Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!

From: Greg KH (greg@private)
Date: Tue Sep 03 2002 - 16:58:07 PDT

  • Next message: Greg KH: "Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"

    On Tue, Sep 03, 2002 at 03:08:17PM -0700, Crispin Cowan wrote:
    > Andrew Plato wrote:
    > 
    > >I'll have a cool BIOMETRIC mouse on display and if our wireless router is 
    > >working I can demo its use on the Internet. 
    > At the risk of further aggevating Andrew ... IMHO, biometric 
    > authentication for computer systems are bogus snake oil. It's a theorem 
    > that your fingerprints are all over your desk (coffee cups, soda cans, 
    > pens, even the big greasy fingerprints on the screen :) so it is 
    > actually much *easier* for a bad guy to snarf your fingerprint than your 
    > password. See here for how easy it is to spoof a fingerprint scanner 
    > http://www.counterpane.com/crypto-gram-0205.html#5
    
    And the biometric mouse is even easier to spoof, as it is a USB device,
    and USB is not a secure transport for data (there are free Windows USB
    snoopers that people use to reverse engineer Windows USB drivers for
    other operating systems.)  So you don't even have to fake up a
    fingerprint, you can just send the host "valid" data from your USB
    device, and the host thinks you are the correct user.
    
    {sigh}
    
    When will people learn...
    
    greg k-h
    



    This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 17:25:39 PDT