Quantcast

Author: david b.

An Analysis of the Online Identity Battleground 7: Dissecting the Legislation

Completing his Shmoocon presentation, aestetix singles out specific country-based legislation regarding name policies, and takes questions from the audience. Our last myth from Adam here: we are currently fixing this through legislation. South Korea did this back in 2003 (see image below). So, South Korea,...

An Analysis of the Online Identity Battleground 6: Names Policies of Google and Facebook

This section outlines the way services like Google and Facebook currently go about handling user names and pseudonyms. There’ve been some updates and changes to this policy of Google. The new policy: “You can change your name, but it’s limited to 3 times every two years,” I’m not sure why....

An Analysis of the Online Identity Battleground 5: Can We Trust “Identity Providers”?

Subjects covered in this part of aestetix’s presentation include trust in terms of online names specificity, and “identity providers” like Facebook and Google. Myth #3: we cannot trust anyone who does not use their legal name online. Trust – that’s such a tricky word, isn’t it? Here’s...

An Analysis of the Online Identity Battleground 4: Legal Names and Cyberbullying

aestetix makes herein an emphasis on the correlation between the use of real names and pseudonyms online with people’s behavior on the Internet. Number two for the myths, thanks Adam: “We can stop cyberbullying by forcing people to use their legal names. People who do not use their legal names do...

An Analysis of the Online Identity Battleground 3: The Essence of Identity

What aestetix highlights in this part of the presentation is the different aspects of one’s identity and its relation to nyms, nicknames, hacker handles, etc. Moving on a little bit and getting into some psychology here, the question: “Is identity internal or external?” And if you’ve...

An Analysis of the Online Identity Battleground 2: Defining a “Nym”

aestetix dwells herein on the essence of name, nym, identity, and social network, and provides non-trivial examples thereof as well as their interrelations. So, myth #1, and there are 5 of these myths, just so you know. Only pedophiles, criminals and cyber-bullies do not want to use their legal names...

An Analysis of the Online Identity Battleground by aestetix

aestetix, a researcher of online identity issues and one of the enthusiasts that created the Nym Rights group, gave a great talk at Shmoocon 2013 event entitled “Beyond Nymwars” highlighting the various facets of online names use within the identity-related context. Before I start I just want to...

Life Inside a Skinner Box 6: Implementing an Automated System the Right Way

The scientists are highlighting ways to implement automated law enforcement without having to suffer the consequences of malfunction and possible abuse. Lisa Shay: So, what can we do about this? Obviously there are countermeasures that are available for all different kinds of problems. Greg and I gave a...

Life Inside a Skinner Box 5: The Mixed Blessing of Perfect Law Enforcement

The researchers provide here an insight into whether perfect law enforcement is a good thing, and dwell on related issues from an automation perspective. Woody Hartzog: Some of the big questions, and I think the one that goes to the heart of our talk today, is whether we want perfect enforcement of the law....

Life Inside a Skinner Box 4: Benefits and Downsides of Automation

Greg Conti and Woody Hartzog dwell on the possible advantages and disadvantages for the society given that law enforcement gets increasingly automated. Greg Conti: So, clearly, there’re advantages to this, but there’re certainly disadvantages as well, and it really depends on your perspective: are...

Life Inside a Skinner Box 3: Breakdown of Automated Law Enforcement

Woody Hartzog and Lisa Shay now break down the automated law enforcement process into individual constituents and analyze each one in detail. Woody Hartzog: So, how does the law become involved in all of this? Greg just talked about how the technology is in place. The sensors are there to record our...

Life Inside a Skinner Box 2: Existing Technology and Successful Prototypes

In this part Greg Conti provides unambiguous examples of the already acting technology and initiatives towards automated law enforcement. Greg Conti: As we look to the future, has anyone seen Google’s Project Glass video? Even better, have you seen the parodies where they’re wearing the glasses and get...

Life Inside a Skinner Box: Automated Law Enforcement

This entry is based on the Defcon talk “Life Inside a Skinner Box*: Confronting our Future of Automated Law Enforcement” by researchers Lisa Shay, Greg Conti and Woody Hartzog about downsides of automated surveillance and law enforcement. Lisa Shay: Good afternoon. I’m Lisa Shay, I teach...

Criminal Education 3: Disrupting the Adversarial Market

This part of Art Gilliland’s keynote encompasses his view of the measures for preventing breaches, and the highlight of the role of intelligence for this. I think we need to define a new defense in depth for us. And part of that is building our capabilities at each stage of their value change (see...

Criminal Education 2: The Cybercrime Ecosystem

Art Gilliland’s focus in this part of the keynote is on the analysis of why enterprises are vulnerable and how the data breach cycle typically takes place. So let’s start by understanding a little bit more about us. Let’s discuss a little bit about how we are seen by the adversary. We are incredibly...

Criminal Education: Preventing Corporate Data Breaches

Art Gilliland, Senior Vice President & General Manager of HP Software Enterprise Security Products, expresses his vision of corporate information security during RSA Conference 2013 keynote speech “Criminal Education”. Thank you very much and good afternoon! My name is Art Gilliland, and...

The Effect of Password Strength Meters 5: Questions & Answers

Blase Ur’s presentation at USENIX ends with a Q&A part which is reflected in this entry and sheds yet more light upon the details related to password meters. Question: I really liked the study and I applaud your large sample size. I’m wondering if you had any way of measuring user tendency to...

The Effect of Password Strength Meters 4: What Makes Meters Matter?

Blase Ur provides herein the results by metrics affecting time of password creation, user sentiment, memorability, and summarizes the study overall. Let’s move on to the password creation process. In particular, I’ll highlight the time it took the participants to create a password, and also how...

The Effect of Password Strength Meters 3: Password Composition and Guessability

In this entry Blase Ur walks us through the first two metrics for the study, namely the relation of password length and meter type, and results by guessability. Before I jump into our results, I’ll tell you a little bit about our participants. We had 2,931 of them recruited on Amazon’s Mechanical Turk...

The Effect of Password Strength Meters 2: Visual and Scoring Differences

Blase Ur proceeds with describing the workflow of the password meters study, highlighting here the impact of visual and scoring elements upon password strength. So, I just showed you a number of different features, and we, of course, wanted to know what each of these features is contributing. All of our...

The Effect of Password Strength Meters

During his USENIX talk “How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation” Blase Ur, computer security and privacy researcher with Carnegie Mellon University, presents a thorough study of password strength meters in terms of their effect on password creation...

Hacker’s Guide to Stay out of Jail 8: Questions and Answers

This is the final part of the Grugq’s presentation at HITB SEC event, where he takes questions from the audience about OPSEC for online freedom fighters. The Grugq: So, are there any questions? Question: What’s, in your estimation, the average cost per persona? Answer: In terms of time, you probably want...

Hacker’s Guide to Stay out of Jail 7: VPNs vs. TOR

The Grugq dwells here on the issues of anonymity and privacy for freedom fighters, paying a particular attention to the tools for maintaining those. In terms of technologies that you can use to help ensure that you maintain good OPSEC, on the subject of VPN vs. TOR, a lot of people seem to have thought that...

Hacker’s Guide to Stay out of Jail 6: Anti-Profiling

Further explicating OPSEC guidelines for freedom fighters at HITB SEC Conference, The Grugq now focuses on the various ways to prevent personal profiling. In terms of staying anonymous, briefly, if we go over some guidelines, you want to avoid revealing personal information about yourself. Any personal...

Hacker’s Guide to Stay out of Jail 5: Anonymity and Defense

Here The Grugq describes some of the techniques to use for building layers of anonymity and defense which will guard personas from getting associated with you. So, techniques – basically, you need to put in the plumbing. Plumbing is all of the stuff that you’re going to use to maintain your cover...

Hacker’s Guide to Stay out of Jail 4: Be Paranoid and Never Contaminate

In this part of the presentation, The Grugq continues exemplifying the common violations that freedom fighters should under no circumstances make. In this case palladium was insufficiently paranoid (see image). After he got busted, they took him to an interview and they showed him logs that they had...

Hacker’s Guide to Stay out of Jail 3: LulzSec Failures

Highlighting the typical mistakes to avoid, The Grugq provides real-world examples where actual hackers got busted due to unacceptable indiscretion. If you’re trusting people to keep their mouths shut, which you should never do, they won’t. This is why VPNs are not actually secure. VPNs would only be...

Hacker’s Guide to Stay out of Jail 2: Do’s and Don’ts

Covering practical tips for doing OPSEC, this part of The Grugq’s talk makes it clear what you should and should not do when freedom-fighting on the Internet. One methodology for doing OPSEC is, basically, you need to think about how to put the plumbing in first, so you need to set up your environment for...

Hacker’s Guide to Stay out of Jail: OPSEC for Freedom Fighters

During his talk ‘OPSEC for Hackers by The Grugq: because Jail Is for wuftpd’ at HITB 2012 Conference, The Grugq, a well-known information security guru specializing in studying anti-forensic techniques, advises online freedom fighters out there on how to avoid getting busted. This is going to be...

Understanding CAPTCHA-Solving Services in an Economic Context 6: Q&A Part at USENIX

Drawing a line under the presentation, Marti Motoyama takes questions from the USENIX audience about CAPTCHAs proper and the related solving services. Question: You said that one of your goals when you were doing this research was maybe to figure out something about the workforce that you can take advantage...