AI-based typing biometrics might be authentication’s next big thing

Identifying or authenticating people based on how they type is not a new idea, but thanks to advances in artificial intelligence it can now be done with a very high level of accuracy, making it a viable replacement for other forms of biometrics.Research in the field of keystroke dynamics, also known as keyboard or typing biometrics, spans back over 20 years. The technique has already been used for various applications that need to differentiate among computer users, but its widespread adoption as a method of authentication has been held back by insufficient levels of accuracy.Keystroke dynamics relies on unique patterns derived from the timing between key presses and releases during a person's normal keyboard use. The accuracy for matching such typing-based "fingerprints" to individual persons by using traditional statistical analysis and mathematical equations varies around 60 percent to 70 percent, according to Raul Popa, CEO and data scientist at Romanian startup firm TypingDNA.To read this article in full or to leave a comment, please click here

Trump eyes an H-1B visa aimed at ‘best and brightest’

President Donald Trump is considering a new way of distributing the H-1B visa to ensure they go to the "best and brightest."The phrase "best and the brightest" has long been used by tech industry groups to champion the H-1B program. It's greeted with derision by critics, who say the program's mostly entry-level workers are used to displace U.S. workers.But some critics of the visa, a group that now includes top officials in the Trump administration, are adopting the phrase to advance the idea of a priority-based H-1B distribution system.This comes from a draft executive order by Andrew Bremberg, the director of Trump's Domestic Policy Council. The order -- if signed by the president -- opens the door to major reforms of the H-1B and the Optional Practical Training programs.To read this article in full or to leave a comment, please click here

Are you a Reckless Rebel or a Nervous Nellie when it comes to online privacy?

In an era of constant likes and shares, where is the privacy line drawn? Are you someone who worries about being watched as you purchase an item online? Or do you consider loss of privacy the price you pay for having the world at your fingertips.Forrester recently released a report that reveals the characteristics of users and the factors that go into how much – or how little – each category of user shares. “We frequently hear that Millennials don’t care about privacy — just look at everything they share on social media! But this ignores the fact that Millennials actually manage their online identities quite aggressively.""While it may appear that they overshare online, they use privacy settings, ephemeral messaging, and browser plug-ins to control who sees what about them. This is exactly how most of us behave in the physical world: Our willingness to share personal information with specific people changes depending on our relationship with them.”To read this article in full or to leave a comment, please click here

Are you a Reckless Rebel or a Nervous Nellie when it comes to online privacy?

In an era of constant likes and shares, where is the privacy line drawn? Are you someone who worries about being watched as you purchase an item online? Or do you consider loss of privacy the price you pay for having the world at your fingertips.Forrester recently released a report that reveals the characteristics of users and the factors that go into how much – or how little – each category of user shares. “We frequently hear that Millennials don’t care about privacy — just look at everything they share on social media! But this ignores the fact that Millennials actually manage their online identities quite aggressively.""While it may appear that they overshare online, they use privacy settings, ephemeral messaging, and browser plug-ins to control who sees what about them. This is exactly how most of us behave in the physical world: Our willingness to share personal information with specific people changes depending on our relationship with them.”To read this article in full or to leave a comment, please click here

How to protect your data, your vehicles, and your people against automotive cyber threats?

Modern vehicles increasingly connect to the rest of the world via short range wireless technologies such as Wi-Fi and Bluetooth, wired interfaces such as OBD-II and USB, long range wireless communications such as 4G and the coming 5G for internet, and services such as OnStar, LoJack, and Automatic, to name only some. That world includes your enterprise and the criminal hackers and cyber carjackers who want to undo your data, your corporate fleets, and your people.The costs of their attacks include exposure of personal identifiable information and private data, and exposure or destruction of valuable intellectual property, according to Eric Friedberg, co-president at Stroz Friedberg. Loss of life in the midst of vehicle destruction/collision weighs heavily as a potential personal, professional, and corporate cost, as well.To read this article in full or to leave a comment, please click here(Insider Story)

How to protect your data, your vehicles, and your people against automotive cyber threats?

Modern vehicles increasingly connect to the rest of the world via short range wireless technologies such as Wi-Fi and Bluetooth, wired interfaces such as OBD-II and USB, long range wireless communications such as 4G and the coming 5G for internet, and services such as OnStar, LoJack, and Automatic, to name only some. That world includes your enterprise and the criminal hackers and cyber carjackers who want to undo your data, your corporate fleets, and your people.To read this article in full or to leave a comment, please click here(Insider Story)

That Heartbleed problem may be more pervasive than you think

 That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here

That Heartbleed problem may be more pervasive than you think

 That lingering Heartbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here

That Hearbleed problem may be more pervasive than you think

 That lingering Hearbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.But according to open-source security firm Black Duck, about 11% of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.To read this article in full or to leave a comment, please click here

69% off Omaker M4 Portable Bluetooth Shower and Outdoor Speaker with 12 Hour Playtime – Deal Alert

The M4 speaker from Omaker is IP54 rated, so its rugged splash, shock and dustproof design makes it ideal for shower and outdoor use. The latest Bluetooth 4.0 technology helps it pair quickly with your device (tap-to-pair with NFC capable devices) and maintain a long 33-foot connection range. Crystal clear sound quality and robust bass is realized through a 3W audio driver and passive subwoofer. The M4 is capable of producing 12 hours of music at 80% volume, up to three times longer than similar-sized portable speakers. It  fully recharges in just 3 hours using an included Micro USB cable. The unit averages 4.5 out of 5 stars from over 4,800 people on Amazon (read reviews), many of which report sound quality that rivals more expensive speakers. Amazon indicates that its list price has been reduced significantly to just $27.99. See the discounted Omaker M4 speaker now on Amazon.To read this article in full or to leave a comment, please click here

36% off iHealth Oxygen level, Pulse rate, and Perfusion Index Monitor – Deal Alert

This handy meter gives fast and reliable readings of your oxygen level, pulse rate, and perfusion index, wirelessly on your smartphone or tablet. Using the iHealth app, easily record and save your data to the secure, HIPPA compliant iHealth cloud for meaningful results you can track over time for yourself or a caregiver. This iHealth monitor typically lists for $69.95, but is currently discounted 36% to $44.79. See the discounted item now on Amazon.To read this article in full or to leave a comment, please click here

And Then They Join You… – Open Source @VMware

This seems significant. VMware has hired a key Linux kernel contributor, specifically Real Time.

We have seen a substantial reversal of open source commitments by many incumbent vendors eg. Cisco in ODL, HPE Openswitch. VMware might be increasing its commitment.

This company that I am now at, VMware, is taking open source seriously. By hiring myself and others, VMware is not just talking about open source, but wants to actively take part in the community. Actions speak much louder than words. Linux and open source has won and is here to stay. Linux is now a key part of enterprise software and companies like VMware acknowledge this, and they are making an effort to join, and become a productive member of the open source community.

And Then They Join You… – Open Source @VMware – VMware Blogs : https://blogs.vmware.com/opensource/2017/01/26/and-then-they-join-you/

The post And Then They Join You… – Open Source @VMware appeared first on EtherealMind.

Is ‘aqenbpuu’ a bad password?

Press secretary Sean Spicer has twice tweeted a random string, leading people to suspect he's accidentally tweeted his Twitter password. One of these was 'aqenbpuu', which some have described as a "shitty password". Is is actually bad?

No. It's adequate. Not the best, perhaps, but not "shitty".


It depends upon your threat model. The common threats are password reuse and phishing, where the strength doesn't matter. When the strength does matter is when Twitter gets hacked and the password hashes stolen.

Twitter uses the bcrypt password hashing technique, which is designed to be slow. A typical desktop with a GPU can only crack bcrypt passwords at a rate of around 321 hashes-per-second. Doing the math (26 to the power of 8, divided by 321, divided by one day) it will take 20 years for this desktop to crack the password.

That's not a good password. A botnet with thousands of desktops, or a somebody willing to invest thousands of dollars on a supercomputer or cluster like Amazon's, can crack that password in a few days.

But, it's not a bad password, either. A hack of a Twitter account like this would be a minor event. It's not Continue reading

Pseudo-Math to Measure Network Fragility Risk

Some of you may have heard me ranting on Packet Pushers on stupid network tricks and why we continue to be forced to implement kluges as a result.  I made some comment about trying to come up with some metric to help measure the deviation of the network from the “golden” desired state to the dirty, dirty thing that it’s become over time due to kluges and just general lack of network hygiene.

So I decided that I would write a bit of code to get the conversation started. All code discussed is available on my github here

The Idea

What I wanted here was to create some pseudo-mathematical way of generating a measurement that can communicate to the management structure WHY the requested change is a really, really, bad idea.

Imagine these two conversations:

bad-conversation

good-conversation

Which conversation would you like to be part of?

Assumptions:

I’m making some assumptions here that I think it’s important to talk about.

  1. You have a source-of-truth defined for your network state. That is you have abstracted your network state into some YAML files or something like that.
  2. You have golden configurations defined in templates (ex Jinja2 ). These templates can be combined with your Continue reading

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

Trump administration is giving us a good lesson on Twitter security

Several recent incidents involving U.S. President Donald Trump's administration can teach users something about IT security -- particularly about Twitter and what not to do with it.It turns out that several White House-related Twitter accounts -- including the president's official account, @POTUS -- until recently were revealing sensitive information that hackers might be able to exploit.The problem revolves around the service’s password reset function. If the account holder doesn't take certain steps to secure it, Twitter exposes information that anyone with the right skills can use to uncover what email address -- in redacted form -- was used to secure a Twitter account.To read this article in full or to leave a comment, please click here

1 2,130 2,131 2,132 2,133 2,134 3,612