Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprint Scanners Still Easy to Fool

Posted by michael on from the mission-possible dept.

Anlan writes "A Swedish student wrote her Master's thesis about current fingerprint technology. After a thorough literature study some live testing took place. Simple DIY fingerprint copies were used (detailed how-to in the thesis). Have current commercial products improved as much as proponents claim? Well, this qoute from the abstract says it all: 'The experiments focus on making artificial fingerprints in gelatin from a latent fingerprint. Nine different systems were tested at the CeBIT trade fair in Germany and all were deceived. Three other different systems were put up against more extensive tests with three different subjects. All systems were circumvented with all subjects' artificial fingerprints, but with varying results.' You can guess how happy the sales people at CeBIT were - most systems claim to be spoof proof..."

2 of 378 comments (clear)

  1. A question about Linux/PAM and biometrics.. by stratjakt · · Score: -1, Offtopic

    Since I put OpenLDAP on one of my boxes, and configured it all up.. It works but I'm having a problem.. When I ssh in as root, it asks my password - I give it, then it says denied and asks my password again, this time it will accept it.

    I think the auth is failing on LDAP, then being accepted by unix. The root user doesn't exist in LDAP, I don't want any system users in there, just regular network folks (ie; actual people, no bin or ftp or root). It should bypass LDAP when it doesnt find a cn=root entry, and just auth against the local /etc/passwd file. LDAP users log in fine.

    It's a bigger problem when I try to log in as a regular user, then su to root. Then you only get one shot at giving a password, which fails. Also, I can't use the passwd command on root for the same reason (it asks for the old password once, fails, and thats that).

    So, what gives?

    Here's my system-auth file.

    auth required /lib/security/pam_securetty.so
    auth required /lib/security/pam_nologin.so
    auth sufficient /lib/security/pam_ldap.so
    auth required /lib/security/pam_unix_auth.so use_first_pass

    account sufficient /lib/security/pam_ldap.so
    account required /lib/security/pam_unix_acct.so

    password required /lib/security/pam_cracklib.so
    password sufficient /lib/security/pam_ldap.so use_authtok
    password required /lib/security/pam_unix_passwd.so use_first_pass md5 shadow

    session required /lib/security/pam_unix_session.so

    Oh yeah, OpenLDAP is a kind of fingerprint scanner that works on Jell-O. (Slashdot mods are probably too stupid to know I'm lying).

    --
    I don't need no instructions to know how to rock!!!!
  2. Re:Airport Police by ishVC · · Score: 0, Offtopic

    It is a interesting industry with a lot of venture backed plays coming from it I