Re: SecureIDE with Fingerprint Reader: Email from company..
From: nemo outis (outis_at_erewhon.com)
Date: 11/12/04
- Next message: David H. Lipman: "Re: Anti-keylogger?"
- Previous message: donnie: "Re: Anti-keylogger?"
- In reply to: ChaosBlizzard: "SecureIDE with Fingerprint Reader: Email from company.."
- Next in thread: ChaosBlizzard: "Re: SecureIDE with Fingerprint Reader: Email from company.."
- Reply: ChaosBlizzard: "Re: SecureIDE with Fingerprint Reader: Email from company.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Nov 2004 00:19:03 GMT
In article <2ECkd.3310$IQ.2714@bignews6.bellsouth.net>, "ChaosBlizzard" <ChaosBlizzard@no_spam_*hotmail*.com> wrote:
..snip...
>Is he right about fingerprint's being so easy to bypass?
>He obviously wants a response.. So I will see what anyone here would like to
>say.
>
>Thanks!
Yes, fingerprint IDing is (often) easy to bypass.
Aside from the brute force (but still very effective)
method of faking the fingerprint itself there is another
alternative.
Most fingerprint readers use astoundingly primitive technology.
For instance, many are USB but there is NO authentication of the
fingerprint reader to the computer or vice versa. Moreover, the
communication channel is usually not encrypted - you need only
learn the transmission format.
This leads to all the standard exploits, such as MITM, replay,
etc., etc.
Regards,
- Next message: David H. Lipman: "Re: Anti-keylogger?"
- Previous message: donnie: "Re: Anti-keylogger?"
- In reply to: ChaosBlizzard: "SecureIDE with Fingerprint Reader: Email from company.."
- Next in thread: ChaosBlizzard: "Re: SecureIDE with Fingerprint Reader: Email from company.."
- Reply: ChaosBlizzard: "Re: SecureIDE with Fingerprint Reader: Email from company.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
