Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 1234»»»

The Security of You Expand / Collapse
Author
Message
Posted Saturday, November 8, 2008 3:05 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:11 PM
Points: 31,368, Visits: 15,837
Comments posted to this topic are about the item The Security of You






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #599488
Posted Monday, November 10, 2008 4:13 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, December 15, 2014 2:46 PM
Points: 388, Visits: 1,047
Excellent editorial, Stev.

I dabbled in security years ago. What you're saying is absolutely correct: people expect newer technology - whatever it is - to be better. This expectation historically sets the stage for fantastic examples of security gaps. Some of them have been written about and made into movies.

The truth is: newer != better. At least not always.

Newer almost always means new security holes. The downside (and we see this in software as much as anywhere) is we don't know where the new holes are... yet.

:{> Andy


Andy Leonard
CSO, Linchpin People
Follow me on Twitter: @AndyLeonard
Post #599730
Posted Monday, November 10, 2008 5:07 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Monday, December 15, 2014 8:13 AM
Points: 295, Visits: 1,013
Good editorial.

I find biometrics dangerous, not sure why but the entire concept feels like it's invading my privacy and me as a person and I do not believe it's any better then a card or a ring or something else that is not a part of my body. Besides, a failing ring/ card can be replaced, if I have an accident with my thumb and burn the skin or if it's is going to take my blood sample every time.. no way.

Besides, I'd prefer to have my card stolen then my thumb if I ever happen to work at a place where such things is an issue!
Post #599765
Posted Monday, November 10, 2008 5:07 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, November 11, 2013 2:42 AM
Points: 150, Visits: 245
Actually, we do know many of the security holes, but the vendors generally like to ignore them, describing them as 'impossible' and so forth.
I don't have a reference to hand, but just last week The Register was reporting that people had been able to get a hold of Jacqui Smith's fingerprints. These will then be published on the Internet, allowing anyone to make their own latex copies, or whatever. Other studies have shown that a simple photo-copy is enough to fool most finger-print scanners.



Throw away your pocket calculators; visit www.calcResult.com

Post #599766
Posted Monday, November 10, 2008 7:03 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, October 17, 2014 2:10 PM
Points: 153, Visits: 570
I think Steve's best point is the one about trusting systems too much. The more 'infallible' a system, the more unready we are whenever it does happen to fail.

Can you say, 'Titanic'?

No system is infallible and maybe we're better off with known issues that keep us on our toes.


___________________________________________________
“Politicians are like diapers. They both need changing regularly and for the same reason.”
Post #599840
Posted Monday, November 10, 2008 7:42 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, December 2, 2013 6:30 AM
Points: 346, Visits: 691
Biometrics have lots of problems. Even assuming the data is read-only secure (by which I mean someone can't substitute their fingerprints for yours, or yours for some known criminal!) you still have an insurmountable problem.

Using the Jacqui Smith example above, her biometric data (fingerprints) are now out in the wild. Even barring Misson-impossible style physical imposture scenarios, the real problem is remote verification (ie over the internet).

The computer doing the checking is NOT checking your fingerprint(s). It's checking the *digital representation* of your fingerprints, sent from God-knows-where. That means A) you can't verify it and B) once the biometric is compromised, you're screwed. You can't replace your fingerprints or your retinal pattern--that's the whole *point* of biometrics.

So what biometrics gives you is an irreplaceable piece of data that is easily stolen and used to "prove" a criminal is you.

Sound like fun?
Post #599874
Posted Monday, November 10, 2008 8:05 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:11 PM
Points: 31,368, Visits: 15,837
Someone pointed it out; we don't know what the issues are. It's like us designing applications and users not realizing what the issues are until they see the final product. We won't know what the problems are until they start occurring.

This is one area I can secure my laptop with, but I don't want securing my banking, medical, or any other records for some company.







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #599895
Posted Monday, November 10, 2008 10:42 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Tuesday, April 6, 2010 1:30 PM
Points: 34, Visits: 82
The problem with biometrics is no different from other manifestations of the Big Brother Card. The implication is vast. When BOBB (Barack Obama Big Brother) and his minions act in my best interest when I don't agree with their conclusions, who knows what they will do with and to my BBC.
THe problem is not so much with the card. The problem is with the people who control the information.
No Thanks.
Post #600037
Posted Monday, November 10, 2008 12:11 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Yesterday @ 3:11 PM
Points: 31,368, Visits: 15,837
I'd argue with the Patriot Act, I wouldn't trust the other side any more.






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #600102
Posted Monday, November 10, 2008 12:20 PM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Tuesday, December 16, 2014 12:11 PM
Points: 771, Visits: 1,971
If your bank account or credit card becomes compromised, you can be issued a new account number.

If your fingerprints become compromised, you can't get new prints


...

-- FORTRAN manual for Xerox Computers --
Post #600112
« Prev Topic | Next Topic »

Add to briefcase 1234»»»

Permissions Expand / Collapse