is very simple: most people aren’t observant of where they are connecting to or what might be showing in […]
I never thought in my life I would spend almost the entire allowed 6 hour time on the CISSP exam, but I did. And I was oddly zen about the whole experience. Sure, I was a little nervous when I first walked into the testing room as I had no idea what to expect. One […]
From the latest SANS NewsBites:
The Pirate Bay, a website that helps users find files over BitTorrent peer-to-peer (P2P) file sharing software, has reportedly been the victim of attack; the intruder stole a copy of the site’s user database. User passwords are encrypted, but Pirate Bay’s site operator encourages users to change their passwords nonetheless, and […]
Russell Shaw reports that there is now a new “attack vector” utilizing Java and Quicktime on a web page. This is basically the security bug that was recently found against MacOS, but it’s actually not against MacOS per-se, but rather Quicktime. That means not only is MacOS vulnerable, but Windows is potentially vulnerable too.
From nist.org […]
© 2007 The PhoneBoy Blog. Powered by Wordpress wearing MyJournal Hypereal by 
BlogoSquare
There are currently 1,709 posts extending over categories with loads upto 1,570 comments with valid XHTML and CSS.
