Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
Must make Eric Arthur Blair spin in his grave. Shane ... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
_Moto X: Motorola reveals plans for ink and even pills to replace ALL your passwords | Mail Online_ (http://www.dailymail.co.uk/sciencetech/article-2333203/Moto-X-Motorola-reveals-plans-ink-pills-replace-ALL-passwords.html?ito =feeds-newsxml) When was it T.J. Watson got in so much trouble wanting to tattoo everybody for authentication purposes? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
On 06/04/2013 01:02 PM, Ed Finnell wrote: _Moto X: Motorola reveals plans for ink and even pills to replace ALL your passwords | Mail Online_ (http://www.dailymail.co.uk/sciencetech/article-2333203/Moto-X-Motorola-reveals-plans-ink-pills-replace-ALL-passwords.html?ito =feeds-newsxml) When was it T.J. Watson got in so much trouble wanting to tattoo everybody for authentication purposes? ... If the final verdict has not yet been reached on whether or not there is any increased health risk from having a cell-phone transmitter next to your head for prolonged periods, the idea of having a permanent RF transmitter internally or attached to my body doesn't sound that appealing. Sounds like it would also mean someone forceably detained could be impersonated easily without their need to cooperate (or even be conscious or alive?). I still see a need for authentication to require something only known by the individual, not solely based on something they possess. -- Joel C. Ewing,Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
Strain the sewer lines out of the pentagon for the little pills CIT | Ken Porowski | VP Mainframe Engineering | Information Technology | +1 973 740 5459 (tel) | ken.porow...@cit.com This email message and any accompanying materials may contain proprietary, privileged and confidential information of CIT Group Inc. or its subsidiaries or affiliates (collectively, CIT), and are intended solely for the recipient(s) named above. If you are not the intended recipient of this communication, any use, disclosure, printing, copying or distribution, or reliance on the contents, of this communication is strictly prohibited. CIT disclaims any liability for the review, retransmission, dissemination or other use of, or the taking of any action in reliance upon, this communication by persons other than the intended recipient(s). If you have received this communication in error, please reply to the sender advising of the error in transmission, and immediately delete and destroy the communication and any accompanying materials. To the extent permitted by applicable law, CIT and others may inspect, review, monitor, analyze, copy, record and retain any communications sent from or received at this email address. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Joel C. Ewing Sent: Tuesday, June 04, 2013 2:30 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] Check out Moto X: Motorola reveals plans for ink and even pills to replace AL On 06/04/2013 01:02 PM, Ed Finnell wrote: _Moto X: Motorola reveals plans for ink and even pills to replace ALL your passwords | Mail Online_ (http://www.dailymail.co.uk/sciencetech/article-2333203/Moto-X-Motorol a-reveals-plans-ink-pills-replace-ALL-passwords.html?ito =feeds-newsxml) When was it T.J. Watson got in so much trouble wanting to tattoo everybody for authentication purposes? ... If the final verdict has not yet been reached on whether or not there is any increased health risk from having a cell-phone transmitter next to your head for prolonged periods, the idea of having a permanent RF transmitter internally or attached to my body doesn't sound that appealing. Sounds like it would also mean someone forceably detained could be impersonated easily without their need to cooperate (or even be conscious or alive?). I still see a need for authentication to require something only known by the individual, not solely based on something they possess. -- Joel C. Ewing,Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
On Tue, Jun 4, 2013 at 1:30 PM, Joel C. Ewing jcew...@acm.org wrote: On 06/04/2013 01:02 PM, Ed Finnell wrote: _Moto X: Motorola reveals plans for ink and even pills to replace ALL your passwords | Mail Online_ (http://www.dailymail.co.uk/sciencetech/article-2333203/Moto-X-Motorola-reveals-plans-ink-pills-replace-ALL-passwords.html?ito =feeds-newsxml) When was it T.J. Watson got in so much trouble wanting to tattoo everybody for authentication purposes? If the final verdict has not yet been reached on whether or not there is any increased health risk from having a cell-phone transmitter next to your head for prolonged periods, the idea of having a permanent RF transmitter internally or attached to my body doesn't sound that appealing. Sounds like it would also mean someone forceably detained could be impersonated easily without their need to cooperate (or even be conscious or alive?). I still see a need for authentication to require something only known by the individual, not solely based on something they possess. -- Joel C. Ewing,Bentonville, AR jcew...@acm.org The RF card in most badge reader only transmit in response to a nearby reader emitting the correct frequency to power the device. And yes, if you can read the response you can duplicate it on another device. Or even just relay your signal while you are away from the reader. There are car thieves who get a pair of transmitters. One is held near the car and sends the car's query signal to the other receiver. The other receiver is near the person leaving the car. It get's the car's query and responds. This is sent back to the car by the transmitter pair. The car thinks the owner has returned, and unlocks and starts. The guy near the car hops in, waits for the pal to get in, and leaves. After shopping for 30 seconds to 2 hours, the owner comes back to an empty parking spot (if someone else hasn't taken it). -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
On Tue, 4 Jun 2013 16:30:44 -0500, Mike Schwab wrote: ( http://www.dailymail.co.uk/sciencetech/article-2333203/Moto-X-Motorola-reveals-plans-ink-pills-replace-ALL-passwords.html?ito=feeds-newsxml ) The RF card in most badge reader only transmit in response to a nearby reader emitting the correct frequency to power the device. And yes, if you can read the response you can duplicate it on another device. Or even just relay your signal while you are away from the reader. There are smarter ways of implementing challenge/response. They just cost more. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
jcew...@acm.org (Joel C. Ewing) writes: If the final verdict has not yet been reached on whether or not there is any increased health risk from having a cell-phone transmitter next to your head for prolonged periods, the idea of having a permanent RF transmitter internally or attached to my body doesn't sound that appealing. Sounds like it would also mean someone forceably detained could be impersonated easily without their need to cooperate (or even be conscious or alive?). I still see a need for authentication to require something only known by the individual, not solely based on something they possess. static data vulnerable to replay attacks has been known for decades (if not centuries). we had been brought in as consultants to small internet client/server startup that wanted to do payment transactions on server ... they had also invented this stuff called SSL they wanted to use ... the result is now frequently called electronic commerce. somewhat as a result, in the mid-90s we were asked to participate in the x9a10 financial standards working group which had been given the requirement to preserve the integrity of financial infrastructure for all retail payments. as a result we did detailed end-to-end threat vulnerability studies. part of the issue is three factor authentication paradigm * something you have * something you know * something you are the above can also be static or non-static (dynamic); static means they are subject to replay attacks. multi-factor authentication is assumed to be more secure if they have indepedent vulnerabilities. However, two-factor authentication ATM transactions ... ATM card (something you have) with magstripe and PIN (something you know) ... have separate failure modes for lost/stolen card (if the PIN isn't written on the card ... which has found to be the case in 30% of the cards). However, both the magstripe and PIN are static data and have a common vulnerability to skimming attacks involving compromised end-points (ATM machines and/or point-of-sale terminals). for x9a10, I semi-facetiously said I would take a $500 mil-spec chip, aggresively cost reduce it by 2-3 orders of magnitude (eventually well under dollar) while making it more secure ... including supporting dynamic data (immune to replay attacks). then the transit industry asked that the chip also be able to work on RF power within turnstyle time limits (very low power around 100ms) ... this was at time when contact powered chips were taking several seconds for dynamic data ... and RF-powered versions would take 100 times longer (needed to be able to do dynamic data strong authentication in about 1/1000 power profile of common chips of the era). basically chipcard that can work as contact and contactless ... like walking thru turnstyle. The contactless chipcard has antenna embedded in the card that picks up RF energy to power the chip when walking through transit turnstyle ... the same RF signal is also used for communication. from security proportional to risk ... the chip dynamic data by itself is single factor (something you have) authentication for low-value operations ... but for higher value operations ... then add in something you know /or something you are for multi-factor authentication. another facet is whether something you know type authentication (say static data) is shared-secret or non-shared-secret. A something you know shared secret are things like passwords ... where the password is registered at the authentication agency. For shared-secret something you know, kindergarten security requires unique shared-secret for every unique security domain ... as countermeasure to cross-domain attacks ... this results in some people being faced with needing hundreds of unique passwords. however, it is possible design multi-factor authentication that includes pin/password something you know ... which isn't a shared-secret (not divulged or registered). disclaimer: dozens of (assigned) patents on the subject (including covering person-centric operation as opposed to institutional-centric operation where something unique is required for each different institution and/or environment) http://www.garlic.com/~lynn/aadssummary.htm -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Check out Moto X: Motorola reveals plans for ink and even pills to replace AL
mike.a.sch...@gmail.com (Mike Schwab) writes: There are car thieves who get a pair of transmitters. One is held near the car and sends the car's query signal to the other receiver. The other receiver is near the person leaving the car. It get's the car's query and responds. This is sent back to the car by the transmitter pair. The car thinks the owner has returned, and unlocks and starts. The guy near the car hops in, waits for the pal to get in, and leaves. After shopping for 30 seconds to 2 hours, the owner comes back to an empty parking spot (if someone else hasn't taken it). re: http://www.garlic.com/~lynn/2013h.html#22 Check out Moto X: Motorola reveals plans for ink and even pills to replace AL this is similar to vulnerability in the mid-90s that the EU identified regarding financial transactions involving compromised PCs and hardware token authentication (PC keyloggers could be leveraged to impersonate real user for hardware token use involving fraudulent financial transactions ... using the token w/o owner's knowledge) as well as displaying one transaction on the screen, asking the user to authenticate and actually executing a totally different transaction. in the 98 time-frame the EU created the FINREAD standard as countermeasure to both vulnerabilities (use of the token w/o user's knowledge and transaction that you believe you are authenticating is really the transaction that you are authenticating). -- virtualization experience starting Jan1968, online at home since Mar1970 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN