Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Biometrics Site Opens Doors

Posted by Zonk on from the scanning dept.

flickerfly writes "A new site to unite the individuals interested in Linux and Biometrics has opened its doors. LinuxBiometrics.com's purpose is to fill the biometrics void in the Open Source community. With the increased adoption of Linux in europe and the recent increase in biometrics interest by the EU, this appears to be a field ready to blossom into heavy adoption and will be in need of OSS support."

83 of 117 comments (clear)

  1. Confused by Anonymous Coward · · Score: 3, Funny

    Linux = good
    biometrics = bad
    Linux + biometrics = ?

    1. Re:Confused by Sexy+Bern · · Score: 1, Funny

      gad.

    2. Re:Confused by 0x461FAB0BD7D2 · · Score: 2, Insightful

      Linux + biometrics = optional

    3. Re:Confused by mboverload · · Score: 4, Interesting
      Once you lose your fingerprint to theives you are screwed for the rest of your live.

      You can't change your fingerprint or your biometrics, which is why they are a stupid idea. Once they come up with a way to even imitate retnas the whole security system that was based around biometrics will be SCREWED.

    4. Re:Confused by lifebouy · · Score: 1

      No need. Because your eye changes so much, retinal scan biometrics have to be fault tolerant. I recall someone reviewing retinal scan systems not too long ago and coming up with, get this: 1 in 10 people can fool basically anything on the market today into thinking they are you! And it concluded that that won't change anytime soon since the fault tolerance must be so high. So biometrics is officially SCREWED already.

      --
      Drop me a line at:
      Key ID: 0x54D1D809
    5. Re:Confused by sedgy · · Score: 1

      add smelly stuff to other stuff and it smells :) anyway this just about sums up biometrics for me at this point in time http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m of course if he had a gun in is car, or it was armed with flame throwers this would not have happended ;) so maybe linux + weapons + biometrics = good

    6. Re:Confused by lucifuge31337 · · Score: 1

      That is if you consider "biometric security" to be fingerprint and retinal, which is hardly comprehensive.

      --
      Do not fold, spindle or mutilate.
    7. Re:Confused by Manuel+Lafond · · Score: 1

      well, it could be worse

      windows + biometrics = !!

      --
      you slashdot geeks only criticize people...finally a community where I'm not different
  2. This site looks like spam.. by grazzy · · Score: 2, Insightful

    .. and besides, doesnt biometrics suck? It's all about onetime identifiers. You cant easily change your eye, breath or thumbprint if they happened to fall into the wrong hands.

    1. Re:This site looks like spam.. by drinkypoo · · Score: 2, Informative

      If your eye or fingers fall into the wrong hands, you've got bigger issues than access controls. Proper security works with something you have, and something you know; biometrics, and a password.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:This site looks like spam.. by damiangerous · · Score: 4, Insightful
      No, biometrics doesn't "suck". But it's also not the security panacea it's usually made out to be. Biometrics can be a valuable part of the security "arsenal". One good use for it is a verification where the main breach won't come from malicious access but rather laziness.

      For example, a friend of mine is a pharmacist. The pharmacy technicians do most of the putting of pills in bottles, but everything has to be reviewed and signed off on by a pharmacist before it's released. The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed. With a password system it's far too easy for anyone to print out the approval label, and that's what would happen. Not out of maliciousness, but simply out of convenience.

    3. Re:This site looks like spam.. by imsabbel · · Score: 1

      This isnt about physical objects, but the information.

      A fingerprint is quickly sampled and a silicone mold will fool every scanner.

      --
      HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
    4. Re:This site looks like spam.. by grazzy · · Score: 1

      So, if my biometric credentials was compromised, I couldn't become a pharmacist? My security would be much lower than other people.

      Sure as you say, it can be a part of a bigger whole, but still - is it any good? It's safe now much like firefox is resonable safe now, becuase only a small portion of people are using it. That will change.

    5. Re:This site looks like spam.. by B3ryllium · · Score: 2, Funny

      So if your place of work utilized a butt-print scanner, and it got broken into, you could say they stole your data "arse 'n all"?

    6. Re:This site looks like spam.. by the+grace+of+R'hllor · · Score: 2, Funny

      That's a horrible joke, and you deserve to be sent consecutively to each dimension of Hell for that.

      But this is Slashdot, so at least your audience has been desensitized.
      -- :-)

    7. Re:This site looks like spam.. by damiangerous · · Score: 2, Insightful
      Your biometric credentials couldn't be "compromised" for this purpose, that's the whole point as to why it's useful. It's a limited access, limited purpose system. It's only accessed from two physical terminals located in the pharmacy only during staffed hours and only does one thing, prints prescription approval labels. It exists to ensure that a given pharmacist actually does approve a given prescription rather than a tech who shoulder surfed a password or a lazy/too busy pharmacist who just gave the techs his password because he trusted them.

      As for being any good? Yes. It's ideal for this particular scenario and probably many other highly similar ones.

    8. Re:This site looks like spam.. by Bastian · · Score: 4, Interesting

      You don't need to cut off a person's finger to get their fingerprint, nor do you need to cut out their eyes to have a model for what their retinas look like. In fact, both those plans would be inadvisable since a good biometrics system (which is what you'd be encountering anywhere you're willing to horribly mutilate or kill someone to get into) will involve sensors designed to tell if what's being scanned is alive.

      The technology to mimic body identifiers will come. A cheap technique for mimicing a person's fingerprint well enough to fool a biometric scanner is already well-established, and will fool heat-sensing scanners, too, since all you need to do is coat your fingertip with some gelatin and then etch it.

      And I would suggest that the "something you have, something you know" system is severely compromised if the "something you have" part is something that can't be voided and replaced. It means that you have to either re-do the entire security system from the ground up to use a different "something you have" whenever someone steals an important "something you have", or you are forced to fire the person who owned that "something you have", or you have to accept that for at least that one person, you no longer have a "something you have, something you know" system.

      If you really need it to be attatched to your body, why not put it in the form of some sort of implant, like the ID chips people put in their pets?

    9. Re:This site looks like spam.. by JimBobJoe · · Score: 3, Insightful

      The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed. With a password system it's far too easy for anyone to print out the approval label, and that's what would happen.

      Essentially...biometrics is useful when security isn't important. (I think that will be the biggest uses of biometrics for years to come...non-security applications...like at my local grocery store where employees use their thumbrpint to sign into a time-clock. It is only loosely a security application, it's more of an application of convenience.)

      In the end, there is no security and privacy tradeoff, the main tradeoff is between privacy and convenience, and security and convenience. Biometrics is very convenient, but it's not very private and it's arguably not secure.

    10. Re:This site looks like spam.. by suitepotato · · Score: 2, Insightful

      .. and besides, doesnt biometrics suck? It's all about onetime identifiers. You cant easily change your eye, breath or thumbprint if they happened to fall into the wrong hands.

      I'm not sure how your breath can fall into the wrong hands. I have trouble smelling my own breath by cupping my hands over my face. As to your eyes and thumbs, are you one of those people who has detachable parts? Like, when your S.O.(yes, some Slashdot readers have actual real life involvements with women) says "get your butt out of bed" you can hand it to her and say, "sure, take it, let me sleep."

      Joking aside, bioelectricity, thermal output, and a bunch of other things are easily checked for to prevent use of amputated body parts.

      Optimally, there would be stress identification methods and more than one password such that if someone tried the gun-to-your-head coercion method, you could silently tip off the system to call the authorities to the location. Be nice if every important system had personal 911 sort of passwords right now. "Send two units to the ATM at Stepford Avenue, we have a possible kidnap."

      Biometrics is wonderful stuff in my book to keep people out of stuff where they don't belong. I just don't want a national ID card where I have to keep a record of my dna on file and so forth. But biometrics to secure my stuff? Better than leaving it wide open.

      --
      If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
    11. Re:This site looks like spam.. by Scrameustache · · Score: 1

      The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed. With a password system it's far too easy for anyone to print out the approval label, and that's what would happen. Not out of maliciousness, but simply out of convenience.

      If the pharmacist is lazy enough to let his technician know and use his password, he's lazy enough to put his thumb on the reader without actually checking the content.

      --

      You can't take the sky from me...

    12. Re:This site looks like spam.. by damiangerous · · Score: 1

      But then there's accountability. With a password only system there can always be the issue of a stolen password. With the thumbprint and the circumstances it's used in it's basically impossible it's going to be forged.

    13. Re:This site looks like spam.. by damiangerous · · Score: 1

      It's not about amputated body parts. Fingerprint scanners can be fooled by gummy bears. Once someone has a copy of your fingerprint you can't revoke that password and give yourself a new fingerprint. Biometrics are only good in a limited sphere where other measures are in place.

    14. Re:This site looks like spam.. by slittle · · Score: 1
      And I would suggest that the "something you have, something you know" system is severely compromised if the "something you have" part is something that can't be voided and replaced.
      It's "something you have, something you know, something you are."

      All that shit can be faked/stolen. The thing is, a real human is infinitely more capable of recognising someone trying to fake what they are. An eyeball on the tip of a fountain pen would be a... dead giveaway. We don't just analyse the eyeball, we observe the whole scene, including the wannabe infiltrators body language. Until a computer can be programmed with that level of instinct, you're best off keeping your biometrics under the observation of actual security guards.
      --
      Opportunity knocks. Karma hunts you down.
    15. Re:This site looks like spam.. by Thing+1 · · Score: 1
      Heh, you'd think a President-destroying fighter would be protected by more than a "dead is ok" fingerprint detector!

      But 24 aside, "something you have, something you know" isn't likely to be replaced by biometrics.

      And your example seems misguided as well; if you fire someone, surely you can remove their access.

      Someone stealing something, that's a different issue, but if it's a decent system it can ask relevant questions like, "what projects were you working on last week? (give any four)" or something similar, like "You got an email with the words 'wine festival'. Do you remember who it was from?" It would ask several such questions, with enough different information, to prove that you were you (or you were you with a gun to your head, which is a tricky situation: should we deny your access, ensuring that the bullet leaves the chamber; or should we allow it, ensuring that security is breached and more than one life is potentially at risk?).

      --
      I feel fantastic, and I'm still alive.
    16. Re:This site looks like spam.. by Kadin2048 · · Score: 1
      Really what this system is, is a whole lot of ass-covering on behalf of the pharmacy's owners. With a biometric system, in the case of a misprinted label, the pharmacy can place the blame squarely at the pharmacist that day, since they can "prove" who it was that ordered the approval label printed. It severely weakens the pharmacists' defense that "hey, it wasn't me, somebody must have used my code."


      I've seen similar systems used in healthcare on narcotics lockers and in other controlled areas. The system isn't really any more secure than just having a pushbutton combination lock or something, but it eliminates the after-the-fact excuse that 'somebody stole my code.' At least right now, when there haven't been any widely publicized exploits of biometric technology by thieves or hackers, it does. Whether in the future when this inevitably occurs the demand for biometrics goes down proportional to the increase in "they stole my fingerprint" excuses, remains to be seen.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    17. Re:This site looks like spam.. by kinema · · Score: 1
      why not put it in the form of some sort of implant, like the ID chips people put in their pets?
      The implants you speak of are RFID tags and judging by your relatively low Slashdot UID (66383) you should have a pretty good idea to what degree most people around here thinkg of RFID tags.
    18. Re:This site looks like spam.. by halleluja · · Score: 2, Insightful

      No, biometrics doesn't "suck". (...) Not out of maliciousness, but simply out of convenience.

      That is the scary part. In a few decades I will have to open my car with my retina just because 90% of the people is too lazy to put their keys on a nail near the door...

      I'd prefer to have my keys stolen and my eyes comfortably in their sockets, thank you.

    19. Re:This site looks like spam.. by CortoMaltese · · Score: 1
      Biometrics are only good in a limited sphere where other measures are in place.

      Essentially, biometrics should only be used in face-to-face situations, i.e. there's someone verifying that the biometric scan is done properly.

      The biometric passport is one such case: there will always be a customs official around when your picture is taken or fingerprint scanned for verification with the reference data stored on the passport chip.

    20. Re:This site looks like spam.. by drinkypoo · · Score: 1

      Something you have, something you know. Biometrics are not a satisfactory security measure by themselves, at least not at this time. (Tomorrow we may find a way to scan for something that cannot be faked.) However, added to an additional factor, they can be a useful addition to your security solution because they significantly raise the bar to defeat.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    21. Re:This site looks like spam.. by boodaman · · Score: 1
      The pharmacist verifies the finished prescription, uses his thumbprint to indicate he approves it, and a label is printed.

      Isn't that authentication, and not security? They aren't the same thing.

  3. It's a matter of trust and privacy by kebes · · Score: 5, Interesting

    Open source biometrics shouldn't just be for those wacky Europeans who like OSS. Important security issues like biometrics should be engineered in an transparent fashion. This is necessary so that the citizens can be assured that their privacy is not being infringed, and that their security is being maintained.

    Closed formats and security through obscurity have well documented shortcomings. For important government and security applications (voting machines, encryption, etc.) it seems like an open standard and open software is a much better way to ensure reliability, stability, fairness, and so forth. After all, security is pointless without trust... and I would argue that trust in a system is enhanced by it being open.

    1. Re:It's a matter of trust and privacy by Heliode · · Score: 1

      While I mostly agree with you, couldn't it be argued that, when a system is open source, doesn't that mean that IF there is something to be exploited, someone will find it by reading the source code?
      Sure, it works both ways; someone with 'good' intentions can notify the devs if they found a possible exploit, but someone with 'bad' intentions could exploit it for his own use. When the source isn't freely available, people will only be able to guess how to crack it.
      I believe this was a mayor reason why half-life 2 was postponed for so long after (part of?) the source was leaked; they were afraid people would use the source to create hacks.

      I'm not saying I don't agree with you, and I certainly see how an open system can add to its quality, but isn't a completely open source system inherently insecure, because people can read the source and figure out ways to crack it?

      (no flame please, i'm probably just ignorant)

      --
      Fox can take the sky from you.
    2. Re:It's a matter of trust and privacy by Kadin2048 · · Score: 1
      The security of an open source system depends principally upon the simple fact that there are more good people out there than there are bad people. (This is basically an assumed premise in most FOSS discussions.) If this is true, then the more open you make your source code, then the more secure it will become. Some people will find exploits and use them for their own advantage, certainly, but when the exploit is discovered it will be much more rapidly fixed than it would have been otherwise.


      For evidence just look at the turnaround time patching security holes in Linux versus in Windows. I don't mean to turn this into an MS/Linux flame war, but there is a distinct advantage here in having an army of programmers around the globe combing over the code, and patching it when an exploit is found.


      I'm not sure that I can argue that an open source architecture is inherently more secure than a totally closed-source "black box," where nobody knows the code or even has the foggiest idea about how the internals of a given mechanism work. But that black box doesn't really exist in real life. Details always leak out. Intelligent people apply themselves to the same problem and make educated guesses at what the engineers must have done inside. Reverse engineering happens in the real world.


      It is in this real world, and not in the theoretical vacuum, where open source software has a real advantage. Because the code is already out in the open, exposed to the gazes of would-be hackers and patchers alike, there are no surprises. Contrast that to when code from a closed-source project is leaked (your Half Life example is perfect) and everyone waits with baited breath to see what the thousands of outside programmers will find in the code!


      The question that open source asks is: wouldn't you like more than one try at that? Wouldn't you, as the user of a security application, prefer to use software whose code has been grown and developed not in the isolated network of some NDA-ridden research lab, but by early adopters all over the internet? And where all the obvious exploits have already been ironed out and removed? Where no programmer dares leave a backdoor, knowing that his or her work will be peer-reviewed by hundreds of other programmers? That's the question facing security software, and frankly, I have yet to see one convincing argument for anything but FOSS.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  4. Be careful with biometrics! by tquinlan · · Score: 4, Interesting

    All Linux biometrics should look for HEAT in addition to regular biometrics (ie, fingerprint), so that something like this doesn't happen:

    http://news.bbc.co.uk/1/hi/world/asia-pacific/43 96 831.stm

    A cold finger shouldn't be usable, and that will keep them all attached!

    --
    DBA? Software Engineer? My company is hiring! Click
    1. Re:Be careful with biometrics! by Proud+like+a+god · · Score: 1

      That article is a little unclear about whether the removed finger was used successfully, or whether they disabled the immobiliser first before stripping and maiming the guy.

    2. Re:Be careful with biometrics! by TripMaster+Monkey · · Score: 3, Informative

      A cold finger shouldn't be usable, and that will keep them all attached!
      So the bad guys will keep it in a thermos full of hot water until it needs to be used. Problem solved.

      Seriously, though, the point that most people seem to be missing here is that your biometric identification information (fingerprint, retinal scan, iris scan, etc.) has to be stored somewhere. If it's stored somewhere, it can conceivably be accessed and altered illicitly, allowing acces to unauthorized parties. I believe most attackers will choose this method over the 'garden shears' option.

      --
      ____

      ~ |rip/\/\aster /\/\onkey

    3. Re:Be careful with biometrics! by __aagctu1952 · · Score: 1
      A cold finger shouldn't be usable, and that will keep them all attached!

      No it won't. All it would do is make the fingerprint systems a pain in the ass to use in cold weather (and unusable by smokers, the elderly, and all the other people with blood circulation problems). To defeat it, OTOH, you'd just have to warm the chopped off finger (on a warm surface or in your hand or armpit or whatever) before applying it to the scanner...

      A bit icky, yes, but I think we can safely assume that the person who's capable of chopping people's fingers off just to steal their property isn't the overly squeamish type.
    4. Re:Be careful with biometrics! by kebes · · Score: 5, Interesting

      This is one of the problems with biometrics. I would rather someone steal my bank card and demand to know my PIN, rather than having them cut off my hand or cut out my eye.

      For every countermeasure there is a counter-countermeasure. If heat sensors are included, thieves will just use a lighter (or whatever) to warm a finger before using it. I've often thought that retinal scanners should check to see if blood is actually flowing in the veins/arteries in the retina, but this is not (currently) feasible I think. If this countermeasure existed, then no doubt someone would figure out a way to beat it (artificially flowing liquid through a detached eye sounds complicated, but you could probably fool the sensor by casting moving shadows on the back of a detached eye, thereby simulating the proper pulsating effect of veins...). I've also thought that eye-scanners that use the iris pattern instead of retinal pattern could emit a flash of light and monitor the rate at which the pupil contracts. This would be proof that the eye is alive (since it reacts) and could even perhaps guard against people being drugged or stressed. Again, however, I worry that someone would overcome it.

      The exact form of the criminal's counter-countermeasure of course depends on how the device works, but eventually they'll figure out how to beat it. Now, a technological escalation on cracking encryption or snooping network traffic is one thing... but when it comes to biometrics, it puts peoples lives in danger. So perhaps we should rethink this whole biometric thing. Is my car or bank account really worth so much that I'm willing to endanger my hand or eye???

    5. Re:Be careful with biometrics! by captnitro · · Score: 1

      Good points. But I'd say that most criminals wouldn't go so far as to chop someone's fingers off or remove their eye -- most don't even go to the trouble of stealing the bank card.

      All they have to do is point a gun at you and say "let's go to the ATM". In fact, I'd say that biometrics makes it likely that the overall fear is reduced to one of "I could lose my finger" vs. "I could lose my life" vs. "I could lose my life, and my corpse would lack a finger". And then there's the fourth option, "I could just go to the ATM and get him the damn money." Most people will just go with #4.

    6. Re:Be careful with biometrics! by EngMedic · · Score: 1

      One hot water bath later, and whoops, the finger is warm again.

      --
      filter: +3. Hey, look! all the trolls went away!
    7. Re:Be careful with biometrics! by kebes · · Score: 2, Interesting

      Contrary to myth (i.e.: television shows), twins do not have identical fingerprints (or retinal patterns, etc.). They have identical DNA, but the patterns on your fingers are developmental. Twins have very similar fingerprints, but the exact curves depend on exactly how a person matured in the womb, and are thus distinct and distinguishable even for twins. Identical twins will have different birth marks and so forth.

      So in reality, if a biometric scan is supposed to prevent the 6 billion other people on earth from opening a lock encoded to me, then my evil twin brother will also be locked out. Real biometric scanners, of course, may not be that refined.

    8. Re:Be careful with biometrics! by Robotron23 · · Score: 1

      I've often thought that retinal scanners should check to see if blood is actually flowing in the veins/arteries in the retina, but this is not (currently) feasible I think.

      They didn't have it in Minority Report, so I doubt they'd have it now.

    9. Re:Be careful with biometrics! by HermanAB · · Score: 5, Interesting

      So, what about cold countries. I once walked into the bank and could not sign my name - my hands were too cold. So, they just laughed and carried on without a signature.

      --
      Oh well, what the hell...
    10. Re:Be careful with biometrics! by swillden · · Score: 2, Informative

      I've often thought that retinal scanners should check to see if blood is actually flowing in the veins/arteries in the retina, but this is not (currently) feasible I think.

      Actually, if there's no blood to inflate the vessels in the retina, the scanner will not be able to see them. In addition, the shape of the eye changes when removed from the head. Retinal scans of dead eyes simple do not work. Iris scans are a little "better" in this respect, but I've read that the eye changes enough that scanning a dead eye would also probably not produce a match.

      I saw a conference talk on this subject a while ago, by a researcher who had been experimenting with cadavers. He was even able to get some livescans of eyes of terminally-ill patients and then check the same eyes post-mortem. I don't recall the name, but Google will probably turn him up.

      The exact form of the criminal's counter-countermeasure of course depends on how the device works, but eventually they'll figure out how to beat it.

      To a point, but all security is built on the notion that if you can make it hard enough, the attacker will decide to attack something else. When you start talking about providing artifical blood flow into the detached eye, or simulating pupil response, your average mugger will prefer to just kidnap the whole person and force them to authenticate themselves.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    11. Re:Be careful with biometrics! by laron · · Score: 1

      So, in the future fingerprint scanners will check for heat, pulse, whatever. You know that, i know that. The robber who just cut off your finger will learn it soon, but your finger is still cut off.

      --
      "Beware of he who would deny you access to information, for in his heart he dreams himself your master."
    12. Re:Be careful with biometrics! by Bastian · · Score: 1

      I'd love to see some numbers on that. To me, it just defies logic that a mugger would prefer to act that way.

      Every ATM account jackpotting I know of involves cloning card and catching PIN numbers. Having someone actually take you to the ATM is maximizing the chance that somebody will notice that something is amiss - especially when you're having that person take you to a spot that is frequently visited (like an ATM).

      And asking the person for their PIN is silly - everyone is capable of saying four numbers at random.

      But most card-oriented crimes I know of skip the ATM thing entirely. involve just taking the person's card and making use of the fact that you can use it as a credit card, and then fence the goods.

    13. Re:Be careful with biometrics! by SharpFang · · Score: 1

      Actually, they will just wait nearby and mug you when you leave the ATM with cash in hand. Or stand behind you, show a gun or knife, say "withdraw $1000", take it from you and go away. No need to be fancy in playing a kidnapper with a hostage...

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    14. Re:Be careful with biometrics! by SharpFang · · Score: 1

      Actually, stealing an eye is a stupid idea if all you need is the image. A good hi-res picture behind some lenses that imitate the eye, and you're done.
      Stealing fingerprints is even easier. You won't even need the victim to look into the camera, just pick them from whatever...

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    15. Re:Be careful with biometrics! by Kadin2048 · · Score: 1
      Well, not necessarily true. A good system would store the result of a one-way hash function run on some quantifiable aspect (the distances and azimuths between places where lines converge, etc.) of the fingerprint, that way the original biometric data couldn't be reconstructed if the database were compromised. The actual "fingerprint" would only go between the scanner and the microcontroller performing the hash function.


      I'm not saying that your fingerprint couldn't be stolen, just that there are systems you could put in place that would make sure that thieves have to steal them individually at 'point of sale' or wherever, instead of just grabbing them wholesale from some database.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    16. Re:Be careful with biometrics! by jetmarc · · Score: 1

      > All Linux biometrics should look for HEAT in
      > addition to regular biometrics (ie, fingerprint),
      > so that something like this doesn't happen

      That will only make sure that detatched fingers will be kept warm, or be heated before use. The street method would be to either use the finger right after detatching it, or to stick it into the mouth a few minutes before using it. I know this sounds akward, but its low-tech (no tools required) and will work.

    17. Re:Be careful with biometrics! by JadeNB · · Score: 1
      So the bad guys will keep it in a thermos full of hot water until it needs to be used. Problem solved.
      `Dammit, his finger's gone all pruny in the thermos! Guess we'll have to go get another one.'
  5. Biometric locks leave me feeling uneasy. by Andy+Mitchell · · Score: 2, Insightful

    I think ever since seeing the classic sci-fi series http://www.bbc.co.uk/cult/classic/blakes7/Blake's 7 as a kid the idea of biometric locks has filled me with dread.

    There is a scene where the protagonists try to persuade the guard they have over powered to put his hand on the sensor to open the door so they can progress their escape. Naturally he is not helping.

    Then Gan says to him: Look, we only need the hand. If you want to stay attached to it, do as you're told.

    Strangely enough, instant compliance!

  6. Exploring linux/biometrics in 2000... by Anonymous Coward · · Score: 3, Interesting

    ... and trying to locate a PAM implementation was ridiculous. The vendors had locked into MS, and completely ignored the huge Solaris/Unix situation; government for example. When visiting with the Biometrics people in several research institutions, they gave me a dumb look when I asked about open source of a PAM, and it was all about Windows. Duh. Sun was extremely tight-lipped as they apparently were keeping that market as an opportunity for themselves.

    I did find some odd threads of software activity, such as Univ. of Michigan, but that all seemed to go nowhere or die out; maybe they were all sucked up by the NSA? or the Banking industry?

    I'm sure this site will draw more open interest.

    1. Re:Exploring linux/biometrics in 2000... by goose69 · · Score: 1

      well i agree my reasearch lead me to http://biomark.org.ru/

  7. But I thought... by StarManta.Mini · · Score: 2

    ....biometrics were supposed to keep doors CLOSED? :)

  8. Biometric is kinda fine by vadim_t · · Score: 2, Interesting

    But only when not used for anything important.

    For example, at a small company they're installing a biometric thingy to keep track of when people enter and exit. It looks like the biometric sensor will be used as a replacement of the username, and still require a password.

    Now, using it for something seriously important, such as ATMs is definitely a very bad idea.

  9. Re:Try: by azmeith · · Score: 4, Interesting

    How can any form of biometric software (os or otherwise) be 'good'?

    The way I see and understand it, it will never be perfect, not because humans are not smart enough to come up with innovative uses of a techonology but simply because the human body which provides the biometric information in the first place is a living, breathing, evolving, ever-changing entity. Moreover I just happen to believe that we as humans, being so error prone, can never come up with a fool proof system, irrespective of what a whole bunch of govt agencies would like us to believe.

    Given all of that what scares me is not the fact that these technologies will be error-prone forever but that there will be no humans around to arbitrate any conflicts/problems in most situations (as is wont to happen when ppl start to take a system for granted). I really wouldnt want to be in a position becase a machine/system/software suddenly decides I am a terrorist because my thumb prints are obscured, because I play too many games using a fucked up pad, and taking 'pre-emptive' action.

    Just because the system will be FOSS and a few million eyes will be watching the arch/code does not mean it will be perfect. And at what point of time do we say - 'Oh crap! this is not going to work.'; when a person dies, two ppl die, two thousand non-first-world ppl die?? And assuming ppl do get tech savvy, and put up monitors (the human kind) we come back to the same old question of who monitors the monitors??

    A simple illustration of the problem is the use of ppl (too many, some would claim) in airports in Israel, India, Malaysia and a bunch of other countries which have problems with violent extremism (I hate the word terrorist - but thats a whole another story) and cant spend 10 mill USD per machine for 10 machines per airport. Their record regarding security breaches is a whole lot better then some of the most advanced western airports with some of the most advanced gizmos. It works simply because of redundancy, training, experience and human judgement, three of which a machine can probably never replicate fully.

    Give me ppl any damn time.
    --
    I'm not dumb. I just have a command of thoroughly useless information. -Bill Watterson

  10. Open's doors? by Anonymous Coward · · Score: 1, Funny

    Did those doors have biometric security systems?

  11. Hand-based biometrics and public health by gotgenes · · Score: 1, Interesting

    Give time for a really good endemic/pandemic of a really nasty, contact-dependant communicable bug, and hand-based biometrics are going to look like a bad idea real quickly.

    Think SARS panic plus these stupid hand/fingerprint scanners.

    At the University of Georgia, they already have such systems set up for access into the dining halls, dorms, and the rec facility. Thank God on the other side of those hand scanners there's usually a hand-sanitizer dispenser. If it weren't for that, I can only imagine how much more frequently I'd be ill.

    Retinal biometrics, okay, just don't blind me. But hand-based biometrics... I mean, watch what you do with your hands everyday... then think about the guy in front of you in line who's using that scanner. Hope you like mucosal exchanges...

    --
    It's such a fine line between stupid and clever.
    1. Re:Hand-based biometrics and public health by ratpack91 · · Score: 2, Informative
      Give time for a really good endemic/pandemic of a really nasty, contact-dependant communicable bug, and hand-based door handles, sink taps and money are going to look like bad ideas real quickly.

      Some experiments have found that public toilet wash basins are often full of more germs than the actual crapper.

    2. Re:Hand-based biometrics and public health by HermanAB · · Score: 1

      So, the wash basins do work, but are not cleaned often enough?

      --
      Oh well, what the hell...
    3. Re:Hand-based biometrics and public health by kebes · · Score: 3, Insightful

      Unless you avoid ever touching a doorknob or hand-rail, I don't see what difference this makes. Common surfaces are everywhere. We all touch them all the time. Sometimes we catch something from a common surface. Adding a palm scanner to the mix doesn't increase the risk of transmission.

  12. Biometrics are more trouble than they're worth. by LokieLizzy · · Score: 4, Interesting
    The risk of losing an eye or a limb to a hardened criminal determined to access my personal information far outweighs whatever security such a system might offer. If such a person attacked you in the middle of the night, which would you rather do? Give them your PIN and wallet full of cash and credit cards, or try to find a way out of the situation when they realize that the only way they're going to get your company secrets/bank account is if they lop off your index finger or scoop out your eye with a knife?

    If you'd choose door number two, then you're a far stranger man than I'll ever be.

    If you're working in a business where you absolutely need the best security for whatever you're doing, then you'd better be prepared to pay top-dollar for loyal bodyguards willing to use lethal force to keep you alive.

    --
    My digital rights don't need management.
  13. Obligatory Demolition Man reference by Maskirovka · · Score: 1, Funny

    I for one welcome our new Wesley-Snipes-with-my-eyeball-on-a-fork overlords!

  14. Re:Try: by Proud+like+a+god · · Score: 2, Insightful

    Ok, OS biometric software = better than closed source, with reasons being obvious to your possibly paranoid self.

    "humans, being so error prone, can never come up with a fool proof system"
    Well there are these things called proofs, and they're used to prove things, such as how possible it is to break an encryption algorithm, or bypass some logical sequence of security.

    Why are people going to suddenly start dying or automated systems start taking "'pre-emptive' action" because there's the choice of OSS for biometric identification?

    One minute you're saying "And assuming ppl do get tech savvy, and put up monitors (the human kind) we come back to the same old question of who monitors the monitors??" and then next it's "Give me ppl any damn time.".
    Whether biometrics can be used alone or with human assistance for important identification is different from whether OS alternatives to the software are good, and seperate again from living in a society that has surrendered control to a corrupt government.

  15. Re:Europe & Linux by YrWrstNtmr · · Score: 1
    I know that an Airbus is 30% cheaper than a similar Boeing...

    No, you don't know that. Both compaines are heavily subsidised by the respective governments in various ways. Which is subsidised more? The intricacies of corporate and governmental financing make that pretty much impossible to say. Since neither is in a total free market situation, we cannot know for sure which aircraft is cheaper to produce. And there are not two aircraft between the two companies that are similar enough to say 'This one is cheaper because of X'.

    Is there one from each that carries X pax for Y range on Z pounds of fuel for A maintenance hours? No. Are Airbus aircraft cheaper by 30% per pax mile overall? Dunno. But a direct aircraft by aircraft comparison doesn't work.

  16. Use of biometrics by the+grace+of+R'hllor · · Score: 2, Interesting

    Biometrics as a security measure has its drawbacks, mainly because some people will not worry too much over cutting off a victim's finger. But there are other areas where biometric identification can apply.

    I could imagine getting pain or sleeping medication in a secure container that checked your fingerprint, and distributed the appropriate dosage only to the correct individual, for example. This would prevent someone swallowing the all the pills in the bottle (ie., attempted suicide), or giving medication to someone who shouldn't have it (painkillers and sleeping pills can become addictive, and some people ask 'friends' for them). Return the container to get your new dose.

    To get really fancy, install a screamer circuit that alerts the local pharmacist or housedoctor when the container is breached; this would require a widely and cheaply available wireless network, though.

    While this may technically be 'security', it's unlikely people will cut off fingers to get through it.

    1. Re:Use of biometrics by rampant+poodle · · Score: 1

      Case 1. Break bottle. Consume contents.
      Case 2. Authorized person opens bottle and gives pills etc. to unauthorized person.

    2. Re:Use of biometrics by the+grace+of+R'hllor · · Score: 1

      Case 1: Hence the very strong reusable container, and the potential expansion with an alarm.
      Case 2: Every single day? That could get annoying. Bad-idea-charity requiring a commitment is less likely to succeed, I think.

  17. Anyone know of any free face recognition software? by NoMoreNicksLeft · · Score: 1

    I've been looking for a year now, nothing free that will compile on a modern system, and I'm too much of an ijit to write anything like that...

  18. It gets worse too ... by darrylo · · Score: 2, Informative

    ... and low-tech thieves can just take the easy way out: chop off the finger.

  19. mod parent up. by ummit · · Score: 1
    Linux Biometrics Site Opens Doors

    So, flickerfly/ Zonk, pun intended, right? :-)
    +1 funny.

  20. Password?! by G3ckoG33k · · Score: 1

    Ok, so that site uses a password?!

  21. Right.... by dr_labrat · · Score: 1

    So microwave ovens is something that happened to someone else...?

    Quarter of a finger... I reckon about 15 seconds, with about 10 for the meat to rest. Not something Jamie Oliver will ever teach you, but it might be a recipir for bypassing a few tests.

    You need to check for Pulse, temperature, pressure varience, revoaction (yes you need to know if someone has called the police to say they lost their finger, or eye),and also moisture i.e conductive charateristics, secondary factor controls such as a pin number, and behavioural anomalies (i.e. why are you drawing money out in nebraska when you live in bermondsey.).

    In other words, average it all out and use your brain, or whatever silicon passes for it....

    --
    The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
  22. Biometric Applications by djinn2020 · · Score: 1

    I'm liking the idea of having to use my fingerprint to use my Fedora Toaster 0.37 Maybe also include this for MMORPG login screens - "Place thumb on login pad. Authorizing... Welcome, be0wulf13!"

    --
    Mens et Manus
  23. two strikes.... by Anonymous Coward · · Score: 1, Insightful

    ..and you are out. These two and three strikes and you get life laws that a lot of states have now have upped the ultraviolence potential of muggers, house burglars, car jackers, etc. If they know if they get caught for their second or third offense and will receive life, they are now just as apt to conk you on the head after they milked the atm machine dry of your cash. Finger or no finger biometrics, that's the reality on the ground now. Look at how many quick store employees just get shot right off the bat for some junky's next few bucks for a fix now. You see, you don't know in advance that Mr. Badguy is just going to be content with the cash, you have even odds now that he will also want to dispose of the witness in some manner after he's done using you. You have yto be psychic to know if he's going to harm you later or not, which isn't a pleasant thing to be forced into. In other words, remaining passive about the whole crime is no longer a good option, you are almost forced to assume the crime will escalate, and not in your favor.

    Of course, there's option #5 a lot of us have now, it's called being armed and trained and ready to use it. Works a charm in a lot of situations. Not all, but quite a few. No sense in allowing yourself to be a professional victim in advance.

    1. Re:two strikes.... by feronti · · Score: 1

      ..and you are out. These two and three strikes and you get life laws that a lot of states have now have upped the ultraviolence potential of muggers, house burglars, car jackers, etc. ...

      Of course, there's option #5 a lot of us have now, it's called being armed and trained and ready to use it. Works a charm in a lot of situations.
      Ya know, if the problem is that the three strikes laws have upped the violence of the perpetrators, wouldn't it make more sense to repeal the three strikes laws, rather than turning our society into an armed camp? How does increasing the potential for lethal violence (by increasing the number of weapons on the street), whether in self defense or not, gain us anything in actual security and peace of mind? Now, not only do we have to worry about muggers and what not, but we might also end up caught in the crossfire of some other crime gone bad. Sure, having a weapon might increase your personal safety, but I would argue that it decreases the average personal safety, because of the increased risk of accidental shootings.

      Why don't we work on fixing the root causes of the violence rather than coming up with more ways for us to justify killing one another?

  24. In the Sci Fi RPG World by Orion+Blastar · · Score: 1

    We used to steal fingerprints and download retna scans from computers. Even at times, switching some rich person's fingerprints and retnas with our own on the computer network that stored them.

    It was easy then to walk into a bank, close out an account and withdraw millions from their account after the biometrics of the fingerprint and retna scan showed our team member was that rich person.

    Of course this was the Sci Fi RPG Traveller in about 1985 when we did all that. All it took was a computer skill and access to the network that stores retna and fingerprint scans.

    We also found another way to do it without a computer. Contact lenses with a hologram of the victim's retna on them, and high tech "fake skin" gloves for our hands with the victim's fingerprints molded on them.

    Keep in mind this is a Sci Fi Role Playing Game, but it shows how ID theives can possibly pull it off.

    We've done all sorts of things in RPGs, been good guys, bad guys, neutral guys, etc.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
    1. Re:In the Sci Fi RPG World by hostyle · · Score: 1

      No need to ponder how it could be done, its already been done

      --
      Caesar si viveret, ad remum dareris.
  25. Microsoft Finger Print Reader - Working by Anonymous Coward · · Score: 2, Interesting

    I would love to get my Microsoft Finger Print scanner working. There are the mice and keyboard combo. I have the standalone unit. It would be nice to have it working under linux. Setup GDM, KDM to use this device for sign in on a linux box.

  26. Improper use of biometrics by glacote02 · · Score: 1, Insightful

    Biometrics are good at identification (= capability of differentiating between a set of individuals) but weak at authentification (= capability of certifying that an individual really is who he pretends to be). They are a good ide wherever you would use a "login". They are a bad idea wherever you would use a "password".

  27. Obligatory Kung Pow by Zorilla · · Score: 1

    B'dong.

    --

    It would be cool if it didn't suck.
  28. Re:Try: by cHALiTO · · Score: 1

    Why is it 'bad'? It's just another authentication technique, another tool to improve security. I just don't understand why in every post about biometrics everyone starts bitching about how it's not perfect. Of course it isn't perfect!! there is NO perfect security system, and there'll never be.

    Biometrics is NOT about 'perfect' security, it's just a new tool which *can* tighten security where applied properly, and which makes authentication easier in many cases. That's all.

    I do work for a company that develops/supports biometric systems (especially fingerprints), but believe me, I don't get paid for saying this, and I won't get a bigger paycheck for lying about this.

    The thing is NO technology or security system is 100% perfect, and that's no reason not to research and develop applications in that field. Biometrics DO work (at least fingerprint stuff), and it's a really efficient way of authenticating identity. Making a fake finger which can actually fool a *serious* fingerprint scanner (ie: not those MS sells for a few bucks) is -way- harder to do than for example copying a credit card, or getting someone's password. Not to say that if someone's on guard by the scanner (for example a guard on a building's entrance or a cashier at the bank), it's almost impossible to get a fake finger through without being detected.

    In criminal applications, latent fingerprints are lifted from the crime scene using one or various techniques, many of which react to the biological components (sorry, I'm not quite sure how to say that in english) left by the (living) finger, which makes it especially difficult for a fake or dead finger to be used to plant evidence.
    Even in that case, the prints in an AFIS system are ALWAYS reviewer by an expert, which is the only person able to determine fingerprint match on a court (ie: legally). And having found a print on a crime scene, or having identified someone on a civil application by fingerprinting is in the end a way of accelerating work, because normally every identity has to be verified by various means for anything really serious.
    Fingerprints allow you to narrow your search to the most likely to be the person you're looking for, then make sure it actually is. The most common way of doing this in police work is finding, say, suspects matching the fingerprints you found on the scene, and then focusing the investigation on those people, to see if they're the man you're looking for. Odds are one of those will be the criminal, and in most cases it helps to find the person in question really quick. Only *then* the latent print might be used as evidence in the court. Otherwise, having your print on a crime scene just means that you where there at some point, not that you committed the crime.

    So biometrics ARE a pretty good way to identify people, but, again, that doesn't mean it's *perfect*. That simply doesn't exist. And I'd take fingerprint recognition to manage my bank account over a magnetic card and a numeric password any day.

    --
    "Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett