More from Black Hat 2011; Facial Recognition Book

Subject: General Tech | August 12, 2011 - 01:22 PM |
Tagged: facebook, black hat 2011

A presenter at Black Hat 2011 put forward their research on using Facebook as a facial recognition database.  Not only do people upload a lot of pictures of themselves and their friends, they also tag them with the names of the people in the pictures.  This means that there is a large sample of data to be used, with the same face available from multiple angles, lighting conditions and backgrounds.  The findings; nearly perfect recognition and re-identification of people in the database with a photo taken from a smartphone in under 3 seconds. Thank Techware Labs for the chill that just headed down your spine.

facebook.jpg

"Every month Facebook users upload 2.5 Billion photos. With each upload users may identify and tag not only themselves, but everyone in the photo. What if we could use this massive attendance sheet of the world in a larger way. Say with facial recognition and location information? Today Alessandro Acquisti presented his research and attempts at doing just that."

Here is some more Tech News from around the web:

Tech Talk

A quick guide to SSL and what its major maladjustment is

Subject: General Tech | August 8, 2011 - 01:48 PM |
Tagged: SSL, black hat 2011, CA, Comodo

While the boys were having fun at an event in Texas, TechwareLabs were at a show of a completely different colour.  Black Hat 2011, the yearly computer security convention was also taking place in Las Vegas, bringing to light the discoveries of the past year when it comes to vulnerabilities and how to protect yourself against them.  One of the topics for discussion was how the Secure Socket Layer works, by assuming that a Trusted Authority is behind a security certificate which requires them to provide a secure connection between yourself and their servers.  Over the past year we saw a hack at Comodo, who are a major Certificate Authority, which lead to nefarious people getting their hands on certificates assigned to Microsoft, Yahoo and Google, which allowed them to easily fool even a computer using SSL. 

Taking that as an example of the failure of the idea of single, large CAs as the way to implement SSL.  If you were to no longer trust Comodo and its certificates then about 1/4 of the secure sites on the net would never allow you to connect.  Instead a programmer detailed a FireFox extension called Convergence as an alternative.  This distributed way of dealing with Certificate authentication would allow you to switch between trusting and untrusting certain CAs without damaging your ability to connect to secure sites on the web.

TWL_convergence.jpg

"This interesting presentation concerns a security protocol that you probably use everyday. It is in your browser, on the server you connect to, and bought together by a “Certificate Authority”. The idea behind SSL is to provide a secure connection between you, the client browser, and the server providing the sensitive data to you. For instance a Bank website is designed to provide the client with convenient access to account details, transactions, etc. But there is a major issue with a pivotal player in this process. The Certificate Authority or CA is charged with certifying the organizations to which it provides certificates. The CA is supposed to be a trustworthy entity working on behalf of us, the end users, to ensure that any organization it issues a certificate to is credible and trustworthy. After all many users depend on the CA’s, SSL protocol, and issued certificates to enforce authentication and integrity in the online space. You have little choice but to trust the CAs and expect them to provide a high quality level of authentication services."

Here is some more Tech News from around the web:

Tech Talk