biometrics

[Bill Vermillion]

On Mon, Jun 07, 2004 at 10:28:49AM -0400, GCC Consulting thus
spoke:

> As I stated earlier, no security system is fool-proof. All you
> can do is take reasonable precautions to protect what ever it
> is you want to protect.

> You can have the most ingenious locking system, steel
> reinforced doors, monitoring equipment, etc, but if the walls
> are thin or made from wallboard, avoid the problem and go
> through the wall.

A lot of apartments got hit that way.

> About 30 years ago in NY's Chinatown area a jewelry store on
> the second floor of a building had it's safe stolen at noon
> time on a work day. The thieves got someone in, they had a
> "cherry picker" parked below the store's window. They placed
> a cable around the 1 ton safe, pulled it across the floor and
> thru the wall. It crashed to the ground, using a small winch to
> get it on to a flat bed truck and drove off. People stood in
> the street watching the robbery transfixed.

And locally a few ATM's have been carted off.  And Sundance ran
Jules Dassin's classic Raffifi this AM.  After 50 years it still
holds up well and how the old security still had a lot of work to
get around.  But a heist at noon is interesting.  That goes
along with the unexpected - which is a key element in crimes.

> Even people working in "secure" areas can be lax in their
> security procedures. As I said, I ran base security checks
> while in the army and on quite a few occasions got passed armed
> security guards and alarm systems :). As a sgt I got dressed
> down more then once by officers in charge of the areas (:.
> What I had going of course, were orders from higher ranking
> officers.

For some great stories on security or lack thereof, you should
read the accounts in Surely You're Joking Mr. Feynman, when
Richard Feynman was working on the atomic bomb at Los Alamos in
the 1940s. He figured out the combinations of safes and would
open them for other who had forgotten them. He also walked in
or out of the base past the same guard several times without
seemingly walking the other way. [I forgot the direction].

When he went to the nuclear facility in Oak Ridge Tennessee someone
there asked him to open a safe for which they had forgotten the
combination.  When the higher-ups found out about that their
solution was not to let Feynman come there again :-). 

> IBM on a number of their ThinkPad models have placed a
> fingerprint scanner to control access to the laptop.

> I am writing a system for an account where there is a
> requirement for password authentication for using many of the
> modules. Conceivably it may be easier to use a fingerprint
> scanner then have each person constantly type their login and
> password as currently required. Now, will the cost be worth it
> to my client, that is the question.

I can see fingerprint for access to paritcular modules after the
original authentication, but I'd think a login, password, and
the fingerprint check after password entry would be best for at
least first access to show that the password was not stolen.

Then if a fingerprint check after password failed, admins should be
alerted as to a possible stolen password.

Bill
-- 
Bill Vermillion - bv @ wjv . com