Create an Account
username: password:
 
  MemeStreams Logo

Biometrics are bullshit
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Biometrics are bullshit
Topic: Miscellaneous 11:53 pm EST, Dec  8, 2009

At least in the "this is proof you are who you say you are" way.

A GAO investigator managed to obtain four genuine U.S. passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had died in 1965. In another, he used the Social Security number of a fictitious 5-year-old child created for a previous investigation, along with an ID showing that he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and make it through a security checkpoint at a major U.S. airport. (When presented with the results of the GAO investigation, the State Department agreed that there was a "major vulnerability" in the passport issuance process and agreed to study the matter.)

I've said this repeatedly during security presentations before: Biometrics simply tie a distinct physical person to an object. Biometrics say absolutely nothing about the validity of the information on that object.

This is a serious pet peeve of mine and it annoys me to no end that people are constantly confusing this point. Let me repeat: Biometrics use physical characteristics to relate a specific person to a document or object. Other means must be employed to:

1- Verify the information on the document
2- Prevent the document from being altered without detection

This GAO investigation is a perfect example of how a "biometricly secured" document was completely fraudulent. Privilege escalation in the real world baby!

Biometrics are bullshit

Thread [2]


  
 
Powered By Industrial Memetics		RSS2.0