Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!

From: Greg KH (greg@private)
Date: Tue Sep 03 2002 - 17:18:47 PDT

  • Next message: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"

    On Tue, Sep 03, 2002 at 05:12:50PM -0700, Andrew Plato wrote:
    > 
    > > And the biometric mouse is even easier to spoof, as it is a 
    > > USB device,
    > > and USB is not a secure transport for data (there are free Windows USB
    > > snoopers that people use to reverse engineer Windows USB drivers for
    > > other operating systems.)  So you don't even have to fake up a
    > > fingerprint, you can just send the host "valid" data from your USB
    > > device, and the host thinks you are the correct user.
    > 
    > Oh, well then I guess we should all unplug our mice then and go back to typewriters.
    > 
    > Again, if you have corrupted drivers on your machine, you have bigger
    > problems then spoofed biometrics. Trojans on computers and people
    > swiping coke bottles for fingerprints strikes me as larger problems
    > then merely faulty biometrics.
    
    No, this means I can just walk up to your machine, and plug my mouse in,
    replacing your biometric mouse.  Then when the host asks for the
    biometric info, my mouse sends back the proper info, and access is
    granted.
    
    In short, a broken design :)
    
    See the c't article for more technical info on how to do this if you are
    interested.
    
    thanks,
    
    greg k-h
    



    This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 17:49:37 PDT