Security quotes of the week

Biometrics will finally replace the password and thus redefine the word "hack." Jokes aside, IBM believes multifactor biometrics will become pervasive. "Biometric data-facial definitions, retinal scans, and voice files-will be composited through software to build your DNA-unique online password."

[...]

"In five years, unsolicited advertisements may feel so personalized and relevant it may seem that spam is dead. At the same time, spam filters will be so precise you'll never be bothered by unwanted sales pitches again"

Before we fully release Whisper Systems' code to the public in the coming months, we need to make sure it meets legal requirements and is consumable by the open source community. The plan is to open source the code in an iterative fashion, starting today with TextSecure, which provides support for encrypted texts on Android devices. We hope individuals will continue to find it useful and build upon it. If you have any questions or suggestions, please use the Whisper Systems mailing list.

[Konrad] Fellmann isn't surprised, based on his experience with retailers. Weak passwords, such as "password," are one of the most common things he discovers during POS [point-of-sale] penetration testing, he said. "Some people, you tell them what's required, and they'd rather not do it. They had the tools, and could have easily blocked [the attack]. If they were using a validated POS application, the vendor should provide an implementation plan, which would have included making sure you have a firewall in place." But, he said, "these people weren't thinking about point of sale security—they were just thinking about making a sandwich."