I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet. I saw and enjoyed more of the lectures this year than I have in the past and seemed to have better interactions with the other conference attendees, better conversations, and generally enjoyed myself more than years past. Perhaps it was because this year Montreal wasn’t in the middle of a heat wave with no air conditioning in the hotel and the conference hotel didn’t catch fire (:
Archive for the ‘technology’ Category
On a recent trip to Orlando, I opted out of the full-body scan at AUS, as I always do at every airport security checkpoint. While waiting for my pat-down, I was lectured by the TSA gate agent about how safe they are, was subsequently questioned about my cellphone use as a radiation exposure comparison, and was subjected to repeated attempts to get me to change my mind and just go through the scanner.
This post was originally entitled “SecTor 2010″, however I never actually attended the conference, so it’s not really about the conference but rather my short stay in Toronto during the SecTor 2010 conference.
After a two year absence due to unavoidable other obligations like good friends’ weddings, I finally made it back to one of my favorite hacker conferences, Toorcon. San Diego is always beautiful when I happen to be there with nice weather and a cool mix of people, both locals and visitors who are there for the conference, and this year was no exception.
Yesterday I came across Cleverbot, an “AI” from icogno. As far as I can tell, it’s an incarnation of their jabberwacky AI which supposedly learns from it’s past interactions. I’m always skeptical of anything that is claimed to be AI, because actually creating a convincing fake AI, much less a real one, is an extremely hard problem to tackle. So, chatting up Cleverbot, my skepticism was quickly justified in my own opinion, but I’ll let you be the judge. Here’s the tail end of my conversation with Cleverbot:
I recently purchased the Motorola Droid from Verizon, and am so far very happy with it. Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it. I have however, noticed that touch-screen smart-phone unlock screens (not just the Droid’s) are getting progressively less secure.
It’s common understanding these days that the more factors of identification that a user has to provide to an authentication system, the more trustworthy and secure it likely is. Single-factor authentication is usually accomplished by providing something you know, like a password or PIN number.
As two-factor authentication became more and more mainstream, the two factors involved have usually been something you know, and something you have, like a credit card, crypto-key USB device, a code generated every so often by a electronic card you keep in your wallet, a smart-card that can respond directly to cryptographic challenges, or an RFID or other radio device. The most common use of two-factor authentication is how bank customers authenticate to an ATM machine; they must provide something they have, their bank card, and something they know, it’s PIN.
As cheap ways to collect biometrics have begun to emerge, these two factors have begun to shift from something you know and something you have, to something you know and something you are. This notion of something you are, generally referred to as biometrics, include things like your finger or palm print, iris pattern, voice print, or even your DNA. Using something you are to authenticate is obviously more inexpensive than providing users with something they need to have, however some more advanced authentication systems now require all three-factors for authentication.
Enter the fourth factor of authentication: somewhere you are.
I’ve never been a fan of most certifications. I’ve always been even less a fan of formal degrees in education, at least for technology-centric industries. I’ve always argued that my body of work is my credential, and if a potential employer were to reject my application on the basis that I didn’t have a certain piece of paper, that short-sighted employer wasn’t the type that I wanted to work for anyway.
This article, however, goes even further to suggest that College is a waste of time for an even larger group of people than just the technology-centric industries, and hints at what certifications can accomplish, given that they evolve past most of my objections with them, which are echoed throughout the article.
Upon beginning my new job, I’ve been thrown head-first into the world of Internet Telephony security, a sector that I’ve not really paid much attention to, much less followed. I’m currently in the process of getting acquainted with all of the various protocols and technologies involved, and in doing so I’ve signed up to the VoIPSec mailing list. After following the current discussion threads there for a few weeks, I see a recurring problem that I’ve seen in other growth sectors before, and unfortunately will probably see again.