I've read that article before, and agree that it is a good read. I didnt realize thats what you meant, because I dont concider that a realistic proposal to the threat - especially giving what you are potentially asking of the general public. The threat, as I addressed it in my initial reply, is that a common-style key can be copied in an automated fashion via photographs. As an current example: A key factor in a lot of identity theft that happens with "skimmers" also incorporates video surveillance to steal pins, zip codes, etc, to be used with the skim-copied card. Surveillance could similarly be set up at residences and other building egresses to capture images of keys for duplication. Let alone that people casually place their keys down all the time.
Perhaps I'm misreading the situation, but this is what I see as the worst aspect of the threat - particularly because I see no need for physical possession. -- Espi On Wed, Jul 30, 2014 at 11:52 PM, Ken Schaefer <[email protected]> wrote: > A simple solution would be not to give your keys out to untrusted parties > > > > Fwiw, the Technet article was written by Steve Riley: "It's Me, and Here's > My Proof: Why Identity and Authentication Must Remain Distinct" - it's a > good article, worth reading. > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Thursday, 31 July 2014 4:42 PM > > *To:* ntsysadm > *Subject:* Re: [NTSysADM] This was inevitable, but it's still a good > reminder > > > > I'm sorry, what exactly was your proposal? Was it the technet article? I > didnt read it. > > > -- > Espi > > > > > > On Wed, Jul 30, 2014 at 9:13 PM, Ken Schaefer <[email protected]> wrote: > > So, what's wrong with my proposal? You didn't address that anywhere, > unless I've missed it somehow. > > > > (leaving aside the issue of traditional lock picking, which has been an > issue, or non-issue, for years) > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Thursday, 31 July 2014 1:34 PM > > > *To:* ntsysadm > *Subject:* Re: [NTSysADM] This was inevitable, but it's still a good > reminder > > > > I'm referring specifically to the standard types of keys that are used by > consumers for thier private property. Current common door locks/keys are > decreasingly viable as a security solution, and have been for years. If a > common key can now be duplicated via automation simply by a series of > pictures, then its really time to put this antiquated system to rest. Keys > need to become more complex. Its not that I have issue with the concept of > physical keys - its a problem with the low-tech variations of common locks > that are still so prevalent around the world. > > "Authentication" issues aside, the typical mechanical systems are still > not complex enough to prevent basic lock-picking methods. And now, we are > subject to duplication by photograph? I think this is a horrendous turn of > events. Cool tech, but how utterly exploitable on a massive scale. People > are already subject to video-based types of identity theft. Now, I would > speculate, that we can welcome breaking and entering. > > > -- > Espi > > > > > > On Wed, Jul 30, 2014 at 7:14 PM, Ken Schaefer <[email protected]> wrote: > > Why do they "have to go"? Keys are a physical authenticator (something > you have). You give it to someone else, and you run the risk of it being > cloned or otherwise compromised. A simple solution would be not to give > your keys out to untrusted parties... > > > > I think the fundamental issues with using current keys is that there's no > separation between identity and authenticator. Just like using your CC > number online: http://technet.microsoft.com/en-us/library/cc512578.aspx > is an old article, but still applies. Not to mention the lack of simple > revocation mechanisms, audit capabilities etc. J > > > > Cheers > > Ken > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Thursday, 31 July 2014 11:11 AM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] This was inevitable, but it's still a good > reminder > > > > It was inevitable. Locks and keys as they have existed for decades simply > have to go. > > > -- > Espi > > > > > > On Tue, Jul 29, 2014 at 7:17 AM, Kurt Buff <[email protected]> wrote: > > Physical security is just as important as computing security > http://www.wired.com/2014/07/keyme-let-me-break-in/ > > > > > > >
