Re: What can one do against Keylogger Attacks?

From: nemo_outis (abc_at_xyz.com)
Date: 07/24/05 

Date: Sun, 24 Jul 2005 00:37:35 GMT

Jan Panteltje <pNaonStpealmtje@yahoo.com> wrote in
news:1122139496.cc8a4cd8660fd788bc69c9d858757b79@teranews:

> On a sunny day (23 Jul 2005 08:21:31 -0700) it happened "RangerFrank"
> <airbornerangerfrank@gmail.com> wrote in
> <1122132091.403881.95640@z14g2000cwz.googlegroups.com>:
>
>>
>>
>>The Microsoft Fingerprint Reader is primarily used for logging onto
>>windows, accessing Internet sites that require a User Name and
>>Password. The disclaimer with the Fingerprint Reader should not be
>>used with financial sites, etc. is for Microsoft's protection from
>>liability. The Fingerprint Reader is very convenient and easy to use.
>>PGP is used to protect E-Mail messages, attachments, and files stored
>>on the computer.
>>
> Several years ago there was some tests in the German magazine C'T.
> I think one trick was to breathe on the sensor after somebody used it,
> that made the pattern 're-appear'.
> Have you had any success with things like that?
> And making a fake fingerprint with some silicone kit?
> Is there a Linux driver?
>

It is generally trivial to "capture" soneone else's fingerprint, especially
if one shares some environment with him (home, work, social, etc.). For
instance, offer him a glass of wine to taste, or even just take his coffee
cup - the imaginative will readily think of dozens of additional methods.
BTW cyanoacrylate (crazy glue) can be used to lift even very faint prints.

Most cheap (and even some expensive) fingerprint readers do not do very (or
any!) "aliveness" tests - they just read the pattern.

Moreover, many fingerprint readers are simple USB devices and do NOT
authenticate themselves to the computer (or vice versa) - chances are there
is no encryption of the data transmitted either. This makes it very easy
to spoof a genuine reader, do replay attacks, etc.

Nope, fingerprint readers, as currently implemented, are generally very
feeble reeds on which to lean.

Regards,

Relevant Pages

  • Re: What can one do against Keylogger Attacks?
    ... >>windows, accessing Internet sites that require a User Name and ... The disclaimer with the Fingerprint Reader should not be ... "aliveness" tests - they just read the pattern. ...
    (sci.crypt)
  • Re: What can one do against Keylogger Attacks?
    ... The Microsoft Fingerprint Reader is primarily used for logging onto ... accessing Internet sites that require a User Name and ... The disclaimer with the Fingerprint Reader should not be ... PGP is used to protect E-Mail messages, attachments, and files stored ...
    (sci.crypt)
  • Keyboard with Fingerprint Reader and BIOS
    ... I've installed Microsoft Keyboard with Fingerprint reader (USB socket, ... Keyboard and reader work OK only after Windows is loaded... ...
    (microsoft.public.windowsxp.security_admin)
  • Fingerprint Reader
    ... I am having problems with my fingerprint reader. ... updated to IE7 I need to boot computer and after windows loads, ... Is anyone else having this problem and if so have you found a fix. ... fingerprint reader has some newer updates. ...
    (microsoft.public.windowsxp.general)
  • Re: Microsoft Fingerprint Reader
    ... You cannot use a fingerprint reader to log onto a domain. ... Microsoft MVP ... Microsoft Newsgroups ... Get Windows XP Service Pack 2 with Advanced Security Technologies: ...
    (microsoft.public.windowsxp.hardware)