>If the phone needs a case then it wasn't properly designed
I agree, but the iPhone 4 has no edges to hang onto. Maybe I'm clumsy but I think they are too slippery hence I put it in a case so I can get it in and out of my pocket with out dropping it.
Sources close to RSA tell Ars that the March breach did indeed result in seeds being compromised. The algorithm is already public knowledge.
As a result, SecurID offered no defense against the hackers that broke into RSA in March. For those hackers, SecurID was rendered equivalent to basic password authentication, with all the vulnerability to keyloggers and password reuse that entails.
So they got a lot of the seeds and then were basically down to trial and error, similar to know passwords.
It seems that they were reduced to guessing the PIN's and/or brute forcing them, hence the initial comment from RSA about increasing PIN length.
One would have hoped that the LMC admins would have detected a brute force attack against their RSA servers, I guess they were already infested with keyloggers?
So the seeds are in fact equivalent to a signature made with symmetric keys... If the SecureID card used asymmetric keys with a truly private key, such incident could not have happened.
Using private keys stored in a hardware carried with the owner with a challenge Q&A seems more secure.
The SecureID device S computes S(s,t) without any input from the server the user is authenticating to. t is synchronized time and available to everyone. s is a secret specific to that device. I don't know if it's a shared secret, but the compromise suggests that either it is, or RSA kept the 'private key' part on their servers for convenience.
You're right that a different device S' that received a challenge c from the server and computed S'(c,s,t) could offer more security via public key crypto. But it would take more power (if communicating to the client machine to avoid user transcription of the challenge) or have a more cumbersome UI. I'll bet such devices are already sold.
I've worked at a company whose motto was "Smoke and Mirrors". They'd try to sell based om the wireframe, but tell the customer it was a fully functional product that just need to be customised for their environment.
I never really saw it work that well for them. Sure they could get a lot of interest but any sales they closed were a nightmare to deliver because you had to develop a system in a timeframe that only allowed some tweaking.
EDIT: what I mean is that it's fine to use the model you mention, but IMO you have to be upfront with the customer about it.
> I just had a momentary burst of willpower that allowed me to get rid of it.
Actually it's taken many bursts of willpower for my family to stay TV free. People keep pushing them on us as soon as they find out we don't have one. My brother in law sent us one for christmas one year despite being told we didn't want one. We gave it away. And it seems like every scond person has an old they want us to have because "you can't not have a TV!"
Are we going to run out of oil to power the extraction, production and shipping of the materials before we get around to doing it? Probably not, but still, the costs go up more and more the later we leave it.
I'm interested to see where he goes with this line. A checklist of Business Logic items could be very powerful when collecting user requirements. Although I would expect that it would always be missing something and would need to be flexible depending on the project.
It also means that your system is partially (or more) documented from the start which would save some effort when before you hand it over to the customer or support team.
What legitimate scientific questions can this field answer anyway? What falsifiable hypotheses can it disprove?
Different areas of your brain light up in the FMRI when you're thinking about different things; we've known this for decades, but it hasn't proved much in particular.
I agree, but the iPhone 4 has no edges to hang onto. Maybe I'm clumsy but I think they are too slippery hence I put it in a case so I can get it in and out of my pocket with out dropping it.