Security Basics mailing list archives
RE: Biometric question
From: "Bryan E. Glancey" <bryan.glancey () epstechnology com>
Date: Fri, 8 Nov 2002 17:02:03 -0600
I have to say I disagree with the previous posting that Biometrics are not ready for prime time. We, in the United States, have been all too slow in the adoption of security procedures and privacy policy. The unfortunate events that have befallen our country have merely awakened concerns to where they should be. I have visited a large portion of the Fortune 500 over my career and I and consistently amazed by the neglect of information security in common business planning. There are several very viable implementations of strong two-factor authentication. Biometrics like those offered by http://www.bionetrix.com/ And many others - are viable for many enterprise applications. The only caveat to implementing these solutions is that they should be part of a Security Policy, and they should be used solely as a gadget. The security is only as good as the implementation. Bryan Glancey bryan.glancey () epstechnology com Manager of Security Solutions EPS Technology 999 Executive Parkway Drive St. Louis, MO 63141 USA http://www.epsione.com/ 314-205-2300 314-205-2303 fax -----Original Message----- From: Kenneth W. Kubiak [mailto:kkubiak () bflohearspeech org] Sent: Thursday, November 07, 2002 1:31 PM To: msconzo () tamu edu; security-basics () security-focus com Subject: RE: Biometric question Felix, In short, I'm not sold on ANY biometrics security solutions. It just seems that, particularly since the 9/11 attacks in the U.S., that we've tried to move too fast in implementing these sort of high-tech solutions that we aren't entirely sure how they work, if indeed they work at all. I'd heard something similar about fingerprint scanners, but I just couldn't remember how they were fooled. Go figure... we spend hundreds of thousands of dollars on developing a new technology like that, only to have it fooled by something you can buy with spare change from a vending machine! Anyway, I remember reading not too long ago, that facial recognition scanners could be fooled something like two-thirds of the time by holding a laptop screen up to the scanner from a few feet away that produced a low-res image of the person to be authenticated. Unfortunately I can't find the article at present - but I wouldn't think facial recognition's the way to go either. I think if you're planning on implementing a biometrics solution, that it should be supplemented with the conventional password backup, or at least a secondary biometrics solution. Ken -----Original Message----- From: Michael Sconzo [mailto:msconzo () tamu edu] Sent: Thursday, November 07, 2002 12:13 PM To: security-basics () security-focus com Subject: RE: Biometric question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One of the more memorable things that I have read about fingerprint scanners is: http://www.counterpane.com/crypto-gram-0205.html#5 You can basically fake a fingerprint biometric machine with a gummi bear. If I remember correctly, the majority of fingerprint scanners are vulnerable to this type of attack. One of the big things to look for is one that samples SHAPES not POINTS, and remember the more the merrier. As for other types of biometrics, I am not too sure, hopefully somebody else can shed some light on those. - -mike - -----Original Message----- From: Felix Cuello [mailto:felix () qodiga com] Sent: Wednesday, November 06, 2002 1:27 PM To: security-basics () security-focus com Subject: Biometric question Hello list! I will work in a project where phisical security will be based on biometrics, in fact only will be based on fingerprints biometric. How secure are fingerprints?, what biometric are more secure? (voice, eye, ??? what else). I'm not a security expert :-) Thanks a lot, Felix [my english is bad... please sorry :-)] - -- Felix Cuello felix () qodiga com Qodiga/its Av.Santa Fe 882 P.13 Of. "E" C.P. ABP1059C Tel.: (54) 011 - 4312-1698 Buenos Aires - Argentina -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy DzeFhJhhlLBeyqWGS/NABATs =kUtf -----END PGP SIGNATURE-----
Current thread:
- Re: Biometric question, (continued)
- Re: Biometric question Blake Girardot (Nov 09)
- Re: Biometric question Felix Cuello (Nov 09)
- Re: Biometric question ktyler (Nov 07)
- Re: Biometric question Johan De Meersman (Nov 08)
- Re: Biometric question Meritt James (Nov 09)
- Re: Biometric question Konrad Rzeszutek (Nov 08)
- Re: Biometric question ATD (Nov 09)
- Re: Biometric question Johan De Meersman (Nov 08)
- RE: Biometric question Bryan E. Glancey (Nov 07)
- RE: Biometric question Vince Hillier (Nov 08)
- RE: Biometric question Naveed Ahmed (Nov 09)
- RE: Biometric question Bryan E. Glancey (Nov 09)
- R: Biometric question Alessandro Bottonelli (Nov 11)
- RE: Biometric question dporter (Nov 09)
- RE: Biometric question Nero, Nick (Nov 09)
- RE: Biometric Question Cage Uber (Nov 10)
- Biometric question Jacob Kitchel (Nov 11)
- Re: Biometric question Blake Girardot (Nov 09)