If I understand biometrics correctly, one part of the system compares the input
with a database of known fingerprints and returns a confidence value that the
input is indeed part of the database. This value is then processed by the main
system which probably determines if it's within a certain
They steal /etc/shadow and call the library. Most biometrics give a
matching score because you can tune the false positive/false negative
acceptable rates.
Adam
On Tue, Apr 12, 2016 at 03:32:29PM -0400, dave aitel wrote:
|
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168=rep1=pdf
I want everyone to click on this paper and then maybe help explain it to
me! From what I understand they got a fingerprint reader to tell them
how hot/cold they were to an acceptable fingerprint. So they they modify
a
At the outset, it seems fairly good at finding similar behaviors by
bracketing time and payload.
On Sat, Apr 2, 2016 at 8:35 AM, Dave Aitel wrote:
> http://slides.com/eldraco/robots-vs-robots
>
> Possibly relevant to discussion :)
>
>
I figured I'd chime in as someone who builds security machine learning
models as part of his day job. A few hopefully not-too-incongruous
observations:
1) Most security problems are not machine learning problems. Like
encryption, dual-factor authentication, taint analysis, or hand-crafted
IOCs,
Interesting. But hundreds of connections to random Chinese computers should
have also been a tip off, regardless of protocols used. Still good work
overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin /
TWRP, openstack, and tons of other projects depend on the security of
Jenkins