>>I didn't read the discussion, what was it about? Scott found this news story (http://www.washingtonpost.com/wp-dyn/content/article/2007/11/30/AR20071 13002302_pf.html) and thought it was scary.
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 19, 2007 9:50 AM To: Larry Seltzer Cc: Steve Kalman; [email protected] Subject: RE: [funsec] This is scary On Wed, 19 Dec 2007, Larry Seltzer wrote: > Personally, if I were designing a database to store biometrics I would > authenticate it with biometrics. And I really doubt they would allow > the notebooks to update the central database from the field. I'd authenticate it to a level I'd feel comfortable with, biometrics may be one of the tools I'll choose to put into my design.. but I won't buy a biometrics system, I;'d fit it into my whole process. And no, that authentication naturally won't be done against the database it authenticates entry into. Trusting trust, separation. I didn't read the discussion, what was it about? Gadi. > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > [EMAIL PROTECTED] > > > -----Original Message----- > From: Steve Kalman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 19, 2007 8:01 AM > To: Larry Seltzer > Subject: Re: [funsec] This is scary > > If the laptop can be used to update the database, its operator could > put bad-guy biomertics (DNA/fingerprints) on file under your name. > Have fun explaining that to the swat team at your door. > > However good vs bad in these issues is all about risk management. NO > solution will be perfect. The question is whether the benefits > outweigh the monetary and social costs. > > On Dec 19, 2007 6:04 AM, Larry Seltzer <[EMAIL PROTECTED]> wrote: >> So you're saying it's impossible to make wireless communications > secure? >> This is a rather bold statement. I've never heard anyone go that far >> before. >> >> And let's assume the worst, one of the boxes gets stolen and any >> local > >> security features on it fail and there's no way to remotely disable > it. >> What abuse can you do with a fingerprint database? >> >> Larry Seltzer >> eWEEK.com Security Center Editor >> http://security.eweek.com/ >> http://blogs.pcmag.com/securitywatch/ >> Contributing Editor, PC Magazine >> [EMAIL PROTECTED] >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> On Behalf Of scott >> Sent: Tuesday, December 18, 2007 11:52 PM >> To: [email protected] >> >> Subject: Re: [funsec] This is scary >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Linking back to a database through a RF medium is inherently >> insecure.Almost regardless of encryption or RX methods.Satellite, >> notwithstanding. >> MITM,possibly?Corruption of transmitted data? >> >> Also,just getting a hold of a box or laptop could set someone up in a >> bad way!Same as now,only stepped up a notch. >> >> Any thoughts? >> >> Larry Seltzer wrote: >>> Why is it scary? Police have been using fingerprint evidence for >>> about >> >>> 100 years. >>> >>> Larry Seltzer eWEEK.com Security Center Editor >>> http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ >>> Contributing Editor, PC Magazine >>> [EMAIL PROTECTED] >>> >>> >>> -----Original Message----- From: [EMAIL PROTECTED] >>> [mailto:[EMAIL PROTECTED] On Behalf Of scott Sent: >>> Tuesday, December 18, 2007 8:56 PM To: [email protected] Subject: >>> [funsec] This is scary >>> >>> - From the Washington Post >>> http://www.washingtonpost.com/wp-dyn/content/article/2007/11/30/AR20 >>> 07 >>> 11 >>> 3002302_pf.html >>> >>> snip >>> >>> Duong's most recent innovation, the Joint Expeditionary Forensics >>> Facilities (JEFF) project or "lab in a box," analyzes biometrics. >>> It will be delivered to Iraq at the beginning of 2008, the Navy >>> said, to help distinguish insurgents from civilians. >>> >>> "The best missile is worthless if you don't know who to shoot," >>> Duong said. >>> >>> Betro said the military has been scanning the irises and taking the >>> fingerprints of Iraqis, feeding a biometrics data base in West >>> Virginia >>> <http://www.washingtonpost.com/ac2/related/topic/West+Virginia?tid=i >>> nf >>> or >>> mline>. To date, a few ad hoc labs have processed about 85,000 >>> pieces of evidence taken from weapons caches or roadside devices. >>> Duong's mobile forensic labs, with an initial budget of $34 million, > >>> will be deployed all over Iraq. >>> >>> snip >>> >>> Hmmm.When is this going to be in the hands of every cop on the > street? >>> >>> Scott >>> >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> >> >> >> - -- >> <b>redhowlingwolves</b> >> <br>Web:<a href=http://www.hacking-passion.com/> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.6 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFHaKNoxajqy/aNaRsRAm0IAKCbht2jzkBKycMjlmQVntW2DvObFgCfb1p9 >> XU8tv7IVNJgxF9ydpcrNLVU= >> =J/Zh >> -----END PGP SIGNATURE----- >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> > > > > -- > Steve Kalman, JD > SSCP, CISSP-ISSMP, ISSAP > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
