Why would you need a PIN if you can receive a full double AES256 cert authenticated message on a device which then instructs it to generate a PIN locally (actually a one time password, OTP) from a codebook? That's why the fingerprints are there - people forget a PIN they haven't used in a month.
It means:
1 - you KNOW who asked for the PIN - it's not going to work with the wrong origin cert 2 - you KNOW only the right device/person can read the message and nobody else 3 - the reply will not make sense to anyone but those who have the code book details. So even if you sniff the data it won't mean anything to you.
Oh, and the way this thing works the security of the intermediate chain is irrelevant - that was the whole idea. I can get a secure message to the token (and on its graphical display) using the most virus infested and monitored PC available. Given the talents of most end users to keep their systems safe you can only start planning any e-service with the assumption that the end user PC is compromised. You could call it a trusted display. And it does not need a physical connection to the PC (removing another path by which a fingerprint could be made to escape if the token was somehow cracked).
I like the assumption that a company would bring out something that is based on fingerprinting (i.e. going somewhat against the current feelings about biometrics) without doing the most rigorous tests possible . OTOH, you're right, I don't think we've tried a chopped off finger yet but AFAIK (I'm not the expert on this) that is possible to emulate. I don't think we'll find volunteers..
Also remember that a mythbusters episode has a date - new developments appear all the time. This reader is the latest high grade (most devices use far cheaper swipe readers to keep costs down). Maybe worth getting mythbusters to break it..
How do you verify that export is impossible without knowing what attacks someone else might dream up?
1 - there isn't a shred of OS and code in there that isn't ours (and that gets independent checks) 2 - the code is loaded into an EAL/CC 4+ rated chip 3 - the factory cannot change the code without multiple hashes and checksums falling over. If we don't see the correct AES256 certs it ain't gonna work at all. 4 - any attempt to "encourage" the introduction of such a backdoor would require the corraboration of the whole team - I can't see that happen (partly because we have about 4 bytes left:-).
I agree with you that in *principle* nothing is impossible, in practice I'd be interested to see someone trying to dig a hole in it. I precisely joined that company because they took care to think about those things - I've had plenty of gadgets in my hand that promised but didn't deliver..
Disclaimer: I just joined the company that has dreamt up this stuff..
For the use of biometrics to be safe you need the following conditions:
1 - it must still be a combination of what you KNOW and what you have. The solution is to name the fingers, i.e. think of a word like "fox" and then give a character to each finger. Only you know which finger you have called "f", "o" and "x". 2 - biometrics are yours. They have no place in a central database where anyone can make a mess by replacing or erasing them, and what isn't stored cannot be abused. Thus: using biometrics to replace PIN code is fine by me, provided it stays local to the device. In other words, the prints are a device/token enabler, not the actual method of authentication and/or authorisation. Oh, and the relevant storage area should not be accessible other than by the token comparator engine - export MUST be made verifiably impossble. 3 - "detached" and fake fingerprints should be rejected. Solution: don't be a cheapskate when you build this stuff and use the best, RF based reader. Even if you make the fake prints conductive it's going to be VERY hard (we've tried).
Biometrics are good because you can't forget them. But they're yours, and yours only.
Depends on the country, but in general you have insight in your personnel file. These things have a date. In the UK, if the company would leave this for a few weeks they would immediately hang themselves on a constructive dismissal charge.
The other problem is one of proof. Unless they have exceptionally good forensics there is a question how it got onto the machine, leading to lawyer sponsoring game of ping pong about slander.
Third issue: if it is indeed *illegal* material it becomes a criminal matter, and not reporting immediately can be seen as assisting in crime (sorry, forgot the term for it). So the moment this would be used you'd get the question why it wasn't reported before and it would all get very ugly again.
That's a cute way to get very deep into trouble, because they have accused him of being a child porn lover.
To sum up:
- slander - entrapment - sexual harassment by exposure to xxx material
That's quite a meal - any lawyer would have a filed day with that - like shooting fish in a barrel.
The lesson: archive a box, then re-image it. If data needs to be recycled, someone must be in charge of checking this first (and I pity the sod who has to do that if the company doesn't have clear data management strategies).
I had a language teacher who too a viewpoint and then let half the class work out how to defend it and the other half how to take it down. But there was a twist. When it was time to start the debate he would sometimes swap people's assigned position, the argument for that was that you cannot argue any case unless you pay attention to the opposite view as well.
I found that one of the most valuable and enjoyable experiences at that school. You were taught to think.
You have no idea what lack of caffeine can do to the human body.
Or maybe I was taking the p*ss, which appears to be fit in well contextually but would counter the suggestion that caffeine depletion was at play. Or I could simply have a sense of humo(u)r not compatible with yours.
However, after this slight detour I'm still left wondering what effect water would have. Would the density preclude ingress of water or would it suck major league?
Given climatic changes I think we may want to think this one over.
I can see someone building a skyscraper, only for the whole thing to fall over because someone has an aiming problem in an urinoir midlevel. And God help you if you want to redo the wallpaper:-).
No! Don't us a steame.. aaaagh!
Joking aside, interesting development. Puts the final nail into the paperless office.
Not every country is as soft about enforcing Data Protection as the UK Information Commissioner has been made (and even that is changing). Any disclosure of the underlying data can lead to jail time in some countries, and even that is based on an assumption that the providers didn't anonymise the data before handing it out (which would be an obligation in most nations AFAIK except for the UK Government when it's planning on losing CDs).
If I have a source, say a spreadsheet, with a column with bunch of numbers in, there is no easy way to quickly do a run of labels with one column entry per label, and that's not just because you have to "register a datasource" before you can even use field references.
Letters for a mail merge, yeah, no problem. A sheet of labels (all different)? Nope.
I always like to check what is foisted on my machine. It's been trying for weeks to get me to install WGA before I'm allowed near Office upgrades so I eventually gave up on that box and switched to OOo.
Go on, I dare you. Take a sheet of labels, and print a number on them from 1..10.
Create a data source which has a column with numbers 1..10 (you will find OOo MS Office compliant to the point of being unable top handle anything but a line starting at cell A1 as column titles but I digress), and then get that on one label at the time so you end up with label 1 "1" right up to label 10 with "10".
If you manage with 2.4 or 3.0, well done. It starts with not being able to handle a data source until it's registered. Admittedly, that is a very powerful facility but it's a freight truck approach to transporting an egg, i.e. total overkill which nukes usability. You don't stand a chance unless you start again from scratch and register your spreadsheet as a data source, a joyful process in itself, and then you're still not out of the woods. Better buy lots of window envelopes. And don't send any end of year presents.. Oh, and for extra fun, try to go back a step when you realised you made an error.
In Word you must start up the mail merge wizard, also not terribly obvious but the process is at least manageable. It is plain stupid in OOo as far as I can see, which is a royal shame because the rest just works. On Linux I have yet to see it crash.
Given what they do to you if you spit on the ground or lose a chewing gum (which is, admittedly, a nasty thing on the pavement) I wonder what they do to you for fraud..
I just realised I could use some exotic resources:-).
Joking aside, I think you're not quite answering the question (or maybe I looked at more constraints than you in answering:-). The original question felt IT related, you're talking about the heavier industries which require pretty solid investment to do *any* R&D.
IT, OTOH, has become cheaper and cheaper, and despite the desperate attempts to keep us away from all that computing power (Vista is a good example), coders are finding way to use the power they have (also because they can't afford new kit). Doing more with what we have is also innovation, and all you need is a net link and a cheapo PC with a basic OS to start coding..
After all, that way Google gets any warrant served in case someone wants to have a look at a mailbox (with Google search I guess it's just a matter of running a Justice Department "I feel lucky" query on "terrorist" or a RIAA search on "l33t torrent". Actually, no, they're US, I guess one can dispense with the warrant hassle, by now it's best not to ask and have the coffee ready for your friendly Fed. Even if the subject doesn't live in the country..
It also saves a good amount of time on any industrial espionage. Imagine someone inventing a better mousetrap, better keep an eye on their comms.
Sorry, my foot slipped off the sarcasm break just now. It's back.
Especially in companies that handle confidential data there is a preference of getting you out of the door asap and paying you a month over giving you a month the opportunity to copy interesting bits for a bit of extra pocket money.
The underlying assumption is IMHO questionable: if you were really the type to get creative with company info you would have simply done that before you announced your resignation but I guess that's too advanced for HR:-).
What amazed me is that the article author was still allowed entry. Also, the guy could have been given an offline copy to work with..
MS has attached conditions to the license that require the hologram to be intact. I think that is in the light of this ruling clearly an attempt to bypass the first sale doctrine (your license isn't valid until you stuck this thing on the case), but it will take another court session to make that clear.
You must give it to them, when it comes to bypassing the law they DO show innovation..
Slashdot Mirror
Why would you need a PIN if you can receive a full double AES256 cert authenticated message on a device which then instructs it to generate a PIN locally (actually a one time password, OTP) from a codebook? That's why the fingerprints are there - people forget a PIN they haven't used in a month.
It means:
1 - you KNOW who asked for the PIN - it's not going to work with the wrong origin cert
2 - you KNOW only the right device/person can read the message and nobody else
3 - the reply will not make sense to anyone but those who have the code book details. So even if you sniff the data it won't mean anything to you.
Oh, and the way this thing works the security of the intermediate chain is irrelevant - that was the whole idea. I can get a secure message to the token (and on its graphical display) using the most virus infested and monitored PC available. Given the talents of most end users to keep their systems safe you can only start planning any e-service with the assumption that the end user PC is compromised. You could call it a trusted display. And it does not need a physical connection to the PC (removing another path by which a fingerprint could be made to escape if the token was somehow cracked).
I like the assumption that a company would bring out something that is based on fingerprinting (i.e. going somewhat against the current feelings about biometrics) without doing the most rigorous tests possible . OTOH, you're right, I don't think we've tried a chopped off finger yet but AFAIK (I'm not the expert on this) that is possible to emulate. I don't think we'll find volunteers..
Also remember that a mythbusters episode has a date - new developments appear all the time. This reader is the latest high grade (most devices use far cheaper swipe readers to keep costs down). Maybe worth getting mythbusters to break it ..
How do you verify that export is impossible without knowing what attacks someone else might dream up?
1 - there isn't a shred of OS and code in there that isn't ours (and that gets independent checks) :-).
2 - the code is loaded into an EAL/CC 4+ rated chip
3 - the factory cannot change the code without multiple hashes and checksums falling over. If we don't see the correct AES256 certs it ain't gonna work at all.
4 - any attempt to "encourage" the introduction of such a backdoor would require the corraboration of the whole team - I can't see that happen (partly because we have about 4 bytes left
I agree with you that in *principle* nothing is impossible, in practice I'd be interested to see someone trying to dig a hole in it. I precisely joined that company because they took care to think about those things - I've had plenty of gadgets in my hand that promised but didn't deliver..
Disclaimer: I just joined the company that has dreamt up this stuff..
For the use of biometrics to be safe you need the following conditions:
1 - it must still be a combination of what you KNOW and what you have. The solution is to name the fingers, i.e. think of a word like "fox" and then give a character to each finger. Only you know which finger you have called "f", "o" and "x".
2 - biometrics are yours. They have no place in a central database where anyone can make a mess by replacing or erasing them, and what isn't stored cannot be abused. Thus: using biometrics to replace PIN code is fine by me, provided it stays local to the device. In other words, the prints are a device/token enabler, not the actual method of authentication and/or authorisation. Oh, and the relevant storage area should not be accessible other than by the token comparator engine - export MUST be made verifiably impossble.
3 - "detached" and fake fingerprints should be rejected. Solution: don't be a cheapskate when you build this stuff and use the best, RF based reader. Even if you make the fake prints conductive it's going to be VERY hard (we've tried).
Biometrics are good because you can't forget them. But they're yours, and yours only.
That's why computer forensics are so much fun..
Depends on the country, but in general you have insight in your personnel file. These things have a date. In the UK, if the company would leave this for a few weeks they would immediately hang themselves on a constructive dismissal charge.
The other problem is one of proof. Unless they have exceptionally good forensics there is a question how it got onto the machine, leading to lawyer sponsoring game of ping pong about slander.
Third issue: if it is indeed *illegal* material it becomes a criminal matter, and not reporting immediately can be seen as assisting in crime (sorry, forgot the term for it). So the moment this would be used you'd get the question why it wasn't reported before and it would all get very ugly again.
That's a cute way to get very deep into trouble, because they have accused him of being a child porn lover.
To sum up:
- slander
- entrapment
- sexual harassment by exposure to xxx material
That's quite a meal - any lawyer would have a filed day with that - like shooting fish in a barrel.
The lesson: archive a box, then re-image it. If data needs to be recycled, someone must be in charge of checking this first (and I pity the sod who has to do that if the company doesn't have clear data management strategies).
This could be very costly for the company.
I had a language teacher who too a viewpoint and then let half the class work out how to defend it and the other half how to take it down. But there was a twist. When it was time to start the debate he would sometimes swap people's assigned position, the argument for that was that you cannot argue any case unless you pay attention to the opposite view as well.
I found that one of the most valuable and enjoyable experiences at that school. You were taught to think.
You have no idea what lack of caffeine can do to the human body.
Or maybe I was taking the p*ss, which appears to be fit in well contextually but would counter the suggestion that caffeine depletion was at play. Or I could simply have a sense of humo(u)r not compatible with yours.
However, after this slight detour I'm still left wondering what effect water would have. Would the density preclude ingress of water or would it suck major league?
Ah, the pressure (switched to beer)..
Given climatic changes I think we may want to think this one over.
:-).
.. aaaagh!
:-)
I can see someone building a skyscraper, only for the whole thing to fall over because someone has an aiming problem in an urinoir midlevel. And God help you if you want to redo the wallpaper
No! Don't us a steame
Joking aside, interesting development. Puts the final nail into the paperless office.
No! Aaargh! I'll stop making bad jokes now!
You're forgetting something.
Not every country is as soft about enforcing Data Protection as the UK Information Commissioner has been made (and even that is changing). Any disclosure of the underlying data can lead to jail time in some countries, and even that is based on an assumption that the providers didn't anonymise the data before handing it out (which would be an obligation in most nations AFAIK except for the UK Government when it's planning on losing CDs).
If I have a source, say a spreadsheet, with a column with bunch of numbers in, there is no easy way to quickly do a run of labels with one column entry per label, and that's not just because you have to "register a datasource" before you can even use field references.
Letters for a mail merge, yeah, no problem. A sheet of labels (all different)? Nope.
Just try it, you'll see what I mean.
.. provided you're an engineer - "enough" then proved to be "one". :-)
I always like to check what is foisted on my machine. It's been trying for weeks to get me to install WGA before I'm allowed near Office upgrades so I eventually gave up on that box and switched to OOo.
Except for label printing.
Go on, I dare you. Take a sheet of labels, and print a number on them from 1..10.
Create a data source which has a column with numbers 1..10 (you will find OOo MS Office compliant to the point of being unable top handle anything but a line starting at cell A1 as column titles but I digress), and then get that on one label at the time so you end up with label 1 "1" right up to label 10 with "10".
If you manage with 2.4 or 3.0, well done. It starts with not being able to handle a data source until it's registered. Admittedly, that is a very powerful facility but it's a freight truck approach to transporting an egg, i.e. total overkill which nukes usability. You don't stand a chance unless you start again from scratch and register your spreadsheet as a data source, a joyful process in itself, and then you're still not out of the woods. Better buy lots of window envelopes. And don't send any end of year presents.. Oh, and for extra fun, try to go back a step when you realised you made an error.
In Word you must start up the mail merge wizard, also not terribly obvious but the process is at least manageable. It is plain stupid in OOo as far as I can see, which is a royal shame because the rest just works. On Linux I have yet to see it crash.
Given what they do to you if you spit on the ground or lose a chewing gum (which is, admittedly, a nasty thing on the pavement) I wonder what they do to you for fraud..
I just realised I could use some exotic resources :-).
:-). The original question felt IT related, you're talking about the heavier industries which require pretty solid investment to do *any* R&D.
..
Joking aside, I think you're not quite answering the question (or maybe I looked at more constraints than you in answering
IT, OTOH, has become cheaper and cheaper, and despite the desperate attempts to keep us away from all that computing power (Vista is a good example), coders are finding way to use the power they have (also because they can't afford new kit). Doing more with what we have is also innovation, and all you need is a net link and a cheapo PC with a basic OS to start coding
..given past record "further" is exactly NOT where they ought to be heading :-).
I think that is an *extremely* good idea.
After all, that way Google gets any warrant served in case someone wants to have a look at a mailbox (with Google search I guess it's just a matter of running a Justice Department "I feel lucky" query on "terrorist" or a RIAA search on "l33t torrent". Actually, no, they're US, I guess one can dispense with the warrant hassle, by now it's best not to ask and have the coffee ready for your friendly Fed. Even if the subject doesn't live in the country..
It also saves a good amount of time on any industrial espionage. Imagine someone inventing a better mousetrap, better keep an eye on their comms.
Sorry, my foot slipped off the sarcasm break just now. It's back.
It appears the US has taken a page out of the UK 1984 manual. In the UK, ID cards would "not be compulsory", but nothing will work without.
I think those who propose this stuff should get the same treatment as meted out to the German Minister of Justice by the Chaos Computer Club.
There IS a use for biometrics, but it's not by storing it in a large data bank.
AFAIK the Swiss have now passed laws to regulate the use of probably the world's best known trademark.
Maybe they'll go after J&J now? Could be fun..
Especially in companies that handle confidential data there is a preference of getting you out of the door asap and paying you a month over giving you a month the opportunity to copy interesting bits for a bit of extra pocket money.
:-).
The underlying assumption is IMHO questionable: if you were really the type to get creative with company info you would have simply done that before you announced your resignation but I guess that's too advanced for HR
What amazed me is that the article author was still allowed entry. Also, the guy could have been given an offline copy to work with..
As it's optical I would assume it conflicts with carrier pigeons en route for a certain RFC? :-).
MS has attached conditions to the license that require the hologram to be intact. I think that is in the light of this ruling clearly an attempt to bypass the first sale doctrine (your license isn't valid until you stuck this thing on the case), but it will take another court session to make that clear.
You must give it to them, when it comes to bypassing the law they DO show innovation..
even cheaper right after a refresh
:-)
I've now tried refreshing several times, but in my browser Mac prices stay the same.
Should I switch to Safari?