Forward of moderated message

[dataloss-bounces () attrition org]

> --- Begin Message ---
>
>
> From: "Jim Kerr" <james.kerr () ceelox com>
>
> Date: Mon, 31 Mar 2008 12:26:16 -0400
>
> Hello,
>
> I enjoy the emails I get from your organization. Unfortunately one of the
> bloggers has personally attacked me and now has sent my email address on
> multiple SPAM lists. I am not sure what I can do but it's a shame that your
> valuable resource has negatively effected me.
>
> When did I ever say passwords are safer than biometrics?
>
> In every response to you, I've been saying I'm not comparing
> biometrics to passwords.
>
> I'm comparing passwords to secure authentication methods such as one
> time pads, x.509v3 certificates, etc.
>
> You may benefit from learning how to read.
>
> On 3/31/08, Jim Kerr <james.kerr () ceelox com> wrote:
> > Passwords are broken everyday, yet your position is that passwords are
> safer
> > than biometrics. I have not seen you provide any evidence that passwords
> are
> > a better methodology. Our software has never been broken. There has never
> > been one false positive reported in the 4 years we have provided the
> > software to hundreds of customers with thousands of users. I am sorry
> that's
> > as honest as I can be.
> >
> > As far as false negatives..how come this doesn't apply to passwords? A fat
> > fingered password is the equivalent to a false negative and resets are a
> > major problem yet my biometric customers do not have this taxation on
> their
> > help desk resources. Your passwords are 30-50% of help desk call activity.
> > If a user occasionally swipes incorrectly, it is much more of a
> convenience
> > to swipe a second time than typing that password a second time don't you
> > think? Especially when the end user realizes it's the wrong password and
> now
> > he is locked out. Something that might happy customers using biometrics
> > never have to deal with. Advantage biometrics hands down.
> >
> > "I don't believe that biometrics can have something of value."
> > Hence you cannot be objective.
> >
> >
> > -----Original Message-----
> > From: Walt Williams [mailto:walt.williams () gmail com]
> > Sent: Friday, March 28, 2008 8:55 PM
> > To: Jim Kerr
> > Subject: Re:
> >
> > On Fri, Mar 28, 2008 at 5:18 PM, Jim Kerr <james.kerr () ceelox com> wrote:
> > > The condition is predicated on the thought that why should I bother
> > > convincing you and taking the chance that you would send my trial
> software
> > > back if ultimately you won't buy it? I have nothing to gain and all
> risk.
> > At
> > > least this way I know when you fail to spoof it that you would have to
> own
> > > it. I would even refund your money if you found a way to break. How many
> > > vendors will do that?
> >
> > I've evaluated tons of software and never had to pay a dime.  I'm not
> > about to start now.
> > > How many hackers have tried?
> > >
> > > Several
> > >
> > >
> > >
> > > Did you go to folks
> > >
> > > who are notorious for breaking devices previously thought to be FIPS
> > >
> > > compliant?
> > >
> > >
> > >
> > >
> > >
> > > But why do you care Walter??.You have no interest in seeing  a
> technology
> > > contradict your belief system. You have your mind made up because in you
> > > perception all people who offer biometrics as a security solution are
> > > greedy, no good, out for themselves, hucksters who really have no
> interest
> > > in genuinely helping people protect their data so there is no possible
> way
> > a
> > > technology company could really have something of value. It's nice to be
> > > innocent until proven guilty.I appreciate that.
> >
> > You are correct in only one thing: I don't believe that biometrics can
> > have something of value.  The rest is just an emotional reaction to
> > some one who looks at the product you've invested time. money, and
> > effort in to make it the best you can and sees the wrong idea.  Sorry,
> > deal with it.  There isn't a solution invented yet that can't be
> > broken, and I've noticed you still haven't been upfront with your
> > false positive and false negative rates.  How can I believe you to be
> > anything other than a huckster under such conditions?  The US
> > government may be OK on spending a billion on a solution that gets it
> > wrong a certain percentage of the time, but I will never see such a
> > solution as being one that I will trust for security.
> >
> > If you can't deal with the reality that you are peddling software that
> > fails a certain percentage of the time, then that is your problem, not
> > mine.  If you're comfortable with yourself knowing what you are
> > selling will fail a certain percentage of the time well good for you.
> > I wouldn't be.  My ethics are different than yours.
> > --
> > Walt Williams, CISSP, SSCP
>
>
> -- 
> Walt Williams, CISSP, SSCP
>
>
>
> --- End Message ---