Sunday, October 30, 2011
Tuesday, October 25, 2011
Seems that RSA/EMC case is still making waves
Latest’s news claims that more than 760 organizations,
20% of them Fortune 100 companies, may have been compromised by
RSA’s data breach in March 2011, according to a report on Krebsonsecurity.
Facebook, Google and Cisco Systems are just a few of the
many organizations that were targets of malware using the same command and
control (C&C) infrastructure as that used in the RSA attacks, according to
the report, though critical information on how the data was compiled and its
source was not provided.
Note that Krebsonsecurity does not reveal (yet) its sources
so the information below should be treated carefully for now.
Sunday, October 2, 2011
Biometrics: protection or violation? Part B
We'll now continue our previous post on biometrics. In this post we'll
display the main disadvantages and concerns of biometrics. As stated in
the previous post, the below isn't an opinion of Comsec.
First of all, a main concern is related to privacy issues. Many
people believe that maintaining a biometric database in which different
personal biometric attributes will be stored is a straightforward violation of
their privacy. In this, they state that centralized control over these
individual "assets" is a landslide waiting to happen. First, such a
database gives control to autonomic organizations (at times) that may use these
details for purposes other than security, and second, a security breach / leak
may also expose these individuals to different violating actions. Privacy
supporters are worried that databases that contain vast amounts of personal
information will probably be used for purposes other than screening for airport
security and to enforce immigration laws and regulations. Such purposes can be:
pinpointing global positioning of individuals and different surveillance
operations, minimizing a person's freedom.
Second, many find biometric interaction to also be violating. For
example, having a retina scan for the purpose of identification makes some feel
uncomfortable. These privacy advocates often claim that biometric systems are
intrusive and that they do not enhance security much. To put it simply,
security wise, the cons of biometrics overpower the pros.
We'll continue with a few more disadvantages:
1.
Biometrics devices and
mechanisms are non-cancellable. Meaning, body parts that are damaged,
cannot be as easily replaced like a password. This is why you have to enroll
several attributes when activating biometric identification - different
fingers, for example.
2.
System performance
can also add to the advantages or disadvantages of a given biometric system. A
system with a low "false accept rate" is beneficial and desired, the
same goes for a system with a "false reject rate". However this
performance isn't easily achieved, especially in different environments, such
as field conditions, etc.
To sum things up, advocates of the topics above will probably
feel empathy with Prof' Adi Shamir's quote:
"The government will give you full privacy,
until they want information on you."
Subscribe to:
Posts (Atom)