Sunday, October 30, 2011
Tuesday, October 25, 2011
Latest’s news claims that more than 760 organizations, 20% of them Fortune 100 companies, may have been compromised by RSA’s data breach in March 2011, according to a report on Krebsonsecurity.
Facebook, Google and Cisco Systems are just a few of the many organizations that were targets of malware using the same command and control (C&C) infrastructure as that used in the RSA attacks, according to the report, though critical information on how the data was compiled and its source was not provided.
Note that Krebsonsecurity does not reveal (yet) its sources so the information below should be treated carefully for now.
Sunday, October 2, 2011
We'll now continue our previous post on biometrics. In this post we'll display the main disadvantages and concerns of biometrics. As stated in the previous post, the below isn't an opinion of Comsec.
First of all, a main concern is related to privacy issues. Many people believe that maintaining a biometric database in which different personal biometric attributes will be stored is a straightforward violation of their privacy. In this, they state that centralized control over these individual "assets" is a landslide waiting to happen. First, such a database gives control to autonomic organizations (at times) that may use these details for purposes other than security, and second, a security breach / leak may also expose these individuals to different violating actions. Privacy supporters are worried that databases that contain vast amounts of personal information will probably be used for purposes other than screening for airport security and to enforce immigration laws and regulations. Such purposes can be: pinpointing global positioning of individuals and different surveillance operations, minimizing a person's freedom.
Second, many find biometric interaction to also be violating. For example, having a retina scan for the purpose of identification makes some feel uncomfortable. These privacy advocates often claim that biometric systems are intrusive and that they do not enhance security much. To put it simply, security wise, the cons of biometrics overpower the pros.
We'll continue with a few more disadvantages:
1. Biometrics devices and mechanisms are non-cancellable. Meaning, body parts that are damaged, cannot be as easily replaced like a password. This is why you have to enroll several attributes when activating biometric identification - different fingers, for example.
2. System performance can also add to the advantages or disadvantages of a given biometric system. A system with a low "false accept rate" is beneficial and desired, the same goes for a system with a "false reject rate". However this performance isn't easily achieved, especially in different environments, such as field conditions, etc.
To sum things up, advocates of the topics above will probably feel empathy with Prof' Adi Shamir's quote:
"The government will give you full privacy, until they want information on you."