Page 1 of 15 1234511 ... Last
  1. #1

    Join Date
    Aug 2015
    Location
    Sarasota, FL
    Posts
    6,966
    Style
    Jiu-Jitsu, Judo,Wrestling
    1

    Frank Abagnale gives advice on very simple identity theft prevention precaution.

    Is good advice...

    From somebody who would know.

    https://www.yahoo.com/finance/news/f...142210933.html

  2. #2
    W. Rabbit's Avatar
    Join Date
    May 2010
    Location
    Wa Chung Mountain, NJ
    Posts
    17,824
    Style
    Mixed
    Quote Originally Posted by Dr. Gonzo View Post
    Is good advice...

    From somebody who would know.

    https://www.yahoo.com/finance/news/f...142210933.html
    Wonderful.
    '“I am no advocate of passivity,” Coffin Mott said in an 1860 speech. “Quakerism, as I understand it, does not mean quietism. The early Friends were agitators; disturbers of the peace; and were more obnoxious in their day to charges, which are now so freely made, than we are.”'

  3. #3
    Diesel_tke's Avatar
    Join Date
    Jan 2007
    Location
    Pensacola, FL
    Posts
    6,420
    Style
    stick, pistol, rifle
    2
    If they get rid of passwords in the next 2 or 3 years, as he says, what will they use instead?
    Combatives training log.

    Gezere: paraphrase from Bas Rutten, Never escalate the level of violence in fight you are losing. :D

    Drum thread

    Pavel Tsatsouline: kettlebell workouts give you “cardio without the dishonour of aerobics”.

  4. #4
    W. Rabbit's Avatar
    Join Date
    May 2010
    Location
    Wa Chung Mountain, NJ
    Posts
    17,824
    Style
    Mixed
    1
    Quote Originally Posted by Diesel_tke View Post
    If they get rid of passwords in the next 2 or 3 years, as he says, what will they use instead?
    Biometrics and AI.

    That's what they use in bathrooms in China today to ration toilet paper, facial recognition.

    I'm not joking.
    '“I am no advocate of passivity,” Coffin Mott said in an 1860 speech. “Quakerism, as I understand it, does not mean quietism. The early Friends were agitators; disturbers of the peace; and were more obnoxious in their day to charges, which are now so freely made, than we are.”'

  5. #5

    Join Date
    Aug 2015
    Location
    Sarasota, FL
    Posts
    6,966
    Style
    Jiu-Jitsu, Judo,Wrestling
    1
    Quote Originally Posted by Diesel_tke View Post
    If they get rid of passwords in the next 2 or 3 years, as he says, what will they use instead?
    A biometric combined with a two factor authentication is growing in popularity.

    We'll see.

  6. #6
    W. Rabbit's Avatar
    Join Date
    May 2010
    Location
    Wa Chung Mountain, NJ
    Posts
    17,824
    Style
    Mixed
    Quote Originally Posted by Dr. Gonzo View Post
    A biometric combined with a two factor authentication is growing in popularity.

    We'll see.
    2FA will be replaced by nFA, where your identity won't be proven with 1 or 2 things, but a potential million or more.

    DNA illustrates this in theory and practice, which is why it's allowed forensically in court via Daubert. And even then, there's a very small potential of error.

    Future authentication may involve providing your DNA, your face, voice, with an AI that knows exactly where you are, or were, or will be after authentication.

    Amazon is right now building a way to guess what you will order in the future, so it can deliver it to you as fast as a pizza.

    If this sounds like Skynet..it is exactly that.
    Last edited by W. Rabbit; 9/16/2019 1:01pm at .
    '“I am no advocate of passivity,” Coffin Mott said in an 1860 speech. “Quakerism, as I understand it, does not mean quietism. The early Friends were agitators; disturbers of the peace; and were more obnoxious in their day to charges, which are now so freely made, than we are.”'

  7. #7
    Diesel_tke's Avatar
    Join Date
    Jan 2007
    Location
    Pensacola, FL
    Posts
    6,420
    Style
    stick, pistol, rifle
    2
    Interesting. So, which of these companies are leading the R and D in those areas? As in, where should I invest my money. ;)
    Combatives training log.

    Gezere: paraphrase from Bas Rutten, Never escalate the level of violence in fight you are losing. :D

    Drum thread

    Pavel Tsatsouline: kettlebell workouts give you “cardio without the dishonour of aerobics”.

  8. #8
    Joe "I should not comment on Anthony Weiner" Biden staff
    submessenger's Avatar
    Join Date
    Apr 2010
    Location
    KAUS
    Posts
    11,127
    Style
    BJJ/Judo/MT
    2
    IMO, has to be "something you have and something you know."

    Password can be stolen or social engineered, so you need...

    a token - DNA, facial match, iris match, fingerprint, RSA device, etc... but those can be stolen so you need...

    A password.

    (this is where APT comes into play)

    There's a tradeoff between security and usability. If you make systems too hard to access, you lose productivity. If you're losing productivity, there's no point in having the systems in the first place.

  9. #9
    W. Rabbit's Avatar
    Join Date
    May 2010
    Location
    Wa Chung Mountain, NJ
    Posts
    17,824
    Style
    Mixed
    Quote Originally Posted by submessenger View Post
    IMO, has to be "something you have and something you know."

    Password can be stolen or social engineered, so you need...

    a token - DNA, facial match, iris match, fingerprint, RSA device, etc... but those can be stolen so you need...

    A password.

    (this is where APT comes into play)

    There's a tradeoff between security and usability. If you make systems too hard to access, you lose productivity. If you're losing productivity, there's no point in having the systems in the first place.
    Three things: Something you have, know, or are. E.g. Token, password, retina. Smart card, security question, fingerprint.

    Theft is the biggest risk but all 2fa does is make it harder and or more expensive to attack. And yes, it makes some biometric attacks particularly gruesome, something they love to spoof in action movies.

    Many modern tokens no longer simply spit out nonces you can use as second factors. Newer ones are basically OTP generators with their own authentication.That change came about a few years ago from the massive RSA token breach. You won't find many places using PRNG fobs nowadays...turns out you don't need the fob if you can't just steal or generate the number it displays.

    Really, the idea of extending 2fA to nfA is to keep lowering the probability of a successful theft, replay, etc through a simple cost/benefit play. And by making authentication more seamless with ML/AI, like all seamless tech eventually you don't even see it when its working.

    And yes, APTs don't care how many you use, which is where concepts like kill chains and defense in depth come in.

    Already AI can be used to see what you do after successful authentication, for exactly that reason. You have to account for unauthorized access or you're gonna have a bad day.
    '“I am no advocate of passivity,” Coffin Mott said in an 1860 speech. “Quakerism, as I understand it, does not mean quietism. The early Friends were agitators; disturbers of the peace; and were more obnoxious in their day to charges, which are now so freely made, than we are.”'

  10. #10
    Joe "I should not comment on Anthony Weiner" Biden staff
    submessenger's Avatar
    Join Date
    Apr 2010
    Location
    KAUS
    Posts
    11,127
    Style
    BJJ/Judo/MT
    1
    Quote Originally Posted by W. Rabbit View Post
    Three things: Something you have, know, or are. E.g. Token, password, retina. Smart card, security question, fingerprint.

    Theft is the biggest risk but all 2fa does is make it harder and or more expensive to attack. And yes, it makes some biometric attacks particularly gruesome, something they love to spoof in action movies.

    Many modern tokens no longer simply spit out nonces you can use as second factors. Newer ones are basically OTP generators with their own authentication.That change came about a few years ago from the massive RSA token breach. You won't find many places using PRNG fobs nowadays...turns out you don't need the fob if you can't just steal or generate the number it displays.

    Really, the idea of extending 2fA to nfA is to keep lowering the probability of a successful theft, replay, etc through a simple cost/benefit play. And by making authentication more seamless with ML/AI, like all seamless tech eventually you don't even see it when its working.

    And yes, APTs don't care how many you use, which is where concepts like kill chains and defense in depth come in.

    Already AI can be used to see what you do after successful authentication, for exactly that reason. You have to account for unauthorized access or you're gonna have a bad day.
    3FA is bullshit - they took 2FA and busted out part of the "have," to be a bio factor. It's marketing gee-whiz, at best.

    We all know that this is only keeping the honest people honest, anyways. Trouble is, most people are actually honest, so the fear-mongering gets a little shrill.

    Slight correction to my previous - DNA is not readily available as an instant test, that was an error on my part. At best, with current "widely," available tech, you would have blood typing or an encoding of DNA (which is just another have, and easily copied).

Page 1 of 15 1234511 ... Last

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in