Re: Biometrics
- From: Dan <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 05:38:29 -0700
Thank you, Steve. I appreciate your feedback. Another problem we face in
computing today is the industry is not fully backing tougher security and
safety protocols. An example of this is the American Express website which
will only allow me to input a password that is less than optimal according to
Microsoft's password checker. Microsoft is doing their part in many ways but
the rest of the industry must catch up.
http://www.microsoft.com/protect/yourself/password/checker.mspx
It is critical in this day and age to have alternatives to just the main
Windows operating system that includes Internet Explorer. I am very pleased
with Microsoft and their technologies so I will continue to use them
frequently. However, as a power user, I am very pleased that users have
alternatives such as Mozilla Firefox as an option and it does indeed remain
for use with Windows 98 Second Edition at least until December 2008 because
that is when Mozilla Firefox 2.x support is scheduled to end.
http://en.wikipedia.org/wiki/Mozilla_Firefox
This is most unfortunate in my view since the 9x source code has definite
advantages over the NT business line of source code. 9x computers were meant
as stand-a-lone machines and thus are great for consumers who do not need or
want the ability to have others tinker with their machines. The many
services provided in XP allow for their to many greater points of access to a
fully patched XP machine than a fully patched 98 Second Edition machine using
Mozilla Firefox compared to Internet Explorer since Internet Explorer patches
for Windows 98 Second Edition ended July 11, 2006. The NT source code is at
risk as can be seen by the postings of US-Cert which is the computer
readiness team and part of the Department of Homeland Security.
http://www.us-cert.gov/cas/bulletins/SB08-196.html
Microsoft -- windows-nt
Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, XP SP2 and
SP3, and Server 2003 SP1 and SP2 allows remote attackers to conduct cache
poisoning attacks via unknown vectors, aka "DNS Cache Poisoning
Vulnerability," a different vulnerability than CVE-2008-1447.
unknown
2008-07-08
9.4 CVE-2008-1454 MS
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
I know a fair amount about computer security and safety and helped beta test
Windows Vista Ultimate 32 bit edition for Microsoft as a volunteer. I got
the DVD with the ISO image from a friend named Jeff who was a systems
engineer and also testing Vista for Microsoft and then got approval from
Microsoft to test it and inputed the given product key that Microsoft gave me
for the evaluation version. The problem is that Microsoft has only one line
of code and that makes it that much easier for hackers to target many
machines and take them over.
With Windows 98 Second Edition, a single machine might have been compromised
but not the whole network. I have had problems with a workplace that I
recently worked at that stupidly switched to all XP machines and did not
leave any 98 Second Edition machines in place and that included my own
Windows 98 Second Edition machine there. That was a huge mistake that I
don't think the business will repeat. With the 98SE machine, I knew and I
was right that my machine would be very unlikely to be hacked compared to the
compromised machines of the NT (XP Professional) in this case. The incident
happened in the summer of 2007. I will give you more details via secure
email if you like.
I have read in a book about Microsoft that early system engineers complained
that NT did not have a true maintenance operating system like DOS. Chris
Quirke, MVP. has a good article about the safety and security concerns.
Windows 9x is safe at its core compared to Windows NT line which includes
2000, XP and Vista of course. There was also a rumor a while back that parts
of the NT source code were leaked over the Internet compared to the 9x source
code which was never leaked over the Internet, AFAIK.
http://cquirke.blogspot.com/
(Note: Chris Quirke's 9x website talks about the 9x compared to NT security
and safety discussion)
There is also Unix/Linux technologies and I have played around a little bit
with Ubuntu Linux but I am in no way proficient with it and have only read a
small portion of a big book about Ubuntu Linux.
Finally, my question to you is that I know about the economics and how
costly it would be for Microsoft to continue the 9x line or even overall it
to make it usable in today's environment but wouldn't the economic cost be
worth the great reward. I have friends of mine at summer camp who are
planning mainly on building 98 Second Edition machines just for the ability
to play older games and secondly because these friends feel as I do about how
it is harder to hack into a 9x machine with the proper safeguards applied
such as a wired router that has the wireless broadcast signal turned off so
as not to attract unwanted or uneeded attention from hackers.
If Microsoft will not develop the 9x source code then at least sell it to
the United States Military so that the Defense Department can more fully
protect their military infrastructure from external threats and even better
from potential internal threats from their network of computers from a
potential spy. The possibilities for 9x are endless and so please I ask you
as a professional to have Microsoft sell 9x kernel unless Microsoft is
willing which I think would be a smart business move to invest money in the
another Windows 9x that would not subtract features such as easy access to
DOS and ideally the ability to play old classic games like Windows Millennium
(ME) did.
I am a gamer who is a Generation X'er who got his start on an IBM PCjr
playing King's Quest 1 on a 5.25 inch floppy disk that was made by Sierra On
Line and had 16 colors and the speaker on the machine supported 3 sounds at
once which was cool. The game had 128 kilobytes on one disk and how is that
for compression despite the obvious limitations compared to today's games. I
still have this machine in storage and it still works! The interesting thing
is that a poster to Game Informer which I read posted about how he was 17 and
liked older classic games and his friends made fun of him for it and his
first name was Daniel too. <grin>
I also enjoy reading PC World, 2600 which is a hacker magazine (I must keep
up to prevent hackers from compromising all of us), and other computer and
network books. I took several computer classes in college and who knows I
may go back and get another undergraduate degree but this time in computer
science. I know that a dream will allow a little guy like me change the
world despite all the challenges life has thrown at me. Please feel free to
contact me by email or I can contact you by email. My email address is with
Microsoft and on their records. I can also give you an srx number on a
recent case with Microsoft if you need to confirm my identity. Thanks again
for all you do, Steve and Go Microsoft!
"Steve Riley [MSFT]" wrote:
Biometrics can never replace passwords, because they aren't secrets..
It's me, and here's my proof: why identity and authentication must remain
distinct
http://technet.microsoft.com/en-us/library/cc512578(TechNet.10).aspx
--
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
"Dan" <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:774EE7CB-CA2B-4E7B-82CD-20D2B56C04B4@xxxxxxxxxxxxxxxx
Bingo! You solved the issue and yes it is one of those cheap fingerprint
scanners where you just swipe your finger so it must have already had the
image of my fingerprint on the scanner. It sounds like someone would need
to
clean the fingerprint scanner each time and it does indeed seem very easy
to
fool. So much for the security of Biometrics at least cheap Biometric
devices
"Juergen Nieveler" wrote:
Dan <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
How secure and safe is biometric technology? The reason I bring this
up is because I was able to log in using my finger with a band-aid
attached and this definitely makes me question the security and safety
of biometric technology at least as far as laptops go. I imagine
there probably is lots of articles on this already but I wanted the
opinions of this newsgroup. Thanks in advance for the replies.
If this was one of those fingerprint readers where you simply put your
finger on (as opposed to those where you rub your finger along the
contact plate in a swipe motion), chances are that the camera inside
picked up the latent fingerprint that was still on the glass - this is
a common vulnerability of those cheap camera-based readers. All they do
is notice "Oh, something is pushing on the glass, and I recognise the
pattern" - if the person who last used it had greasy fingers, the
fingerprint would still be on the glass, so putting something on the
glass that doesn't have OTHER fingerprints will force the camera to use
the weak fingerprint image still visible to it...
The swipe-type readers are safer in that there can't be an image left
on the reader... but many of them still can be fooled by a fake
fingerprint made by taking the fingerprint off something somebody
touched (lots of how-to's available for that...).
Juergen Nieveler
--
A feature is a bug with seniority.
- Follow-Ups:
- Re: Biometrics
- From: Steve Riley [MSFT]
- Re: Biometrics
- Prev by Date: 15401 - NT user or group not found
- Next by Date: MBSA safe against remote computers, no crashes?
- Previous by thread: Re: Biometrics
- Next by thread: Re: Biometrics
- Index(es):
Relevant Pages
|
