[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions

Dennis Groves dennis.groves at gmail.com
Mon Mar 11 10:08:43 UTC 2013


On 11 Mar 2013, at 1:14, panos wrote:

> Yes random username isn't so good idea actually is very bad idea.I 
> thought  of getting the IP and giving  it as username for example 
> "Ano192.168.1.1".  I think that something like this it will work. I'll 
> try it.

One of the issues is the concept of identity, it only takes [32 bits of 
information to identify 
somebody](https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy). 
IP Address is certainly not enough and unsurprisingly you can easily 
gather enough information to have very high confidence in identity 
without any username or password.

And you will most certainly you will have enough information to make a 
Baysian decision (how likely is it this identity is being hostile?) 
based on the behaviour of that identity (33 bits) for AppSensor. I 
suggest that anybody who doesn't surrender the '33 bits' is perhaps 
automatically suspect since they fall outside your standard deviation 
model of users.



Dennis

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20130311/2639bf46/attachment.html>


More information about the Owasp-appsensor-project mailing list