Home page logo

basics logo Security Basics mailing list archives

RE: Biometric question
From: "Bryan E. Glancey" <bryan.glancey () epstechnology com>
Date: Fri, 8 Nov 2002 17:02:03 -0600

I have to say I disagree with the previous posting that Biometrics are
not ready for prime time.
  We, in the United States, have been all too slow in the adoption of
security procedures and privacy policy. The unfortunate events that have
befallen our country have merely awakened concerns to where they should
        I have visited a large portion of the Fortune 500 over my career
and I and consistently amazed by the neglect of information security in
common business planning.

        There are several very viable implementations of strong
two-factor authentication. Biometrics like those offered by
And many others - are viable for many enterprise applications.
        The only caveat to implementing these solutions is that they
should be part of a Security Policy, and they should be used solely as a
gadget. The security is only as good as the implementation.

Bryan Glancey
bryan.glancey () epstechnology com
Manager of Security Solutions
EPS Technology
999 Executive Parkway Drive 
St. Louis, MO 63141 USA
314-205-2303 fax

-----Original Message-----
From: Kenneth W. Kubiak [mailto:kkubiak () bflohearspeech org] 
Sent: Thursday, November 07, 2002 1:31 PM
To: msconzo () tamu edu; security-basics () security-focus com
Subject: RE: Biometric question


In short, I'm not sold on ANY biometrics security solutions.  It just
that, particularly since the 9/11 attacks in the U.S., that we've tried
move too fast in implementing these sort of high-tech solutions that we
aren't entirely sure how they work, if indeed they work at all.  I'd
something similar about fingerprint scanners, but I just couldn't
how they were fooled.  Go figure... we spend hundreds of thousands of
dollars on developing a new technology like that, only to have it fooled
something you can buy with spare change from a vending machine!  Anyway,
remember reading not too long ago, that facial recognition scanners
could be
fooled something like two-thirds of the time by holding a laptop screen
to the scanner from a few feet away that produced a low-res image of the
person to be authenticated.  Unfortunately I can't find the article at
present - but I wouldn't think facial recognition's the way to go
either.  I
think if you're planning on implementing a biometrics solution, that it
should be supplemented with the conventional password backup, or at
least a
secondary biometrics solution.


-----Original Message-----
From: Michael Sconzo [mailto:msconzo () tamu edu]
Sent: Thursday, November 07, 2002 12:13 PM
To: security-basics () security-focus com
Subject: RE: Biometric question

Hash: SHA1

One of the more memorable things that I have read about fingerprint
scanners is:

You can basically fake a fingerprint biometric machine with a gummi
bear.  If I remember correctly, the majority of fingerprint scanners
are vulnerable to this type of attack. One of the big things to look
for is one that samples SHAPES not POINTS, and remember the more the

As for other types of biometrics, I am not too sure, hopefully
somebody else can shed some light on those.

- -mike

- -----Original Message-----
From: Felix Cuello [mailto:felix () qodiga com]
Sent: Wednesday, November 06, 2002 1:27 PM
To: security-basics () security-focus com
Subject: Biometric question

Hello list!

   I will work in a project where phisical security will be based on
   biometrics, in fact only will be based on fingerprints biometric.

   How secure are fingerprints?, what biometric are more secure?
   eye, ??? what else).

   I'm not a security expert :-)

   Thanks a lot,

   [my english is bad... please sorry :-)]

- --
Felix Cuello
felix () qodiga com

Av.Santa Fe 882 P.13 Of. "E"
C.P. ABP1059C
Tel.: (54) 011 - 4312-1698
Buenos Aires - Argentina

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]