[Tfug] Why would *anyone* leave a door open?
Bexley Hall
bexley401 at yahoo.com
Fri Aug 28 18:06:48 MST 2009
> > It will be nice when we can access all of our stuff with a
> > fingerprint / eye scan / blood sample combination. Nothing like
> > getting pricked by a needle to check my email. mmm
>
> And then a fake fingerprint will be
> all that is needed to get at your life.
> Gummi bears defeat fingerprint
> sensors • The Register
> http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
Exactly. Biometrics are yet another example of "false security".
It is apparently much harder to come up with a biometric that
can be reliably "interpreted" without having some human (intelligent
agent) there to verify that the user is, indeed, "playing fair"
with the technology. E.g., some fingerprint sensors were augmented
to expect *warmth* in addition to the correct pattern. That,
of cours3e, is easily defeated. OK, so look for a *pulse*.
That *too* is defeatable, etc.
And, if you put a human there as an intelligent agent, that
person becomes a weak link in the process (bribes, etc.).
Security is a lot harder than people make it out to be! :<
I still think an unforgeable physical token is the only real
(practical) way to achieve a secure interaction. E.g., I have
friends who carry credit card sized devices that continually update
the "password of the moment" which they must use when accessing
the systems they maintain. Lose the device and you're SOL.
Clock gets out of sync and you're SOL. etc.
> Lab creates fake DNA evidence:
> Scientific American Blog
> http://www.scientificamerican.com/blog/60-second-science/post.cfm?id=lab-creates-fake-dna-evidence-2009-08-18
Yeah, and who wants to use a key that discloses EVERYTHING about you
(as an organism) to anything that *claims* to want "security"?
"Hi, we are protecting your health insurance records with a
key tied to your DNA... (of course, in the process, we will learn
everything about you and decide what ailments you are likely to
contract so we can decide if we want to insure you)"
More information about the tfug
mailing list