[svlug] Fwd: [Officers] Linux Applications Contest ? Win $50K

James Sparenberg james at linuxrebel.org
Wed Nov 9 21:31:48 PST 2005

Previous message: [svlug] Fwd: [Officers] Linux Applications Contest ? Win $50K
Next message: [svlug] Fwd: [Officers] Linux Applications Contest ? Win $50K
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2005-11-09 at 17:25 -0800, Ian Kluft wrote:
> On Wed, Nov 09, 2005 at 04:59:57PM -0800, Greg Lindahl wrote:
> > On Wed, Nov 09, 2005 at 04:42:58PM -0800, Joe Buck wrote:
> > > But since the failure mode is that a bad guy has captured your
> > > fingerprints, how do you know which fingerprints she captured?
> > 
> > You can always think up a failure mode that isn't covered.
> 
> Hollywood has done some of its own imagination on that topic.  Haven't
> there been some movies where a character got past a biometric security 
> station because they were in posession of the subject's finger, or
> eyeball, or something like that?
> 
> In real life, fortunately that's not terribly likely.  (Even the finger
> in the chili was a scam/hoax, and investigators tracked down who it
> belonged to.)
> 
> You can't just shoot down something because you can imagine *any* flaw.
> No system is perfect.  The main question is whether flaws that you can
> find are *significant*.  Biometric security is an improvement for most
> security systems now in place.  And improvements are needed.
> 
> _______________________________________________

No argument with what you said.  However I do have some issue with the
premise that being able to imagine a flaw is not reason to have issue
with the methodology.  If that where the case then stick with dictionary
based passwords. 

Perhaps instead this concept.  That imagining the flaw is real, but you
need to take more of an attitude like one I believe Don Marti wrote
about in Linux Journal.  The concept of managed risks.  

Whereas you are right in noting that improvements are needed, and that
Biometrics are improvements, may I suggest that it is not enough to say
it's different therefore better.  Biometrics has weaknesses, by
identifying them, and figuring out how to properly exploit them. We can
achieve a level of acceptable risk.  Were the cost of exploitation for
the black hat is higher than he/she is willing to pay.  

I'm reminded of the old joke about the guy who successfully outran a
bear.  His friends were amazed because they didn't think he was that
fast a runner.  He smiled and said.  "Well I can't outrun a bear but I
can outrun the guy I was fishing with."

James

Previous message: [svlug] Fwd: [Officers] Linux Applications Contest ? Win $50K
Next message: [svlug] Fwd: [Officers] Linux Applications Contest ? Win $50K
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list