SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The Security of You


The Security of You

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64587 Visits: 19118
Comments posted to this topic are about the item The Security of You

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Andy Leonard
Andy Leonard
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1174 Visits: 1095
Excellent editorial, Stev.

I dabbled in security years ago. What you're saying is absolutely correct: people expect newer technology - whatever it is - to be better. This expectation historically sets the stage for fantastic examples of security gaps. Some of them have been written about and made into movies.

The truth is: newer != better. At least not always.

Newer almost always means new security holes. The downside (and we see this in software as much as anywhere) is we don't know where the new holes are... yet.

:{> Andy

Andy Leonard
Data Philosopher, Enterprise Data & Analytics
IceDread
IceDread
Mr or Mrs. 500
Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)Mr or Mrs. 500 (533 reputation)

Group: General Forum Members
Points: 533 Visits: 1145
Good editorial.

I find biometrics dangerous, not sure why but the entire concept feels like it's invading my privacy and me as a person and I do not believe it's any better then a card or a ring or something else that is not a part of my body. Besides, a failing ring/ card can be replaced, if I have an accident with my thumb and burn the skin or if it's is going to take my blood sample every time.. no way.

Besides, I'd prefer to have my card stolen then my thumb if I ever happen to work at a place where such things is an issue!
mike brockington
mike brockington
SSC-Enthusiastic
SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)SSC-Enthusiastic (190 reputation)

Group: General Forum Members
Points: 190 Visits: 245
Actually, we do know many of the security holes, but the vendors generally like to ignore them, describing them as 'impossible' and so forth.
I don't have a reference to hand, but just last week The Register was reporting that people had been able to get a hold of Jacqui Smith's fingerprints. These will then be published on the Internet, allowing anyone to make their own latex copies, or whatever. Other studies have shown that a simple photo-copy is enough to fool most finger-print scanners.

Throw away your pocket calculators; visit www.calcResult.com


Someguy
Someguy
SSC Veteran
SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)SSC Veteran (253 reputation)

Group: General Forum Members
Points: 253 Visits: 579
I think Steve's best point is the one about trusting systems too much. The more 'infallible' a system, the more unready we are whenever it does happen to fail.

Can you say, 'Titanic'?

No system is infallible and maybe we're better off with known issues that keep us on our toes.

___________________________________________________
“Politicians are like diapers. They both need changing regularly and for the same reason.”
roger.plowman
roger.plowman
Ten Centuries
Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)Ten Centuries (1.3K reputation)

Group: General Forum Members
Points: 1277 Visits: 1253
Biometrics have lots of problems. Even assuming the data is read-only secure (by which I mean someone can't substitute their fingerprints for yours, or yours for some known criminal!) you still have an insurmountable problem.

Using the Jacqui Smith example above, her biometric data (fingerprints) are now out in the wild. Even barring Misson-impossible style physical imposture scenarios, the real problem is remote verification (ie over the internet).

The computer doing the checking is NOT checking your fingerprint(s). It's checking the *digital representation* of your fingerprints, sent from God-knows-where. That means A) you can't verify it and B) once the biometric is compromised, you're screwed. You can't replace your fingerprints or your retinal pattern--that's the whole *point* of biometrics.

So what biometrics gives you is an irreplaceable piece of data that is easily stolen and used to "prove" a criminal is you.

Sound like fun?
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64587 Visits: 19118
Someone pointed it out; we don't know what the issues are. It's like us designing applications and users not realizing what the issues are until they see the final product. We won't know what the problems are until they start occurring.

This is one area I can secure my laptop with, but I don't want securing my banking, medical, or any other records for some company.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
don_goodman
don_goodman
Valued Member
Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)Valued Member (72 reputation)

Group: General Forum Members
Points: 72 Visits: 82
The problem with biometrics is no different from other manifestations of the Big Brother Card. The implication is vast. When BOBB (Barack Obama Big Brother) and his minions act in my best interest when I don't agree with their conclusions, who knows what they will do with and to my BBC.
THe problem is not so much with the card. The problem is with the people who control the information.
No Thanks.
Steve Jones
Steve Jones
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: Administrators
Points: 64587 Visits: 19118
I'd argue with the Patriot Act, I wouldn't trust the other side any more.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
jay-h
jay-h
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1945 Visits: 2337
If your bank account or credit card becomes compromised, you can be issued a new account number.

If your fingerprints become compromised, you can't get new prints

...

-- FORTRAN manual for Xerox Computers --
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search