Re: [U2] Uniobjects hack {Unclassified}

[Anthony W. Youngman]

In message 
[EMAIL PROTECTED], 
HENDERSON MIKE, MR [EMAIL PROTECTED] writes

Things will get better?
No, things will get much, MUCH worse!
When someone finds out my password, then to repair the security breach,
I have to change my password.

When someone finds out the magic number which is the encoding of my
fingerprint, then to repair the security breach I have to ... um, no I
can't fix that problem.


What about the thieves who carjacked a Merc? Because it was 
biometrically started, they chopped off the driver's finger so they 
didn't need him to start the car.


Cheers,
Wol
--
Anthony W. Youngman [EMAIL PROTECTED]
'Yings, yow graley yin! Suz ae rikt dheu,' said the blue man, taking the
thimble. 'What *is* he?' said Magrat. 'They're gnomes,' said Nanny. The man
lowered the thimble. 'Pictsies!' Carpe Jugulum, Terry Pratchett 1998
Visit the MaVerick web-site - http://www.maverick-dbms.org Open Source Pick
---
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/

RE: [U2] Uniobjects hack {Unclassified}

[HENDERSON MIKE, MR]

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Tony Gravagno
 Sent: Friday, 27 May 2005 12:15
 To: u2-users@listserver.u2ug.org
 Subject: RE: [U2] UniObjects hack
 
[snip]
 
 Gerry wrote:
  If you're not worried about every shmoe with a password
  having access to your system why worry about session
  encryption ?
 
 User/password authentication is pretty much the only thing most IT
 installations have for access control.  When companies start using
 biometrics for fingerprint, voice, and retinal scans, things will get
 better, but even with this technology, an authorized user IS 
 authorized when they have valid credentials.  
Things will get better?
No, things will get much, MUCH worse!
When someone finds out my password, then to repair the security breach,
I have to change my password.

When someone finds out the magic number which is the encoding of my
fingerprint, then to repair the security breach I have to ... um, no I
can't fix that problem.


But they can't find out the magic number which is the encoding of my
fingerprint, can they? 
Wanna bet?  Wanna bet your whole bank balance, your drivers licence,
your passport, your whole legal existence on it?

Your soon-to-be issued USA or EU Passport will have an RFID tag in it
containing some biometric information, probably a fingerprint.  The RFID
tag is _supposed_ to be readable at ~8inch / 200mm ranges, but it won't
be long before some clever person creates an unobtrusive transmitter /
receiver setup which will do it over ten times the distance.

But it's encrypted you say.  This is such valuable information that
it'd be worth throwing a _lot_ of time, money  computer hardware at it.
Some of the Eastern European criminal gangs have not only all these, but
access to some very, very smart people, too.
Actually, the encrypted value may be good enough to fool some devices.


Biometrics are a bad, bad, BAD idea

My $0.12 worth

Mike

[snip]
The information contained in this Internet Email message is intended
for the addressee only and may contain privileged information, but not
necessarily the official views or opinions of the New Zealand Defence Force.
If you are not the intended recipient you must not use, disclose, copy or 
distribute this message or the information in it.

If you have received this message in error, please Email or telephone
the sender immediately.
---
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/