Tag: computer application

The SQRL and the One Time Login (OTL).

Paul

VPN4ALL : Use Coupon code “savenow15” and get 15% off the lifetime of your account!Secured QRL Codes!

You probably are wondering about this.   I heard it from Steve Gibson and he calls it “squirrel” Code.  It basically helps those who are worried about security and privacy.   I just didn’t want to forget to talk about this myself.  Ever since I heard the podcast entitled “SQRL Episode 424”,  my mind has been trying to get a handle of the whole thing. 

What most people don’t know and haven’t yet figure out is how useful a QR Code is.   I did not think of this solution and would of laughed if I did.  It is really simple, but yet from what I have heard and understand it could be a game changer in the next few months.  I just have a few things that I must be fixed and standardized.   I wanted to share them with you and maybe in the same instants help the community with this problem.

One Time Login “OTL”

Since we are basically logging in every time we use a different QR Code we are only allowing one instance of the login for each time we use a SQRL login.  Thus we will need to limit the time and when we can use that one QR to login.   We also must figure out how we will deal with collision logins.  This is where the site or server sends out the same securely generated long random number to two different users.   This could happen if say we were using this on like Facebook or Twitter.   It is unlikely but possible, unless we disallow it to only be used once and then we get into the ridiculousness of even longer random numbers.   The only thing I can come up with is using the date and time to create the cryptographic challenge.   This would change the it from any two different users from getting the same challenge and thus we would avoid the collision of logins.  

Pretty Good Privacy

The next problem is which encryption key would we want to associate with the smartphone.   I personally think PGP is a good one to start off with and maybe even create the public key that is needed to accomplish this.   The Smartphone in question could be linked in some way to a server with our public key PGP.   I am unsure as to how well this will work but it would allow us to share that key whenever needed.   It may not work but I am thinking we should only use Open Source encryption and thus this is one of the many options.

If the Smartphone is stolen?

This is where PGP can be very useful, we could Revoke the key and tell everyone else this is is no longer trusted and thus we prevent illegal logins to our services.   I’ve heard people do with PGP and thus it should be really easy to implement in SQRL but again, I am not a designer or even ever created things like this so I thought we should at least throw that out and see what people say about it.

Needs to be Available Everyone

It needs to be available on IOS, Android, and even Windows systems.   When this happens it will make it that much easier for this to succeed. 

As you can see I have  these small questions that need to be answer and I even saw some others which I will gladly link to to better help those who may want to explore more into this realm that Steve has started.  

What do you have to say about this and are you curious to see this happen or do you think this will even work.  I may have missed something or do not fully understand it but at least I am wanting this to succeed.   What is your thoughts on this?

What is a Virus and Why do I have one

Paul2 Replies

After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit. [ad#ad2-right]

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

In the Old days, you’d ask

How Did I Get This Virus, Anyway?

You get a virus when you copy infected files to your computer, then activate the code inside by running the infected application or opening an infected document. How you copy the infected files is irrelevant: Viruses don’t care if you get them as an e-mail attachment, a download, or via a shared floppy disk, though e-mail attachments are the most prevalent (and easiest) mode of transport.

[via PcWorld] (Dated Oct 13, 2000 11:00 pm)

That was before hackers wanted to infect for more personal gains.   There is a list of things that hackers want to get when they Infect a system and it is usually very few things.   In the Old days they wanted the fame but now they want money and to take control over the internet.  They usually want to infect for Money or to have computers become botnets.  Now We aren’t talking about the Movie, I Robot.   Once a system becomes a bot it doesn’t think for itself but follows a line of command from the Command and Control center.  So lets say we have  several hundred bots on one net, and the hacker blacked mailed a server saying if they didn’t pay up they’d get DoS attacked.  With enough bots going to one site at one time can slow or even bring down a site, that is how A hacker sometimes uses a virus or trojan to get into a system.

Viruses & Trojans try to Avoid detection

So you have a virus, it wouldn’t do a virus any good to be detected right after getting onto a system.   More and more, viruses are trying to avoid being seen and heard.  Most hackers who program are wanting to infect more than one system so they have to make really sure that you don’t find out your infected.    So with that said there are several ways  and I won’t try to explain them because I think the link talks about it better than I could.   It however will give people something to think about.

In the next few days there will be another post on How you will be able to figure out if you have a virus.  I had to talk about this first so people could understand how to figure out if you have in the next post.  So stay tuned for more