zzma's comments | WingNews

zzma | 1 year ago | on: The Triple Failure of 2U, EdX, and Axim

Oregon State has a large offering of online undergrad and grad programs: https://ecampus.oregonstate.edu/. There were 11,430 ecampus students in Fall 2023 [1].

The ecampus tuition (~13K/year) is still substantial compared to the in-person tuition for out-of-state students (~38K/year), and nearly identical to the in-person tuition for in-state students (~14K/year) [2].

[1] https://ecampus.oregonstate.edu/news/2023-ecampus-enrollment... [2] https://financialaid.oregonstate.edu/cost-attendance

zzma | 5 years ago | on: Finding vulnerable Twitter accounts with expired domains

> Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.

What would this "hand data" look like? A 3D model of a hand MRI or X-Ray?

Based on my understanding, in any form of biometric authentication, some amount of static data (i.e. the biometric database is not receiving a secure, updating feed of the state of your hand/body) is stored on the server and compared with the data transmitted for authentication. Biometrics change (fingerprints can be rubbed off from gardening, DNA mutates, etc.), so this static biometric data is something that is mostly environment-invariant.

If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.

zzma | 6 years ago | on: Mozilla and Opera remove Avast extensions from their add-on stores

They also will often install their own trusted root certificate and then MITM all HTTP/HTTPS connections. Often, this MITM will significantly reduce the cryptographic security of the connection over the public internet [1].

[1] https://jhalderm.com/pub/papers/interception-ndss17.pdf

zzma | 6 years ago | on: Spying on HTTPS

> FUD. Why should we want "behaves exactly as the browser does", when browsers (in fact, mostly Google's) are in fact turning against their users?

It turns out that most of the MITM products have questionable / insecure TLS stacks [1] and can introduce insecurity to user web traffic.

[1] https://zanema.com/papers/ndss17_interception.pdf

zzma | 6 years ago | on: Boeing Believed a 737 Max Warning Light Was Standard

> Boeing performed an internal review and determined that the lack of a working warning light “did not adversely impact airplane safety or operation,”

Why is this review not done by a third party auditor? The cynical view is that corporations have a conflict of interest. They are only incentivized to act ethically up to the point that the cost of ethical behavior exceeds the damage done by unethical behavior... These costs do include future fines/penalties, but these are often woefully disproportionate to the damage done as evidenced by the fraudulent NASA metal supplier incident.