Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Comment: To actually respond to your question... (Score 1) 127

by gruntled (#48473165) Attached to: Ask Slashdot: Best Biometric Authentication System?

Iris recognition is the easiest and most reliable; the reason it's less popular is it was wildly overpriced until the patents on the technology expired a few years ago, but since then a number of players have entered the market and you can actually play with free software that will perform iris recognition via a Webcam, which might be all you need. Retinal scanning feels extremely invasive to users; you generally need people to put their forehead up against a rest and hold still and users typically won't accept it outside of an extremely sensitive environment. In contrast iris scans can be performed from several feet away, very quickly, and generally work through glasses and contacts. Iris recognition typically also works well with people who have a number of different diseases (like diabetes, which can dramatically affect retinal patterns over a very short timeframe) or conditions that affect the eye, unlike retinal scanning, including most of the common conditions that cause blindness (except cataracts). Fingerprint recognition has gotten a bad rap because in general use people don't want to have any false negatives, so operators tune the environment to be less sensitive, leading to lots of false positives (my fingerprints get read as your fingerprints). But it's true that prints can be affected by things like dehydration and the local environment; they can also be simulated if you're sufficiently motivated, but that's made infinitely more difficult if you combine your biometric with a PIN (though it can't be argued that prints are left lying around everywhere, so it's probably not the best biometric you could choose). In addition a surprisingly large number of people -- like maybe two percent -- simply do not have usable fingerprints; it's actually a diagnostic criteria for some medical conditions. (I have actually had a couple of jobs that dealt directly with use of biometrics as a form of authentication).

In general I think the other comments are on the money: Keypad and PIN sounds like the way to go. If you're trying to create something automated, then contactless cards / dongles are the other solution but as others have noted, this isn't bulletproof since without some other factor (something you know or something you are) it's possible for one person to use somebody else's device.

Comment: Re:Yeah, but Tulsa (Score 1) 118

by gruntled (#42087257) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

Each college offers its own coursework; there are hundreds of colleges certified as NSA centers of excellence; some of them are indeed excellent, and some of them are...not. The last time I checked out the Tulsa program, it emphasized teaching programming principles in java. Some programs have no coding requirements at all; they train you to be a policy specialist. Many, if not most, programs are very hard core in terms of technical requirements.

Comment: Re:Wake me up when a BA becomes affordable (Score 1) 118

by gruntled (#42084617) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

To reiterate: The Cyber Corps program can and is being used by undergraduates; it will take care of two years of your 4 year degree; if you've got the ability to get your undergrad degree in three years, you'd only have to pay for one year if you were in the Cyber Corps. And if you were to go into college with no debt and no significant obligations -- like a car payment -- you could probably make enough from your stipend and summer jobs to take care of that one year.

I am very sympathetic to your position; I was extremely poor as an undergrad, but I got great scholarships; federal grants took up most of the slack, with jobs and very small loans finishing up. But that was almost 40 years ago; it would be impossible to do that now. that's why programs like this are so important. I urge you to explore it if you're at all interested in infosec as a career.

Comment: Re:Open Enrollment / Full Courses Available? (Score 2) 118

by gruntled (#42084193) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

Excellent argument. The government-employed medical doctors doing cutting edge research developing treatments no private sector company will touch because there's not enough profit in it: Clearly corrupt. Those firefighters who parachute in to disaster areas with nothing but a shovel and desire to save whoever they can: Obviously corrupt. People battling for meaningful financial reform against incredibly powerful opponents: Corruption incarnate. The only moral choice is to do nothing; anybody who says they're in government to try and do the right thing is obviously lying.

Comment: Re:I'm one of those, but to be the best (Score 1) 118

by gruntled (#42083219) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

To recap: You do *not* have to work for the NSA (that article was awful). You do have to work for the government, but you only have to do that for two years (the amount of time you're in school under the program). A masters degree from Carnegie Mellon would cost you something like six figures. And after that all you have is a degree with no experience. Cyber Corps offers you a *free* degree *plus* a monthly stipend, *plus* a virtually guaranteed job, meaning in four years you have no debt, a solid degree and a real resume. I can't say enough good things about the program.

Comment: Re:I went through this program!! (Score 1) 118

by gruntled (#42083165) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

No, I am not a coder on any significant level. You should definitely check out a few schools. Tulsa is not much of a coding program, but they do teach you principles in java; Purdue has an interdisciplinary program that is heavy on programming theory but you can get out with little to no programming; Syracuse has a pure policy program where I think no coding is required at all.

Comment: Re:Poorly researched (Score 1) 118

by gruntled (#42082257) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

Systems housing government data are required to meet certain minimum protective requirements, every system also needs to be certified as initially complying with those requirements by an independent third party (i.e., not the system owner), with a re-examination every three years. It's called "Certification and Accreditation." if you want to understand more about the requirements, look for a document called NIST 800-53. It's basically a penetration test.

Comment: Re:Also, you don't have a clue about what the folk (Score 1) 118

by gruntled (#42081837) Attached to: Cyber Corps Program Trains Spies For the Digital Age, In Oklahoma

I would agree that active duty enlisted tend to be "redder" than average. Also, the time frame you're describing is quite interesting as sounds like it was just about the time that the NSA had been publicly identified as breaking the law and new restrictions were put into place (which is probably what the Chief was bellyaching about). But my experience post reform is that the vast majority of people at the NSA take the prohibition on domestic spying very seriously.

It is much harder to find a job than to keep one.

Working...