Reflections

On my blog, I primarily wrote about vulnerabilities or solutions to vulnerabilities or occasionally new cyber security laws. I wrote about the vulnerabilities because I believe that people as a whole can frequently become very relaxed when it comes to security, especially with cell phones. If one person can read what I posted and think “oh, I never even thought about that being a risk or vulnerability, maybe I should take another look at what I am doing” then my job is done. I wrote about new laws because I think it is interesting to watch the judicial and legislative system evolve based on the ever-growing world of technology. I typically used cnet.com as my source because I find their articles to be more captivating than some of the other tech sites. I also used wired.com to gain ideas for this blog. I don’t think this type of blog would be useful to an information security professional because I tend to write about things that are trending now and most tech sites have an article that reiterates what I have written.

A few lessons to the next group of students:

1.       Do your work ahead of time or at least get a rough draft of what you will write about. There are times when there isn't too much new news out there for you to write about, so don’t wait until the last minute to start looking.

2.       Ask questions if you don’t understand an assignment.

3.       You get back what you put into this class. The more you put in the better off you will be in the long run. 

Google Security Vault

Google is attempting to make your smart phone more secure. At the end of May Google came forward with Project Vault, a digital security system in the form of a microSD card called the Vault Card. The Vault Card can protect the personal information of the owner’s phone. It can encrypt messages from an app and provide additional authentication level so that your device recognizes that you are the owner of the phone. The Vault Card has 4 GB of data and uses NFC, near-field communication, to communicate with devices that are in range. The Vault Card is also compatible with any operating system. The Vault Card is still in the works and is being developed for enterprise companies. 

http://www.cnet.com/news/googles-project-vault-is-a-security-chip-disguised-as-an-micro-sd-card/

Norton Identity Safe

This week I stumbled upon Norton’s Identity Safe, which is a password manager that is absolutely free. While I understand that it is owned by Norton, I still do not feel safe with using any type of password manager. I’ll tell you a little bit about Norton Identity Safe. It offers a desktop client, a web based vault, and apps for both Android and iOS. Norton ID collects and manages log-ins, passwords, and billing and shipping addresses. In addition there is a wallet feature that manages your credit card information. Norton locks your passwords and allows you to quickly access sites without providing log in credentials. I like the idea of the ease and convenience but what happens when it gets compromised? Do I then have 15 passwords to change? I’m not a big proponent of storing passwords in any capacity. But if that is your thing, Norton seems to be doing pretty well at handling that for you. 

http://www.cnet.com/news/manage-your-passwords-for-free-with-norton-identity-safe/

Bodyprint by Yahoo Labs. A new type of Biometric Authentication?

This week I read about a new biometric scanner created by Yahoo Labs called Bodyprint. The scanner would allow a person to unlock their smartphone using their ear print, fist, phalanges, palm, or fingers instead of a single fingerprint. The reason that there are so many different body parts that can be used is because the scanning device is bigger than a fingerprint scanner. Yahoo Labs is taking the capacitive touchscreen of a smartphone and turning it into a biometric scanner that has a 99.52% accuracy rate while it has a false rejection rate of 26.82%. Even though a capacitive touchscreen cannot capture every single line on a fingerprint, it can detect large prints such as the ear or fist. Bodyprint analyzes touch patterns on the screen as opposed to 2D location mapping like the ones used to track gestures on smartphones now. Bodyprint can even be used by multiple people on one device. The video in the link below shows a device calling for the authentication of two users to gain access to a document. Bodyprint is still in the early testing phases but hopefully this will one day be widely used as a better biometric authentication source.

I like the accuracy rate while it still has a relatively low false rejection rate. At some point in the future I think everything will have some form of biometric authentication because of how easy it is to commit identity theft now. All you really need is a first and last name, address, last four of SSN, and sometimes a phone number. Biometrics is the future of safer transactions in my opinion.

http://www.cnet.com/news/bodyprint-could-let-you-unlock-your-phone-with-your-ear-print/