Penetration Testing mailing list archives
Re: [PEN-TEST] Biometrics
From: Thomas Bueschgens <sledge () SECONET DE>
Date: Tue, 22 Aug 2000 13:19:32 +0200
On Thu, 17 Aug 2000 19:32:31 -0500, Frank Knobbe <FKnobbe () KNOBBEITS COM> said: Frank> Yeah, good topic. Not a discussion about biometrics devices, Frank> but about attempts to foil them. Frank> I had developed an idea for an attempt to circumvent Frank> fingerprint scanners, but have never been able to put it to the Frank> test. It basically went like this: [ ... interesting stuff deleted for brevity ... ] Frank> Now, if that would work, fingerprint technology may be less Frank> secure than hardware tokens since you know when you lost a Frank> token, but you don't know if anyone got your latent print from Frank> your lunch drink. Will only work for the simple cheap-o-matic devices. The one functioning like "image-scanners". Better one check temperature patterns, and the electric capacity of your finger. Really cheap scanners (like the ones on keyboards or even mice to buy nowadays) can even be fooled with just a "printed" fingerprint, so no reason to construct a 3d-version of the "dusted-of" print. Tom -- Thomas Bueschgens PGP-key available at server or via email sledge () acm org sledge () seconet de "The only system that is truly secure is one that is switched off and unplugged, locked in a titanium-lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly-paid armed guards. Even then, I wouldn't stake my life on it." -- Gene Spafford
Current thread:
- Re: [PEN-TEST] Biometrics Slawek Zak (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] Biometrics l0rtamus prime (Aug 22)
- Re: [PEN-TEST] Biometrics Thomas Bueschgens (Aug 22)