From: sil (jesus@resurrected.us)
Date: Tue Jan 27 2004 - 13:44:00 EST
On Tue, 27 Jan 2004, Rob Shein wrote:
> Vulnerability #1 in this scenario? The thumbprint is still on the drive
> from when he last touched it. Dust the print off, scan it, print it and
> continue from there. Some of the fingerprint readers can be triggered just
> by cupping your hands around them and breathing on them, causing the print
> to fog (and be read).
>
It would be fair to add that the majority of biometric systems available
have software to tweak the thresholds. Sure some readers can be triggered
as so, but the majority of readers have the ability to correct this
measure. Typically I would fault the administrator/operator if someone
were able to circumvent a biometric system under said circumstances. There
is also the 'television-based' notion that one could recreate a
fingerprint via rubber-cement or something similar in nature (didn't
bother finding the source, but one can google away on their own), here's
my take on the biometrics hooplah...
Even though a company may choose to use fingerprint scanners, punchcards,
retinal scanners, etc., sometimes corporations forget to switch it up
sometimes. E.g., with the example of door systems using the ever so
popular keycodes (1-9), how many times does a corporation change these
numbers for one. Back in the early 90's I worked at (then called) Chemical
Bank and we had ID based entry systems, and I don't know how many times I
forgot my card and used a friends. Same goes with number based systems.
"Hey I forgot my number what's your number again..."
Sure it can become cumbersome in a large environment to go around changing
access codes, etc., and most administrators, and the staff that
'supervise', tend to get forgetful, lazy, at times. I will always think in
my mind that conferences should be held quarterly for employees
(mandatory) where basic security is explained to them so the user 1)
understands the need for it, 2) keeps it in mind and perhaps even uses
this information in the personal lives (would eliminate massive amounts of
ID theft perhaps..)
// EOF
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Quis custodiet ipsos custodes? - Juvenal
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
sil @ politrix . org http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT