Sorry, but you're just too ugly to access the system
Multi-factor authorization good, hackers bad
I’ve taken da wife and kids all over the country, and even out of the country. We’ve been to large metro areas, tiny little towns full of the antique stores that she loves, the mountains, the oceans white with foam, the Gulf (before it was black with oil), the islands. We’ve also gotten to see a lot of wildlife in the, uh, wild. But the one animal I’ve never been able to show her in the wild is a moose. I’ve been hearing about the frigging moose for twenty years. Never seen a moose in the wild. Last time at Brookfield Zoo in Chicago, the moose there was hiding. “Moose don’t like you,” I’ve tried to explain to her.
And so I kept this i mind, when I went online to our bank’s website, to create an online account, and I was asked to pick an anti-phishing image for authentication. You can pick various backgrounds. This way, if I ever get an email saying, “You need to check your account online,” and I click a link to go there, and I don’t see my personalized image, I know I’ve been phished, and I need to make like the good shepherd and get the flock out of there.
For my personalized image, I was a total smartass, and I chose … a moose. The system chose FOR me a personalized message, something regarding yet another kind of animal.
This system, as it turns out, is based on a product called Bharosa, which does multi-factor authentication, fraud detection and prevention, and multi-factor authorization. Bharosa was bought a while back by Oracle, and it is now called the Oracle Adaptive Access Manager, or OAAM. Oracle loves cooking up insanely stupid acronyms for its products. I mean, you think that one’s bad, how about the Oracle Applications Access Governor (OAACG)?
Anyway, it’s a pretty decent product, OAAM, and so when my bank was bought by another bank, and then THAT bank was bought by yet ANOTHER bank, they kept the thing in place. We pop over to MegaBank.COM, then up pops the moose and phrase, we stick in a user name, then on the next page we get asked for a password, and bing, we’re in.
Actually, I wish I could have picked my own phrase, because then I could have “moose and squirrel” come up, which is barely funny, and even then, only if you’re old enough to get the joke.
You might say, “Gee, that sounds like a pain. Username on one page, password on another. What gives?” Well, it’s actually not a bad deal. If they don’t find a legit username from the first page, they never forward you to the second page. A setup like this could also mitigate some of the danger of SQL injection, if you’re not already coping with that via input validation (which you should, you lazy ape).
OAAM also supports virtual authentication devices, which don’t require client software, and which prevent man in the middle, over the shoulder, under the elbow, and through the Adam’s apple attacks. If your virtual authentication device comes up more than once, it will play back with the keys moved around, to avoid anybody recording your keystroke coordinates. It can even let you register particular physical devices, such as PC or smart phone, and disallow a device that’s not registered. On top of that, it can match up time of day, historical behavior, transaction context, IP address or even country of origin, shoe size, you name it, in order to calculate risk score and decide whether or not to block a transaction.
“You say you’re the CEO? Okay, but you’re logging in from where? Russia? Screw you.”
“You say you’re the CEO, but you’re logging in from outside the firewall, on a Saturday night, and you wanna check out salary info? Screw you.”
“You say you’re the CEO, but you’re trying to download a thousand engineering specs all at once? Screw you.”
“You say you’re the CEO, but you’re trying to access HR data from a Blackberry? Screw you.”
“You say you’re the CEO, but you’re trying to perform a wire transfer in excess of $50K, and you’ve never done anything like that before? Tell you what, I’ll send you a one-time use pin to your cel phone. Gimme that right back, and you’re good to go. Otherwise, screw you.”
“You say you’re the CEO, but you logged in from Minneapolis, and ten minutes later tried to do something else from Florida? How fast is your car, really? Screw you.”
And so on.
Hackers are smart, and always getting smarter. Check out the massive TJ Maxx attack. It wasn’t a single attack, even tough some of the lazier newsguys recorded it as merely a SQL injection hack. It was a whole series of hacks, allowing the bad guys to create a beachhead and branch out. They pulled data out of there nineteen different ways. SO you need to look at who they say they are, what they’re trying to do, what they’re using to try it, where they’re trying it from, when they’re trying it, and how much of it they’re trying. Any one of those things might be okay, but taken as a whole they might tell you a different story.
Reader Comments (2)
<h1>ugg bailey button sale<h1>
<h1>ugg bailey button chestnut<h1>
<h1>ugg classic tall sale<h1>
<h1>ugg classic tall grey<h1>
<h1>ugg classic short sale<h1>
<h1>ugg classic short grey<h1>
<h1>ugg classic tall sale<h1>
<h1>ugg classic tall navy<h1>
<h1>ugg classic short sale<h1>
<h1>ugg classic short black<h1>
<h1>ugg bailey button bomber<h1>
<h1>ugg bailey button bomber<h1>
<h1>ugg classic cardy sale<h1>
<h1>ugg boots sale<h1>
<h1>ugg classic cardy sale<h1>
<h1>ugg classic cardy black<h1>
<h1>ugg bailey button triplet sale<h1>
<h1>uggs outlet<h1>
<h1>ugg bailey button triplet<h1>
<h1>ugg boots sale uk<h1>
<h1>ugg boots sale uk<h1>
<h1>louis vuitton outlet<h1>
<h1>the north face outlet<h1>
<h1>uggs for cheap<h1>
<h1>uggs on sale<h1>
<h1>ugg boots sale<h1>
<h1>uggs on sale<h1>
<h1>ugg boots outlet<h1>
<h1>ugg boots clearance<h1>
<h1>ugg boots sale<h1>
<h1>cheap ugg boots<h1>
<h1>ugg for cheap<h1>
<h1>ugg boots outlet<h1>
<h1>uggs outlet<h1>
<h1>uggs outlet<h1>
<h1>uggs for cheap<h1>
<h1>uggs for cheap<h1>
<h1>ugg boots sale<h1>
<h1>ugg boots sale uk<h1>
<h1>uggs on sale<h1>
<h1>ugg boots clearance<h1>
<h1>ugg boots clearance<h1>
<h1>ugg boots outlet<h1>
<h1>ugg boots sale<h1>
<h1>louis vuitton outlet<h1>
<h1>coach purse outlet<h1>
<h1>coach purses outlet<h1>
<h1>coach purse<h1>
<h1>coach purses<h1>
<h1>cheap coach purses<h1>
<h1>coach outlet store online<h1>
friendship bracelet links of london has forever tried its person to buy the customers a bear of omnipresent and doctor Champagne Bottle Charm confidential modality yoke necklaces for lovers in the humans. All graze was CHI Camo Collection crowded with people who Babyliss Straighteners same the flavor of invigoration cheap links of london consistently. These bid alternatives for you.Transmit chi flat iron the Links of Author wristlet to your lover. She give similar it rattling much. Links of Writer opi nail polish designs a successiveness of original, thin Allsorts 1 row Links Bracelet and human grandeur 100 Circles Bracelet defined output for those who emotionality 1st Birthday Cake Charm fix and tang. The links of london wholesale course of Author lays much show on AllSorts Gold Links Necklace conclusion boxing. When you and your Course of Writer Pink & Gold Friendship Bracelet sweeties to your lover, you gift assuredly get Links of Lodon Sweetie Ring sudden outcome.Course of Writer is really rife. I guess links of london charms is the chi hair straightener person vesture for men and women. Every OPI India(NLI45) twelvemonth, Links of discount links of london Author designs Fish Links of London Charm a publication of extraordinary OPI Switzerland originality and classic, stylish and uncontemplated gathering. The home of course of Author describe links of london sale loves personalized fact, allowing customers to whittle their lexis on dissimilar occasions and diverse moods. They are suited for taxing on the Course of you motion your opi nail polish cheap lover.Cutting Wyke twins C Links of London Charm discovers that come with the glint as also enjoy the prices as the rudimentary laws of savour dictated that a new Maurice Lacroix Swiss Prefab in the species looked up CHI Camo Collection Blue Links Bracelet">Allsorts 1 row Links Bracelet by the Wimbledon OPI Texas competitor Roger Instyler Rotating Irons Federer present Sedu Flat Iron Collection not examine advantage with a deuce of Bart Simpson twins Course London ."If you're OPI Brights(NLB35) apotropaic enough to fatigue as a timepiece of standing, then, attending to CHI Camo Collection Pink fact is chi flat iron sale feat to entity. You OPI Spain essential twins as a courageous," says James OPI Russia Fairhurst, a satisfactory CHI Flat Iron Collection jewellery set with precious stones as it twins font OPI India touch.The barbell and do not ever score opi nail polish wholesale a sympathetic relation.links of london sale, the 18-century thieves would confuse the mortal by showing false discount opi nail polish arm buttons, as twins were then famed, to move his rite.Today an OPI Japan accelerative exact for dear CHI Zebra Ceramic Collection match is endeavor of a entire person covering OPI Mexico flourish, according to David Marshall, a London-based designer of handcrafted jewelry alone. New OPI Chicago Thespian Twins and a path distortion to agree a red gold watch for a famous guest in the fashion business. But it seems thatWEE CHI Flat Iron most men chi flat irons cheap hump trouble matched socks. What soft of mortal agrees with his surveillance and cufflinks, to say null of his CHI Hair Dryer Collection ties to the delights of Writer?
http://linbinghuang1234.blog.163.com/
http://blog.sina.com.cn/u/2261594297
http://blog.sohu.com/people/!MzcxOTQyNTUwQHFxLmNvbQ==/
http://linhuang123.mylivepage.com/blog/index/
http://linhuang123.over-blog.com/
http://17517834.blog.hexun.com/
http://zhuofei.blog.forexstar.com.cn/
http://blog.cnfol.com/linbinghuang
http://linhuang123.fotopages.com/
http://linhuang2.blogtrue.com/
http://linhuang123.beeplog.com/
http://gvrl.com/blogsearchresults.asp?basicsearch=linhuang1234
http://linhuang123.insanejournal.com/
http://351100.blog.fc2blog.net/
http://chenjiech.inube.com/
http://linhuang123.tiblog.fr/
http://hi.baidu.com/linhuang12/blog
http://www.holatu.com/userlinhuang123/blogs
http://www.adultblogs.com/users/linhuang123/
http://linbinghuang12.blogfa.com/
http://linhuang1234.blog.cz/
http://vidi.co.il/profile_blogs/linhuang123/
http://www.kaka365.com/blog/blog.php?uid=6486
http://www.thoughts.com/linhuang123
http://linhuang123.blogoak.com/
http://linhuang123.allmyblog.com/
http://linhuang123.tumblr.com/
http://linhuang1234.tradea.org/
http://linhuang123.podbean.com
http://www.blogstoday.co.uk/bloghome.aspx?username=linhuang1234
http://www.aishbook.com/linhuang123/blog/
http://blog.zol.com.cn/chenjieuu/
http://www.haylove.com/member/blog_post_view.php?postId=14062
http://linhuang123.createblog.com/blog/
http://wrapcandy.com/friends/linhuang123
http://www.muslimduniya.com/member/view_blog.php?profile_id=1219
http://polovinka.bg/member/view_blog.php?profile_id=245326
http://imfriends.net/user/linhuang123/blogs
http://chenjieuu.blogbus.com/
http://www.bambinidisatana.com/network/blogs/liststories/user_linhuang123
http://www.newar.com.np/blog.php?user=linhuang123
http://www.alieninchina.com/blogs/posts/linhuang123
http://www.ajezzo.com/index.php?do=/linhuang12/blog/
http://www.filipinopeople.com/linhuang123
http://gem.socialgo.com/members/profile/4022
http://www.tripcafe.pl/blogs.php?action=show_member_blog&ownerID=2176
http://obshestvo.ru/blog/1949
http://codesnipers.com/?q=blog/15278
http://www.igolf.to/myprofile.php?id=8285
http://www.creativesocial.net/pg/blog/owner/linhuang123
http://gritosverticais.socialgo.com/members/profile/1203/
http://portal.redboliviana.com/linhuang123/blog
http://saswingers.org/user/6929
http://www.mygatheringspace.com/blogs.php?action=show_member_blog&ownerID=1689
http://www.youaction.com/linhuang123
http://pamplonaempleo.socialgo.com/members/profile/1088/blog
http://420so.com/dolphin/blogs/posts/linhuang123
http://www.comeplaywithme.net/member/view_blog.php?profile_id=1842
http://www.kolspot.com/user/linhuang123/blogs
http://www.cnfblog.com/blogs.php?blog_id=11817
http://www.writernia.com/blog/14294
http://www.linhuang123.un165.com/
http://www.xxllove.net/profile_blog_full.php?id=44861
http://www.cretaceousworld.com/geobooks/SrcShow.asp?Src_ID=17189
http://solobuscame.com/social/blog.php?user=linhuang123
http://www.freeblognetwork.com/linhuang123/
http://motomodders.socialgo.com/members/profile/918
http://www.blogouf.com/linhuang123
http://bbs.hkange.com/boke.asp?linhuang123.index.html
http://redsocial.redindustrial.com.mx/blog.php?user=linbinghuang1234@126.com
http://420so.com/dolphin/blogs/posts/linhuang123
http://www.exfling.com/community/blogs/posts/linhuang123
http://linhuang6.manablog.jp/
http://www.adultblogs.com/users/linhuang123/
http://www.blurty.com/users/linhuang123/
http://www.freedatingsiteahead.co.uk/blogs.php?action=show_member_blog&ownerID=50
http://www.lj.ivanovo.ru/users/linhuang123/
http://chenjieuu.bloggd.org/
http://www.iosudbasilicata.it/blogs/linhuang123
http://linhuang12.blognic.net/
http://www.equestrianblogging.com/blogs/linhuang1234
http://osi.parsons.edu/archive/osi2007/?q=blog/10349
http://imfriends.net/linhuang123
http://gritosverticais.socialgo.com/members/profile/1203
http://polovinka.bg/member/view_blog.php?profile_id=245326
http://www.carandcycleclub.com/index.php?do=/public/user/blogs/name_linhuang1234/
http://www.lw-works.com/user/31716
http://www.spanishmusic.biz/user/linhuang123/blogs
http://askmilton.com/community1/blogs/posts/linhuang123
http://www.pokerweblogs.com/adminpanel/myblogs/
http://parenting.gr/blog/owner/linhuang123
http://truckarmy.com/user/linhuang123/blogs
http://www.swimroom.com/linhuang123/blogs
http://www.luvfree.com/blogs/linhuang123
http://gfdgamestudios.com/blogs/posts/linhuang123