19 posts • joined 2 Oct 2008
A nice idea...
A great initiative but the biggest issue with academic research is that it *tends* to look at the new and shiny rather than the practical and financially viable.
Industry has always seen IT spend as a necessary burden but when it comes to security they often just see it as a burden. One which *may* never serve any purpose. Of course any rational person will tell you that it is an equally necessary requirement but convincing your bosses to run a technology uplift for security purposes usually only comes as a result of changes to policy or the law.
Re: Impossible with QR...?
Agreed it is far from impossible but the NFC solution does appear to have a couple of things going for it. Where this is proposed to be used (i,e. cafes) the owner may wish to change thier access password semi-regularly and so a printed version wouldn't be very convenient. A screen is a good idea but is likely to be more costly both in the short term and long term.
Although an outlay would be required for the new connect-by-bonk router it provides convenience, no changes to infrastructure and no additional operational costs.
Now personally.... if I had the £10,000 I would be looking at how I can set up partnerships with major brands (i.e. Costa) to include marketing within the App. Connect-by-bonk and get a 5% off code for thier carrot cake.
I do like a Costa carrot cake.
Re: Not writting it off....
" But until then it would be just as valid to claim my cat is the leading cause of global warming "
Lets not be silly here. Its been irrefutably shown by the Church of the Flying Spaghetti Monster that the rise in Global Warming is a direct result to the decline in the number of pirates over the years.
Re: So is it only me who looked at that picture.....
Howard: '...and if we just gently increase the output and traverse in a series of a horizontal patterns across they entire surface and ... thats it!! The worlds first ultraviolet laser prepared poptart.'
I can't speak for all but my phone banking does use a PIN system that is seperate to the cards issued by that bank.
"No one buys a phone 'cos it's marginally better at recognising voice commands"
Except for this disgruntled UK iPhone user:
Or this disatisfied US iPhone user:
Lets be slightly fair to Apple development group; there was a great idea and concept that they haven't yet delivered on. They just forgot to inform their marketing group.
Out of interest... how much does your standard freeview recorder cost?
Given the choice of payPerView or a one off cost of a freeview recorder to capture those few episodes\series that I like to watch but I'm not around for I suspect I would make an investment in the freeview recorder.
Re: Only 'restricted'?
The CPA Foundation scheme only allows a protection level of up to Restricted. CPA Augmented scheme allows protection up to confidential (as the article says) but missed the fact that a company needs to spend significantly more money and submit their source code for approval to be verified as this level.
If you wish to protect SECRET or TOP SECRET you'll need to look towards the CAPS schemes which are significantly more expensive again and much more invasive.
This isn't necessarily saying that they Becrypt product cannot protect against a higher level of assurance but it is more likely that there is no financial or marketable benefit in gaining a higher assurance level certificate.
Re: Re: Re: Re: Who the hell cares?
Theres snow chance of this thread getting back on topic now.
Re: Is SCADA particularly difficult?
SCADA is not particularly difficult; what was special with the Iranian Nuclear Plant was that the SCADA system was on an air-seperated network (i.e. no external connectivity) and as such it was silently transfered through the use of digital media (USB I believe). To do this silently and with no harm to any carrier systems and to meaningfully attack the systems showed that the capability level of the attacker was far beyond that normally seen.
When looking at cyber-warefare (and hence cyber-weapons) you are generally looking at consolidated attacks. For example; during WW2 you wouldnt just send your privates out to the battlefront but you would also send your medics. Now when you go to war you don't just send in your tanks but you use your cyber-weapons to disrupt communications and logistics. More often than not; you are not looking at performing permenant damage but are looking at causing interuption.
While I agree with a number of the principles within the publication I do disagree that a 'hack' cannot result in loss of life.
Re: Typical example
Thumbs up for the comment but a general reminder that PCI-DSS only addresses security within a specific industry (Payment Card Industry) and CISSP is historically described as a mile wide but only an inch deep.
While I agree COTS products do have their issues alot of security standards (FIPS, CC and CAPS CPA) are working towards defining decent protection profiles so that organisation may have a greater confidence in adopting these products. However; within any system you must always consider people, process and technology.
As the PFY once said; "Security is a journey, not a destination."
Defence in Depth
No security is infallible and there always has to be a focus on defence in depth.
While a dual-authentication system is very robust (which still remains the case) the man in the middle attack may be implemented if a user does not take the appropriate precautions to ensure their system (i.e. desktop) is appropriately protected with updated malware\virus protection. The main reason this is not a 'popular' attack is that it has a very small attack time window and requires regular monitoring; the result being that it has very low value to an attacker in comparison to other attacks.
It should be noted that certain banks do offer free browser addins that will provide additional protection that are particularly designed to protect against these attacks.
While it is interesting that the BBC has done a report on this; as indicated by the comments above this is not a new attack and should not be considered your primary point of concern if you decide to use online banking or a chip-and-pin card in general.
Shouldnt this be called the Goverment Interception Modernisation Programme?
Or would that just be hitting a sore spot?
50 char password...
RE: I'd imagine you might also get a few dropped packets...
"Not to mention the odd 'man in the middle' attack from farmers with shotguns."
Technically that would be a denial of service attack.
RE: Two things
This is clearly a misunderstanding of the concept of user against developer.
I entirely agree that your bog standard user will only need the simple concepts of internet browsing, email read/writing and image editing. This is why things like the iPad will continue to grow in popularity.
However don't underestimate the importance or the massively expanding nature of computer sciences which look at the development of neural networking, artificial intelligence, high speed image recognition etc etc etc. These developing regions require encompasing knowledge of both mathematics and physics to both understand the history of these concepts and help define the future.
It is quite simply wrong and misleading to attempt to group IT studies (using a computer) and Computer Science (developing information systems)
Does this add up?
"He used the same contact details and IP address to create each account, the court heard."
"We continue to invest over £6 million every year in industry leading technology to proactively detect shill bidding."
"He was investigated by Trading Standards after a buyer complained he had been sold a clocked minibus."
If the 'industry leading technology' can't detect that the seller and bidder have the same IP address && same contact details what exactly is it doing? Am I missing something here?
A step in the right direction?
As a founded geek and (unfortunately) dedicated player of WoW I am happy to see that Blizzard is now targeting the manufacturers of these Bots while at the same time identifying and banning the users of them.
Blizzard has in the last year removed all need for repetitive game play of gold farming and generic mob slashing so that players have the opportunity to focus on their targets final goals whether they are PvP or PvE. The only monotonous task left in the game now is the levelling up of a character that has even recently been improved by systems allowing you to level up 3 times as fast.
The purpose of Bots now days are only to support a ‘Glory Hunter’ who wishes to have everything in the game for none of the effort.
With regards to comments of perverts in the game; this is why WoW is accompanied with age restriction, parental controls, server types (PvP, PvE and RP) and even language filters to protect the innocent. But this really does fall into a whole different article.