WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new opensource security system product launched

From: "Peter Parker" <peterparker () fastmail fm>
Date: Mon, 04 Oct 2004 22:56:17 -0700
Hi 

Firstly, I appreciate and admire people who dare to think inovative. 

As far security of randover is concerned I doubt the effectiveness of
it. What you are trying to solve is not what the problem that exist.
Randover just creats  notion of added layer of security. 

Let me try to explain. An attacker needs few tokens to authenticate.
Randover increases this requirement.. u might ask him couple of more
questions (cognitive) which is back to the orignial problem ... "users
tend to use weak and known password"... this passwords are again stored
in some form in a database, which are vulnerable to many known and
unknown weakness. 

Further I would like to add that asking questions makes profiling an
individual more easy.. I try to access a users' login couple of time...
every time the system asks for a random questions which the user feels
is a secret question for him.. The system asks me more question each
time.. I gain more information each time... Questions also reveal as
answers do.

My random thoughts..









On Mon, 04 Oct 2004 12:28:25 +0530, "arun balaji"
<randover () randover com> said:

dear sir

- ---
about me
- --------------
i am arun balaji

i am 21 years old and i am from india.
- --------
where the idea came from
- --------------------
i and a friend( mark herbert- www.niimki.com) of mine from us developed
a data authentication method for use in credit card transactions as a
payment gateway.

my friend didnt want any money for this authentication system.

but i wanted to give it a full shot and i got a us provisional patent in
july of this year.

now after a lot of thinking i have decided to make it open source.
- ---------------
the application- randover
- --------------
its very very simple

normally all that a hacker needs to know about a user is 3 or 4 fields
of data

1st is user id
2nd is password

what i and my friend were trying to do was use a field which can be
universal and all pervasive..

that led to us thinking of using all the fields in the database

we then thought what if we can ask a random question from all the fields
in the database.

this makes our system the worlds first user configurable security system
for use in the web.

its very simple easy to use and develop and can be used as a standalone
system or along with existing applications

see http://sourceforge.net/projects/randover/
and http://www.randover.com for more details

would love to know about what you and the security community thinks of 
my idea as a whole.

bye
arun balaji
founder inventor and owner (randover.com)


-- 
  peter
  peterparker () fastmail fm
Previous By Date Next
Previous By Thread Next

Current thread: