[Tfug] Why would *anyone* leave a door open?

Jordan Aberle jordan.aberle at gmail.com
Fri Aug 28 18:11:03 MST 2009


Yes, thats a good security measure, a temporary password that can only be
used for a few seconds.  Even blizzard uses that for some of their games to
prevent accounts from being compromised by keyloggers.
http://www.blizzard.com/store/details.xml?id=1100000622

On Fri, Aug 28, 2009 at 6:06 PM, Bexley Hall <bexley401 at yahoo.com> wrote:

> > > It will be nice when we can access all of our stuff with a
> > > fingerprint / eye scan / blood sample combination. Nothing like
> > > getting pricked by a needle to check my email. mmm
> >
> > And then a fake fingerprint will be
> > all that is needed to get at your life.
>
> > Gummi bears defeat fingerprint
> > sensors • The Register
> >
> http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
>
> Exactly.  Biometrics are yet another example of "false security".
> It is apparently much harder to come up with a biometric that
> can be reliably "interpreted" without having some human (intelligent
> agent) there to verify that the user is, indeed, "playing fair"
> with the technology.  E.g., some fingerprint sensors were augmented
> to expect *warmth* in addition to the correct pattern.  That,
> of cours3e, is easily defeated.  OK, so look for a *pulse*.
> That *too* is defeatable, etc.
>
> And, if you put a human there as an intelligent agent, that
> person becomes a weak link in the process (bribes, etc.).
>
> Security is a lot harder than people make it out to be!  :<
> I still think an unforgeable physical token is the only real
> (practical) way to achieve a secure interaction.  E.g., I have
> friends who carry credit card sized devices that continually update
> the "password of the moment" which they must use when accessing
> the systems they maintain.  Lose the device and you're SOL.
> Clock gets out of sync and you're SOL.  etc.
>
> > Lab creates fake DNA evidence:
> > Scientific American Blog
> >
> http://www.scientificamerican.com/blog/60-second-science/post.cfm?id=lab-creates-fake-dna-evidence-2009-08-18
>
> Yeah, and who wants to use a key that discloses EVERYTHING about you
> (as an organism) to anything that *claims* to want "security"?
> "Hi, we are protecting your health insurance records with a
> key tied to your DNA... (of course, in the process, we will learn
> everything about you and decide what ailments you are likely to
> contract so we can decide if we want to insure you)"
>
>
>
>
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20090828/6fed060e/attachment-0002.html>


More information about the tfug mailing list