Matt Conroy

I just wanted to throw this code example out. I search for a simple description of getting this setup and failed… Good luck, hope this helps.

#!/usr/bin/python
import Ice
Ice.loadSlice("Murmur.ice")
import Murmur

# Init ice
comm = Ice.initialize()

# Let Ice know where to go to connect to mumble
proxy = comm.stringToProxy("Meta:tcp -p 6502")

# Create a dynamic object that allows us to get a programmable interface for Mumble
meta = Murmur.MetaPrx.checkedCast(proxy)

# Get the server instance from the set of servers.
server = meta.getServer(1)

# Get a list of all channels
channels = server.getChannels()

# Get a list of all users
users = server.getUsers()

# Change a user's channel
users[0].channel = 2
server.setState(users[0]);

Filed under: Mumble on November 27th, 2011 | 1 Comment »

Just replace $(“.header”) with your selector.

function toggle() {
$(".header").unbind("click");

var next = $(this).next();
if (next.css("display") != "none")
next.hide("slow", bind);
else
next.show("slow", bind);
}

function bind() {
$(".header").click(toggle);
}

bind();

Filed under: Uncategorized on June 24th, 2010 | No Comments »

After hours of searching… Here is a dirty solution I found.

1. Add this function to the prototype.

$.fn.serializeObject = function()
{

var o = {};
var a = this.serializeArray();

$.each(a, function() {
if (o[this.name]) {
if (!o[this.name].push) {
o[this.name] = [o[this.name]];
}
o[this.name].push(this.value || '');
} else {
o[this.name] = this.value || '';
}
});
return o;
};


Then use this conversion when posting.

JSON.stringify($("form").serializeObject())


JSON.stringify comes from json2.js. You can get a copy at http://www.json.org/json2.js

Hope this helps someone.

Filed under: Uncategorized on June 18th, 2010 | No Comments »

Introduction

One of the newer terms coined in today’s business world is “multi factor” security. With all of the new security threats appearing daily, having the ability to authenticate a user of a networked system is essential to the success of any business. With multi factor security we can close the gap of doubt when determining if a user is in fact the user that is authenticating. Multi factor security goes beyond traditional password authentication, which is “something you know”, by incorporating two new factors “something you have” and “something you are”.

Something you know – an easy explanation and has been used for years, it is basic password authentication. A user is assigned a username and password and by entering it at some prompt is granted access.

Something you have – a token or smart card that provides additional authentication data and can be physically carried by a user.

Something you are – any form of biometric data. A user would provide a fingerprint, look into a retina scanner, speak into a voice recognition system, or perhaps even look at a system that utilizes facial recognition.

If all three forms of authentication are required by a system we have true multi factor authentication.

All the talk of true multi factor security sounds like a security utopia, and in most cases it is proved to be the case. Currently very few security systems require all three factors of authentication, and the current industry standard is slimmed down and called two-factor security or strong authentication. Two-factor differs from multi factor by only requiring two of the three authentication factors when verifying a user’s identity and the biometric factor is normally left out due to cost and the logistics of deployment.

Why implement multi-factor security?

The current pressing reason to move to multi-factor security is to meet the requirements of SOX, GLBA, or FFIEC. As a specific example the FFIEC has issued an official document giving guidance to all financial institutions that offer on-line banking to adopt a risk based model in which two-factor security is implemented for all sensitive user data. However, since this is just a “guidance” document a significant amount of banks still solely use password authentication such as Wells Fargo’s online banking system that only requires an ssn/username and password to authenticate to their online banking system which allows a user to transfer money, view account balances, and send bill pay checks. In some cases the bank could be using a risk model that is more lenient than others and thus is left up to the interpretation of the party determining the use of multi factor security.

A great example of a working two-factor authentication implementation is PayPal’s online banking site which uses SMS or a small token generating device to implement the “something you have” factor of two-factor authentication. When you login to PayPal they will ask for a username/password and then will send a text message to your designated cell phone number with a random pass code that is only valid for a minute before a new one has to be sent. Having a text message sent to a user’s phone makes that user a lot more confident when dealing with the business, especially when the transaction refers to an account containing access to financial information.

However the problem is sliced the main reason to implement two-plus-factor security is to secure the personal information of users. In some cases companies have to pay large fines to business partners for losing user data and in almost all cases purchase credit monitoring for users whose data was lost or stolen. Even though two-factor authentication is a necessary evil that is slowly, but surely, working its way into the security infrastructures of thousands of companies, we must remember that this type of authentication only secures identity validation and not the back-end data and network structure from a direct hack. Network security is still extremely important.

Factor Implementation

When the three factors that can be used in multi-factor security are examined it is easy to see that “something you know” is fairly easy to implement while “something you have” and “something you are” are more difficult to implement. Let’s discuss the implementation examples of “something you have.”

One way that “something you have” can be implemented is by using a small device that can generate a pass code that is required when authenticating to a system in addition to the “something you know” username/password. The small device is activated once a user has entered a username/password and is prompted to give the generated pass code from their generator. Since these devices are small enough to be kept on a key chain they are reasonably useful. Another way of handling the token generation is to have the system that is verifying an identity know some way to contact the user to give them a pass code. SMS is one way of receiving a pass code, instead of entering the code generated by the portable generator a SMS message is received from the server containing the pass code. Since the SMS device is owned by the user is can be considered something they have.

“Something you are” is much more difficult to implement and implementing it remotely is far to costly. Unless a cheap body scanner becomes available soon this factor will most likely be used sparingly and only in extremely security critical applications. It is good to note that facial recognition is slowly becoming more popular and can be seen on some laptops today for authenticating to the machine.

Hacking Two Factor Security

Taking a look deeper into two factor security we clearly see that it has holes that can be exploited, just not as easily as single factor authentication. The reported ways that two-factor authentication has been hacked are using spyware that install a keylogger that reports back to the hacker and phishing scams that contain viral attachments which are requested to be installed which send login information in real time to the hacker’s server. This method would allow the hacker to log into the customers account at the same moment the pass code was generated. In some cases these virus/spyware programs even send screen shots of the entire process to the hacker. This is another great example of an old hack working with new technology.

Summary

Just because two-factor security can be hacked doesn’t mean to abandon it, it is still very useful in detouring a large portion of the hacking community. More importantly multi-factor authentication eliminates a lot of the security concerns that users have when transferring personal information to a company over the internet and should be considered a necessary investment for companies who truly care about the security of their customers.

Referenced Sources

http://www.entrust.com/governance/sox.htm

http://www.safenet-inc.com/library/8/iam_wp.pdf

http://en.wikipedia.org/wiki/Two-factor_authentication

http://www.ussrback.com/crypto/srp/others.html

http://www.ffiec.gov/pdf/authentication_guidance.pdf

http://www.csoonline.com/article/221068/Strong_Authentication_for_Online_Banking_Success_Factors?page=6

http://www.vnunet.com/vnunet/news/2139253/two-factor-authentication

http://www.wallstreetandtech.com/data-security/showArticle.jhtml

http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication

http://www.imx-solutions.com/docs/imX Matrix 5-1-06.pdf

Filed under: Uncategorized on April 26th, 2009 | 9 Comments »

Compiling a Maven project was pretty darn easy. You simply run the command mvn compile. This command tells maven to compile the source code into classes. The classes end up in the target/classes dir and target/test-classes dir.

Running mvn package will build a jar of the project. The version used in the jar name is contained inside the main level pom.xml.

pom.xml

   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
4.0.0
com.mattconroy.project
TestProject
jar   1.0-SNAPSHOT
TestProject
http://maven.apache.org


junit
junit
3.8.1
test

Notice the tag sets the jar version name.

So what does this buy us? We can now install our built component into a local or remote respository for use in other projects or run the program to do some business logic. Obviously we are far from having a complete product since we are missing libraries and other meta data needed to have a easily maintainable project, but this gives us a template to build off of.

Filed under: Java on April 4th, 2009 | No Comments »

Well, I am finally taking the plunge into Apache Maven. I have found that managing dependencies is becoming unbearable and Maven is being used by several open source project that I use so… Here I go, one step at a time.

My first question was obvious: How do I create a new Maven project?

After a few minutes of searching I ended up on the Maven website reading the ‘Getting Started‘ faq and found the very cryptic command on starting a project.

mvn archetype:create -DgroupId=com.mattconroy.project -DartificatId=TestProject

After running the above command I ended up with a directory structure that is suppose to magically work to build and maintain a project. Well, we’ll see.

The structure of the project:

TestProject
- pom.xml
- src
- main
- java
- com/mattconroy/project
- App.java
- test
- java
- com/mattconroy/project
- AppTest.java

So this makes sense… One directory for program code and another for program unit tests. I can live with this.

Filed under: Java on April 4th, 2009 | 1 Comment »

Just figured I would say hi to the world. I haven’t posted in a while and a friend of mine is always saying that they get way more hits than me. Oh well, I guess I will have to be second best

Filed under: Uncategorized on May 2nd, 2008 | 3 Comments »

Go to Molly’s site @ http://www.mollysevertson.com

Filed under: Cool Sites on April 1st, 2008 | 1 Comment »

A friend of mine finds things like this all the time. Watch this silent movie. Very witty!

http://users.telenet.be/kixx/

Filed under: Dinking Around on March 10th, 2008 | No Comments »

I am going to start creating videos for little things that I setup on Ubuntu. Maybe it will help someone. If not I wasted time, but I got another post
Ubuntu SSH Install

Filed under: Linux on February 27th, 2008 | No Comments »