Slashdot Mirror
IBM Introduces Biometric Thinkpad
An anonymous reader writes "IBM has added biometric security to its thinkpad notebooks. The next generation of T series thinkpads will have an integrated fingerprint scanner for added security. The latest machines will also include some pretty cool encryption software, that will keep your hard disk safe, but still let you backup and restore images. This guy managed to get his hands on an early prototype T42 with the new security features integrated."
"IBM has chosen to go with a swipe-scanner rather than a touch-scanner, for a number of reasons. First and foremost is that a swipe-scanner provides better security. Because you have to drag your fingertip across the scanner, there is no way to "lift" a fingerprint from the surface."
That is a great idea. Such an elegant solution to what could have been a big problem.
FoundNews.com - get paid to blog.,
Does this mean you can hack it to record your friends' (or co-workers') fingerprints? Sounds fun and scary.
Playing pornographics games during the day is evil! Play at night!
will IBM include linux support?
The difference between spam and poop is that you don't have to dig through septic tanks looking for real food. -- Me
If they designed it in such a way that the LEA backdoor is secure (say, it's got an LEA public key on it, and the private key is kept in the forensics labs), I'll buy one tomorrow. I don't have a need to defend against .gov adversaries - I just want to know that the data on my drives remains secure even after someone steals 'em to get his or her crack fix.
If, however, they designed it in such a way that the backdoor is not secure (say, a default password stored in cleartext on a serial EEPROM), that's another story. I'll download the crack when it comes out next week, and my soldering iron and I will have an endless supply of cheap entertainment when the machines start showing up at the surplus stores in 2009.
I love my Thinkpad. I had a T30 before that stayed on 24/7 for over a year. The only time it was turned off was to/from vacation. The rest of the time it was a workhorse. Now I have a T42P and love it as much or more. Functional and VERY stable. Sure, it doesn't have some super new gizmos like others, but it works every time.
Every time someone asks me about a notebook I recommend IBM. They go out to Best Buy and get some other brand with 20 other options they don't need and then get mad when it breaks or isn't stable. Thanks IBM!
I'm a little disappointed that the encryption stuff may not transfer well to non-Windows OSs.
Now what happens when someones finger is damaged to due fire, electrical shock, or blunt trauma? I had this problem with an old Compaq laptop that had a system password at the BIOS level. It made the laptop permanently mine since I didn't want to disclose my password to anyone else.
I know there's room for 21 different fingerprints, but I wonder how many end users are going to think to register more than one of their fingers...just in case.
We have always been at war with Eurasia!
Under threat of physical violence, most security systems that involve humans tend to break down.
I'd give up my PGP private key to someone who put a gun to my head - that doesn't mean that PGP itself is insecure.
This space intentionally left blank.
I didn't RTFA, admittedly, but did IBM take her results into consideration before designing/implementing this feature?
Encrypting a Windows machine prior to login is nice, but in the rest of the world, the GUI is the last thing we run, not the first.
In Windows, you run the GUI, and execute the shell.
In Linux (and most Unixes), you run the shell, and execute the GUI. Its a very different paradigm.
You need to encrypt the data (AND swap!) at the bootloader level, otherwise the whole point of it is irrelevant.
I'm intrigued by the section that mentions that fingerprint authentication can also be used at Windows logon... I wonder how this is integrating with Windows? It would be cool if all of the user profiles on the active directory could get fingerprint data associated with them, but I suspect they're probably just submitting a stored password or something.
We've been using Safeguard Easy on Thinkpad laptops in our office for some years now, and it really doesn't seem to affect performance much... certainly not for office use anyway. Takes a hell of a long time to initially encrypt though.
If your RSA key is compromised, you can just generate another. You can do this as often as necessary. However, if you fingerprint is compromised, all you can do is switch fingers. Nine compromises later, you're SOL.
Now for ordinary folks who just use this to keep others from messing with their laptops, this isn't an issue. However, if security is critical, biometrics just won't cut it.
And, yes it's fairly easy to fool a finger print scanner. All it takes is some Krazy glue and a Gummi bear.
How is this different than apples FileVault feature in OSX which uses 128bit AES encription on your home directory?
I have a powerbook and I must say that the FileVault works beautifully (and seamlessly)
It used to be Microsoft copying Apple, but I guess IBM can do it to. Granted my powerbook doesn't use a fingerprint as the encryption key.. but still.
There was an interview in Business 2.0 a couple years ago with an individual who claimed she had had a very similar problem: she had just finished a presentation for a conference; the weekend before the conference she had a mishap in the kitchen and burned her finger, so she couldn't use the biometric authentication mechanism on her laptop. Her solution? She got on a plane and went to see her twin sister in Florida. She actually claimed in the article that "twins have identical fingerprints" and her sister was able to log in to her laptop for her and save the day.
The huge, glaring flaw in this scenario is that even identical twins will have fingerprints that look as much alike as the fingerprints of two random strangers on the street. The interview was good for a laugh, but sadly it does not appear to be available on the Business 2.0 site any more.
The individual was Bondra Bchneider, where B==S. She also referred to binary 1010 as "ten-ten"...
I want to drag this out as long as possible. Bring me my protractor.
Both wrong. The data stored is usually some kind of array or matrix of the finger minutiae (relative position, direction, etc). No serious fingerprint identification system compares -images-. Te image of the fingerprint is analyzed, the minutiae are extracted, and that's used to perform the matching against the database. A single fingerprint can contain more than 50 minutiae, while 12 are enough to identify a person.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
This article from 2002 claims that most fingerprint readers available to joe user by that time were easy to fool. Easy as in: press a plastic bag filled with warm water on it to replay the last print.
Are we looking at a new, better generation of readers today or are they still as insecure as they used to be?