|
Penetration Testing
mailing list archives
Re: [PEN-TEST] Biometrics
From: Thomas Bueschgens <sledge () SECONET DE>
Date: Tue, 22 Aug 2000 13:19:32 +0200
On Thu, 17 Aug 2000 19:32:31 -0500, Frank Knobbe
<FKnobbe () KNOBBEITS COM> said:
Frank> Yeah, good topic. Not a discussion about biometrics devices,
Frank> but about attempts to foil them.
Frank> I had developed an idea for an attempt to circumvent
Frank> fingerprint scanners, but have never been able to put it to the
Frank> test. It basically went like this:
[ ... interesting stuff deleted for brevity ... ]
Frank> Now, if that would work, fingerprint technology may be less
Frank> secure than hardware tokens since you know when you lost a
Frank> token, but you don't know if anyone got your latent print from
Frank> your lunch drink.
Will only work for the simple cheap-o-matic devices.
The one functioning like "image-scanners". Better one check
temperature patterns, and the electric capacity of your finger.
Really cheap scanners (like the ones on keyboards or even mice to buy
nowadays) can even be fooled with just a "printed" fingerprint, so no
reason to construct a 3d-version of the "dusted-of" print.
Tom
--
Thomas Bueschgens PGP-key available at server or via email
sledge () acm org sledge () seconet de
"The only system that is truly secure is one that is switched off and
unplugged, locked in a titanium-lined safe, buried in a concrete
bunker, and surrounded by nerve gas and very highly-paid armed
guards. Even then, I wouldn't stake my life on it." -- Gene Spafford
 By Date 
By Thread
Current thread:
|
Intro
