Network Security: Detailed info on Re: [Fwd: Re: new opensource security system product launched]

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: [Fwd: Re: new opensource security system product launched]

from [David Wall @ Yozons, Inc.] Network Security

[Permanent Link]

Subject:	Re: [Fwd: Re: new opensource security system product launched]
Date:	Thu, 7 Oct 2004 20:01:36 -0700

I think I understood your algorithm. What I pointed out was that it is
probably no better than just password protection in real world. What is
the real value addition of this method of yours in a real world
application?


And in addition, what's the real novelty here?  Asking people questions
based on stored information about them is not new.  This includes the use of
biometrics, passwords, credit history, so-called "in wallet" questions (like
SSN, driver's license, address), multiple choice questions, user-defined
Q&A, etc.  If you simply ask questions about data stored about the user,
there's nothing novel, and as others have pointed out, you even leak some
information to those who attempt to hack it, and you may also provide access
to an account because someone knows the person, but doesn't know the
password (such as a spouse, sibling, friend, co-worker, person in your HR
department, managers, etc.).

David

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Fwd: Re: new opensource security system product launched], arun balaji Re: [Fwd: Re: new opensource security system product launched], rohit Re: [Fwd: Re: new opensource security system product launched], arun balaji Re: [Fwd: Re: new opensource security system product launched], rohit Re: [Fwd: Re: new opensource security system product launched], arun balaji Re: [Fwd: Re: new opensource security system product launched], exon Re: [Fwd: Re: new opensource security system product launched], Paul Johnston Re: [Fwd: Re: new opensource security system product launched], David Wall @ Yozons, Inc. <= Re: [Fwd: Re: new opensource security system product launched], Matt Fisher Re: [Fwd: Re: new opensource security system product launched], Simon RE: [Fwd: Re: new opensource security system product launched], Michael Silk RE: [Fwd: Re: new opensource security system product launched], Michael Shirk

Previous by Date:	More details on ASP.NET vulnerability, Mark Burnett
Next by Date:	Re: Web Forms filtered with SQL constraints, Matt Fisher
Previous by Thread:	Re: [Fwd: Re: new opensource security system product launched], Paul Johnston
Next by Thread:	Re: [Fwd: Re: new opensource security system product launched], Matt Fisher
Indexes:	[Date] [Thread] [Top] [All Lists]