Security. WPA?/-TKIP /-CCMP
in [Wireless Internet]
|
From: Mark McIntyre on 8 Dec 2008 18:12 Jeff Liebermann wrote: > On Sun, 07 Dec 2008 00:06:09 +0000, Mark McIntyre > <markmcintyre(a)TROUSERSspamcop.net> wrote: > (of fingerprint readers) >> too easy to sniff, > > How so? The swipe type readers are inside the laptop. Most of these doodads seem to be a USB interface internally. A lot of the ones for desktop PCs are built into the keyboard or are on a separate USB dongle. > What did work quite well was an external reader. It was plugged into > a USB port and most certainly can be tapped and sniffed. indeed :-) >> foolable by a variety of creative methods not >> including severing digits, and not hooked into the OS at a low enough >> level to properly secure the login. > > Other than using the software, I have no experience with how it works. > I'll plead ignorance here. There was an article on (I think) The Register about 12 months ago, where they showed how to use a condom filled with warm dough to lift and then replay a fingerprint. Highly inventive and surprisingly effective.
From: John Navas on 8 Dec 2008 19:07
On Mon, 08 Dec 2008 23:12:49 +0000, Mark McIntyre <markmcintyre(a)TROUSERSspamcop.net> wrote in <0Sh%k.397328$vK2.199045(a)en-nntp-03.dc1.easynews.com>: >Jeff Liebermann wrote: >> On Sun, 07 Dec 2008 00:06:09 +0000, Mark McIntyre >> <markmcintyre(a)TROUSERSspamcop.net> wrote: >> >(of fingerprint readers) > >>> too easy to sniff, >> >> How so? The swipe type readers are inside the laptop. > >Most of these doodads seem to be a USB interface internally. A lot of >the ones for desktop PCs are built into the keyboard or are on a >separate USB dongle. Correct, but the laptop ones are physically secure, and the Lenovo/AuthenTec USB devices are securely encrypted with AES, with patterns are stored on the chip itself, not transferred. <http://www.authentec.com/products-pcsandperipherals-aes2810.html> >> What did work quite well was an external reader. It was plugged into >> a USB port and most certainly can be tapped and sniffed. > >indeed :-) Nope. Perhaps you're thinking of Microsoft's flawed device: <http://en.wikipedia.org/wiki/Microsoft_Fingerprint_Reader#Criticisms> >>> foolable by a variety of creative methods not >>> including severing digits, and not hooked into the OS at a low enough >>> level to properly secure the login. >> >> Other than using the software, I have no experience with how it works. >> I'll plead ignorance here. > >There was an article on (I think) The Register about 12 months ago, >where they showed how to use a condom filled with warm dough to lift and >then replay a fingerprint. Highly inventive and surprisingly effective. That method only works with a cheap optical scanner. <http://www.washjeff.edu/users/ahollandminkley/Biometric/index.html> Won't work with the swiper based on capacitive sensing. <http://en.wikipedia.org/wiki/Fingerprint_recognition#Capacitance> All this said, it's really a tempest in a teapot, because in most cases the hacker won't have access to a clean fingerprint. -- Best regards, FAQ for Wireless Internet: <http://wireless.navas.us> John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi> Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo> Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes> |