WebApp Sec mailing list archives
Re: new opensource security system product launched
From: "Peter Parker" <peterparker () fastmail fm>
Date: Mon, 04 Oct 2004 22:56:17 -0700
Hi Firstly, I appreciate and admire people who dare to think inovative. As far security of randover is concerned I doubt the effectiveness of it. What you are trying to solve is not what the problem that exist. Randover just creats notion of added layer of security. Let me try to explain. An attacker needs few tokens to authenticate. Randover increases this requirement.. u might ask him couple of more questions (cognitive) which is back to the orignial problem ... "users tend to use weak and known password"... this passwords are again stored in some form in a database, which are vulnerable to many known and unknown weakness. Further I would like to add that asking questions makes profiling an individual more easy.. I try to access a users' login couple of time... every time the system asks for a random questions which the user feels is a secret question for him.. The system asks me more question each time.. I gain more information each time... Questions also reveal as answers do. My random thoughts.. On Mon, 04 Oct 2004 12:28:25 +0530, "arun balaji" <randover () randover com> said:
dear sir - --- about me - -------------- i am arun balaji i am 21 years old and i am from india. - -------- where the idea came from - -------------------- i and a friend( mark herbert- www.niimki.com) of mine from us developed a data authentication method for use in credit card transactions as a payment gateway. my friend didnt want any money for this authentication system. but i wanted to give it a full shot and i got a us provisional patent in july of this year. now after a lot of thinking i have decided to make it open source. - --------------- the application- randover - -------------- its very very simple normally all that a hacker needs to know about a user is 3 or 4 fields of data 1st is user id 2nd is password what i and my friend were trying to do was use a field which can be universal and all pervasive.. that led to us thinking of using all the fields in the database we then thought what if we can ask a random question from all the fields in the database. this makes our system the worlds first user configurable security system for use in the web. its very simple easy to use and develop and can be used as a standalone system or along with existing applications see http://sourceforge.net/projects/randover/ and http://www.randover.com for more details would love to know about what you and the security community thinks of my idea as a whole. bye arun balaji founder inventor and owner (randover.com)
-- peter peterparker () fastmail fm
Current thread:
- new opensource security system product launched arun balaji (Oct 04)
- Re: new opensource security system product launched Peter Parker (Oct 05)