(keitai-l) Re: Jelly finger fools biometric sensor

From: Curt Sampson <cjs_at_cynic.net>
Date: 12/09/02
Message-ID: <Pine.NEB.4.44.0212090932340.456-100000@angelic.cynic.net>
On Sat, 7 Dec 2002, Kenneth G. Mages wrote:

> Sorry, this is the opposite of substantiation.  I got my answer from
> www.authentec.com

Authentec manufactures and sells biometric sensing devices, particularly
fingerprint devices. Their interest is not in telling you the truth;
their interest is in making you buy their stuff, regardless of how well
it works (or doesn't work).

Their site hardly even discusses security, and their "About Us / The
Technology" section indicates in a general way that their product is
intended to provide convenience, not any sort of additional security
security.

There's certainly no discussion at all about how fingerprint sensors
are defeated, which should set alarm bells ringing right away if you're
looking for any sort of security analysis. *Every* security system can
be defeated, and if you're not being told how, you're not getting the
full story.

Anyway, this is getting seriously off-topic, so I'll leave this now. If
you want to know more about security, I'd start by reading through the
archive of Bruce Schneier's _Cryptogram_ newsletter, found at the URL
below. He discusses computer security and security products in general,
and has some particular discussions about biometric systems.

    http://www.counterpane.com/crypto-gram.html

cjs
-- 
Curt Sampson  <cjs_at_cynic.net>   +81 90 7737 2974   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC
Received on Mon Dec 9 02:57:18 2002