[LINK] Phishing past two-factor authentication
Adrian Chadd
adrian at creative.net.au
Fri Apr 20 14:30:43 AEST 2007
On Fri, Apr 20, 2007, Craig Sanders wrote:
> On Fri, Apr 20, 2007 at 01:33:17PM +1000, Martin Barry wrote:
> > For your laptop it might be b) password and c) fingerprint.
>
> as anyone with a set of bolt-cutters knows, a fingerprint is actually "a)
> something you have" NOT "c) something you are".
>
> this is the fatal (or at least, very bloody) flaw in biometric
> identification. bits can be chopped off and used. that fact has been
> used in science-fiction stories(*) for 50 years and is starting to be used
> in non-SF stories as well.
>
>
> (*) usually with dialogue like "are you going to co-operate? I only
> need your finger/thumb/eye".
Or when people start viewing DNA evidence as infalliable and suddenly you
find a thriving black market in flakes of hair and skin..
Adrian
More information about the Link
mailing list