From: Josh Cohen (firstname.lastname@example.org)
Date: Mon Jun 26 2000 - 11:23:31 PDT
I'm not sure if this is what Mark was trying to say,
but here's my concern. How well can an iris reader
tell the difference between my iris and a fake iris
created from my "scan code".
I would think that if we have the technology to
scan in the details of one's iris, that we could
also print it onto something that looks like an iris.
> -----Original Message-----
> From: Brian Atkins [mailto:email@example.com]
> Sent: Monday, June 26, 2000 11:02 AM
> To: Mark Day; Grlygrl201@aol.com; firstname.lastname@example.org; email@example.com
> Subject: Re: [CBS MarketWatch] A nose by any other name
> Mark Day wrote:
> > > << NEW YORK (Office.com) --Just as with fingerprints,
> people's faces are
> > > distinctly their own. A new generation of pocket PCs,
> personal digital
> > > assistants and cell phones will use the measure of one's facial
> > > contours as
> > > part of their security features. >>
> > I can never believe how seriously people take all the the
> biometric systems.
> > Since all of these systems also have something that corresponds
> > approximately to a password file, which could be compromised by
> an attack or
> > an insider, there seems to be relatively little attractive about them in
> > real-world usage.
> > More than once in my career I've been told I have to choose a
> new password
> > because the password file had been compromised. If we're doing
> iris scans, I
> > only have two eyes. Similarly, I have only two hands and one face.
> > "Dear system user: we had a hacker break in over the weekend
> and compromise
> > everyone's logins. Accordingly, we have scheduled plastic surgery for
> > everyone."
> > --Mark
> > Mark Stuart Day
> > Senior Scientist
> > Cisco Systems
> That doesn't make any sense. Your password was being used by a hacker
> from "outside" to get access to the "inside" (server). Once they were
> able to use it you had to change it. But that obviously can't happen
> with biometric- they can't "use your iris" in a non-James-Bond world.
> They only attack (assuming we are not talking about things like cutting
> off hands or eyes) is to reprogram the server-side to accept the hacker's
> password/iris instead of yours. So yes the biometric system still has a
> weak link, but only one. Password-based systems have two weak links
> since the client side can also get hacked.
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 11:27:07 PDT