Security. WPA?/-TKIP /-CCMP
in [Wireless Internet]
|
From: Jeff Liebermann on 8 Dec 2008 12:46 On Mon, 08 Dec 2008 09:15:03 -0800, John Navas <spamfilter1(a)navasgroup.com> wrote: >ThinkPad swipe works well for me. Sure. It would probably work well for me if I had a laptop that used one. However, I'm talking about my customers. They're the one's who have reported rather high error rates. Biometric security is useless unless the user is willing to use it. I don't know exactly what they're doing wrong, but my guess is that they're in a hurry, impatient, or simply intolerant of failure. One older user seems to consider it the hallmark of a criminal and wants nothing to do with the device. I had problems getting a reliable scan when standing or holding the laptop in my lap. They certainly consider it an imposition to require fingerprint scan every time the screen blanker goes on. It may only take a few seconds, but after having it interrupt their work or play more than a few times, it will certainly become tedious. Of course, I could disarm the requirement to login after some idle time, but that would defeat what I consider to be the major purpose of the scanner, to deal with problems when the user walks away from the laptop. The large window size fingerprint reader is much faster and easier to use than the swipe type window scanner. However, we'll have to wait for the manufactories to retool. Looks like Dell will be one of the first: <http://www.upek.com/news/press/2008/09.23.08.asp> -- Jeff Liebermann jeffl(a)cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
From: John Navas on 8 Dec 2008 13:31 On Sun, 07 Dec 2008 20:38:27 -0800, Jeff Liebermann <jeffl(a)cruzio.com> wrote in <508pj4h5nesv79gcb3uftfa1hjdkk25rvs(a)4ax.com>: >On Sun, 07 Dec 2008 11:12:51 -0800, John Navas ><spamfilter1(a)navasgroup.com> wrote: > >>Have you tried ThinkPads? > >Yep. Same exact scanner/reader as Dell and Toshiba, made by SGS >Thomson. Software is by UPEK (owned by SGS Thomson): While the hardware may be the same, and while I don't know the exact details of the software, IBM/Lenovo modifies quite a bit of the 3rd part software for ThinkPads, so it wouldn't surprise me if the fingerprint software was different than for other machines, particularly since it's integrated into the Client Security Solution. That said, I think my most recent experience has been with the AuthenTec reader. ><http://www.upek.com> ><http://www.thinkwiki.org/wiki/Integrated_Fingerprint_Reader> ><http://www.pc.ibm.com/us/security/fingerprintreader.html> ><http://www.upek.com/solutions/physical/chipsets_sensors.asp> >Which scanner? The narrow slot, where you have to swipe your finger >across the window, or the large reader with the full size window? As >I mentioned, the narrow slot is awful, while the full size window >works every time: ><http://www.upek.com/support/customersupport/swiping_technique.asp> A drawback to the full size window is that it's easier to spoof. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: John Navas on 8 Dec 2008 13:38 On Mon, 08 Dec 2008 09:46:20 -0800, Jeff Liebermann <jeffl(a)cruzio.com> wrote in <6kmqj493cdcq4lor2mkjokrasdqkt88i80(a)4ax.com>: >On Mon, 08 Dec 2008 09:15:03 -0800, John Navas ><spamfilter1(a)navasgroup.com> wrote: > >>ThinkPad swipe works well for me. > >Sure. It would probably work well for me if I had a laptop that used >one. However, I'm talking about my customers. They're the one's who >have reported rather high error rates. On ThinkPads? Or something else? >... They certainly consider it an >imposition to require fingerprint scan every time the screen blanker >goes on. It may only take a few seconds, but after having it >interrupt their work or play more than a few times, it will certainly >become tedious. Of course, I could disarm the requirement to login >after some idle time, but that would defeat what I consider to be the >major purpose of the scanner, to deal with problems when the user >walks away from the laptop. They'd rather type a password? Or are they just objecting to security in general, which is the more common problem is my experience -- typing in a strong password each time is as tedious as scanning a finger, if not more so. The problem, of course, is that there's no easy and good way for the machine to distinguish between a user sitting there doing nothing and a user taking off for the bathroom. I once experimented with using an integrated webcam for that, and couldn't get it to work reliably enough to be practical. >The large window size fingerprint reader is much faster and easier to >use than the swipe type window scanner. However, we'll have to wait >for the manufactories to retool. Looks like Dell will be one of the >first: ><http://www.upek.com/news/press/2008/09.23.08.asp> The large window reader has proved to be easier to spoof. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
From: Jeff Liebermann on 8 Dec 2008 16:27 On Mon, 08 Dec 2008 10:38:40 -0800, John Navas <spamfilter1(a)navasgroup.com> wrote: >On Mon, 08 Dec 2008 09:46:20 -0800, Jeff Liebermann <jeffl(a)cruzio.com> >wrote in <6kmqj493cdcq4lor2mkjokrasdqkt88i80(a)4ax.com>: > >>On Mon, 08 Dec 2008 09:15:03 -0800, John Navas >><spamfilter1(a)navasgroup.com> wrote: >> >>>ThinkPad swipe works well for me. >> >>Sure. It would probably work well for me if I had a laptop that used >>one. However, I'm talking about my customers. They're the one's who >>have reported rather high error rates. > >On ThinkPads? Or something else? One Dell XPS something laptop. Two Lenovo something. I'll post the exact model numbers when I get to the office Weds. I don't have a huge amount of experience with these, but enough to get an clue as to what's involved. Another customer has a Kingston(?) fingerprint reader that does NOT require a swipe. Much faster, easier, and apparently more reliable. >They'd rather type a password? Yes. The UTEK software has a back door password for those how can't seem to get the hang of the finger print reader. I found that all 3 laptop users were using the password instead of the fingerprint reader. One asked me to disarm the monster claiming she didn't like the interruptions. >Or are they just objecting to security >in general, which is the more common problem is my experience -- typing >in a strong password each time is as tedious as scanning a finger, if >not more so. They were complaining about the extra effort and interruptions to work (or play) that the fingerprint reader added. Obviously, they are into convenience rather than security. I also made a big mistake. Instead of a good secure back door password, I used "changme" which should have given them a clue. As far as I know, it's still the same password. Incidentally, one of my contacts is trying to sell me on using RFID instead. When the user, with chip attached, is near the laptop, it works. If RFID polling fails, the laptop is locked. Probably not very secure, but certainly more convenient. >The problem, of course, is that there's no easy and good way for the >machine to distinguish between a user sitting there doing nothing and a >user taking off for the bathroom. I once experimented with using an >integrated webcam for that, and couldn't get it to work reliably enough >to be practical. Actually, remember reading about an application for the built in web camera to do exactly that. It puts the laptop into stby mode as soon as the user walks away from the laptop. I forgot how it wakes up. Great way to save the battery. I had a similar derrangement at home using an IR burlar alarm type motion detector from Radio Shock. As long as it detected IR motion in the vicinity, power to my desktop was on. When there was a long delay with no motion, it shut down the computah. It was handy for turning on the machine when I walked into the room, and turning it off when I fell asleep at the keyboard. The only problem was that the cat would sometimes turn on the computah in the middle of the night. Not a problem any more as the cat is gone. >>The large window size fingerprint reader is much faster and easier to >>use than the swipe type window scanner. However, we'll have to wait >>for the manufactories to retool. Looks like Dell will be one of the >>first: >><http://www.upek.com/news/press/2008/09.23.08.asp> >The large window reader has proved to be easier to spoof. Groan. Well, I'm still counting on the system that uses IR to identify the blood vessels in the hand or face. I don't think it can be done with just one finger, but I think I can imbed the IR scanner into the screen. Put your palm or hand on the LCD panel or touch pad to authenticate. Whatever technology will eventually win, I'll be willing to wager that it will be the cheapest and easiest. On that basis, methinks RFID will probably win. -- Jeff Liebermann jeffl(a)cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
From: John Navas on 8 Dec 2008 17:54
On Mon, 08 Dec 2008 13:27:51 -0800, Jeff Liebermann <jeffl(a)cruzio.com> wrote in <bh3rj41ev6ccc7iufnulop2eegedl7ubhp(a)4ax.com>: >On Mon, 08 Dec 2008 10:38:40 -0800, John Navas ><spamfilter1(a)navasgroup.com> wrote: >>They'd rather type a password? > >Yes. The UTEK software has a back door password for those how can't >seem to get the hang of the finger print reader. I found that all 3 >laptop users were using the password instead of the fingerprint >reader. One asked me to disarm the monster claiming she didn't like >the interruptions. Sounds to me like the real objection is to anything, either reader or password -- it's an interruption either way. >... Incidentally, one of my contacts is trying to sell me on >using RFID instead. When the user, with chip attached, is near the >laptop, it works. If RFID polling fails, the laptop is locked. >Probably not very secure, but certainly more convenient. Depends on the RIFD implementation -- can be made quite secure, albeit compromised if the RFID falls into the wrong hands, which is why most such systems I've seen also require a pin, but then you're back to the same inconvenience as a password. >Whatever technology will eventually win, I'll be willing to wager that >it will be the cheapest and easiest. On that basis, methinks RFID >will probably win. My money is on biometrics. Only thing that can combine security and convenience assuming all the technical issues are sorted out. Cost will be a function of mass adoption. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes> |