> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony Gravagno > Sent: Friday, 27 May 2005 12:15 > To: [email protected] > Subject: RE: [U2] UniObjects hack [snip] > Gerry wrote: > > If you're not worried about every shmoe with a password > > having access to your system why worry about session > > encryption ? > > User/password authentication is pretty much the only thing most IT > installations have for access control. When companies start using > biometrics for fingerprint, voice, and retinal scans, things will get > better, but even with this technology, an authorized user IS > authorized when they have valid credentials. "Things will get better"? No, things will get much, MUCH worse! When someone finds out my password, then to repair the security breach, I have to change my password.
When someone finds out the magic number which is the encoding of my fingerprint, then to repair the security breach I have to ... um, no I can't fix that problem. But they can't find out the magic number which is the encoding of my fingerprint, can they? Wanna bet? Wanna bet your whole bank balance, your drivers licence, your passport, your whole legal existence on it? Your soon-to-be issued USA or EU Passport will have an RFID tag in it containing some biometric information, probably a fingerprint. The RFID tag is _supposed_ to be readable at ~8inch / 200mm ranges, but it won't be long before some clever person creates an unobtrusive transmitter / receiver setup which will do it over ten times the distance. "But it's encrypted" you say. This is such valuable information that it'd be worth throwing a _lot_ of time, money & computer hardware at it. Some of the Eastern European criminal gangs have not only all these, but access to some very, very smart people, too. Actually, the encrypted value may be good enough to fool some devices. Biometrics are a bad, bad, BAD idea My $0.12 worth Mike [snip] The information contained in this Internet Email message is intended for the addressee only and may contain privileged information, but not necessarily the official views or opinions of the New Zealand Defence Force. If you are not the intended recipient you must not use, disclose, copy or distribute this message or the information in it. If you have received this message in error, please Email or telephone the sender immediately. ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
