Re: [Dailydave] Fingerprint biometrics attack paper...

If I understand biometrics correctly, one part of the system compares the input with a database of known fingerprints and returns a confidence value that the input is indeed part of the database. This value is then processed by the main system which probably determines if it's within a certain

Re: [Dailydave] Fingerprint biometrics attack paper...

They steal /etc/shadow and call the library. Most biometrics give a matching score because you can tune the false positive/false negative acceptable rates. Adam On Tue, Apr 12, 2016 at 03:32:29PM -0400, dave aitel wrote: |

[Dailydave] Fingerprint biometrics attack paper...

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.10.7168=rep1=pdf I want everyone to click on this paper and then maybe help explain it to me! From what I understand they got a fingerprint reader to tell them how hot/cold they were to an acceptable fingerprint. So they they modify a

Re: [Dailydave] Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides

At the outset, it seems fairly good at finding similar behaviors by bracketing time and payload. On Sat, Apr 2, 2016 at 8:35 AM, Dave Aitel wrote: > http://slides.com/eldraco/robots-vs-robots > > Possibly relevant to discussion :) > >

Re: [Dailydave] Assymetry

I figured I'd chime in as someone who builds security machine learning models as part of his day job. A few hopefully not-too-incongruous observations: 1) Most security problems are not machine learning problems. Like encryption, dual-factor authentication, taint analysis, or hand-crafted IOCs,

Re: [Dailydave] Robots against robots: How a Machine Learning IDS detected a novel Linux Botnet: Slides

Interesting. But hundreds of connections to random Chinese computers should have also been a tip off, regardless of protocols used. Still good work overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin / TWRP, openstack, and tons of other projects depend on the security of Jenkins