[LINK] Phishing past two-factor authentication
Craig Sanders
cas at taz.net.au
Fri Apr 20 14:00:32 AEST 2007
On Fri, Apr 20, 2007 at 01:33:17PM +1000, Martin Barry wrote:
> For your laptop it might be b) password and c) fingerprint.
as anyone with a set of bolt-cutters knows, a fingerprint is actually "a)
something you have" NOT "c) something you are".
this is the fatal (or at least, very bloody) flaw in biometric
identification. bits can be chopped off and used. that fact has been
used in science-fiction stories(*) for 50 years and is starting to be used
in non-SF stories as well.
(*) usually with dialogue like "are you going to co-operate? I only
need your finger/thumb/eye".
craig
--
craig sanders <cas at taz.net.au>
BOFH excuse #261:
The Usenet news is out of date
More information about the Link
mailing list