Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Identix (IDNX) -- Ignore unavailable to you. Want to Upgrade?

To: Hal who wrote (19802)	1/31/2001 2:32:40 PM
From: stockman17	Read Replies (1) \| Respond to of 26039

This guy doesn't seem to have fully done his research. Good thing some smart guy set him straight in the 'Talkback' section <g>. A Fingerprint Is Forever zdnet.com The pros and cons of biometric technologies aren't as black and white as they seem. By David Raikow, Sm@rt Partner It's official: biometric technologies have emerged as the new front-runner in the race to become the security industry's next big thing. As manufacturing costs fall, a variety of affordable fingerprint scanners, retina/iris scanners and voice/face recognition systems are finding their way onto the market. Fueled by visions of impregnable for tresses, many are eager to leap on the bandwagon. Don't get me wrong; biometrics techniques are a valuable ad dition to the security practitioner's toolbox and can create significant obstacles to a would-be attacker. They provide a way around the "breakable-password" dilemma by replacing the word with a relatively complex, unique identifier that the end user cannot forget or misplace. Unfortunately, because historically they have been so expensive and exotic, biometric tools tend to elicit a dangerously excessive degree of trust. No matter what marketing claims vendors may make, biometric authentication systems are vulnerable to attack. As any student of spy stories can attest, there are several ways to forge a fingerprint, some surprisingly simple. For example, a number of low-end optical fingerprint scanners can be fooled with nothing more than a photocopy of the relevant finger. More sophisticated scanners can be much more difficult to trick, but keep in mind that the hacking community is just beginning to investigate techniques for breaking those tools. A less intuitive but much simpler attack approach is to forge a "minutiae" file—the digitally stored data describing relevant physical characteristics. While a fingerprint, iris pattern or voice signature may contain enormous amounts of unique information, biometric scanners capture and store only a relatively small portion. Some fingerprint scanners may capture as little as four bits of random data. For the typical desktop computer, guessing the content of such a file is a trivial matter— in many cases, it's easier than guessing a traditional password. More complex minutiae files may be vulnerable to theft. If the files are transmitted over a network, they can be intercepted, particularly if poorly en crypted. Templates of minutiae files also must be stored somewhere so the system has something to compare incoming scans against. If improperly se cured, those databases present a tempting target. A cracked or stolen biometric system presents a difficult problem. Unlike passwords or smart cards, which can be changed or reissued, absent serious medical intervention, a fingerprint or iris is forever. Once an attacker has successfully forged those characteristics, the end user must be excluded from the system entirely, raising the possibility of enormous security risks and/or reimplementation costs. Granted, that is a worst-case scenario. I'm not suggesting that you completely rule out biometrics, but make sure you know what you're getting yourself into, and never ever place blind trust in the technology