the blog of david dean » security

links for 2006-10-27

David Dean — Fri, 27 Oct 2006 15:24:58 +0000

Schneier on Security: Heathrow Tests Biometric ID

The system under trial at Heathrow is a good use of biometrics. There’s a trusted path from the person through the reader to the verifier; attempts to use fake eyeballs will be immediately obvious and suspicious. The verifier is being asked to match a bio

(tags: biometrics security airport * *toread)

links for 2006-10-23

David Dean — Mon, 23 Oct 2006 15:20:34 +0000

Strange Horizons Fiction: High Windows, by Lavie Tidhar

Part One:
Saturn/Escape

“You’re not supposed to be here, kid.”

(tags: fiction sf free * *toconvert)
Researchers See Privacy Pitfalls in No-Swipe Credit Cards – New York Times

“It’s the classic ‘Let’s depend on security through obscurity — who’s going to look?’ ” he said. “Then, whoops! As soon as somebody does look, you roll out the security.”

(tags: security privacy)

links for 2006-10-06

David Dean — Fri, 06 Oct 2006 15:28:32 +0000

The Lockdown: The Targus iPod Lock, or, a modicum of security – Engadget

They are only aiming to provide what they call “a modicum of security.” That means, as the definition implies, almost no security at all. It is only an illusion and offers slightly more than nothing in the way of protection.

(tags: security ipod)

Post hoc ergo propter hoc

David Dean — Fri, 21 Apr 2006 01:36:13 +0000

A fine example of post hoc ergo propter hoc (you may know this as post hoc):

There have been no significant terrorist attacks against the U.S. since the release of the iPod in October 2001, thus demonstrating the value of iPods in fighting terrorism.

Link (it’s a comment, scroll down)

Problems with Microsoft Fingerprint Reader

David Dean — Wed, 08 Mar 2006 02:09:21 +0000

Apparently the Microsoft Fingerprint Reader transmits the fingerprint images to the computer un-encrypted. Which is interesting because the technology it is licensed from has encryption built in, Microsoft apparently has just turned it off. Personally I don’t think it is a big deal anyway, as you could just lift a fingerprint from the reader anyway.

Digital Persona would not comment on why Microsoft may have turned off the product’s encryption capabilities, but one company official said that this decision is unlikely to affect the security of its users.

“The fact that they turned the encryption off, I would argue, does not in a practical sense open up any security holes,” says Chief Technology Officer Vance Bjorn. “Even with the encryption off, you’re going to have to basically have physical access to the person’s machine to crack into it.”

I agree with him, but only because I think fingerprint readers are useless even with encryption. But, isn’t stopping people with physical access to your computer the entire point of a fingerprint reader.

Link. [thanks Engadget]

Biodynamic Signatures

David Dean — Tue, 07 Mar 2006 12:39:27 +0000

Apparently you can use your heart beat as a biometric identifier.

The device – which looks like small computer mouse with two metal contacts, when touched for a few seconds using one finger from each hand to complete the circuit, measures several factors in the heartbeat to record the “biodynamic signature” – a combination of electrical signals from the heart and central nervous system. The sensors measure these signals, run them through an algorithm on a computer and create a digital representation of the signature.

Link [thanks DRM News Blog].

Bill of Rights – Security Edition

David Dean — Mon, 30 Jan 2006 17:39:00 +0000

Not being an American, this isn’t directly relevant to me, but it is still fairly amusing:

The Bill of Rights: The First Ten Amendments to the constitution of the United States printed on sturdy, pocket-sized, pieces of metal.

The next time you travel by air, take the Bill of Rights – Security Edition along with you. When asked to empty your pockets, proudly toss the Bill of Rights in the plastic bin.

You need to get used to offering up the bill of rights for inspection and government workers enforcing the USAPATRIOT ACT need to get used to deciding if you’ll be allowed to keep the Bill of Rights with you when you travel.

Link. Thanks, Penn Jillette (I cannot remember which podcast exactly).

Caesars Palace to launch guest biometrics

David Dean — Mon, 25 Apr 2005 18:42:00 +0000

You probably already know I think this is a bad idea:

Pride believes the move to fingerprint biometrics makes it more convenient for customers who need not worry about lost keys.

Yeah, lets just start handing out our biometric information to anyone in the name of convenience. This just means that the security of any one application is only as good as the worst one using the same biometric.

‘OKAO Vision Face Recognition Sensor’ for Mobile Phones

David Dean — Fri, 22 Apr 2005 23:26:00 +0000

I found this on Engadget a couple of days ago, and thought it might be interesting to some people: OMRON Demonstrates ‘OKAO Vision Face Recognition Sensor’ for Mobile Phones at Security Show Japan 2005

The new system features face-recognition technology for camera-enabled cell phones and other devices as an alternative to passwords or fingerprint scanners for security and access control. However, as mobile units enabled with the ‘OKAO Vision Face Recognition Sensor’ require no additional hardware, ‘OKAO’ technology offers a biometric security software solution at a reduced cost.

Will biometric security harm users?

David Dean — Mon, 21 Mar 2005 04:14:52 +0000

vnunet.com writes in Will biometric security harm users?

Most worrying is the fact that biometric parameters are largely permanent. This is a limitation, not an advantage – if someone learns your password, you can change it, but you can’t change your fingers if a criminal manages to replicate your fingerprint.

As Bruce Schneir has said, biometrics are not secrets. Remember that!

via Grits for Breakfast