[opensuse] Adding biometric security to a computer
I was wondering if it is poosible to add biometrics security to a laptop or computer somehow via a usb finger scanner or whatever. -- Michael S. Dunsavage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
"Michael S. Dunsavage" <mikesd@ptd.net> writes:
I was wondering if it is poosible to add biometrics security to a laptop or computer somehow via a usb finger scanner or whatever.
Yes, check the libthinkfinger package - it's part of 10.2 ;-) Andreas -- Andreas Jaeger, aj@suse.de, http://www.suse.de/~aj/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
On Sat, 2007-03-10 at 18:37 -0500, Michael S. Dunsavage wrote:
I was wondering if it is poosible to add biometrics security to a laptop or computer somehow via a usb finger scanner or whatever. -- Michael S. Dunsavage
AFAIR, there exist even a pam-module (not in the distro) for it... Some laptops (IBM-T43) has a build-in fingerprint reader. HW -- pgp-id: 926EBB12 pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12 Registered linux user: 75761 (http://counter.li.org) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2007-03-10 at 18:37 -0500, Michael S. Dunsavage wrote:
I was wondering if it is poosible to add biometrics security to a laptop or computer somehow via a usb finger scanner or whatever. -- Michael S. Dunsavage
AFAIR, there exist even a pam-module (not in the distro) for it... Some laptops (IBM-T43) has a build-in fingerprint reader. Remember however, that biometric is never a replacement for a password! Fingerprints can be forged/copied It's intended for additional factor for security What you know (password, passphrase, pin, ...) What you have (smartcard, token, ...) What you are (biometric) HW -- pgp-id: 926EBB12 pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12 Registered linux user: 75761 (http://counter.li.org) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-03-22 at 08:42 +0100, Hans Witvliet wrote:
Remember however, that biometric is never a replacement for a password! Fingerprints can be forged/copied
Dunno about that, but they can be stolen, ie, the finger removed from it's owner... I don't like biometrics unless they can prove the owner is alive an undamaged (and make sure the bad guys know that and don't try to fool the system just in case) :-( - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGAoLCtTMYHG2NR9URAgbSAJoDAlSZFaKf7tOWqIJqVXdMzZon7ACgg6Ly njUcC/mzqdXpzkXcKlFoRak= =Of2U -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Donnerstag, 22. März 2007 14:21 schrieb Carlos E. R.:
The Thursday 2007-03-22 at 08:42 +0100, Hans Witvliet wrote:
Remember however, that biometric is never a replacement for a password! Fingerprints can be forged/copied
Dunno about that, but they can be stolen, ie, the finger removed from it's owner... I don't like biometrics unless they can prove the owner is alive an undamaged (and make sure the bad guys know that and don't try to fool the system just in case) :-(
-- Cheers, Carlos E. R. Uhm.. we're talking about laptops, right? For private usage, to make it more difficult to get access to the "lost" files?! We're not talking about a military/scientific/top secret or something similar which is worth beeing killed for, right?
For the later thing I guess I'd prefer a gun next to my head make me reveal the password instead of getting my fingers cut, that's true :D Best regardes Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFGBF7DcHwbW/zlOZoRAkRyAKCQKd+7KYeLnZ8cGFhHVkDMI3ulPgCffOk8 6tOxGzdAbYv9CMzcAgfvRvk= =0VyQ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-03-24 at 00:12 +0100, Michael Skiba wrote:
Dunno about that, but they can be stolen, ie, the finger removed from it's owner... I don't like biometrics unless they can prove the owner is alive an undamaged (and make sure the bad guys know that and don't try to fool the system just in case) :-(
Uhm.. we're talking about laptops, right? For private usage, to make it more difficult to get access to the "lost" files?!
Possibly...
We're not talking about a military/scientific/top secret or something similar which is worth beeing killed for, right?
Credit cards. I heard some thugs already cut fingers to activate some stolen cards. Might be an urban legend, tough. Do you keep bank accounts on your PC?
For the later thing I guess I'd prefer a gun next to my head make me reveal the password instead of getting my fingers cut, that's true :D
Right! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGBHfltTMYHG2NR9URAkrkAKCHh8FkAXSQa/NTf4vqBf+uc9ULiwCfT1ju hLdR6nCNOT80t/ihU5lddok= =XOu8 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 23 March 2007 19:59, Carlos E. R. wrote:
Credit cards. I heard some thugs already cut fingers to activate some stolen cards. Might be an urban legend, tough.
1) It is the case where credit card owner will not complain about stolen card, and wouldn't care for finger. I can imagine only one case where this is possible and in that case avoiding fingerprint technology would not change anything, because mischief already did what he intended and taking finger instead of forcing person to use it is the only way. 2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would. 3) The only case where banks are asking for fingerprint is when you cash paycheck in a employers brank, not yours. Other will refuse to cash it anyway. So how to use finger in the middle of the bank? What is amusing are not creators of urban legend, but people that believe in. Telling stories is what makes our lives not so boring, but believing each story ... BTW, this one is invented by folk that would have more problems to steal accounts if access would be protected with easy to apply and hard to guess technology, instead of "passwords". -- Regards, Rajko. http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-03-24 at 09:00 -0500, Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
I read somewhere that there are, yes; as an experiment, I think. Perhaps I read about it on the ieee Spectrum. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGBUcTtTMYHG2NR9URAqY/AJwNKzvRr4NSP3AQcBV0JBL3F/SMcQCeJZo6 aJQ+bjwm6S9eHpnU0TTOeZc= =wHDF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007 08:43, Carlos E. R. wrote:
The Saturday 2007-03-24 at 09:00 -0500, Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
I read somewhere that there are, yes; as an experiment, I think. Perhaps I read about it on the ieee Spectrum.
Over here Visa is running TV advertisements about how joyous and wonderful your life will be if when you use their fingerprint readers to confirm your Visa card purchases. It's also brings the joyful spending of money by everyone around you to a screeching, grinding halt if you pay with cash. It makes me gag...
-- Cheers, Carlos E. R.
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2007-03-24 at 08:54 -0700, Randall R Schulz wrote:
Over here Visa is running TV advertisements about how joyous and wonderful your life will be if when you use their fingerprint readers to confirm your Visa card purchases. It's also brings the joyful spending of money by everyone around you to a screeching, grinding halt if you pay with cash.
I have stopped using credit cards. Some one duplicated my late father credit card and stole us 1200 Eur in two days, the maximum for the card. The bank refused to return the money back and we had to fight for it for months, and we only got about 60% back (we did not want to go to court). They used some kind of reader piggybacked on the bank hole on the wall. Agreed, biometric data would stop that kind of theft, probably (so would a smart chip, instead of a magnetic strip; but as they are more expensive banks don't use them). But I don't trust it. I trust the bad guys less, they will invent something else to part us from our money. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGBU4OtTMYHG2NR9URAsItAJ9vC+MEU2IQ1c6DkjU/5DWanDoL/wCcDWqe FsCnrjfqK/jMl20i5TYTm5k= =SMZT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007 11:13, Carlos E. R. wrote:
I trust the bad guys less, they will invent something else to part us from our money.
They are always resourcefull and there was no method that they didn't found "workaround". The goal is to prevent majority of them that would like to take money, if it is not too risky or not too hard. It is the same in other activities, people dedicated to reach a goal can make others wonder what is possible. There is plenty of examples that anyone can cite. So, biometric security in this case trough fingerprintting is basically yes. The only question is how much money to spend to protect the rest. -- Regards, Rajko. http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007, Carlos E. R. wrote:
I have stopped using credit cards.
Some one duplicated my late father credit card and stole us 1200 Eur in two days, the maximum for the card. The bank refused to return the money back and we had to fight for it for months, and we only got about 60% back (we did not want to go to court).
Well we had a similar incident this very week. But to show you the difference between banks and card companies, the first person to spot fraudulent use of our card was the credit card company. They called us, can informed us the card number was used fraudulently in different places, and they had canceled the card and we would have a new one by express delivery the next day. We were stuck with no charges at all. Their computers detected unusual buying practices, and kicked it out for review by humans. Scarry to some I suppose. The particular Fraudster scam that was done goes something like this... Somehow get the card number and name/address and three digit code, probably by breaking into some on-line web site where a legitimate purchase was made... Visit a Best-Buy web site, and order a bunch of stuff, then check the box saying you will pick it up at so-and-such branch. So-and-such branch do not check that carefully, and deliver the goods to anyone having the print out of the on-line receipt that matches their computerized order. Best Buy is being heavily leaned on to dis-continue this practice but so far they think its worth it to them to eat the fraud loss. -- _____________________________________ John Andersen
On Saturday 2007-03-24 11:43, Carlos E. R. wrote:
The Saturday 2007-03-24 at 09:00 -0500, Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
I read somewhere that there are, yes; as an experiment, I think. Perhaps I read about it on the ieee Spectrum.
I know of a few universities that have moved to fingerprint identification for students. The reader network is established in the libraries, cafeterias, snack bars book stores, and a growing number of establishments off campus. The students don't need their ID cards to check out books, get fed on campus, and they don't need to carry cash for purchases. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007 19:40, Ken Jennings wrote:
On Saturday 2007-03-24 11:43, Carlos E. R. wrote:
The Saturday 2007-03-24 at 09:00 -0500, Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
I read somewhere that there are, yes; as an experiment, I think. Perhaps I read about it on the ieee Spectrum.
I know of a few universities that have moved to fingerprint identification for students. The reader network is established in the libraries, cafeterias, snack bars book stores, and a growing number of establishments off campus. The students don't need their ID cards to check out books, get fed on campus, and they don't need to carry cash for purchases.
And who will try to pull out someones finger in the middle of cafeteria ;-) -- Regards, Rajko. http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
Fingerprint readers are not foolproof. I remember reading an article not long ago where some researchers took impressions of people's fingers and made fake fingerprints out of gelatin. They fooled several popular fingerprint reading devices. This worries me because fingerprint technology effectively relies on a secret "password" that cannot be changed. If someone finds out your PIN, you can always change it. If someone steals your fingerprints, you're stuck. Over-reliance on biometrics may create more problems than it solves. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007, David Brodbeck wrote:
If someone steals your fingerprints, you're stuck. Over-reliance on biometrics may create more problems than it solves.
Not as long as I have one more finger. I can always start using a different finger for the reader. The replication of the finger print is a bit beyond the skills of the ordinary snatch-n-run artist. Some one has been watching too much CSI: Miami. But for those one-in-a-million thiefs that used to work for the CIA or the KGB and who passed their finger print replication class, I would have to concede that when they ripped off my laptop they also got a complete set of my prints thrown in for free. -- _____________________________________ John Andersen
John Andersen wrote:
The replication of the finger print is a bit beyond the skills of the ordinary snatch-n-run artist. Some one has been watching too much CSI: Miami.
You can dismiss it if you want, but it's been demonstrated using fairly crude materials and methods. For example: http://www.dansdata.com/uareu.htm -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 25 March 2007, David Brodbeck wrote:
John Andersen wrote:
The replication of the finger print is a bit beyond the skills of the ordinary snatch-n-run artist. Some one has been watching too much CSI: Miami.
You can dismiss it if you want, but it's been demonstrated using fairly crude materials and methods. For example: http://www.dansdata.com/uareu.htm
I will in fact dismiss it. Until my lap top goes missing. At which time I will immediately provide the police with a list of ALL the people who I allowed to take a putty mold of my fingers. Come on David!!! -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
On Sunday 25 March 2007, David Brodbeck wrote:
You can dismiss it if you want, but it's been demonstrated using fairly crude materials and methods. For example: http://www.dansdata.com/uareu.htm
I will in fact dismiss it.
Until my lap top goes missing.
At which time I will immediately provide the police with a list of ALL the people who I allowed to take a putty mold of my fingers.
What you're missing is that the same technique has been successfully done using only a latent print lifted from an object. So you don't need to let someone take a putty mold of your finger -- they can lift your prints off any object you've handled. This does not take NSA-level skills or materials. The method is detailed in some of the articles linked from that page. Now, it's quite likely that this level of security is plenty high enough to protect data on your laptop, but I submit it's a bad idea to use something like this instead of a PIN to authenticate banking transactions, as was suggested earlier in the thread. And yet, I know of at least one check cashing service that's using the same thumbprint reader mentioned in the article as proof of ID. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 March 2007, David Brodbeck wrote:
What you're missing is that the same technique has been successfully done using only a latent print lifted from an object.
Not according to that article. That article described a method any Jr High school student could master. Lifting a print and then embedding that print into a putty mold takes significantly more skill and training than the average snatch/grab artist is likely to muster. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Lifting a print and then embedding that print into a putty mold takes significantly more skill and training than the average snatch/grab artist is likely to muster.
I think the method involved using the latent print to etch a PC board, then taking the mold off that. This is sophisticated, true, but it doesn't involve any materials that an average person can't get their hands on or any skills an average person can't master. It's not just snatch/grab thugs you have to worry about. Identity theft has gotten pretty sophisticated. Once your fingerprints are compromised you can't change them, and the assumption is going to be that you authorized whatever the crook did...after all, the reader read your fingerprint, right? By contrast, a PIN can easily be changed if it's compromised. I fear that if biometrics become widespread we'll have the same problems with them that we currently have with SSNs. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-26 at 18:25 -0700, David Brodbeck wrote:
John Andersen wrote:
Lifting a print and then embedding that print into a putty mold takes significantly more skill and training than the average snatch/grab artist is likely to muster.
I think the method involved using the latent print to etch a PC board, then taking the mold off that. This is sophisticated, true, but it doesn't involve any materials that an average person can't get their hands on or any skills an average person can't master.
About a month or so ago the police arrested a gang that made a sophisticated device to put on top of bank on the wall holes or however you call them. You know, you push your car into a slot, you type your pin, and you get your money. Well, the trick is to put a fake reader on top of the legitimate reader so well designed that you don't notice. Plus, they place a miniature web camera pointing at the keyboard to read your pin. Later, they remove both and retrieve the data, or they already got the data through a radio link. Later, they use the data to duplicate the credit cards, and finally, they separate you from your money. Well, this gang manufactured so good devices that they did an extra business out of selling the devices... This is not SciFi, it is happening. My father was stolen 1200 eur this way. And it is a sophisticated method. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGCHjLtTMYHG2NR9URAk4bAJ4jbUE8dTGFGPWCyy6hUfdYwxGKdwCffe89 Gd1NKaBOYUBgY6SLvKlwrMk= =LKV5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2007-03-27 at 03:52 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2007-03-26 at 18:25 -0700, David Brodbeck wrote:
John Andersen wrote:
Lifting a print and then embedding that print into a putty mold takes significantly more skill and training than the average snatch/grab artist is likely to muster.
I think the method involved using the latent print to etch a PC board, then taking the mold off that. This is sophisticated, true, but it doesn't involve any materials that an average person can't get their hands on or any skills an average person can't master.
About a month or so ago the police arrested a gang that made a sophisticated device to put on top of bank on the wall holes or however you call them. You know, you push your car into a slot, you type your pin, and you get your money. Well, the trick is to put a fake reader on top of the legitimate reader so well designed that you don't notice. Plus, they place a miniature web camera pointing at the keyboard to read your pin. Later, they remove both and retrieve the data, or they already got the data through a radio link. Later, they use the data to duplicate the credit cards, and finally, they separate you from your money.
Well, this gang manufactured so good devices that they did an extra business out of selling the devices... This is not SciFi, it is happening. My father was stolen 1200 eur this way. And it is a sophisticated method.
As seen on CSI. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-26 at 23:42 -0400, Mike McMullin wrote:
Well, this gang manufactured so good devices that they did an extra business out of selling the devices... This is not SciFi, it is happening. My father was stolen 1200 eur this way. And it is a sophisticated method.
As seen on CSI.
I suffered it first hand before seeing it on CSI - which in fact, I haven't. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGCOYHtTMYHG2NR9URAhL8AJ0TtCwCA/H1vLQtAaoj6BTQjBzQ8gCfZLrn LcS8xwO4eBCYqi9eAlDUIws= =+ag2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
About a month or so ago the police arrested a gang that made a sophisticated device to put on top of bank on the wall holes or however you call them. You know, you push your car into a slot, you type your pin, and you get your money. Well, the trick is to put a fake reader on top of the legitimate reader so well designed that you don't notice. Plus, they place a miniature web camera pointing at the keyboard to read your pin. Later, they remove both and retrieve the data, or they already got the data through a radio link. Later, they use the data to duplicate the credit cards, and finally, they separate you from your money.
Well, this gang manufactured so good devices that they did an extra business out of selling the devices... This is not SciFi, it is happening. My father was stolen 1200 eur this way. And it is a sophisticated method.
That's apparently happened more than once in the U.S. In another scam, the perpetrator went so far as to set up an entire fake ATM in a mall. It skimmed card data and PIN numbers, which he'd then come back and download to a laptop later, in the guise of doing maintenance on the machine. He was eventually caught when someone complained to the mall management about the ATM that always seemed to be out of cash. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-26 at 21:27 -0700, David Brodbeck wrote:
Well, this gang manufactured so good devices that they did an extra business out of selling the devices... This is not SciFi, it is happening. My father was stolen 1200 eur this way. And it is a sophisticated method.
That's apparently happened more than once in the U.S.
It's happening a lot here in Spain (dunno about the rest of Europe). Just that the case I told about the making was specially sophisticated.
In another scam, the perpetrator went so far as to set up an entire fake ATM in a mall. It skimmed card data and PIN numbers, which he'd then come back and download to a laptop later, in the guise of doing maintenance on the machine. He was eventually caught when someone complained to the mall management about the ATM that always seemed to be out of cash.
How daring! X-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGCOWbtTMYHG2NR9URApe6AJ46tRgekn3uV/gqZN3O+OQAH4K9mwCghrKN 1Ryh94YdOBO+ttHUI0quBgs= =oZ6B -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 26 March 2007, David Brodbeck wrote:
It's not just snatch/grab thugs you have to worry about. Identity theft has gotten pretty sophisticated.
Agreed. Sophisticated enough not to have to steal your lap top to get what they want. Unless combined with full disc encryption finger print readers are likely just as secure as pins for the purpose of securing your laptop. Lets make at least a minimal attempt to keep this thread on track. It has nothing at all to do with identity theft. It is concerned with biometric security on a computer, laptop or otherwise. Pins, passwords and readers are first line defenses only. Once they have your laptop you are screwed. Until you cough up the money for full disk encryption it makes no sense to get all hot and bothered about finger print readers. http://www.seagate.com/www/en-us/products/laptops/momentus/momentus_5400_fde... -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-03-27 at 00:47 -0800, John Andersen wrote:
Unless combined with full disc encryption finger print readers are likely just as secure as pins for the purpose of securing your laptop.
Absolutely. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGCOhttTMYHG2NR9URAnkvAJ9bH/q+CdPWi+gu/ng1d8vzTjU7awCgkKgZ mDGJOPjYSLjuvfeYcSSapDk= =Wfwl -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2007-03-27 at 11:48 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2007-03-27 at 00:47 -0800, John Andersen wrote:
Unless combined with full disc encryption finger print readers are likely just as secure as pins for the purpose of securing your laptop.
Absolutely.
I wonder whether the British bank that lost a laptop last week with 13000 customer records on it has even thought of any of this? It also begs the question why the hell this information was even on a laptop in a car? -- Dave Cotton <dcotton@linuxautrement.com> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 27 March 2007, Dave Cotton wrote:
On Tue, 2007-03-27 at 11:48 +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Tuesday 2007-03-27 at 00:47 -0800, John Andersen wrote:
Unless combined with full disc encryption finger print readers are likely just as secure as pins for the purpose of securing your laptop.
Absolutely.
I wonder whether the British bank that lost a laptop last week with 13000 customer records on it has even thought of any of this? It also begs the question why the hell this information was even on a laptop in a car?
Well, Full Drive Encryption (built into the drive hardware) is brand spanking new. There has been ways to do this after market, but these drives make it easy because your OS never realizes the drive is encrypted. Its all taken care of in hardware. I presume there is some boot time password requested, but I've never seen one of these yet. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Dave Cotton wrote:
It also begs the question why the hell this information was even on a laptop in a car?
Outsourcing? Outside audits? The company I work for is publicly traded and we're required to have an outside company audit our books. They arrive en masse with...you guessed it...laptops, which they proceed to enter our information into... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
An African charity my church works does micro loans to help really small businesses. These are not cash but small bank accounts secured with cards, passwords and fingerprint readers which also check for a pulse. This last eliminating the cut finger risk and well publicized to save the customers from both kinds of loss. I do not know if they use OS2 for the bank computer or Linux likely the former due to obscurity. -- ___ _ _ _ ____ _ _ _ | | | | [__ | | | |___ |_|_| ___] | \/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 24 March 2007 13:34, David Brodbeck wrote:
Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
Fingerprint readers are not foolproof. I remember reading an article not long ago where some researchers took impressions of people's fingers and made fake fingerprints out of gelatin. They fooled several popular fingerprint reading devices. This worries me because fingerprint technology effectively relies on a secret "password" that cannot be changed. If someone finds out your PIN, you can always change it. If someone steals your fingerprints, you're stuck. Over-reliance on biometrics may create more problems than it solves.
This was done on a popular show "Mythbusters". They are not accomplished crooks but figured out how to do it in a short period of time. They did not reveal the information on how they managed to defeat the reader, but the manufacturer did claim it was foolproof, guess not. One way or another information on new technology gets leaked and it gets busted.. Mike -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
ka1ifq wrote:
On Saturday 24 March 2007 13:34, David Brodbeck wrote:
Rajko M. wrote:
2) Is there any bank that is asking for such identification for credit cards? There will be no so much problems with stolen identities if they would.
Fingerprint readers are not foolproof. I remember reading an article not long ago where some researchers took impressions of people's fingers and made fake fingerprints out of gelatin. They fooled several popular fingerprint reading devices. This worries me because fingerprint technology effectively relies on a secret "password" that cannot be changed. If someone finds out your PIN, you can always change it. If someone steals your fingerprints, you're stuck. Over-reliance on biometrics may create more problems than it solves.
This was done on a popular show "Mythbusters". They are not accomplished crooks but figured out how to do it in a short period of time. They did not reveal the information on how they managed to defeat the reader, but the manufacturer did claim it was foolproof, guess not. One way or another information on new technology gets leaked and it gets busted..
As I understand it all you need is super glue, a bit of plastic and a glass with the targets dabs to get an impression. Transferring the impression to a an object is a little more tricky. For more sophisticated readers the object may need to heated to blood temperature. Foolproof security is a bit like like the myth of the unsinkable ship. Once human ingenuity (or incompetence) enters the equation anything can happen (and often does). :-)
Mike
On Monday 26 March 2007 03:14, G.T.Smith wrote:
Foolproof security is a bit like like the myth of the unsinkable ship.
Exactly. The point of security measures is to limit the number of those that can sink the ship or have economic interest to do that. -- Regards, Rajko. http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (15)
-
Andreas Jaeger -
Carl William Spitzer IV -
Carlos E. R. -
Dave Cotton -
David Brodbeck -
G.T.Smith -
Hans Witvliet -
John Andersen -
ka1ifq -
Ken Jennings -
Michael S. Dunsavage -
Michael Skiba -
Mike McMullin -
Rajko M. -
Randall R Schulz