Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
The Matrix

Journal Journal: TYLER FUCKING HICKS 2

"Tyler Hicks, who always somehow seems to be at the hottest of hot spots and war zones when things explode, did it again today, improbably being inside the mall in Nairobi when the bomb went off."

Like Mumbai, this is NOT what all appearance and "reporting " are telling you.

It is a "Gladio" style operation.

Comment Re:Easy! (Score 2) 481

Trivial will be running a crack on the limited number of hashes that can be generated by the phone's sampler for fingerprint images.

The problem with this is not where it has started, as a simple PIN replacement for iPhones. It is where this is headed, now that Apple has used their marketing position to deliver Biometric authentication as a security technology in the mainstream.

People who are good at technology problem-solving are often equipped with exactly wrong type of mental orientation for examining implication or cross-disciplinary context. So? You get a reasonable PIN replacement for your iPhone, that reduces auto-collisions by people unlocking their phones while driving. Nice.

You also get this as a cure-all for the password problem, as an option on every device you interact with, over the next 4 years. I don't care if it is thumbprint, retina-scan or gut-biome that is measured. This will lower security and introduce as-yet-unforseen compromises.

I'd paint the lens on this thing, with black enamel.

Comment Re:Easy! (Score 5, Insightful) 481

sounds really trivial to break. I can see all kinds of kids doing this.

Known vector. Gummy-bear attack.

The core issue is that you leave copies of your authenticator EVERYWHERE. It's as if you dropped 85% accurate copies of your smartcard on every item you touched - with random 15% damage to the material - and a card reader designed for 15% error in reads.

Any such scheme is going to be subject to this kind of impersonation or gaming. This is why biometrics are always a bad ID choice. Also, the A/D conversion is low-entropy, among other problems.

There's a false assumption, that because I can uniquely identify another person with 99.999% accuracy, based on your sound, shape and appearance, that therefore this is the best way a machine should do so. It is a falsehood that is reinforced by a misleading intuitive perception. The core issue concerns the questions related to what constitutes "identity" and an "authentication factor" in systems. Neither of these correlate to actual persons or their real-world characteristics in a unique and meaningful way, that is not also subject to spoofing, injecting or revocation DoS.

Slashdot Top Deals

"We shall reach greater and greater platitudes of achievement." -- Richard J. Daley

Working...