Domain: za.org
Stories and comments across the archive that link to za.org.
Comments · 4
-
Re:Forget passwords.The vast majority of commercially available finger print readers can be fooled as follows:
- Find a reader that has been used before, so someone's left a valid finger print on it.
- Place a piece of thin paper over the reader.
- Press gently to warm the paper up
- The reader sees a ghost of the last finger print, and the temperature sensor sees warmth + a pulse, so you're in.
I wonder if you could make a mold for the gelatin from a picture of the finger print and off the shelf components. If you had an old laser printer that dumped a think layer of toner onto a piece of transparency film, that might be enough, but there's probably a better/cheaper way to do it using chemical etching, or something like that...
Personally, I'm perfectly happy with ssh certificates for my authentication needs. If I cared about security more, I would disable password authentication for my accounts, so that the SSH key is required. The key itself is password protected, and stored in an unshared directory on my laptop.
In order to get access to the certificate, you need to break into my laptop or office (which is probably easy), but at that point, it doesn't matter what sort of authentication scheme I use... The password protection adds some security against script kiddies, since they would need to install a key sniffer on my system, or try to brute force it once they obtained a copy of my private key.
I run ssh-agent, so I get single sign-in for all of the unix systems I have access to, including ones that are in different administrative domains, and without any trusted centralized party to manage authentication.
Key authorities are expensive, and could be abused. Remember Microsoft Passport? Ignoring the fact that it was insecure, it was also a huge privacy problem, since it allows microsoft to track user behavior across multiple web sites, and applications (eg MSN Messenger). Do you want Bill Gates or Slammer 2006 to be able to send everyone you know a list of everything you bought/read last year? Do you want that information to be stored in a centralized repository without government regulation?
Multiple administrative domains really kill biometric and password based systems. If you use your atm card or thumbprint to buy groceries, then you are giving the grocery store everything it needs to fake your thumbprint or use your ATM card for fraudulant purposes. Now, if you use your thumbprint or the same pin for security sensitive data, you are effectively giving the grocery clerk the security sensitive data...
I think Bruce Schneier is right, passwords are obsolete. IMHO, biometrics are just expensive passwords that cannot be changed, and that are more easily stolen. If you're worried about security, run SSH, and set it up correctly. If you can't run SSH, use SSL/HTTPS certificates or something similar. If you want to use untrusted hardware, then get a USB dongle, and don't trust the hardware.
;) -
Re:could be just what we need...
espically cince the first transmission from them is more than likely the following
....A/S/L Wanna?
I had to Google for this, so perhaps others don't know it either. A/S/L is "Age, Sex, Location." See item "2)" on this page .
-
Re:Microsoft does innovateI am a Linux user, GPL Coder (see CD-Tux) and LUG-Chairman.
And I rant about Microshit! I especially rant about their lack of inovation.
Linux may appear less inovative because....we follow standards and we try to maintain compatibility.
Inovation also implies enhancement (not decompatibilizing extension) seen that way, Linux is one giant inovation.
Examples of inovation on Linux:
- DEVFS (The linux version far outdoes any other)
- DEB Packages
- RPM (To a lesser degree)
- /proc (Correct me If I am wrong on that one)
- Python
- Tcl/TK
- The Kernel - Who will deny that linux 0.1 was a great idea, even if it wasn't the very first - Linuz made it work.
- PHP
-
Re:Videogames Are No Longer a Work of Art
A long long time ago, videogames were usually written by one person
This was IMO not necessarily a good thing - not everyone is good at everything.
For example, I'd think I could write a game engine and decide about gameplay - but I'm horrible with graphics (the fact that I'm spending 99.9% of my time on the console and writing this with lynx should give you an impression ;) ), so if I gave it a try, it might be a nice game, but it would look so horrible that nobody would really enjoy it.
Today, the games are developed by teams of people, sometimes past 100 members. There are programmers, artists, marketeers, and even people whose job it is to do nothing but manage the aforementioned people
Leave out the marketeers and managers, and you have a system that works.
We're trying to do just that over at the Free Film Project - and from my experience there, I can say that we have some people who are excellent programmers, but who couldn't write a script, then we have script writers who couldn't even think of designing starship models, ... - but all the people's individual qualitites added up give us the possibility to get something done.
Does that prevent it from being a work of art?
I don't think so.