Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!

From: Greg KH (greg@private)
Date: Tue Sep 03 2002 - 21:00:39 PDT

Next message: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"

Previous message: Crispin Cowan: "Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
In reply to: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
Next in thread: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Sep 03, 2002 at 05:33:33PM -0700, Andrew Plato wrote:
> 
> > No, this means I can just walk up to your machine, and plug 
> > my mouse in,
> > replacing your biometric mouse.  Then when the host asks for the
> > biometric info, my mouse sends back the proper info, and access is
> > granted.
> 
> Actually no - that isn't how the Biolink biometric system system works
> (that's the one we sell). The templates for prints are not stored
> anywhere on the mouse. They are stored within the actual computer or
> within a secured network appliance. Even if you stole the templates
> off the computer, you couldn't just input them into any old computer -
> you would have know the private key / template combination to use as
> well as pass in a live print.

Ok, I looked at the marketing stuff for this device, and it is different
from the device I have looked at previously.  Sorry for jumping to
conclusions.  But marketing fluff is often much different than reality.

> > In short, a broken design :)
> 
> Yes, but what you describe is not how the biometric system we sell works. 
> 
> > See the c't article for more technical info on how to do this 
> > if you are interested.
> 
> I've read it. Its fascinating. We've tried it at work. Its not that
> easy to do. You have to be pretty commited and have resources at your
> disposal. But that's true of virtually ALL hacking activities. 

Heh, ok then, I imagine that you would have no problem a Linux driver
being created for this device?  When I asked the previously alluded to
company, they rebuffed me saying, "We can not reveal our proprietary USB
protocol, so no Linux driver can be written."  I am pretty sure that the
c't article refers to this device, and points out all of the problems
that I stated (you can't hide USB data...)

So would you mind me writing a Linux driver?  If what you say is true
about the protocol and design of the system, an open-source driver would
do a lot to make people feel better about such products.  If you aren't
the person to talk to about this, do you know who I can talk to?

And yes, I have a bit of USB and Linux experience... :)

thanks,

greg k-h

Next message: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
Previous message: Crispin Cowan: "Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
In reply to: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
Next in thread: Andrew Plato: "RE: CRIME REMINDER: Free Seminar on Computer Security tomorrow!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 03 2002 - 21:45:48 PDT