Buy PM's
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
By the MITRE Corporation - MFA FOR E-COMMERCE
Good to see the Sleddog Back on the Trail !
__________Is that a biometric device in your pocket? | ZDNet 2003
available at: https://nccoe.nist.gov/?projects/?use_?cases/?multifactor-authentication-ecommerce.
4. RELEVANT STANDARDS AND GUIDANCE
• ISO/IEC 27001, Information Technology – Security Techniques – Information Security Management Systems http://www.iso.org/iso/home/search.htm?qt=27001&sort=rel&type=simple&pu blished=on
• ISO/IEC 29115, Information Technology – Security Techniques – Entity authentication assurance framework http://www.iso.org/iso/catalogue_detail.htm?csnumber=45138
[B]• ISO/IEC 29146, Information Technology – Security techniques – A framework for access management,
https://www.iso.org/obp/ui/#iso:std:iso-iec:29146:ed- 1:v1:en
• NIST Cybersecurity Framework - Standards, guidelines, and best practices to promote the protection of critical infrastructure http://www.nist.gov/itl/cyberframework.cfm
• NIST SP 800-53, Recommended Security Controls for Federal Information Systems http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf
• NIST SP 800-63-2, Electronic Authentication Guide http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
NIST SP 800-73-4, Interfaces for Personal Identity Verification (3 Parts)
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf
• Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2, April 2016, PCI Security Standards Council, https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf
___________________________________
NCCoE has identified that implementing multifactor authentication (MFA) for e-commerce transactions, tied to existing web analytics and contextual risk calculation (by the retailer and/or by a federated identity provider), can increase assurance in purchaser or user identity and thus help reduce the risk of false online identification and authentication fraud. The NCCoE understands that retail is a volume-reliant business and that consumers and retailers will adopt multifactor authentication mechanisms as long as they do not unnecessarily encumber the purchasing process or disrupt the user experience.
___________________________________
To achieve this purpose, the National Cybersecurity Center of Excellence (NCCoE) will develop an example multifactor authentication solution composed of standards-based commercial and open-source products currently available in the marketplace. The project process includes identifying stakeholders and systems participating in the CNP transactions, defining the interactions between the stakeholders and retailer systems, identifying mitigating security technologies, and ultimately providing an example implementation.
Multifactor authentication will also be central to a new National Cybersecurity Awareness Campaign launched by the National Cyber Security Alliance designed to arm consumers with simple and actionable information to protect themselves in an increasingly digital world. The National Cyber Security Alliance will partner with leading technology firms like Google, Facebook, Dropbox, and Microsoft to make it easier for millions of users to secure their online accounts, and financial services companies such as MasterCard, Visa, PayPal, and Venmo that are making transactions more secure.2 Considering the anticipated rise of fraudulent activity due to stronger security mechanisms for card-present transactions, retailers should invest in understanding and implementing stronger authentication mechanisms for CNP purchases, while being sensitive to the user experience.
___________________________________
Assumptions
This example solution of multifactor authentication for e-commerce transactions provides numerous security benefits including increased confidence in user identity and reduced risk. The NCCoE understands that a retail business would weigh the cost of investment in a multifactor authentication solution with its potential benefits, which include protection of reputation and trust from the consumer, as well as reduced fraud losses.
The security of existing systems and networks is out of scope for this project. A key assumption is that all potential adopters of this project or any of its components already have in place some degree of system and network security, as well as many, layered e- commerce fraud reduction measures. Therefore, we intend to focus on the effort of complementing existing system and network security and e-commerce fraud reduction strategies with risk calculation, web analytics, and multifactor authentication.
Background
The NCCoE, working with retail organizations and other e-commerce payment stakeholders, including information sharing and analysis centers (ISACs) and the Retail Cyber Intelligence Sharing Center (R-CISC), has identified the potential need and benefits of a multifactor authentication for e-commerce solution. The need arises from the recognition that malicious actors are likely increasingly motivated to exploit security vulnerabilities in CNP retail transactions in response to the adoption of EMV chip credit cards in the U.S.
The NCCoE also held a workshop to identify key issues that affect multifactor authentication for e-commerce. The conversations held and insight derived from that workshop have informed the direction of this project and this project description.
KEEP THE HITS COMING - ROPES & GRAY Video
Good to hear Z, as Push Tech is like a YouTube Video gone Viral around the World. As is OOB MFA..
On another Subject that a lot of time has been spent on here on the Board is GSA and SAM. The good news is GSA is requiring MFA as of August 2016.
SOURCE: Tech Refresh
GSA Gets Thumbs Up on Cybersecurity Act Assessment
The General Services Administration got a nod from its inspector general in a mandatory assessment carried out under the 2015 Cybersecurity Act.
“GSA policies and procedures regarding access controls are generally consistent with significant governmentwide policies and procedures, including relevant standards established by the National Institute of Standards and Technology and Office of Management and Budget guidance,” the audit states.
The audit goes on to state that for 11 of GSA’s 18 covered systems, GSA has implemented multifactor authentication for privileged users “consistent with governmentwide policies.”
For the other seven covered systems, GSA “relies on compensating controls for privileged user access,” and has implemented “appropriate automated or manual software and license inventory management practices.”
The IG found no issues with GSA’s data loss capabilities and said GSA has created sufficient policies to ensure partnering service providers adhere to GSA IT policies and procedures.
Section 406 of the Cybersecurity Act of 2015 calls for CFO Act agencies to be subjected to audits of policies, procedures and practices for securing its computer networks and IT systems with emphasis on five key areas: logical access control policies and practices; use of multifactor authentication; software inventory threat prevention and contractor oversight.
GSA is among the first agencies to have their audits published. The Interior Department fared worse in its assessment, while the Energy Department's Office of Inspector General found issues with the agency’s decentralized approach to managing software licenses.
Defendants Web Of Lies ~ Great Summation ZPaul !
Nice to see it all put together in one Post. THANKS !
Guidance is not a Standard.
I asked for something that showed MFA was a Standard. Not a Guidance. !
Guidance is like the example: "You should wear your Seatbelt", not until more than a decade later did seat belts become mandatory for the user.
Or the Line Code Algorithm for ADSL (DSL), there were Two Forms,AT&T CAP & Amati G DMT. Both were being used prior to 2000.
Then Amati (Texas Instruments) who bought out Amati, and Amaiti finally won the IEEE T1.413 G992.1 International Standard for ADSL.
DMT ADSL Reference
I invested in Amati's DMT in 1996, as I understood the Vast Benifits of DMT over AT&T's CAP within a month of doing DD.
Of course back in 1996, if you did a search on ADSL, you got only 6 hits. Hard to do DD that way.
Today you get over 14 Million search hits.
I could see the Overwelming Evidence and Benifitof his DMT, once you knew how inferior AT&T's CAP Line Code (Algorithms) were......
http://www.bing.com/search?q=ADSL
I know and can easily understand Technology and what is the better Tech. After all I bought the 1st Laptop on the Market, in 1983,
https://en.m.wikipedia.org/wiki/TRS-80_Model_100" rel="nofollow" target="_blank" >https://en.m.wikipedia.org/wiki/TRS-80_Model_100[tag]
Model 100 LapTop.[/tag]
I was able to buy a Demo Model, before it was being sold, I remember while on a Business trip in 1983. I still remember the Stewardess on the plane ask me "What's That ? " as I was typing my Trobleshooting and Fixes on an F-4 Simulator on my way home. I was the East-Coast Tech-Rep on F-4 Flight Simulators at the time.
Back in the late 97's I wrote WHY DMT for ADSL, I don't have access to that at the moment.
So here is WHY DMT For VDSL I wrote in 1997 (Which is what AT&T is still Using Amati Communications Corp's DMT Line Code for AT&T's U-Verse TV and Internet today, Ten Years later, yes even in the World of AT&Ts U-verse Fiber Optics Transmission Subscriptions today ! Amati / TXN gets Lots of Licencing Revenues.
Not just getting Licencing and Royalties, but since SFOR's IP covers Credit Card Processing there is a possibility of SFOR getting a Very small percentage off each transaction.
Who knows, but that a distinct possibility.
I just know that SFOR'S Patents and the Major Players SFOR and it's
Channel Partners are working with are Investable for me. Especially being a Penny ! That's an Easy Risk to Reward Investment which is why I own Millions of Shares. It's just hurry up and wait, and I delete with that working on a DOD Contracts since I was 20 years old.
ALL Amati's Patents are still gaining Royalties World Wide on
Dr. John Cioffi's Professor Stanford University Patents, who Like Ram, Coiffi, they both worked "INSIDE" BELL LABS. In Dr. Cioffi's Case he was in Bell Labs when they Developed The "Inferior" CAP Line Code.
So years later Professor Cioffi and a Special Class of his, wrote the Algorithms for DMT Line Code.
And not unlike Ram Pemmaraju's & StrikeForce's IP,
Dr. Cioffi's IP lead him to form Amati Communications CORP.
A little unknown company that no one knew the name of, and became the International Standard for ADSL, used by every person that has an ADSL (DSL) Modem on their PhoneLines World Wide.
Sorry guy, I will trust my Background Judgment in knowing a World Standard before your opinion.
______________________________________________________ A Post of Mine from 1997 WHY DMT For VDSL
______________________________________________
With that said -- Robert let me try to help you and others understand why CAP cannot compete with DMT in the VDSL arena.
In order for CAP to achieve the same optimization as DMT, CAP/QAM must rely on transmit filters and receivers to remove energy in the bands.
Determining how well the energy is removed is directly proportional to
the number of taps used in the filters, this is limited by the complexity (which equals cost) of the system. Generally speaking, hundreds of taps are required to sufficiently remove energy beyond the
useful band.
Over and over again we have heard how much more complex DMT is in
comparison to CAP. ** Well pay close attention Amatians, do to the
complexity/cost constraints only a fraction of the required number of
taps are used in CAP. For this reason CAP modems may operate on short
distances across copper with few problems, the number of taps are
adequate. But on longer distances CAP modems fail catastrophically. On longer lines CAP/QAM confine the transmitted signal to the useful
frequency band, this allows the reliable signal in the correct part of
the band, to be corrupted by the bad signal in the wrong part of the
band.
Loop lengths are shorter for VDSL, and after the above description, it
might seem logical for one to assume this would be an advantage for
CAP. Sorry to disappoint some of you.
Though the loop lengths are shorter, the frequencies used are much
higher in VDSL. VDSL using the 11 Mhz and above, where ADSL uses 1.1
Mhz. Now what problems may CAP in counter one might ask? The higher in frequency the more the signal is effected by noise!
The copper infrastructure in place is not shielded, (of course I mean
the twisted-pair telephone lines and not shielded coaxial cable) and
leakage occurs "into" unshielded copper, this commonly known as "ingress" and leakage "out of" copper, is known as egress. Let's start with ingress. VDSL modems must be able to operate in with the presence of over-the-air radio frequency interference (RFI) entering the copper bundles and smaller lines running into homes and offices. I'm sure many are familiar with a Die-Pole antenna (looks like a T) that most have connected to their stereo FM Receivers.
Sure increases your signal strength right. Those radio signals are
picked up just fine on that short 6ft little piece of copper. Now try
to imagine what a huge antenna that line running from the pole to your
house makes, or the lines running along miles of telephone poles to your neighborhood. So VDSL must be tolerant of in-the air transmissions (RFI) - see Ref. in Why DMT).
In AM/FM radio the noise is at a fairly constant rate. In the case of
Ham Radio, the signal is not always there, only when the operator keys
the mike. Before moving on to egress, lets talk about another form of
ingress noise that effects VDSL. Anyone have an Air Conditioner,
Refrigerator, Dishwasher, washer/dryer, or a hair-dryer in the house.
Each time one of these devices cycles on or off it causes noise spikes that can easily effect the signal of VDSL modem. Even a simple light switch can have an effect. This is known as Impulse Noise.
DMT being a multiple carrier having 256 channels, the effect of impulse noise is dispersed across the entire 256 channels, the effect is so minor on each channel it does not cause any interference to the signal. (this is the most simplest way I can explain how it works)
There is no added complexity with the DMT method of handling the above described impulse noise.
CAP/QAM is a "single carrier" signal which cannot handle impulse noise as simply, it must use old Error correction coding, and interleaving of the transmitted signals. Once again this is the simplest way to explain the way it works not necessarily the best, I am writing to the audience, not T1E1.4, nor would I attempt to.
CAP handles RFI by using transmit filters, and receiver equalizer
filters, and must create notches in the bands to be avoided. Again the
complexity of incorporating enough of these filters to remove the noise would be cost prohibitive, when we take into account that many amateur radio bands overlap the VDSL spectrum, is it any wonder that the CAP proponents avoid discussing, this issue, in fact they are promoting the fact that Amateur bands are not of concern. Well I'm here to tell you they are, and even more so in Europe where amateur radio dwarfs the U.S. numbers.
Egress
For CAP's problem with Egress or leaking from copper lines, see the
above paragraph about British Telecom's test. It does not make for
happy campers in Europe, nor in the U.S.
How does DMT cope with Egress, short and sweet, they turn off the
channels that have an affect the Amateur Radio and Short-wave bands. See References above for a more in-depth description.
Maybe they thought DMT VDSL was not feasible, but Amati has now
solved these problems by going half-duplex (ping-ponging)? I have no idea. I was hoping that someone with more knowledge might comment.
Robert, I will continue hopefully answering your question.
As I mentioned in my previous post ping-pong DMT for VDSL is known as
SDMT. The "S" meaning synchronized. SDMT is Low Complexity
Here, there is only one Fast Fourier transform (FFT) per modem. ( FFT - see Ref. in Why DMT).
This one FFT is shared by the transmitter and the receiver of the modem, as only one of the two are on at a time. This is less complex than a modem, which has a separate hardware for both the transmit and receive functions, as is the case with CAP/QAM. It should also be noted that since SDMT has only one transmit and receive band, it only needs one analog filter. SDMT's power consumption is "very" low. ( I do not know exactly, at this time)
Another excellent feature of SDMT is that the same VDSL modem is able to be configured for either Asymmetric or Symmetric transmission.
Once again the CAP modem is at a disadvantage, it must change the
bandwidths, of the downstream and upstream bands in order to change
symmetries.
I must say to those who say that CAP is the better choice for VDSL, they have little imagination, and even less patience to use their engineering background to it's fullest potential, when trying to arrive at the solution for the RFI and other interference's on VDSL transmissions.
I thought about providing a summary, but then thought if any one needs one, it would be easy to create one as the key points stand out on their own.
Perhaps someone may provide one.
Amati's Engineers are undoubtedly some of the best in the world, though in DSL, there is no question in my mind, they are the best. It would appear that some of the largest DSP manufactures in the world share my convictions. In time I feel confident that we will see that praise, stated in much more flattering verse, in a forum far superior to this one. Editors note: This statement was written last week before TI spoke at the Montgomery Conference. Thanks Peter Piper. I'm sure more will follow.
In closing I would like to attempt to bring home the points covered
above, in a much simpler terms, this is for those who find the above confusing.
Since many of you may be audiophiles, or at least enjoy the sound of a
decent stereo system.
Pull out an old 45rpm record or an old Album. Turn the volume way up, and play it. Now don't those Clicks and Pops make you cringe, it's almost sounds as if they could be damaging to your speakers.
This is your DATA on CAP, any questions?
Now put on a CD, I suggest Life in The Fast Lane, by DMT.
Re: "MFA has been industry standard for years now"
DH it's an Article from April 2017.
I didn't title it.
And unless you find an article that discribes the nuts and bolts of what a company or Industy is using, as in most industry'now requiring OBB MFA, you won't know what flavor of MFA they are discussing.
But as shown with PCI, NIST, Government, etc, The Flavor of the year seems to be OOBA.
As far as your quote MFA has been a Standard for years statement.
Show me something dated before 2016 that shows MFA was a Standard.
MFA became almost the Defacto Standard, when MSFT took MSFT Azure with SFOR's OOB MFA Fully Mainstream after it's Settlement wih SFOR.
It's been a Game of Follow the Industry Leader ever sense.
And in just one year OOB MFA has taken M
ajor Industries by storm.
"TPG acquired products using SFOR IP from Intel?"
Well we knew that Blank Rome was using SFOR IP, so now TPG too!
Why not, we know MFA is the Gold Standard Now.
Thanks Zpaul the pieces are begining to come together.
Speaking of Dr. Sherman shooting down MSFT Expert Witness !
With his background (Amazing! Thanks Z)
He's a modernized Sherman Tank, ready to hit the ground running head on to the opposing Forces.
Two Factor Authentication is on the way out.
I'm not worried about Apple's Two Factor authentication as I have read in several places 2FA is on its way out. It will not be allowed in the near Future.
PCI 3.2 Requirements (including MFA) goes in to effect the first half of 2018. That's plenty of time for R&G to get a Settlement/Licencing & Royalties or Judgement.
Once one case is done probably about 20 more will follow shortly.
Ropes & Gray are quite use to working with and going up against the Big Boys. Once a settlement or Judgement is won in the current ongoing cases, the rest are just a litigation formality and are like Puddy in their hands.
And folks, since we found out quite a lot from ACS's last Webinar and Most contracts are going through ACS, and ACS has to announce things first anyway. I'm hoping to gleen a lot more from their next Webinar Set it & Forget it on MFA and Encryption June 20th
Video Clip from Verterm BrightTalk Webinar on MFA
Between a ROC and a Hard Place with PCI?
Jennifer Pesci-Anderson, Jeff Avery
Jun 6 2017 | 53 mins
https://www.brighttalk.com/webcast/15081/255877?utm_campaign=all-brighttalk-live-recorded&utm_source=brighttalk-portal&utm_medium=web
Another Reason for Sealing and Redaction Court Documents
Not to deflate the positivity of an on going settlement possibility.
But another Reason for Sealing and Redaction
is to protect intellectual proprietary or property interests such as trade secrets.
Your transcript quote Jtech was May 24th, before Evidence 1 was Submitted on June 6th. (Waller Letter and emails)
Still, Settlement negotiations maybe the likely senerio since I note this is to Mag. Judge Mark Falk which is overseeing the DUO, CENTRIFY and TRUSTWAVE Cases that have been on going for a year.
Evidence 1, maybe just be bringing to light, to the court, reasons for not accepting the Current Lowball Settlement Number/Licencing and Royalties offered by the Defendant(s).
Another shoutout to RDY2ROCK over in S. KOREA Supporting the Mission.
Just concentrate on the task at hand and wait for the PPS to
Please show where anywhere
in this Interview where there is a statement that might even come close to thinking that Bankruptcy is even a remote possibility.
Last Interview
I'll tell you, the 1St quarter, was just a typicial quarter nothing special, the 2nd quarter may be just a little better, but it's really going to be the 2nd half of this year where we expect some tremendous very very sizable revenues we are starting to CLOSE some deals we see as the key deals we talked about
Most of last year and of course we don't have a say when Companies want to do these deals, Now they are doing them and we will see the revenues hitting our books probably by the 2nd half of this year, it takes about 3 months for them to come to us, we are getting them done through the channel Partners their closing some major deals were involved in some big players that I can't mention of course, we'll probably get to put out some kind of PR related to that deal once it gets done and we see the money.
But until the second half we won't see anything major most likely, we might see it start coming sooner than that but we're not sure, by the second half will be seeing some sizable numbers that I think will be quite remarkable, we'll definitely beat last year's, my prediction is at least.
We actually do in-house sales but a very small amount of it, because we put in so much energy in supporting the channel partners. Just because we have a channel partner doesn't mean that they do all the work we're doing tons of work here to support their needs, there requirements their updates to the products that we have to supply to meet their clients needs initially, with some other free time we are working with some other clients we are going after especially in the retail space. And in the retail space I'm sure everyone is aware now since we been on I can say it, we've been on HSN, that took us over a year to get therein our minds and the good news is we'll probably be on that show a few more times most likely but we're not sure yet.
Plus we're selling through many stores now but I won't mention their names, online and in-store products we're starting to get a lot more out there we're starting to see a lot more retail sales getting done, so we're starting to see a real push out in the retail space at least for mobile trust and guarded ID. The two retail products we also sell to the Enterprise, but the retail space we do manage and spend a lot of time on and starting to see some major steps getting done.
We're actually at a point now where were right this minute where we have some very strong sales in front of us, these are some of the big sales we've been working on quite a while now, of course they're getting delayed and I can't mention who they are and what they are but decent sales that will start showing up in the numbers I think in the second half of this year, hopefully anyway that should be sizable numbers that will be building up continuously. And also just to mention besides the sales on HSN and all the other stores in everything we're selling through we also have dont for get we have our major patents, we have 7 patent litigations out there which is for product ID are out-of-band Authentication patents, and we have two law ^ expect some tremendous very very sizable revenues"
"we are starting to CLOSE some deals we see as the key deals we talked about"
"by the second half will be seeing some sizable numbers that I think will be quite remarkable"
"we've been on HSN, that took us over a year to get therein our minds and the good news is we'll probably be on that show a few more times most likely but we're not sure"
"we're starting to see a lot more retail sales getting done, so we're starting to see a real push out in the retail space"
"We're actually at a point now where were right this minute where we have some very strong sales in front of us, these are some of the big sales we've been working on quite a while now"
"the retail space we do manage and spend a lot of time on and starting to see some major steps getting done."
"But definitely the sales are developing, some large numbers out there that we are getting done w we're getting involved in more discussions and we should start seeing again the second half of this year as very very sizable, at least that's what we see now and hope, we'll see what transpire"
"until the second half when we do see some I think big numbers hitting us and if we see some of the numbers we expect to see by the end of the year I think we should start seeing some major upscale, I can't saw how the market works, I can't say what people should do but we have a lot more shareholders out there now we deal with them constantly, and definitely they should hold on
We're up for a very very, very positive ride. "
YAWN... ONCE AGAIN
What on earth would make you think
It couldn't ?
STUCK ! Thank You, almost got it right
As LONG as everyone Hears it
It doesn't matter Hear, Here !
As Long as everyone is on Board and Votes for it.
Longs Speak Up, Thank You.
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=132004097
https://www.pcisecuritystandards.org/pdfs/Multi-Factor-Authentication-Guidance-v1.pdf
Doug This might help explain some Upward Movement
Entered in to Court Evidence - Letter By George Waller 6-5-17 and emails! Great Stuff !!! - Compliments of ZPaul
Then of Course more people are begining to realize :
ClayTrader no scam, It's not Rocket Science
understanding how events occur.
Germalto Ad should be shown to the Judge
This is Just adding Fuel to the Plantiff's Fire.
I know Germalto's home office is in Amsterdam.
But the ad sounds like a Frenchman from Paris.
I love the French, but Pariaians are so rude it's Pathatic.
While in a Paris Restaurant, I tried ordering a cup of Coffee before dinner, and met with "No that is not possible" Coffee is only available after dinner. And he sounded like someone with a stick up his A$$.
All that was needed in this Video were the finally words, now go F__K Yourself StrikeForce, you Pathatic Amer-i-con.
If this Video is not brought down post haste, I will be searching out Germalto Forums, Ad's, FB, Twitter, Youtube, etc. And begin my own Mobile Ad campaign.
Remi de Fouchier, VP of Marketing Communication Mobile Offers, may think he is a Super Genius with his New Mobile Trust NET but he should beware of Germalto's current situation, as it's likely to Blowup in Germalto's Face in the Courtroom as Ropes & Gray will carefully make a crafty Move.
Ahhh....... What's up Doc !
I also see this Video was put on Youtube back in 2014.
Thanks RDY2ROCK ! We've Got that 3rd Aircraft Carrier on its way.
We've got your back.
Of course each Nimitz Class Carrier Strike Group has a Sub near by too.
And Just for grins they have a few B1 Bombers in the Area. You may have seen them Buzzing about looking for something to Sting.
Not to mention, if the Bat Signal goes up the BatWing B2 will be there.
Holy Deterrents Batman !
We have a War Bird Air Show every year in March, I don't even have to leave the House, most fly right over the house or Driveway. And they Practice 2 days Prior to the Show. A Triple Header.
One year a pair of B1 Bombers were flying wing tip to wing tip Directly over house around 200ft. They made Runs 3 times a day.
And I use to think the Rockets Shook the Windows. My God what an Incredible Site and Sound for a 10 Year USAF Veteran.
Almost every year an F-15 would fly directly over the Driveway. He'd be flying at 90 Degrees. You could see the Pilot. More than once I got the Thumbs up as he passed over different years.
I'm RDY2ROCK every Year...
I think with the Syria Cruise Missile StrikeForce, the MOB in Afghanistan and now this we are saying, WHO we are, we're Back, and WE'RE NOT GONNA TO TAKE IT any longer, See Me, Feel Meeeee
Again we've Got Your Back ! I think we played our Trump Card in a show of Force.
Professional Writing, No I dont, but thanks Carusso,
We'll there was some Technical stuff written and a lot of stuff while working at the Cape.. But not sports.
A lot of that was mine, although I had to go back and gather some facts as that was a long time ago, but in some ways it feels like yesterday.
I lived in Austin from 77-79 while in the USAF and traveled to Dallas just to see Dallas Play as often as I could. I still travel to Austin for the Formula One Race every year at the Circuit of The Americas.
I've had a board of my own for 6 years, and everyone would probably say that boy can write some lengthy but Great DD. And the great thing is there are no Arguements, yes some friendly debates, but the board is clean of some of the antics that happen here. I got tired of this type behavior on Yahoo in 2012 and began my own board. I can ban someone if need be, but it has never even came close to that. Which is a tribute to the Professionalism of the members who act like civil Adults.
Rarely in the past have I seen anyone outshine my DD. But ZPaul is a Xenon Spotlight shining up at a Rocket on the Pad out at the Cape at Night, Bathed in light awaiting liftoff. Much like SOFR.
This is not to say some others here are not Great also, because they are, very much so. You know who you are, and so do the rest of us !
Thanks for all the Great DD.
There are relatively few posters on this board, as apossed to those that Follow as Lurkers. And they have increased Dramatically in recent months.
FYI: The last short video I just posted a few days ago on "Investing in StrikeForce Patents has had 160 Views, which grew by 20 just today.
So once again in tribute to RDY2-SK-ROCK (The Mission Comes First)
To enter the SingTel or Trustwave Board Room
Sledgogs, You would have to be a Dragonfly on the wall. (Grin)
Have to take time to Say Thanks Z
This is really Great Stuff and Eye Opening to say the least.
In Orlando all day, read Wallers letter and skimmed some of the rest.
Can't wait to get home this evening and read it all in depth.
Thanks Again, only ZBest, as expected.
49'er
MJ, why I used Staubach in my Post.
https://investorshub.advfn.com/boards/read_msg.aspx?message_id=131879228
I followed and was a Fan of Football up until 1979 when I left for Germany, where I became an Auto racing fan, following Formula one and attended a few races and also attended the 24hrs of Lemans once. . I came back to the states in 82, and began following IndyCar. Went back to Germany in 1985, where I followed F1 around Euope and even Monte Carlo every year.
After 79 I didn't follow Football during the regular Season except the playoffs and Superbowl there only so much Time one can devote to Sports and between F1 and Indy Car my plate was Full.
We all have our favorites and no dout Tom Brady is one of the Greats.
Roger Staubach might have been even better had he not quit in 79 due to having been knocked unconscious 20 times. A doctor at Cornell told Staubach that while his brain tests were fine at the moment, another concussion could have life-altering consequences.
Roger was asked by the Cowboys to sign another 2 year contract and declined.
When Roger Staubach was behind center you felt as though you always had a chance to win.
What I recall the most was his leadership and his ability to run the two-minute drill. Countless games where the Cowboys were down (by more than a field goal) in the fourth quarter with well under two minutes to go and you just knew they were going to win. You knew it, the Cowboys and their fans knew it, and their opponents knew it, You knew that when it came down to crunch time Staubach would drive his team the full length of the field and score the touchdown to go up.
You knew that when it came down to crunch time Staubach would drive his team the full length of the field and score the touchdown to go up by two points with a few seconds to go. With a shortened NFL carreer due to military service I think his stats don't really reflect how good a quarterback Roger Staubach really was.
Where did the term Hail Mary Pass come from:
Perhaps Staubach's most famous moment was the "Hail Mary pass" in the 1975 playoff game against the Minnesota Vikings. With seconds on the clock and the Cowboys trailing 14–10, Staubach launched a 50-yard bomb to wide receiver Drew Pearson, who caught the pass and strode into the end zone for a 17–14 victory. After the game, Staubach said he threw the ball and said a "Hail Mary." Since then, any last-second pass to the end zone in a desperate attempt to score a game-winning or tying touchdown is referred to as a "Hail Mary" pass.
Roger was one of the most exciting NFL players of the 1970s. Known as "Roger The Dodger" for his scrambling abilities, "Captain America" as quarterback of America's Team, and also as "Captain Comeback" for his fourth quarter game-winning heroics,
Staubach had a penchant for leading scoring drives which led the Cowboys to improbable victories. He led the Cowboys to 23 game-winning drives (15 comebacks) in the fourth quarter, with 17 of those in the final two minutes or in overtime.
In 1972, he missed most of the season with a separated shoulder, but he relieved Morton in a divisional playoff against the San Francisco 49ers and threw two touchdown passes in the last 90 seconds to win the game 30–28. With that performance, he won back his regular job and did not relinquish it again during his career.
Staubach led the Cowboys to a second Super Bowl win in the 1977 season. He threw for 183 yards and a touchdown, with no interceptions, in Dallas' 27–10 victory in Super Bowl XII over the Denver Broncos.
In his final NFL season of 1979, Staubach set career highs in completions (267), passing yards (3,586) and touchdown passes (27), with just 11 interceptions.
Roger Staubach had the Highest Rating when he retired after the 1979 season. Over 30 years later he still has the 2nd highest Winning Percentage for Quarterbacks with 100 or more starts. He played really 8 full seasons & took the Cowboys to 4 Super Bowls.
His 9th season as a starter he was injured most of the year & came in to to pull out a Cowboy Victory against the 49ers in 1972. The 2 Super Bowls he lost as a starter he lost to the Greatest Defense of All Time (the Steelers). If Tom Landry would have played Staubach in Super Bowl V against the Baltimore Colts he would of won that one. Defenses in the 70's were allowed to use their hands on the receivers back then, much more than today.
COLLEGE YEARS:
It took Navy 43 years to beat Notre Dame after Staubach's 1963 beat them & also when was the last time anyone could remember Navy being ranked # 2 in the Country at the end of the year.
It's very hard to say who's the Greatest because of rule changes in each decade, but Staubach takes a back seat to no one.
What makes F1 different from Indy Car:
F1 is the pinnacle of Technology when it comes to auto racing.
NO Roundy Rounds.
In the late 90's engines were dual Turbo Charged. A 1.6 Liter Motor was pulling 1,100 HP.
An F1 Car can go from ZERO to 200 mph and back to ZERO again in 12 Seconds. Think about it for a Second or 12.
Momba, Not to take anything away from Brady, we are probably from different eras. I hope you would watch these videos when you have the time. They dipict the Man with the Ball when I was a Football Fan.
Understand Split, NIST 800-171 MFA
But anyone interested in their Investment should have read the following by now. And when NIST mentions :
Factors include: (i) something you know (e.g.,
password/PIN); (ii) something you have (e.g., cryptographic
identification device, token); or (iii) something you are (e.g.,
biometric).
Everyone should know this means Out Of Band.
But the again there are at least 130 people reading the Board. So I'm sure some are not as well informed.
NIST Special Publication 800-171 - NIST Page
https://www.google.com/url?sa=t&source=web&rct=j&url=http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf&ved=0ahUKEwj62KfxwqfUAhWEKyYKHT7ZBUYQFgg5MAA&usg=AFQjCNGX65GnQq9AkAr6k_gGhi74ZFOdCA&sig2=fXkZzr7c5IQoD8LS6oHMLA
Authentication using two or more different factors to achieve
authentication. Factors include: (i) something you know (e.g.,
password/PIN); (ii) something you have (e.g., cryptographic
identification device, token); or (iii) something you are (e.g.,
biometric).
DFARS MFA Compliance by Dec. 2017
Taking Steps Toward DFARS Compliance: Multi-Factor Authentication
http://blog.cybersheath.com/taking-steps-toward-dfars-compliance-multi-factor-authentication
As previously discussed in the CyberSheath blog, government contractors who process, store or transmit Covered Defense Information (CDI) are required by DFARS 252.204-7008 to comply with the 14 control families of the NIST SP 800-171 by December 2017. The clause dictates the security requirements specified by DFARS 252.204-7012 for Safeguarding Covered Defense Information and Cyber Incident Reporting. The intention of the directive is to ensure the safeguards implemented to protect CDI are consistent across nonfederal information systems as they relate to work contracted by the US government.
The regulation anticipates the addition of these controls are not intended to impose burden by requiring additional systems or incurring additional expenses in order to acquire government contracts. Although the 800-171 is derived from FIPS 200 and NIST 800-53; the new control set is intended to remove the overhead of the controls specifically geared toward federal agencies. It was expected the majority of contractors would only need to implement and update policies in order to comply. While this may be valid for contractors who have a security baseline implemented that includes many components of the recommendations of FIPS 200 or NIST 800-53, it may not be true for all. Unfortunately for those that do not, this regulation may prove to be a challenging and expensive endeavor.
One of the direct requirements imposed by the 800-171 is the need for Multi-Factor Authentication (MFA). This necessity applies to all privileged account access and users who access network resources where Controlled Unclassified Information (CUI) exists, or CDI as defined by the DFARS clause. Additionally, this applies for any users who access the network remotely by means of remote access connections. These are described in the following ‘derived security requirements’ from both the ‘Identification and Authentication’ and ‘Maintenance’ control families of the NIST 800-171:
Thomson Reuters strongly recommends that you use multi-factor authentication to provide the highest level of security for your firm and client data.
http://cs.thomsonreuters.com/ua/login_security/cs_us_en/multi-factor-authentication-overview.htm
WOW - Didn't I just use the word Ubiquitous
PCI INFORMATION SUPPLEMENT Multi-Factor Authentication
https://www.pcisecuritystandards.org/pdfs/Multi-Factor-Authentication-Guidance-v1.pdf
SOURCE :
http://blog.securitymetrics.com/2017/05/new-multi-factor-authentication-supplement.html
PCI 3.2 Multi-Factor Authentication Updates
2 Things You Should Know about PCI 3.2 Multi-Factor Authentication Updates
http://blog.securitymetrics.com/2016/10/2-things-know-about-32-multi-factor-authentication-updates.html
When should these changes be implemented?
Keep in mind, these new requirements for multi-factor authentication are considered by the PCI DSS to be best practice until Jan 31, 2018. Organizations need to remember while that’s the deadline, they need to work on and implement the solution before then.
I heard in a Video Discussion recently June 2018.
MFA - NY State Cybersecurity Regulations: Who Wins?
Identity and Access Management (IAM) tools. The new regulations call for the use multi-factor or risk-based authentication “for any individual accessing the Covered Entity's internal networks from an external network (500.12)” and as a means for protecting nonpublic data wherever it lives. This mandate will accelerate projects intended to eliminate and replace user name/password authentication, driving procurement of MFA tools and services. Look for massive deployment of mobile phone-based authentication technologies (CA, Duo, RSA, Symantec, etc.) as well as IAM services (Microsoft, Okta, Ping, etc.).
Encryption technologies. There’s a little wiggle room here, but in general, NY DFS 23 NYCRR 500 calls for greater use of encryption for data-at-rest and data-in-flight. Vendors like Gemalto, Vormetric (Thales), and SafeNet, as well as network security players like Blue Coat (Symantec), Check Point, Cisco, Fortinet, Juniper, and Palo Alto Networks should benefit. The NY State regulations may also lead to centralization of key and certificate management—something that is long overdue.
http://research.esg-global.com/reportaction/blog0223201701/Toc?SearchTerms=Multi-factor%20