Page 12 of 14 FirstFirst ... 21011121314 LastLast
Results 111 to 120 of 137

Thread: Will the Windows 8 mistakes cause Windows users to switch to Linux & openSuse?

  1. #111
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On Sun, 24 May 2015 00:44:06 +0000, Carlos E. R. wrote:

    > On 2015-05-23 08:39, Jim Henderson wrote:
    >
    >> Enter a set of user credentials, and after that authentication, use
    >> your phone as a second factor for authentication.
    >>
    >> That's a real thing - I use it every day myself (my employer makes a
    >> product that does just this, in fact).

    >
    > Some banks here use that for money transfer.


    Banking is an industry my employer is gaining in popularity with.

    > I order a transfer using internet, maybe a phone app.
    > The bank sends an SMS with a code to the registered phone.
    > I type the code in the web page or app.
    > The transfer proceeds.


    My employer's product uses a slider in an app that's contacted after a
    password authentication takes place. It's a really simple and elegant
    solution.

    > There are other things like NFC, but it has not yet taken off.
    >
    > As for IDs, they are talking of using full face recognition combined
    > with other things (specially to make sure the subject is alive). No more
    > need for passwords.


    Actually full face recognition or anything else like that isn't necessary
    with MFA - unless the banking app (or whatever) is on the phone (ie, your
    first factor and second factor need to not be entered using the same
    device).

    When I first looked at our product, I thought "why a slider? Why not
    something like RSA SecurID that gives you an OTP to enter?" (which is
    what we fall back to, actually - just because we can't contact the app on
    the registered mobile device doesn't mean the user doesn't have it).

    The point is that you are demonstrating that you are in possession of the
    second device. Whether you enter a number sent via SMS, an OTP generated
    by the phone and the remote authentication system, or just slide a
    slider, what you're demonstrating is that you meet the "what I have"
    security criteria as a second factor (the password you enter meets the
    "what I know" criteria).

    It's actually trivial to add additional factors, for example, using
    geolocation to identify "where you are" (as an additional factor).

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  2. #112
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On 2015-05-24 05:21, Jim Henderson wrote:
    > On Sun, 24 May 2015 00:44:06 +0000, Carlos E. R. wrote:



    > Actually full face recognition or anything else like that isn't necessary
    > with MFA - unless the banking app (or whatever) is on the phone (ie, your
    > first factor and second factor need to not be entered using the same
    > device).


    Probably for physical doors, or bank in the wall holes.


    > The point is that you are demonstrating that you are in possession of the
    > second device.


    Ah, I see.


    > It's actually trivial to add additional factors, for example, using
    > geolocation to identify "where you are" (as an additional factor).


    That one can backfire easily.

    A relative was here for a visit, from across the ocean. Suddenly her
    credit card stopped working, and got a phone call from home. I think she
    had no mobile phone at the time.

    Apparently, the bank manager had tried to reach her at home, and not
    being able to, blocked her credit card because he was seeing purchases
    from the other side of the globe and thought the card was stolen. Took
    many expensive phone calls to reinstate the card.


    On the other hand, someone stole "virtually" my father credit card. I
    think they placed a camera on the credit card hole in the wall of the
    bank, and a little gadget that reads the magnetic card as you place it
    in the slot. The camera records the PIN code. A popular theft here, I
    learned later.

    The tell tale was two drafts of 600€ on two days at a location some 50
    km away from our city, at a time when my father was in hospital.

    I only managed the bank to return half of it, even if it was their fault
    entirely for not providing secure methods (a camera and reader on their
    premises, false identification of owner at another site). They claimed
    my father had not protected his pin and card enough. No video surveillance.


    Face recognition would have stopped this one.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 13.1 x86_64 "Bottle" at Telcontar)

  3. #113
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On Sun, 24 May 2015 12:43:06 +0000, Carlos E. R. wrote:

    > On 2015-05-24 05:21, Jim Henderson wrote:
    >> On Sun, 24 May 2015 00:44:06 +0000, Carlos E. R. wrote:

    >
    >
    >> Actually full face recognition or anything else like that isn't
    >> necessary with MFA - unless the banking app (or whatever) is on the
    >> phone (ie, your first factor and second factor need to not be entered
    >> using the same device).

    >
    > Probably for physical doors, or bank in the wall holes.


    Yes.

    >> It's actually trivial to add additional factors, for example, using
    >> geolocation to identify "where you are" (as an additional factor).

    >
    > That one can backfire easily.


    Which is why at the moment, it's not a common thing used in the public.
    But for corporate use, it can be very useful - you can't access certain
    corporate resources unless you're on site (or working from a registered
    home office). If you try to access an internal source code repository
    from the local Starbucks, you're probably not on a secure network, so
    access should be denied.

    > A relative was here for a visit, from across the ocean. Suddenly her
    > credit card stopped working, and got a phone call from home. I think she
    > had no mobile phone at the time.
    >
    > Apparently, the bank manager had tried to reach her at home, and not
    > being able to, blocked her credit card because he was seeing purchases
    > from the other side of the globe and thought the card was stolen. Took
    > many expensive phone calls to reinstate the card.


    That's actually a good thing. I've had that happen myself - my card was
    used in a different country, and the credit card company blocked use
    until it could confirm I was using it. (I was, this was in Canada, and I
    had gone up for work).

    > On the other hand, someone stole "virtually" my father credit card. I
    > think they placed a camera on the credit card hole in the wall of the
    > bank, and a little gadget that reads the magnetic card as you place it
    > in the slot. The camera records the PIN code. A popular theft here, I
    > learned later.
    >
    > The tell tale was two drafts of 600€ on two days at a location some 50
    > km away from our city, at a time when my father was in hospital.
    >
    > I only managed the bank to return half of it, even if it was their fault
    > entirely for not providing secure methods (a camera and reader on their
    > premises, false identification of owner at another site). They claimed
    > my father had not protected his pin and card enough. No video
    > surveillance.
    >
    >
    > Face recognition would have stopped this one.


    Lots of things would have stopped it, including deactivating the card
    pending a verification that the charges were legitimate.

    Facial recognition technologies today are not difficult to fool - and
    when buying biometric devices at scale to deal with deployments like
    banks or retail outlets use, inexpensive is the way the companies tend to
    buy. I worked for a retail company who was moving to fingerprint
    biometrics in their pharmacies, and the ingredients needed to fool the
    type of reader we were testing were on sale *in the store*.

    Many facial recognition tools are fooled by a photograph - the technology
    isn't mature enough. But proving you're holding a device as a second
    factor? That's something available today, and actually very simple to
    implement with our product.

    Jim

    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  4. #114
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On 2015-05-24 22:27, Jim Henderson wrote:
    > On Sun, 24 May 2015 12:43:06 +0000, Carlos E. R. wrote:



    >> A relative was here for a visit, from across the ocean. Suddenly her
    >> credit card stopped working, and got a phone call from home. I think she
    >> had no mobile phone at the time.
    >>
    >> Apparently, the bank manager had tried to reach her at home, and not
    >> being able to, blocked her credit card because he was seeing purchases
    >> from the other side of the globe and thought the card was stolen. Took
    >> many expensive phone calls to reinstate the card.

    >
    > That's actually a good thing. I've had that happen myself - my card was
    > used in a different country, and the credit card company blocked use
    > until it could confirm I was using it. (I was, this was in Canada, and I
    > had gone up for work).


    Yes and no, because in this case they blocked this person access to her
    money (and you know that people used to credit cards travel short of
    paper notes). She could not pay anything. She was lucky that she was not
    traveling alone, and that she was not in a hotel, that would demand
    payment. You know: far from home, no hotel, no food, no transport, no
    nothing. Without money you can not even phone your bank!

    Not a nice situation at all. The company protected their money, not the
    client. Because if the card had been stolen, they would have to pay for
    it, not the client. That's what they were afraid of. They acted on their
    own self interest causing damage to their client.




    > Many facial recognition tools are fooled by a photograph - the technology
    > isn't mature enough. But proving you're holding a device as a second
    > factor? That's something available today, and actually very simple to
    > implement with our product.


    Well, on the TV news the other day here they said that it was a new
    Spanish development that detected if the face was alive or not. I think
    it looks for the pulse in veins, but I'm not sure. Go figure.

    Certainly any biometrics most ensure whatever they measure is alive: the
    movies are full of examples with eyes, fingers, and other grizzlies (no,
    perhaps that's not the correct spelling, I'm afraid...)


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  5. #115
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On Mon, 25 May 2015 00:04:06 +0000, Carlos E. R. wrote:

    > On 2015-05-24 22:27, Jim Henderson wrote:
    >> On Sun, 24 May 2015 12:43:06 +0000, Carlos E. R. wrote:

    >
    >
    >>> A relative was here for a visit, from across the ocean. Suddenly her
    >>> credit card stopped working, and got a phone call from home. I think
    >>> she had no mobile phone at the time.
    >>>
    >>> Apparently, the bank manager had tried to reach her at home, and not
    >>> being able to, blocked her credit card because he was seeing purchases
    >>> from the other side of the globe and thought the card was stolen. Took
    >>> many expensive phone calls to reinstate the card.

    >>
    >> That's actually a good thing. I've had that happen myself - my card
    >> was used in a different country, and the credit card company blocked
    >> use until it could confirm I was using it. (I was, this was in Canada,
    >> and I had gone up for work).

    >
    > Yes and no, because in this case they blocked this person access to her
    > money (and you know that people used to credit cards travel short of
    > paper notes). She could not pay anything. She was lucky that she was not
    > traveling alone, and that she was not in a hotel, that would demand
    > payment. You know: far from home, no hotel, no food, no transport, no
    > nothing. Without money you can not even phone your bank!


    And if it hadn't been her, she would have thought it a good thing that
    they didn't just keep letting charges go through. Not good for her, not
    good for the bank - just good for the thieves.

    > Not a nice situation at all. The company protected their money, not the
    > client. Because if the card had been stolen, they would have to pay for
    > it, not the client. That's what they were afraid of. They acted on their
    > own self interest causing damage to their client.


    It's a reasonable business concern, and a standard practice for banks
    now. People traveling outside their normal "spaces" need to be aware of
    this and be prepared for it.

    I've been inconvenienced by this myself - when I was starting to travel
    for work, my corporate Amex got suspended for a similar reason - I hadn't
    been to NYC yet. I got to the hotel (right on Times Square) pretty late
    at night, and the card had been suspended pending verification - and I
    was after hours at the hotel (about 10 PM) and unable to get cell
    reception in the lobby (for this hotel, that was several floors up).

    The hotel was good about it, and checked me in anyways, and we sorted it
    out the next morning.

    >> Many facial recognition tools are fooled by a photograph - the
    >> technology isn't mature enough. But proving you're holding a device as
    >> a second factor? That's something available today, and actually very
    >> simple to implement with our product.

    >
    > Well, on the TV news the other day here they said that it was a new
    > Spanish development that detected if the face was alive or not. I think
    > it looks for the pulse in veins, but I'm not sure. Go figure.


    There are always ways to beat biometrics.

    > Certainly any biometrics most ensure whatever they measure is alive: the
    > movies are full of examples with eyes, fingers, and other grizzlies (no,
    > perhaps that's not the correct spelling, I'm afraid...)


    The movies don't generally reflect the reality of how technology works -
    and are a poor example to reference.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #116
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On 2015-05-26 02:12, Jim Henderson wrote:
    > On Mon, 25 May 2015 00:04:06 +0000, Carlos E. R. wrote:



    > And if it hadn't been her, she would have thought it a good thing that
    > they didn't just keep letting charges go through. Not good for her, not
    > good for the bank - just good for the thieves.


    It depends on the laws of the country. On several countries, the bank is
    responsible, not the client, unless they can prove that the client did
    not properly kept the card and the pin safe.



    > It's a reasonable business concern, and a standard practice for banks
    > now. People traveling outside their normal "spaces" need to be aware of
    > this and be prepared for it.


    Well, the bank has to tell their clients in advance that they have to
    tell them that they are going to travel. Not surprise them.


    >> Certainly any biometrics most ensure whatever they measure is alive: the
    >> movies are full of examples with eyes, fingers, and other grizzlies (no,
    >> perhaps that's not the correct spelling, I'm afraid...)

    >
    > The movies don't generally reflect the reality of how technology works -
    > and are a poor example to reference.


    I meant that on the movies they cut the finger or hand, and put the
    bloody hand on top of the scanner and it works. Or worse, remove the
    eye... which makes me turn my head away on the cinema.

    I'd hate banks and such using biometric systems that could be bypassed
    by the thieves cutting my finger. Or worse. Not because they'd get my
    money, but because they'd cut my finger. Or worse. Obviously. :-}


    Yes, I know that movies are not realistic. It spoils the enjoyment when
    they try to be clever, precisely in an area where you know a lot, and
    you see clearly the falsehood.


    As a high school student, I got mad when a James Bond movie translated
    the English "silicon" for the Spanish "silicona", which happens to mean
    "silicone" in English. At the time I was starting with electronics, and
    while many people here didn't notice a thing, it got me mad - because I
    noticed the huge mistake. Several movies made the same one.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  7. #117
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,043

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    On Tue, 26 May 2015 02:58:06 +0000, Carlos E. R. wrote:

    > On 2015-05-26 02:12, Jim Henderson wrote:
    >> On Mon, 25 May 2015 00:04:06 +0000, Carlos E. R. wrote:

    >
    >
    >> And if it hadn't been her, she would have thought it a good thing that
    >> they didn't just keep letting charges go through. Not good for her,
    >> not good for the bank - just good for the thieves.

    >
    > It depends on the laws of the country. On several countries, the bank is
    > responsible, not the client, unless they can prove that the client did
    > not properly kept the card and the pin safe.


    In the US, the CC company's insurance company is responsible for covering
    most costs. But you'll probably find that "it depends" is applicable in
    most countries - hanging the CC company on the hook all the time leads to
    potential fraud from actual cardholders using their own accounts (by
    claiming the card was stolen, for example). It's never as simple as it
    seems.

    >> It's a reasonable business concern, and a standard practice for banks
    >> now. People traveling outside their normal "spaces" need to be aware
    >> of this and be prepared for it.

    >
    > Well, the bank has to tell their clients in advance that they have to
    > tell them that they are going to travel. Not surprise them.


    Generally they do. The bank in this case *probably* has a record of
    sending something out that says that - but they can't force consumers to
    read privacy statement updates or other account information updates that
    are mailed out. All the bank generally has to do is be able to show they
    sent a notification, and I'd be surprised in this case if they hadn't
    actually sent one out.

    >>> Certainly any biometrics most ensure whatever they measure is alive:
    >>> the movies are full of examples with eyes, fingers, and other
    >>> grizzlies (no,
    >>> perhaps that's not the correct spelling, I'm afraid...)

    >>
    >> The movies don't generally reflect the reality of how technology works
    >> -
    >> and are a poor example to reference.

    >
    > I meant that on the movies they cut the finger or hand, and put the
    > bloody hand on top of the scanner and it works. Or worse, remove the
    > eye... which makes me turn my head away on the cinema.


    Same here, generally - but the thing about movies is that they are
    fantasy and generally not representative of the real world.

    I'm sure you know that.

    There *are* biometric readers that depend on things like body temperature
    and pulse (some high-end fingerprint readers do that). They're quite
    expensive, generally, and buying them in large quantities is not
    economically feasible.

    > I'd hate banks and such using biometric systems that could be bypassed
    > by the thieves cutting my finger. Or worse. Not because they'd get my
    > money, but because they'd cut my finger. Or worse. Obviously. :-}


    Indeed. Any security measure put in place can be thwarted by a motivated-
    enough criminal. Security is generally a balance.

    > Yes, I know that movies are not realistic. It spoils the enjoyment when
    > they try to be clever, precisely in an area where you know a lot, and
    > you see clearly the falsehood.


    Yep. I'm sure for lawyers, watching movies like The Firm or A Few Good
    Men probably causes a fair amount of frustration over the inaccuracy of
    how their profession is represented. It's something probably most
    professions have in common.

    > As a high school student, I got mad when a James Bond movie translated
    > the English "silicon" for the Spanish "silicona", which happens to mean
    > "silicone" in English. At the time I was starting with electronics, and
    > while many people here didn't notice a thing, it got me mad - because I
    > noticed the huge mistake. Several movies made the same one.


    Reminds me of Eddie Izzard describing translating some of his material
    into French. "Transvestite" got mistranslated to "Travesty" - much
    hilarity ensued.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  8. #118
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,853

    Default Re: Will the Windows 8 mistakes cause Windows users to switch toLinux & openSuse?

    Quote Originally Posted by robin_listas View Post
    Well, the bank has to tell their clients in advance that they have to
    tell them that they are going to travel. Not surprise them.
    My bank blocks my (debit) card by default for usage outside Europe (I am not sure if it is the EC or geographical, but the exact definition is on there website). I can deblock this using my personal login giving a start and end date. Thus I am able to deblock for say my holiday and a few days extra. It stopped a lot of those spying of card strips and pin codes and then taking cash somewhere in South America cases.

    The reading of card strips is also much down now because of a redesign of the readers and more awareness of the users (there is a message: do only use this as the reader looks like this (with picture) on the ATMs).
    Henk van Velden

  9. #119
    Join Date
    Jun 2008
    Location
    Connecticut, USA
    Posts
    2,294
    Blog Entries
    1

    Default Re: Will the Windows 8 mistakes cause Windows users to switch to Linux & openSuse?

    Last year some popular big-box stores reported that a lot of credit card information was stolen during the beginning of their biggest shopping season.

    The thieves were smart; they sold the credit cards numbers based on geographical location so that somebody from your area would have purchased your card and unless you carefully check your statements, you are none the wiser.

    Somebody from our area got a nice computer, I assume, from our credit card company because it wasn't us. (of course because of the timing, I had to ask my wife if she was buying a new computer for me for Christmas and sadly she said "no" so I knew it was stolen numbers. I was hopeful
    )

    In that circumstance, maybe the companies can flag a card because it is used in 2 locations miles apart at too quick of a time frame but that doesn't take into account online shopping.

    I am thinking about sticking with cash in my mattress!
    "Linux provides freedom, problem is most users don't know what it is or how to use it." ~me
    Friends don't let Friends wear red shirts on away parties!
    Linux User #477531 | Danbury Area Computer Society (www.dacs.org)

  10. #120
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,853

    Default Re: Will the Windows 8 mistakes cause Windows users to switch to Linux & openSuse?

    Quote Originally Posted by dragonbite View Post
    I am thinking about sticking with cash in my mattress!
    It is always wise to have some backup. And that was the error of the lady Carlos told us about above. She apparently had no backup scheme.
    Henk van Velden

Page 12 of 14 FirstFirst ... 21011121314 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •