IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [identification]

88 questions
5
votes
2 answers

What are the risk tradeoffs of all-in-one "smart" IDs vs. using a separate hardware authenticator?

In many organizations these days, employee IDs are very mutli-functional. They can serve as: Visual identitiy verification. (Including employee photo, name, ID number, and other details on the face) Building access control. (Via RFID, prox card,…
Iszi
  • 26,997
  • 18
  • 98
  • 163
4
votes
2 answers

Authentication vs. Verification in General and with Biometrics

I am reading The Basics of Information Security, 2nd. Ed., Andress, Jason. He says on p.25, "Identity verification is a step beyond identification, but it is still a step short of authentication, which we will discuss in the next section." He then…
Raw_Input
  • 143
  • 1
  • 4
4
votes
9 answers

Where is the identification process when I use a key fob to unlock a door

I can understand that typing my user name on the computer is "identification" and providing the password is "authentication" but when I use a smart card or a key fob I see no identification taking place?
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
4
votes
3 answers

Is it possible to identify mobile phone user with voice recognition

A friend of mine claims that it is possible to identify every anonymous call (prepaid, skype, etc) only using voice recognition. However the scientific literature which I've read so far is ambiguous, i.e. if you apply voice recognition to a limited…
CuriousIndeed
  • 161
  • 1
  • 10
4
votes
1 answer

Beyond Nmap: Investigating open TCP ports bound to unknown services

I have an uninvited guest using my private WLAN. At first I thought it was probably just a tech-savvy neighbour in need of Internet access, in which case; it wouldn't really bother me. However, I've noticed they always seem to connect the same three…
voices
  • 1,649
  • 7
  • 22
  • 36
3
votes
4 answers

How can I uniquely identify an user when cookies are not an option?

In web application development, how can I uniquely identify an user when cookies are not an option and IPs are dynamic? Are the patterns which I can combine and then created a hash to be used as a UID?
user69377
3
votes
1 answer

Why do websites ask for the last four digits of your social security number?

Quite a few websites, Coinbase and Stripe most notably, ask for the last four digits of your social security number to 'verify your identity'. Assuming these websites are not trying to fraud you, how could knowing four digits of your SSN possibly…
Max Isom
  • 43
  • 1
  • 6
3
votes
7 answers

How does an IDS identify a computer ?

How does an IDS identify a computer on the network. I mean do IDS' actually check whether a device is actually what it claims to be ? If so what factors does it check (MAC etc) ? For e.g. if a device was banned from the network due to malicious…
Grim Reaper
  • 518
  • 1
  • 4
  • 14
3
votes
1 answer

How do I ensure secure communication and inter-process authentication in a multi-server application

Note: Question updated to narrow the scope a bit. Scenario Client <-> Application server <-> Data server Users use the client to connect to the application server and build queries for execution. Application server handles authentication and…
Marjan Venema
  • 131
  • 5
3
votes
1 answer

Nonprofit organizations asking me to email them a photo of my driver's license

Recently I've had two nonprofit organizations ask me to email them a photo of my driver's license. No money is changing hands, and both of these are legitimate and well-known nonprofits. Organization A wanted me to sign a document with a notary, but…
user51881
3
votes
1 answer

Unknown Service Identification

How can one identify a service running on a non-standard port? I'm not talking about services like webserver or FTP since nmap can do that without any problems. I'm talking about services that are not that common, like Java RMI, X11, ... What I…
i--
  • 51
  • 1
  • 3
3
votes
1 answer

How can we show our end-users that we are trusted by a bank?

We are developing an website which serves end users of many organizations (banks , municipalities etc). We have already setup meetings with the banks and they've agreed to work with us. Ok so let's say that a user user1 of bank bank1 is entering…
Royi Namir
  • 351
  • 3
  • 12
3
votes
1 answer

Risks of using UUID to identify user in mobile app

I've got an existing customer base. A customer has appointments. Currently they cannot access or change their appointments without contacting me directly. I want to offer them a way to access and change their upcoming appointments, with as little…
TragedyStruck
  • 165
  • 6
3
votes
3 answers

Does MAC spoofing prevent identification?

I regularly connect to public wireless APs scattered around the city, offered by my carrier. I remember reading an article that a determined owner can track you between APs and thus know your location and routine. Now I found out that one can…
Alex
  • 819
  • 1
  • 7
  • 11
3
votes
0 answers

What personal information, if any, can be gleaned from a Microsoft APPCRASH problem signature?

I am trying to debug an "APPCRASH" problem event for a program running on Microsoft Windows 7. When this happens a problem signature is presented, like this example from SuperUser: Problem Event Name: APPCRASH Application Name: …
Lee
  • 131
  • 3
1
2
3 4 5 6