[Owasp-appsensor-project] how to detect if a detection point is created and sone other questions
dennis.groves at gmail.com
Mon Mar 11 10:08:43 UTC 2013
On 11 Mar 2013, at 1:14, panos wrote:
> Yes random username isn't so good idea actually is very bad idea.I
> thought of getting the IP and giving it as username for example
> "Ano192.168.1.1". I think that something like this it will work. I'll
> try it.
One of the issues is the concept of identity, it only takes [32 bits of
information to identify
IP Address is certainly not enough and unsurprisingly you can easily
gather enough information to have very high confidence in identity
without any username or password.
And you will most certainly you will have enough information to make a
Baysian decision (how likely is it this identity is being hostile?)
based on the behaviour of that identity (33 bits) for AppSensor. I
suggest that anybody who doesn't surrender the '33 bits' is perhaps
automatically suspect since they fall outside your standard deviation
model of users.
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
*This email is licensed under a [CC BY-ND
**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free
> The idea that some lives matter less is the root of all that’s wrong
> with the world. -- Paul Farmer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-appsensor-project