Biometric identification based on typing style from DARPA

As much as we might like to think otherwise passwords, as we use them – or not use them, today are for the most part – useless.

The majority of people don’t take password security seriously – the number of “password” and “123456″ type of passwords are the perfect example. The remaining people that do can’t be sure about how secure those passwords are given the fact that for every password created there is some way to crack it.

It turns out that password security is something that DARPA (The Defense Advanced Research Projects Agency) take very seriously and is apparently looking to a post-password solution to the problem.

Most of the password-replacement action at DARPA is taking place within the Active Authentication program, where researchers are studying “innovative approaches that enable revolutionary advances in science, software, or systems” that authenticate a user’s identity while stationed at a computer terminal without relying on passwords.

via Fast Company

It seems that the agency believes that using, or creating in their case, some cutting edge biometric identification products that can identify a user by their typing style might be one of the possible solutions. While there has been much work done in the area of biometric security methods DARPA program manager Richard Guidorizzi points out they are expensive to implement on a mass basis as well as raising privacy concerns.

On the other hand creating a biometric identification system based around an individual’s typing style is cost-effective and will help alleviate any privacy concerns.

Guidorizzi believes passwords will always be insecure. Instead, he proposes that “forensic authorship”–the analysis of a user’s average word length, use of punctuation, type-token ratio (for us mortals, basically the number of unique words used in a document) and average word length to determine the identity of computer users. DARPA has not yet unveiled how they intend to turn forensic authorship into a replacement for the password–but their decision to hold an industry day shows that they believe the technology holds potential. Once the agency creates a workable prototype of their new password-replacement system, it will be tested on desktops in a “Department of Defense office environment.”

via Fast Company

I don’t know about you but the idea of some identification system figuring out that I am who I say I am is kind of scary given my typing skills.

DARPA is after your typing biometrics for post-password security is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Windows Phone 7 Post-Nodo Security Updates Rolls Out
2. Cracking the iPad 2 password in 5 seconds [Video]
3. Microsoft Security Essentials updated – get it now
4. Microsoft Security Intelligence Report suggests zero-day exploits not as important

Three varieties of printed explosives detectors (Photo: Greg Meek, Georgia Tech)

In most cases explosive detectors are pretty expensive and complex pieces of technology but a team of researchers at Georgia Tech Research Institute, lead by scientist Dr. Krishna Naishadham, have discovered a way to totally change that.

Using an ink-jet printer to print out a paper based ammonia sensor that is capable of detecting explosives. This process involves printing carbon nanotubes on paper, or materials like plastic polyethylene terephthalate. The ink that is used consists of silver nanoparticles that is held in an emulsion that can then be passed through an ink-jet printer as long as it is within the temperature range of 212F (100C).

Not only is this process cheap and effective, but the nanotubes can also be formed into RF circuits, components and antennae. This means that the sensor can be printed with a built-in communications device already installed to transmit data. These components can be printed on a suitable plastic and be formed out of flexible organic materials, such as liquid crystal polymer to make them more robust and water resistant. The device also uses very little power, which makes it suitable for running off of thin-film batteries or solar cells. And, being printed, the device can be stuck on any surface where it might be required. The GTRI team is also working to make the device capable of operating passively without an internal power source-something like RFID tags used in shops that get their power from the shop’s scanning devices..

via GizMag

Georgia Tech School of Electrical and Computer Engineering professor Manos Tentzeris (left) and Ph.D. candidate Rushi Vyas (right) work with an inkjet manufacturing system (Photo: Greg Meek, Georgia Tech)

Use an ink-jet printer to create a paper-based explosive sensor is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Two Microsoft interns create the creepiest photo tagging app yet for Android
2. Researchers create a fertility chip to help guys with those sperm bragging rights
3. Create your own desktop wallpaper – no software required
4. Create a bootable USB for installing Windows 7

iPad 2 security is easily broken

Security is something that a lot of people take very seriously when it comes to accessing their data and one always hopes that the companies that bring us all our cool gadgets care about it in the same way. It was a lack of concern that gave Microsoft such a bad name for years and it seems that Apple has not learned from that lesson.

As you can see in this video cracking the iPad 2 is a pretty simple affair.

hat tip to @pauloflaherty

Cracking the iPad 2 password in 5 seconds [Video] is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Bing heads to the iPad and does a beautiful job of it
2. Windows 7 Slate vs iPad [VIDEO]
3. Bing to Lasso your search on Apple’s iPad [Video]
4. Now that the iPad is out of the way how about Microsoft? [Video]

According to the report, the vulnerability that zero-day account constitutes for only 1% of attacks observed in the world.  The remaining 99% of attack exploits of known vulnerabilities, for which a fix is already available at the time of the attack. Zero-day exploits are the least of a company concerns and are not a major threat to organizations.

“As part of SIRv11 (Microsoft Security Intelligence Report, volume 11), we conducted research to quantify exactly how pervasive the threat posed by zero-day attacks was in the first half of this year,” said Tim Rains, director of product management at Microsoft’s Trustworthy Computing Group. “We found that none of the most prevalent malware threats used zero day exploits to propagate in the first half of 2011, and less than one percent of attacks using exploits, leveraged zero-day vulnerabilities.”

Zero-day is a term that describes security concerns where an exploit is released before a software company has issued a security update.

Microsoft says the appearance of malware can break by instinctive force passwords on infected systems and more than a third of malware seen by Microsoft still using the technique of autorun in Windows to run automatically when an infected device is inserted to system.

The phishing attack techniques has created nearly half (45 percent) spread of malware in the first half in 2011. In addition, more than a third of malware is distributed via attack by Win32/Autorun abuse. Nearly 90 percent of damages by the hackers to exploit the vulnerability of system are due to security software not being updated from more than one year.

“I definitely don’t want to dismiss the significance of zero-day vulnerabilities, but SIRv11 does put them into perspective. It also draws attention to the other 99+ percent of attacks which occur as a result of things like social engineering, weak passwords and unpatched vulnerabilities,” Rains said.

Microsoft releases patches on every second Tuesday of the month. The October patch fixesinclude Service Pack 3 for Office 2007 and SharePoint 2007, an update to the Malicious Software Removal Tool and others major critical updates. Google, to prevent malware on its end, is using the power of data analysis to help determine where to look for malware and recently rolled out a new notification for its search engine.

Post originally written by Saroj Kar for SiliconAngle and reposted here with permission

Microsoft Security Intelligence Report suggests zero-day exploits not as important is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Microsoft releases their Security Intelligence Report Vol. 8
2. Microsoft Security Essentials updated – get it now
3. About that report regarding the virus getting by most security software….
4. Well color me pink – Microsoft Security Essential considered one of the best

Early this week I had gotten an email from AVG’s PR company asking is WinExtra would be interested in doing a review of the new AVG Internet Security 2012 software package, which at the time seemed like it might be a good idea. I should say that I have used AVG products in the past but moved on after they become a little on the bloated side but I figured that maybe I’d give them another try and see if they had improved, and besides it would make for a good review type post.

Then came the news that the company had just released an anti virus app for Windows Phone, which made me shake my head at the time but not much more of a reaction than that. In the reviews at other sites the initial response was one are you serious? in that the AVG app didn’t appear to do much more than scan your images and music on your phone. As Surur at WMPoweruser.com suggested this sounds a bit like a scam, doesn’t it?

Yes it does but it appears to be even more questionable than that if this Twitter from well respected Justin Angel is to be true.

Daniel Rubino from WPcentral also managed to capture these Twitter messages from Mr. Windows Phone himself Chris Walshie and Justin where they are talking about this mess.

If this indeed the case then AVG has crossed a line that they should never even walked up to and unless they have some very good reasons for the behavior of their already questionable app they will have tarnished their reputation for a long time.

So, AVG, about that review … I think I’ll pass at this time.

Sorry AVG but no review from WinExtra after your ridiculous Windows Phone AV app mess is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. Microsoft’s Belfiore spins on about Windows Phone updating mess
2. Windows Phone 7 From Around The Web 11.02
3. Free protection service coming with Windows Phone 7
4. Windows Phone 7 Series – a gaming platform?

According to the report 92 percent of malware was blocked with when IE9′s URL-based filtering was enabled and believe it or not but 100 percent with the Application-based filtering enabled.

Second place surprisingly went to Internet Explorer 8 blocking 90 percent, third was a tie between Safari 5, Chrome 10, and Firefox 4 blocking 13 percent. Last place went to Opera 11 which only blocked 5 percent of malware.

This study was based on going to sites that relied on tricking users into installing malicious software, it wasn’t based on sites that required browser flaws to initiate an attack. The study also was strictly based on European users where the URLs visited were harvested from spam e-mails, instant messages, and from posts on the various social networks.

via Ars Technica

Internet Explorer 9 just kickin’ malware butt is a post from: winextra
Follow us on Twitter: @WinExtra | Don't forget we're on Facebook as well: WinExtra Fans

Related posts:

1. So what is the difference between Internet Explorer 9 Beta and the Release Candidate
2. Microsoft to keep IE developer previews flowing until Internet Explorer 10
3. Official download links for Internet Explorer 9 RC leaked early
4. Download links for Internet Explorer RTM have gone live