Small but important correction: the chemical is injected into the retina, not the cornea. I was thinking this was cool because if it works in the cornea, it could possibly be injected into a contact lens and achieve the…
I think so too, but I wonder about the long term effect that doing everything in the virtual world will have on abilities in the physical world. It's extremely anecdotal, but my little brother, who almost exclusively…
There's something to be said for getting rid of excessive waste and unnecessarily large warehouses of "cheap junk", but it's also worth remembering that toys play a very important part in teaching children fundamental…
I don't necessarily think so. Just because he manages the risk management offering which is sold to other companies doesn't mean he would be aware of or involved in day-to-day risk management at his own company. At my…
They had a CISO as well as a CIO. Both have been fired/resigned now, though.
FYI the "President of US Information Solutions" at Equifax is a role that has nothing to do with their IT/security department. It's not the same thing as the CIO or head of IT, as many people are confusing him for. He's…
Having worked on the incident response teams for these types of breaches, the "PR machine" is only part of the reason why companies "sit" on the info. It also takes a long time to do investigations on the breach to know…
None of the managers had anything to do with or were in the chain of command of the security team, so it's entirely possible they had absolutely no idea about the breach until long after 8/2. The CFO is the one that is…
I don't believe there's any claim that they didn't learn of it until the public announcement, only that they didn't know of it at the time of the stock sale which was on Aug 1st, only a few days after the breach was…
Lifted it off a glass/phone/anything else you touched. Or it can be "compromised" in the same way your SSN can be compromised through hacking. The millions of people who were exposed in the OPM hack all have records of…
> The face scan isn't "insecure" even if you're worried about border searches. Just turn off your phone when you get in the security line! Pin will be required on start. As far as border searches go, border officers…
> I don't think the average person in their audience has a strong reason to understand the difference. In my experience as a security consultant, one of the biggest problems (and it's a very big problem) we face is that…
> They can't be phished because they aren't secrets. And here lies the problem. Apple treats them as if they are. "Your fingerprint is one of the best passwords in the world" - Apple during the keynote when they…
> You're conflating every fingerprint scanner with the Apple's implementation of TouchID, which is far more secure than the check-the-box-to-win-a-government-contract stuff that's been built into most laptops. No, I'm…
It's worth noting that despite the prosecutors saying "its a foregone conclusion", they have not actually even charged Reynolds with possession of child pornography. It seems to me that while their words say they…
> Biometrics can't be rotated. But they also can't be phished. Sure they can. Haven't you ever seen a cop show where the detective tricks the suspect into drinking from a cup of coffee so they can lift the suspect's…
Unfortunately I can't find any archives of Apple's website advertising TouchID when it first came out, but as I remember it was touted as "revolutionary, most secure way to protect your phone", etc. Below[1] is the…
> At what point is stealing a fingerprint, retina print, or face going to be economical enough for the thief that this would be an actual valid concern in 99% of use cases? For the average person who is just securing…
The OPM hack resulted in millions of people's fingerprints and names being hacked, and now are floating out on the internet for anyone to look up. Individuals who had their fingerprints stolen in that hack can now never…
No security is going to keep "determined" intruders out. But the point is that you should still strive to achieve "good enough" security. The problem is that while the actual ranking from least secure to most secure is…
https://arstechnica.com/tech-policy/2017/09/judge-wont-relea...
> Much the same, they can force you to reveal your fingerprint, but cannot compel you to share a password. Unfortunately this is dependent on your jurisdiction. In Virginia it's been ruled that law enforcement can't…
The "door lock" analogy ignores the biggest flaw with fingerprints: they're forever. If your door lock is compromised, you can change the key. If someone steals your password, you can change the password. If someone…
To add more examples to this, Florida courts have also ruled that you can be imprisoned for not giving police access to your phone.[1] The "police can't force you to give up your passcode" misconception stems from a…
Not false. Police can ask for your password, and if you do not give it to them, you can be arrested pending a hearing with a judge. The judge can then compel you to give up the passcode (though they probably won't…
Small but important correction: the chemical is injected into the retina, not the cornea. I was thinking this was cool because if it works in the cornea, it could possibly be injected into a contact lens and achieve the…
I think so too, but I wonder about the long term effect that doing everything in the virtual world will have on abilities in the physical world. It's extremely anecdotal, but my little brother, who almost exclusively…
There's something to be said for getting rid of excessive waste and unnecessarily large warehouses of "cheap junk", but it's also worth remembering that toys play a very important part in teaching children fundamental…
I don't necessarily think so. Just because he manages the risk management offering which is sold to other companies doesn't mean he would be aware of or involved in day-to-day risk management at his own company. At my…
They had a CISO as well as a CIO. Both have been fired/resigned now, though.
FYI the "President of US Information Solutions" at Equifax is a role that has nothing to do with their IT/security department. It's not the same thing as the CIO or head of IT, as many people are confusing him for. He's…
Having worked on the incident response teams for these types of breaches, the "PR machine" is only part of the reason why companies "sit" on the info. It also takes a long time to do investigations on the breach to know…
None of the managers had anything to do with or were in the chain of command of the security team, so it's entirely possible they had absolutely no idea about the breach until long after 8/2. The CFO is the one that is…
I don't believe there's any claim that they didn't learn of it until the public announcement, only that they didn't know of it at the time of the stock sale which was on Aug 1st, only a few days after the breach was…
Lifted it off a glass/phone/anything else you touched. Or it can be "compromised" in the same way your SSN can be compromised through hacking. The millions of people who were exposed in the OPM hack all have records of…
> The face scan isn't "insecure" even if you're worried about border searches. Just turn off your phone when you get in the security line! Pin will be required on start. As far as border searches go, border officers…
> I don't think the average person in their audience has a strong reason to understand the difference. In my experience as a security consultant, one of the biggest problems (and it's a very big problem) we face is that…
> They can't be phished because they aren't secrets. And here lies the problem. Apple treats them as if they are. "Your fingerprint is one of the best passwords in the world" - Apple during the keynote when they…
> You're conflating every fingerprint scanner with the Apple's implementation of TouchID, which is far more secure than the check-the-box-to-win-a-government-contract stuff that's been built into most laptops. No, I'm…
It's worth noting that despite the prosecutors saying "its a foregone conclusion", they have not actually even charged Reynolds with possession of child pornography. It seems to me that while their words say they…
> Biometrics can't be rotated. But they also can't be phished. Sure they can. Haven't you ever seen a cop show where the detective tricks the suspect into drinking from a cup of coffee so they can lift the suspect's…
Unfortunately I can't find any archives of Apple's website advertising TouchID when it first came out, but as I remember it was touted as "revolutionary, most secure way to protect your phone", etc. Below[1] is the…
> At what point is stealing a fingerprint, retina print, or face going to be economical enough for the thief that this would be an actual valid concern in 99% of use cases? For the average person who is just securing…
The OPM hack resulted in millions of people's fingerprints and names being hacked, and now are floating out on the internet for anyone to look up. Individuals who had their fingerprints stolen in that hack can now never…
No security is going to keep "determined" intruders out. But the point is that you should still strive to achieve "good enough" security. The problem is that while the actual ranking from least secure to most secure is…
https://arstechnica.com/tech-policy/2017/09/judge-wont-relea...
> Much the same, they can force you to reveal your fingerprint, but cannot compel you to share a password. Unfortunately this is dependent on your jurisdiction. In Virginia it's been ruled that law enforcement can't…
The "door lock" analogy ignores the biggest flaw with fingerprints: they're forever. If your door lock is compromised, you can change the key. If someone steals your password, you can change the password. If someone…
To add more examples to this, Florida courts have also ruled that you can be imprisoned for not giving police access to your phone.[1] The "police can't force you to give up your passcode" misconception stems from a…
Not false. Police can ask for your password, and if you do not give it to them, you can be arrested pending a hearing with a judge. The judge can then compel you to give up the passcode (though they probably won't…