Security Basics mailing list archives

RE: Biometric question

From: "Bryan E. Glancey" <bryan.glancey () epstechnology com>
Date: Fri, 8 Nov 2002 17:02:03 -0600

I have to say I disagree with the previous posting that Biometrics are
not ready for prime time.
  We, in the United States, have been all too slow in the adoption of
security procedures and privacy policy. The unfortunate events that have
befallen our country have merely awakened concerns to where they should
be.
        I have visited a large portion of the Fortune 500 over my career
and I and consistently amazed by the neglect of information security in
common business planning.

        There are several very viable implementations of strong
two-factor authentication. Biometrics like those offered by
http://www.bionetrix.com/
And many others - are viable for many enterprise applications.
        
        The only caveat to implementing these solutions is that they
should be part of a Security Policy, and they should be used solely as a
gadget. The security is only as good as the implementation.



Bryan Glancey
bryan.glancey () epstechnology com
Manager of Security Solutions
EPS Technology
999 Executive Parkway Drive 
St. Louis, MO 63141 USA
http://www.epsione.com/
314-205-2300
314-205-2303 fax



-----Original Message-----
From: Kenneth W. Kubiak [mailto:kkubiak () bflohearspeech org] 
Sent: Thursday, November 07, 2002 1:31 PM
To: msconzo () tamu edu; security-basics () security-focus com
Subject: RE: Biometric question

Felix,

In short, I'm not sold on ANY biometrics security solutions.  It just
seems
that, particularly since the 9/11 attacks in the U.S., that we've tried
to
move too fast in implementing these sort of high-tech solutions that we
aren't entirely sure how they work, if indeed they work at all.  I'd
heard
something similar about fingerprint scanners, but I just couldn't
remember
how they were fooled.  Go figure... we spend hundreds of thousands of
dollars on developing a new technology like that, only to have it fooled
by
something you can buy with spare change from a vending machine!  Anyway,
I
remember reading not too long ago, that facial recognition scanners
could be
fooled something like two-thirds of the time by holding a laptop screen
up
to the scanner from a few feet away that produced a low-res image of the
person to be authenticated.  Unfortunately I can't find the article at
present - but I wouldn't think facial recognition's the way to go
either.  I
think if you're planning on implementing a biometrics solution, that it
should be supplemented with the conventional password backup, or at
least a
secondary biometrics solution.

Ken

-----Original Message-----
From: Michael Sconzo [mailto:msconzo () tamu edu]
Sent: Thursday, November 07, 2002 12:13 PM
To: security-basics () security-focus com
Subject: RE: Biometric question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the more memorable things that I have read about fingerprint
scanners is:
http://www.counterpane.com/crypto-gram-0205.html#5

You can basically fake a fingerprint biometric machine with a gummi
bear.  If I remember correctly, the majority of fingerprint scanners
are vulnerable to this type of attack. One of the big things to look
for is one that samples SHAPES not POINTS, and remember the more the
merrier.

As for other types of biometrics, I am not too sure, hopefully
somebody else can shed some light on those.

- -mike


- -----Original Message-----
From: Felix Cuello [mailto:felix () qodiga com]
Sent: Wednesday, November 06, 2002 1:27 PM
To: security-basics () security-focus com
Subject: Biometric question



Hello list!

   I will work in a project where phisical security will be based on
   biometrics, in fact only will be based on fingerprints biometric.

   How secure are fingerprints?, what biometric are more secure?
(voice,
   eye, ??? what else).

   I'm not a security expert :-)

   Thanks a lot,

   Felix
   [my english is bad... please sorry :-)]

- --
Felix Cuello
felix () qodiga com

Qodiga/its
Av.Santa Fe 882 P.13 Of. "E"
C.P. ABP1059C
Tel.: (54) 011 - 4312-1698
Buenos Aires - Argentina

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPcqfKy76iJsaBRvcEQJ4GQCg8IIGDvldPOk6Bll7RV8spScjPDAAoPuy
DzeFhJhhlLBeyqWGS/NABATs
=kUtf
-----END PGP SIGNATURE-----

Current thread:

Re: Biometric question, (continued)
- Re: Biometric question Blake Girardot (Nov 09)
  - Re: Biometric question Felix Cuello (Nov 09)
- Re: Biometric question ktyler (Nov 07)
  - Re: Biometric question Johan De Meersman (Nov 08)
    - Re: Biometric question Meritt James (Nov 09)
  - Re: Biometric question Konrad Rzeszutek (Nov 08)
  - Re: Biometric question ATD (Nov 09)
- RE: Biometric question Bryan E. Glancey (Nov 07)
- RE: Biometric question Vince Hillier (Nov 08)
  - RE: Biometric question Naveed Ahmed (Nov 09)
- RE: Biometric question Bryan E. Glancey (Nov 09)
  - R: Biometric question Alessandro Bottonelli (Nov 11)
- RE: Biometric question dporter (Nov 09)
- RE: Biometric question Nero, Nick (Nov 09)
- RE: Biometric Question Cage Uber (Nov 10)
- Biometric question Jacob Kitchel (Nov 11)