* Posts by ade328

7 publicly visible posts • joined 19 Dec 2017

Serverless Computing London: Time running out on blind bird tickets

ade328

Obviously a tout, get Ed Sheeran onto them!

Biometrics: Better than your mother's maiden name. Good luck changing your body if your info is stolen

ade328

It's Business folks, not Security...

Whatever system, we all know that it is only the $$$ impact that will changes things, and nothing else! For example, the entire fraudulent activity of card-not-present (CNP) scenarios is supported by the insurance industry. That "were all insured, so don't worry" is supported and paid for by us all! It’s called APR rates.

As many experienced security professionals on this this board know, there is no perfect security, and good enough will do when everybody pays toward the 5% (nominal %) fraudulent activity.

So when will change come? When online fraud and loss exceeds that which underwriters are prepared to cover...? No! They just put premiums up, it's business! And that’s all it is folks, business - nothing to do with security. That is where many security professional get in a knot, including myself.

Biometrics, I sense there will be a sting in the tail! And consumers will be the ones to pay for it.

Signal app guru Moxie: Facebook is like Exxon. Everyone needs it, everyone despises it

ade328

Nothing is indispensable, especially so, those who believe they are!

I do not believe the view "it is this indispensable tool" I am pretty sure alternatives for every Faceboook feature exist! The one thing Facebook has been successful at, tapping into the human 'Tribal' nature that drives us to herd and want to fit in! - it is preferable to be at the table than on the menu!

But, indispensable, No!

Facebook puts 1.5bn users on a boat from Ireland to California

ade328

Time to change the model... 18 months window before decline sets in!

Facebook have not understood the GDPR regulations 100%. Moving the 1.5B non EU users has absolutely no impact - GDPR only enforces compliance on information held by EU 'data subjects'. Assuming the remaining 700 Million or so remaining (2.2B user base 2017) users are covered by the new rules - Facebook is obliged to delete or modify personal data on request - the terms of use are not perpetual!

So the next question, will a large majority of EU based 'Data Subjects' request personal data be deleted ? Will all the non Facebook users request all 'ghost profile' data be deleted? The second set of users is likely to dwarf the 700M regular accounts... What affect will that have on Facebook advert revenues?

Change to a subscription model Facebook, protect users data, broker consensual sharing or even selling of data - adopt a new model to survive.

Facebook admits it does track non-users, for their own good

ade328

Anybody here know how how GDPR will impact these records? Not the Facebook users that have implicitly given consent by accepting the 'terms of use', but the records Facebook is storing on 'data subjects' which have given have no such consent!

No password? No worries! Two new standards aim to make logins an API experience

ade328

Re: And when your biometric data gets stolen?

Good observation, biometrics are best used to prove who you are - not authenticate as credential. It is only a matter of time before biometrics are rendered utterly useless as a weak authenticator method.

As biometric repositories build up around the globe the possibility of false acceptance rises, I would foresee Asia as the first continent by population that has their biometric profiles copied! Between the Indian Aadhar initiative and the secretive Chinese authorities, they will probably file all but your back village laborer’s profiles before this year is out!

How can you trust “probably” when your profile is dotted about everywhere, analogous to walking around with 'that' post-it note on your forehead!

UK.gov delays biometrics strategy again – but cops will still use the tech

ade328

Given all that I understand about Biometrics I would applaud this stance as Biometrics are inherently not secure – time will tell! Oh, but my mistake, there is no stance here - it is a delay in jumping off the fence! So either the UK government does not know or (cynical me) it is mindful of upsetting the potential tax revenue from the impending Biometric frenzy.

That opening paragraph was any easy shot ;-)

The fundamental flaw with Biometrics is that we all have only *one profile! Finger print, Retina Scan, DNA or other… Once a Biometric profile is out, it’s gone forever as an authentication factor. Unique but not Secret! Which means Biometrics can be used for identification not authentication!

Biometrics can be used as a secondary factor for Authentication but never ‘the’ factor.

Ade