Social Icons

Showing posts with label AUTHENTICATION. Show all posts
Showing posts with label AUTHENTICATION. Show all posts

Sunday, March 24, 2013

Twitter Session Cookie Vulnerability

1.    This one is pretty easy to show and understand..but the only thing not understandable is the fact that it actually exists even today.....so this one is about Twitter Session Cookie Vulnerability.I got to know of this at Null's delhi meet where Rishi Narang (http://www.wtfuzz.com/ )gave this demonstration of which I made a video cast subsequently and uploaded it here at your tube.


2.    In brief it goes like this...u login into your twitter account,an auth_token cookie is generated in the crowd  of various other cookies.Now this cookie only will be able to log you in your twitter account from anywhere across the web....simply watch how to exploit!!!!

3.   Thanks Rishi Narang @ http://www.wtfuzz.com/

Sunday, April 03, 2011

The weak password problem : Now solved????

1.    We are part of the first phase of IT revolution across the globe where every thing is happening....methods to secure...methods to hack....stronger and powerful servers....patching vulnerabilities....fighting malware....analysing stuxnets genre...and what not....every thing is happening.....now the following text (org from http://lanl.arxiv.org/abs/1103.6219) opens another dimension to make the passwords secure.....

"Vulnerabilities related to weak passwords are a pressing global economic and security issue. We report a novel, simple, and effective approach to address the weak password problem. Building upon chaotic dynamics, criticality at phase transitions, CAPTCHA recognition, and computational round-off errors we design an algorithm that strengthens security of passwords. The core idea of our method is to split a long and secure password into two components. The first component is memorized by the user. The second component is transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective. We expect our approach to have wide applications for authentication and encryption technologies."

2.    Thanks http://lanl.arxiv.org

Monday, September 13, 2010

New Gen BIOMETRICS : PALMSECURE from FUJITSU

1. Quiet often we seen biometrics fingers,palm,eyes,retina being chopped off in Hollywood movies for gaining illegal access to control rooms and secure areas by the bad man...so we used to think like there is no end and no permanent solution to this....now comes a solution to this problem wherein not the fingerprint or the palm print is taken as authentication model....it is the veins inside that exist inside the palm that matter and should match...now these veins should also be flowing blood to authenticate the logger.

2. Fujitsu provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features industry-leading authentication accuracy with extremely low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users.Applications include :

  • Physical access control / Time and Attendance
  • User authentication to PCs or server systems
  • Government / Commercial identity management systems
  • OEM terminal devices (POS, ATMs or information kiosks)
  • Other industry-specific applications

3. More about this here.


Monday, January 11, 2010

When EARS Speak!!!

1. Do you any of the following :

(a) That your ears make sound?
(b) That these are know as otoacoustic emissions?
(c) That this has a biometric angle?
(d) That any two persons always have different otoacoustic emissions?

2. I am sure most of you don't because the exploitation of this fact has been recently discovered.Although it has been known from quite some time, that our ear makes sounds of its own, sometimes due to a scientific principle called otoacoustic emissions1, other times in protest to the loud music we listen to. In either case, the sounds are too weak to detect using normal microphones.Although scientists knew about these sounds since the 1940s, it was only with improvements in microphone technology in the 1970s, that it became possible to detect these otoacoustic emissions (OAE).

3. Recently though it has been suggested that such sounds may in-fact be used for biometric security devices of tomorrow. The variations in each person's OAE can be used as a metric for determining one's identity. The technology is as simple as a microphone!

4. A good enough microphone embedded in any device can be used to detect these sounds, and accordingly confirm ones identity, and be eventually used by banks to confirm the identity of a person over the phone, or by the phones themselves before they allow someone to make a call!

5. So for example,as on date when u speak to a customer service at a bank...u r supposed to tell you DOB,Phone number or street address for verification before you actually demand a solution to your account query...not so will be required in near future...wherein your phone set will be able to detecty the sound in your ear and verify your identity...nothing to memorise....plain simple unique identification.

6. Otoacoustic emissions can be clinically important as they are the basis of a simple, non-invasive, test for hearing defects in newborn babies and in children who are too young to cooperate in conventional hearing tests.

7. The good thing is that dead people do not emanate otoacoustic emissions.So unlike Hollywood movies...wherein a cut thumb or extracted eye have broken the identity procedures...this one won't....

Powered By Blogger