When EARS Speak!!!

1. Do you any of the following :

(a) That your ears make sound?

(b) That these are know as otoacoustic emissions?

(c) That this has a biometric angle?

(d) That any two persons always have different otoacoustic emissions?

2. I am sure most of you don't because the exploitation of this fact has been recently discovered.Although it has been known from quite some time, that our ear makes sounds of its own, sometimes due to a scientific principle called otoacoustic emissions1, other times in protest to the loud music we listen to. In either case, the sounds are too weak to detect using normal microphones.Although scientists knew about these sounds since the 1940s, it was only with improvements in microphone technology in the 1970s, that it became possible to detect these otoacoustic emissions (OAE).

3. Recently though it has been suggested that such sounds may in-fact be used for biometric security devices of tomorrow. The variations in each person's OAE can be used as a metric for determining one's identity. The technology is as simple as a microphone!

4. A good enough microphone embedded in any device can be used to detect these sounds, and accordingly confirm ones identity, and be eventually used by banks to confirm the identity of a person over the phone, or by the phones themselves before they allow someone to make a call!

5. So for example,as on date when u speak to a customer service at a bank...u r supposed to tell you DOB,Phone number or street address for verification before you actually demand a solution to your account query...not so will be required in near future...wherein your phone set will be able to detecty the sound in your ear and verify your identity...nothing to memorise....plain simple unique identification.

6. Otoacoustic emissions can be clinically important as they are the basis of a simple, non-invasive, test for hearing defects in newborn babies and in children who are too young to cooperate in conventional hearing tests.

7. The good thing is that dead people do not emanate otoacoustic emissions.So unlike Hollywood movies...wherein a cut thumb or extracted eye have broken the identity procedures...this one won't....

HP in the racists scoooop!!!

1. Phenominal is the pace at which the IT Sector is growing and Interesting are the ways in which few errors happen one of which I am mentioning down.....

2. The issue has attracted worldwide attention this month, when a US Black man known as "Black Desi" posted a YouTube video that showed his HP webcam built in to its new computers refusing to track his face but on the other hand it could do so just fine for his white friend Wanda.Titled "HP computers are racist", the YouTube video quickly attracted more then 500,000 hits and showed Black Desi's webcam working as it should when his work colleague "White Wanda" stepped in front of the camera, but when "Black Desi" got in front, no face recognition took place.

3. What does HP have to say about it?

""

"We thank Desi, and the people who have seen and commented on his video, for bringing this subject to our attention," it said in a blog on its help page.

"The technology we use is built on standard algorithms that measure the difference in intensity of contrast between the eyes and the upper cheek and nose. We believe that the camera might have difficulty 'seeing' contrast in conditions where there is insufficient foreground lighting," the blog added.

""

4. So what would have happened is like this !!!!!HP would have conducted all QC tests in their labs which in all probablity would have involved only the whites......HP by now mut have enrolled few Blacks for better QC of their products in their labs......well that was just in good humour....

5. To errrrrr is human.....and to IT errrrr is HP.

Google Binged!!!! - My 100th Post

1. For so many days wanting to upload some post but just could'nt find anthing so interesting before I read about this.

2. From the time Bing was introduced and pitted against arch rival Google,there have been talks and forums across proving each others superiority over each other.Now for the first time some one Big has come up with this.....it follows down..please read!!!

3. A Mozilla official today advised Firefox users to the extension that adds Microsoft's Bing to the list of the browser's search engines after Google's CEO downplayed consumers' privacy concerns.

4. Citing a clip from a CNBC broadcast shown below, during which Google chief executive Eric Schmidt discussed online privacy, During the interview, Google chief executive Eric Schmidt was asked: "People are treating Google like their most trusted friend...should they be?" It was Schmidt's answer that motivated Dotzler to show users how to drop Google, Firefox's default search engine, for rival Bing.

"IF YOU HAVE SOMETHING THAT YOU DON'T WANT ANYONE TO KNOW, MAYBE YOU SHOULDN'T BE DOING IT IN THE FIRST PLACE," SCHMIDT TOLD CNBC. "IF YOU REALLY NEED THAT KIND OF PRIVACY, THE REALITY IS THAT SEARCH ENGINES, INCLUDING GOOGLE, DO RETAIN THIS INFORMATION FOR SOME TIME AND IT'S IMPORTANT, FOR EXAMPLE, THAT WE ARE ALL SUBJECT IN THE UNITED STATES TO THE PATRIOT ACT AND IT IS POSSIBLE THAT ALL THAT INFORMATION COULD BE MADE AVAILABLE TO THE AUTHORITIES," ADDED SCHMIDT.

5. Asa Dotzler, Mozilla's director of community development, then on provided a link to the Firefox extension that adds Bing to Firefox's search engine list.

6. Google chief executive Eric Schmidt would be now trying to undo his statement in some form but the arrow has been shot….and the dent on the google is seen……so googler’s Be ware now on!!!!!!

7. Thanks http://www.computerworld.com

LAPTOP Face Recognition falls FLAT!!!!

1. Now this is one interesting thing to read.All those claims by Saif Ali Khan in his ad promoting one company for face recognition feature introduction had made its way out of the IT World.....well....so it seems!!!!read ON.........

2. Experts from Bkis Internet Security in Vietnam have proven how easy it is to defeat this.In front of technology experts, authors and press representatives from different countries participating in an internet security conference, Bkis experts demonstrated the vulnerabilities in Face recognition function on Asus, Lenovo and Toshiba laptops. Even when set at the highest security level, the laptop could not prevent Bkis expert Mr Nguyen Minh Duc from breaking into the system. With some technical tricks, Duc in turn logged onto Asus, Lenovo and Toshiba computer at the amazement and continuous applause from the audience. Everyone was really surprised to see how a famous and trusted security technique could be broken so easily.A Pic is shown below from actual demo loc.In some cases,even the owners of Facebook profile photo could be printed and used.

3. What the researchers found is that the technology just isn't that hard to fool. Even photographs that have previously been digitized and distributed, like those on Web pages or transmitted through videophone conversations, will do the job.The model exploits the flaw in image processing. In other words, it uses a photo of a person instead of his/her real face. It works because the algorithms will process in effect digital information.Provided those conditions, an attacker might take some photos of one user within the system, perform some image editing, regenerate “special pictures” and penetrate into the system.

4. Now the worry point is that Biometric data, including facial recognition, is increasingly being built into passports, drivers licenses and other forms of ID. Australia and Germany both use facial recognition to control access and determine identity at border crossings, and the U.S. and other countries are moving in that direction. So....ab kya hogaaaa?

5. Thanks http://www.examiner.com,http://www.bkis.com and Chip magazine.

xB Browser - Makes you anonymous

1. xB Browser is a free and open-source anonymous web browser in the world which is just a click away from anonymous surfing right now! With xB Browser you can securely and anonymously surf the internet, and bypass firewalls and website censorship.

2. The main advantage compared to other anonymous web browsers is that xB Browser requires no configuration or technical knowledge in order to achieve anonymity. xB Browser is open-source so you can feel safe knowing what goes into our code. Additionally, it is even portable on a USB stick .

3. xB Browser was previously known as Torpark. It does not store a cache on the user hard drive, nor does it store cookies, so there is no mess to clean up with eraser programs. xB Browser also has advanced features such as SSL MD5 RSA certificate vulnerability detection, DOM object and flash cookie protection,cross-site scripting attack prevention, user-agent cloaking, and java proxy control. xB Browser also detects and disables malicious browser addons that are hidden in the windows registry.

4. I recently downloaded the same from http://download.cnet.com/windows/3055-2144_4-10660326.html?tag=pdl-redir and I am really impressed with the same......the only thing I got perturbed was with the speed.Having ridden on chrome for over a year...the speed is not a match.It is about 45 Mb in size...isn't that heavy...well any way...CHROME rules still.

WHO ESPIED MY COMPUTER?

1. How many times would you be able to know who logged in or who used ur computer in your absence?NOt much most of the times!!!An easy to find out the details is a one liner solution......

2. So,here is the trick for that ..Simply type as given below in the RUN bar ie

Start - Run - TYPE eventvwr.msc

3. All details of login will be in front of your eyes.SIMPLE!!!!!!!

4. Thanks http://www.technotips24x7.co.cc/

KYPS : HELPS AVOID BEING VULNERABLE!!

1. In an earlier post when I had discoursed how much prone are you at any cyber cafe or at some other non friendly computer when u surf web on a holiday outside or when u dont have your own laptop,how prone you become to keylogger!!I had given out given out few suggestions in form of using mobile/portable browser etc. that was at http://anupriti.blogspot.com/2009/06/are-you-secure-at-your-friendly.html

2. Not a new thing but I tried this for the first time yesterday ie KYPS that stands for Keep Your Password Secret.Now for the understanding of this I will write a small step by step instruction.

3. BACKGROUND

How to avoid typing username and password at the outside or malicious looking cyber cafe computer.?

4. SOLUTION

(a) Register at http://kyps.net/home/

(b) Get a set of codes at your email id

(c) Register those username/passwords site that u intend using sometime later at some other computer.

(d) Now when u wish to access the email account at the cyber cafe you simply have to log into the site of KYPS and site will help you reach and access the e-mail without using the username and password,but by using the one time codes that I had mentioned earlier.

5. EXAMPLE

(a) You register your email id abc@yahoo.com at KYPS.

(b) Once you register,a set of codes will be mailed to you.Qty will be decided as per your choice.Say 80.

(c) These codes will look some thing like :

100 9?nRQuJ8p 110 DzobNpk?M 120 Xg1Z2kXsL 130 maXXcACKV

101 x0Ivy4XsB 111 jcK8p7JRl 121 WqJ6GXDz4 131 XfjKVH65p

102 ilKzybBE0 112 /nvspLbmr 122 VoaX7yI1 132 5ILuG5ddN

103 tXaRNJwk? 113 lcMEO?GN? 123 MjpXow3CI 133 vBbKpkXiT

104 lAJNJnfcZ 114 Lf?U7Zzyn 124 VX71za0+J 134 KGXkxsVc

(d) You go to a Cyber Cafe.Log into the KYPS site with your e-mail id.

(e) Select which e-mail you would like to access.

(f) Once selected, KYPS will ask you the equivalent code of 100 ie 9?nRQuJ8p

(g) and you log into the email page to access your mails.

(h) DONE.That's it.

6. RISK

The only risk you build here is that since you rely on KYPS which has your info in their server but they claim is never stored.So one risk closed is one risk open......thats the funny side of SECURITY

Are you secure at your friendly neighbourhood CYBER CAFE ?

1. This one comes after I have read a wonderful article in the DIGIT Carnival issue Jun 09 on Cyber café Security. This article covered how few Cyber Cafe’s with notorious intentions can play with crucial, critical and confidential information of the user who might have accessed his e-mail accounts or would have booked a flight ticket with his credit card or might have done some personal work on the cyber cafe’s PC.In the following paragraphs I would just go over the preventive measures in brief as outlined in that article. Genuine Informative CREAMY INFO THAT IS!!!!!!!!

2. PORTABLE WEB BROWSER : A portable web browser as the name suggests would be able to allow you to take bookmarks and passwords with you while not writing any information on the host computer. This allows to bypass key loggers who would be expecting that all that you type would be logged in one separate file unknown to the user. So this feature of the portable browser would allow you to access your accounts without typing and thus preventing from leaking your crucial info. But at the same time you have to be aware that PENDRIVE would be equal to your most precious thing in life….so don’t ever try and attempt loosing it.Mozzilla,Opera have these free softwares ready for download at the click of a button and Chrome is working still!!!!!

3. Another thing about the key logger software’s available in the market, yes they include OPEN SOURCE TYPE ALSO………so all the more vulnerable the user becoming a quarry. Key logger can be of two types :

a. Hardware Type – By using a small chip in the keyboard which makes by passing impossible.As shown in the figure below,we see a normal CPU rear from back and another PC with the malicious chip placed in between the cable.

b. Software Type – Can be activated with the help of a Trojan or with the help of a simple installation.

4. A software based key logger can either keep a record of what is being typed or would be able to take periodic screen shots while the user is using the PC.All this being sent to a remote server without the knowledge of the bechara user.Hai na kamaaal ke baat!!!!!!!!!!

5. VIRTUAL KEYBOARD : Although the endeavor of the cyber cafe PC user should be to ensure that in no circumstance, credit card details should be typed,but if at all it is marta kya na karta wali baat,then use of virtual keyboard should be exploited. This would be available as Start > Accessories > On Screen Keyboard.Although there are ways and means to even break this,but then there would never be a guarantee of sort…after all U R ON THE WEB BHAISAAAB…..every thing is accessible.

6. I would like to mention one more thing here….VIRTUAL KEYBOARDS/ON SCREEN KEYBOARDS are not a guarantee for ensuring safety. There are key loggers which are even configured to log only details from on screen key boards. There is a solution to this also and that is OBFUSCATION.

7. OBFUSCATION : This basically allows key loggers to log a certain combination of keys,while keying in different combination. There are some programs that are targeted at different obfuscation algorithm and thus by pass typing in the meat thing. Obfuscation is actually the deliberate hiding of the software's behavior, is used by malware authors as well as legitimate software developers. They both use code obfuscation techniques to keep curious souls from understanding how their software works and what it is doing to the computer on which it runs.A complex thing in itself but who needs to know that….aaam khao….not to worry of guthli!!!!!!!!!!!How to use it?Pl BING or Google.

8. Another important thing to be ensured is to protect your USB drive from Viruses.The first thing to do when you plug in your USB Drive into a public computer is to identify and disable malicious processes running. Process Explorer is a good utility for doing this.This is actually like windows task manager but with few more good options to work on. A Screen Shot from my lap top shown below.

9. Securely deleting data : Last but not the least…ensure using a good software that ensures that no trace of activity on the used computer is left behind.I recommend using ERASER and Free Commander ……tried and tested……………

IRON KEY : World's Most Secure Pen Drives

1.         Pen drives are dangerous and have even been banned by few organizations including the prestigious armed forces after one scandal of security leak came to light few years back in navy.Is that the solution? Now it is like marta kya na karta wali baat….”i don’t have control over it so better ban it”.Good News for those who still desire to use pendrives in a much much safer way then available in the market.IRON KEYS have come to take care of the security issue of pendrives.What is IRON KEY? Read on…….. 

2.         The IronKey drives are very small, very portable, and very convenient. They come in configurations of 1Gb, 2Gb, 4Gb, and 8 Gb’s. IronKey’s Secure Flash Drive is similar to an iPod, as its hardware, software and online service all rolled into one product. The IronKey Cryptochip uses US government-approved AES, CBC-mode, 128-bit encryption at the hardware level. 

3.         All models come in a sleek, stainless-steel, waterproof case that is sturdier and heavier than other USB drives. The case has been injected with an epoxy compound that blankets the inner workings and keeps them dry and shock-resistant. Security-wise, the case would be extremely difficult to pry open without destroying what's inside. 

4.         IronKey has a password generator that can create passwords up to 99 characters in length at either normal strength with alphanumeric characters or stronger strength, which includes all keyboard characters. To use the IronKey flash drive, you need to activate an online account. This is a necessary step to enable certain services -- such as online password backup, device and software updates and to access IronKey's encrypted Web-surfing service, which uses Mozilla's Firefox. Besides creating an online username and password, you are asked to supply answers to three supplemental authentication questions that will verify your identity in case you ever lose your username or password. Failing to answer the questions accurately will lock you out of your account permanently. 

5.         IronKey e-mails an activation code that you must enter in a window to complete your online setup. IronKey allows you to change personal security information at any time by accessing account settings. If someone does happen to gain access to your flash drive and they fail to type in the correct password more than 10 times, IronKey will self-destruct, permanently locking out users and wiping out all the data on the drive. 

6.         From a speed standpoint, IronKey is fast. Hd Tach tests showed speeds well above the competition: IronKey's speed is 31MB/sec. burst speed; an average read rate of 29.6MB/sec., and a 6-millisecond random access rate. The CPU utilization rate is vastly higher than any other driver on the market by as much as 22%. SLC memory lasts about 100,000 write cycles and MLC memory lasts about 10,000 writes. 

7.         Special Solutions USA is an exclusive distributor of IronKey Secure USB flash drives for the Indian market. 

8.         More on https://www.ironkey.com/