Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKO1fLOTF0qbbtjx1v0Es=VdnKrxsAVO7+GHW43_XipqksKmKQ@mail.gmail.com>
Date: Thu, 19 May 2016 17:30:00 -0500
From: Bruce Marshall <bkmarshallkc@...il.com>
To: passwords@...ts.openwall.com
Subject: Re: User profile based fraudulent (password) activity detection

RSA's Adaptive Authentication is the first product that comes to mind. I
believe TeleSign has a similar offering for mobile, and I'm sure there are
others.

LinkedIn (and other companies like Facebook) either uses a product like
this or built their own. Here's a presentation where they tslk about it.
Server-Side Second Factors: Approaches to Measuring User Authenticity
https://www.youtube.com/watch?v=GEnGi5RN-Cg

Bruce Marshall
PasswordResearch.com
On May 19, 2016 3:43 PM, "Per Thorsheim" <per@...rsheim.net> wrote:

> Markus Jakobsson (Founder at ZapFraud) recently made a small Linkedin
> post where he said it is time to deploy filters to detect social
> engineering attacks, which is something they offer as a product/service,
> according to their website.
>
> I replied with:
> "Banks and credit cards actively monitor where in the world people use
> their cards, as well as lots of other parameters to build profiles of
> their card owners in order to detect fraudulent usage.  I have not yet
> seen much, if any products or technologies deployed with small/medium
> sized businesses to better detect fraudulent activity on their employee
> accounts, where the activity is technically allowed (correct usr+pwd)
> but breaks the user's profiles.  Does it exist?"
>
> Markus has imho a great response with:
> There is not much there, and there is a need for it. Most people think
> spam filters, detection of phishing URLs, malware detection and DLP is
> enough, not realizing how vulnerable that makes their users.
>
> --
>
> Biometrics has behavioral biometrics (HOW you type, speak, move etc),
> credit card companies and banks uses algorithms and behavioral profiles
> to search for fraud. (At least they do over here...)
>
> Any ideas, products or services out there to build profiles of user
> logons (IP, geo-location, time/day/date) etc to detect suspicious
> activity? Did I just give away a business idea here? (I want to be
> credited, and a free lifetime license!)
>
>
> --
> Best regards,
> Per Thorsheim
> CISA, CISM, CISSP, ISSAP
> Founder of PasswordsCon.org
> CEO of godpraksis.no
> Phone: +47 90 99 92 59
> Twitter: @thorsheim
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.