-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Gravagno
Sent: Friday, 27 May 2005 12:15
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] UniObjects hack
[snip]
Gerry wrote:
If you're not worried about every shmoe with a password
having access to your system why worry about session
encryption ?
User/password authentication is pretty much the only thing most IT
installations have for access control. When companies start using
biometrics for fingerprint, voice, and retinal scans, things will get
better, but even with this technology, an authorized user IS
authorized when they have valid credentials.
Things will get better?
No, things will get much, MUCH worse!
When someone finds out my password, then to repair the security breach,
I have to change my password.
When someone finds out the magic number which is the encoding of my
fingerprint, then to repair the security breach I have to ... um, no I
can't fix that problem.
But they can't find out the magic number which is the encoding of my
fingerprint, can they?
Wanna bet? Wanna bet your whole bank balance, your drivers licence,
your passport, your whole legal existence on it?
Your soon-to-be issued USA or EU Passport will have an RFID tag in it
containing some biometric information, probably a fingerprint. The RFID
tag is _supposed_ to be readable at ~8inch / 200mm ranges, but it won't
be long before some clever person creates an unobtrusive transmitter /
receiver setup which will do it over ten times the distance.
But it's encrypted you say. This is such valuable information that
it'd be worth throwing a _lot_ of time, money computer hardware at it.
Some of the Eastern European criminal gangs have not only all these, but
access to some very, very smart people, too.
Actually, the encrypted value may be good enough to fool some devices.
Biometrics are a bad, bad, BAD idea
My $0.12 worth
Mike
[snip]
The information contained in this Internet Email message is intended
for the addressee only and may contain privileged information, but not
necessarily the official views or opinions of the New Zealand Defence Force.
If you are not the intended recipient you must not use, disclose, copy or
distribute this message or the information in it.
If you have received this message in error, please Email or telephone
the sender immediately.
---
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/