I do believe that the auto-icon being wheeled into the major meetings of the university is a bit of a myth.
Not surprisingly, this peculiar relic has given rise to numerous legends and anecdotes. One of the most commonly recounted is that the Auto-Icon regularly attends meetings of the College Council, and that it is solemnly wheeled into the Council Room to take its place among the present-day members. Its presence, it is claimed, is always recorded in the minutes with the words Jeremy Bentham - present but not voting. Another version of the story asserts that the Auto-Icon does vote, but only on occasions when the votes of the other Council members are equally split. In these cases the Auto-Icon invariably votes for the motion.
This is taken from the website you link to. It also states that contrary to popular belief, Jeremy Bentham had nothing to do with the foundation of the university - only that he was admired by some of its founders. In that sense he's more of a spiritual founder...
Check out the paper he submitted at CHI.
Also the BBC has a story about this at
this address.
In short, the pen doesn't actually store the file, but uses a third server to mark and notify which file should be copied to where...
I really like the idea behind this because it targets a specific audience that will really benefit from it: i.e. people who have to use computers to work, but don't want to know how they work.
Sure it won't be as efficient as cut + paste (won't work on remote machines for e.g.), or as powerful + customisable as a perl script, but for day-to-day needs of people who don't have or want a clue this may be a step further to making computers invisible (kinda like the taps and sinks and washing machines we're so used to when we want water)
Is it just me or does the notion of a GUI on high performance computers sound at bit pointless. I thought the point of HPC was to crunch masses of numbers - not something joe average will want to do any time soon. So what's the point of a pretty (and resource hungry) windows interface?
Point 2 - Fear works wonders - so does reward. Rewarding people for following policy is at least as good as frightening them. The problem with the fear appeal is that it has a tendency to run out when bad things continually fail to happen.
Point 4 - Given Time Serious Hackers will get in - paranoia... If you're in that serious a field, you should have a comprehensive approach to security and not bet all your money on *all* your users' passwords being inviolate and strong *all* of the time. Active monitoring and recovery procedures should be in place, access to your password file should be strictly controlled and you should lock accounts after maybe 9 attempts (research suggests that 9 is far better than 3 for allowing people to remember forgotten passwords). Forcing users to change passwords every 30 days effectively forces them to write them down (as you know), but encouraging them to do so and locking the passwords up defeats the strength of passwords which is that only the system and the user has a copy - NO ONE ELSE.
Point 6 is interesting because the title is completely different from what you actually did. You didn't breed fear or paranioa, you drew attention to the problem in a different and engaging manner. Additionally a real attack seems to have changed many peoples' perceptions of exposure.
The best thing that can be done about security is to take a sensible approach. Password policies are hard to enforce, so maybe a more trusting attitude should be taken, making users responsible for their actions (as opposed to berating them for not following practice). Monitoring, audit, accountability for people who are careless with their passwords, rewards for people who aren't, fostering a culture in which people are proud to behave securely, and don't describe themselves as having psychotic symptoms such as paranoia. All these things can help.
Actually, there is a biometric that is changeable ad infinitum: dynamic signature recognition. The reason I really like this one (and I'm thinking for commercial environments mainly) is that people are used to signing for things... You can change your signature if you want, and they're a damn sight harder to forge...
So you know how easy it is to forge fingerprints.....now take a moment and consider that it might be easy to forge OTHER biometrics too.
You have to be judicious about your biometrics... We know that fingerprints are easy to pinch, but other biometrics are a lot harder... Dynamic signature recognition is an example of a very promising technology, both because it's damn hard to forge, and because people are used to signing for things, so acceptance should be pretty high...
-What the heck is that going to be compared with unless you put your finger on an electronic device that belongs to someone else?
(There's no inherent protection for the privacy of you fingerprint there because I still get a copy of your fingerprint, and can store it if I so choose.)
Actually I was thinking about a smartcard with an integrated reader... Pretty much how chip cards are currently working - you can't deduce the fingerprint from the stored information (in the same way that you can't deduce the pin from the chip) - but you do make a good point about lifting a fingerprint from the card itself (although you do need a fairly clean print) - I never did argue that fingerprints were a very secure solution - just a convenient one for low security needs... (I would never recommend any security solution without considering what needs to be secured and against what - fingerprints are not for banking...) They do seem to be useful for Disney theme parks who only want to stop tour operators "renting" their annual season tickets out to tourists... Sure the security is not inviolate, but it is good enough, when considering the potential losses... even if a few passes were hacked, it's really not much of a loss for disney...
But that was the whole point of my post:
It's a false security!
It's fundamentally flawed.
The idea with password policies is to make it hard to obtain or guess your secret password. If you start using biometrics, you're using something that is EASY to get.
I respectfully disagree, it's not fundamentally flawed, it's just not applicable to every situation... You have to consider what you're protecting. Would I trust my front door lock to a fingerprint scanner? Maybe... It would depend on the crime rates in my area, how many times I've been locked out of my house because I forgot the keys (which has never happened but hey!), and finally if my insurance would still cover contents if I changed to such a mechanism. The fact that it *can* be broken is secondary to the fact that the burglar needs to know what he's doing (i.e. technically minded), and really wants to break into *my* house (as opposed to the neighbour who doesn't have such a lock)... (many other factors do come into play for that example, such as how reliable is the scanner, how likely is it to break, what happens if I cut my finger, how easy is it to actually bypass the lock...) To answer my own question, I probably wouldn't trust a scanner, but not because the technology is flawed, or because it's bad security, mainly because the reliability of scanners is not ideal, and keeping them clean is a pain...
Biometrics work very nicely in niche applications (such as the theme park example), but I completely agree that they are not the famed silver bullet, and are just not appropriate for many situations.
p.s. As other posters have mentioned, authentication has three defining aspects:
-What you know
-What you have
-What you are
Biometrics are an example of the third type, so the secrecy is not part of the security. Basing an authentication system solely on one of these is only good for low security needs. A really strong authentication mechanism would use all three (maybe more than once). i.e. two keys, an iris scanner and a passcode, but this just isn't necessary in most cases!
Biometrics are not all doom and gloom you know... Sure a biometric on it's own is not really very good for authentication, and does suffer from the problem of being hard to replace, but the strength of biometrics is not that they're secret (which no one should assume), but that they're hard to forge.
The real strength of biometrics is that people like to use them: they don't have to remember hard passwords, or need to change them regularly, and hence the likelihood of the security being properly used is far higher than that of people adhering to password policies. So even if the theoretical security of biometrics is weaker than that of passwords (which is not a given) we may still see an increase in actual security...
In addition, biometrics start to shine when used in conjunction with other technologies that can be reissued. Biometric smart cards with an integrated fingerprint reader, for example, require you to have a copy of both the smartcard and the fingerprint (making the difficulty of breaking the system much harder than just a fingerprint)... It's like a while back when you were both identified and authenticated with a password - people figured that it's a lot better to dissociate identity from authentication, hence username + passwords appeared (much better for auditing purposes, and means that a compromise of your authenticator does not require a reissuing of your identity)
In addition, the smartcard holds the copy of the fingerprint, so there's no privacy issues here either. Unlike many other biometric systems...
Sure, biometrics have issues, but which technology out there doesn't? Dismissing them out of hand is a touch knee-jerk for my taste...
1. Don't confuse me and my arguments. You can think my arguments are not cogent, but don't start making any comments about myself thanks...
2. Mac and Linux are a very small minority, and therefore less attractive as targets.
3. Linux is not a commercial development (and hence has had the time to spend looking at security).
4. The Windows development model is to publish and patch - not design securely.
How can having a monoculture be the source of most security problems? The os is the problem, the monoculture only serves to make it worse.
If OpenBSD was the world leader instead of windows, would you blame the security increases on the desktop monoculture? I would say that the security increases would be the result of the os.
So coming back to my point, the monoculture is not the source of the security problems we currently experience, the fact that security has not been a commercial imperative in the development of the most popular operating system on the planet is.
So your point is that anarchy is more secure than strategy?
I completely disagree with your point that the desktop monoculture is to blame for the security weaknesses we currently experience. I blame the fact that security has not been a priority or a market force until now.
I was pointing out the difference between doing things in a standard way, and having things in a standard way. I agree that having security measures made standard, (i.e. everyone must use kerberos and only kerberos to authenticate to their ISP, for e.g.) would be foolish because:
1. Some people need more security than that.
2. Some people don't need that much.
But if we start thinking about what we need for security in a standard way (process), then we can start having constructive security. Some people will want to have authentication, some won't but as a result of thinking about their needs, and not as a result of some higher power telling them they must have it...
While I appreciate your comment, I don't share your negative view on standards. A standard could in this case refer to a standard means of achieving something, as opposed to a boxed/carbon copied result. So a standard for security could include a number of different technical (and social) mechanisms to be applied following the rules of the process.
Just because it's standard doesn't mean it has to be weak.
Much like crypto, if you subject the algorithm to public scrutiny you eventually end up with a really decent process for encrypting specific messages. The problems of previous algorithms feed into the creation of new ones. If someone found a problem with a standard, it's rather probable that this would then feed into the creation of a new and better one.
Ok... I've just reread my comment... A bit hasty, but there is a point to be made, and that is that you reduce the usefulness of all these security measures down to a single signature.
The strength of the identification for this card would not be in the biometric information and so on, but it is in the digital signature of that information. If I were to make an analogy, the biometric and personal information holds exactly the same role as a secret key in public-private key encryption - you are the only one who knows (or can reproduce) it. But, as with all certification structures, the problem is to identify that the person is who they are claiming to be. I can claim to be you, and the strength of the card is only as strong as the assurance that the certification authority knows who you are... Hence already knows a lot about you in some database...
I may be mistaken, but what use is it to store information on a card that is held by someone, and not have any of that information available somewhere else to check against?
For example, if you only check that the ssn is valid, all the other checks that are stored on the card can be forged. I can create a completely random pin and store it on the card (with an MD5 hash), so long as a input your SSN I can then input MY biometric identifications.
All these systems have the possibility of being abused... The question is how likely and what damage will occur if they are.
I don't think that any of these predictions are particularly insightful, but the 8th is a good illustration of the root of the problem with security.
Consumers and technologists will continue to be enamored with fads and flash rather than quality and safety. Wireless will continue to be deployed in sensitive locations despite the terrible vulnerabilities and risks. Furthermore, we'll see policymakers and technicians continue to place faith in technology to solve our problems instead of investing in sound management and trained personnel.
The point being that security is frequently misunderstood, isn't sexy and doesn't appeal to the mass market. Possibly the only way to change this is for security to become a major feature of the products (a bit like microsoft is saying it's doing now) so that people will come to expect the security... Somewhat similar to the safety features in cars...
Out of curiosity, why don't you test this out by refraining from using a computer for a period of time and seeing whether this affects how you feel? If you can't stop completely for even a day (which might mean you're completely addicted...different issue;) ), why not take regular breaks (15 mins every hour) and see whether that makes a difference?
Quoting from the article: '"In our study, we found a significant relationship between duration of daily VDT use and physical symptoms," even after adjusting for other factors that could influence the results, the authors write. '
I'd like to know how they account for these 'other factors'. I'm just wondering whether this could be attributed to the kind of working environment these people face... Stress is know to be a major cause of the symptoms they describe and I'm not sure how they factor that into their analysis... Nevertheless I agree that more research is necessary.
The CA acts as the trusted point of reference. If you trust the CA then you can know that no one has touched the data since the CA certified it.
Nothing however stops the CA from changing the data, except that there is nothing in it for them and a lot for them to lose... Should a CA become corrupt and this become known, their business is going to become a lot smaller. Think banks, lawyers etc... Nothing stops them from stealing money, becoming unfairly biased, etc. except the threat of bad press and subsequent loss of income.
I completely agree with TGK, people should not be forced to divulge information, however we are doing this all the time...
The audit trail that a typical person leaves is a mile wide and adding another ID card will not greatly affect this: you see the problem doesn't lie in the amount of data someone gathers about you, it's what they do with it...
Simple example, how long did it take the FBI to reconstruct the life/habits/friends/etc. of the hijakers after 9/11 ? Not very long... The problem with that was not that they didn't have t he info, it's that they didn't know what to do with it...
Hence another ID card capable of tracking your every move is pointless. More efforts in using and interpreting the intelligence currently gathered should be the next thing on the 'war against terrorism' agenda...
Slashdot Mirror
Been wanting to try it out too! I hope I'm not too late either :)
:)
crazivan AT hotmail DOT com
Thanks in advance
I do believe that the auto-icon being wheeled into the major meetings of the university is a bit of a myth.
Not surprisingly, this peculiar relic has given rise to numerous legends and anecdotes. One of the most commonly recounted is that the Auto-Icon regularly attends meetings of the College Council, and that it is solemnly wheeled into the Council Room to take its place among the present-day members. Its presence, it is claimed, is always recorded in the minutes with the words Jeremy Bentham - present but not voting. Another version of the story asserts that the Auto-Icon does vote, but only on occasions when the votes of the other Council members are equally split. In these cases the Auto-Icon invariably votes for the motion.
This is taken from the website you link to. It also states that contrary to popular belief, Jeremy Bentham had nothing to do with the foundation of the university - only that he was admired by some of its founders. In that sense he's more of a spiritual founder...
Check out the paper he submitted at CHI. Also the BBC has a story about this at this address.
In short, the pen doesn't actually store the file, but uses a third server to mark and notify which file should be copied to where...
I really like the idea behind this because it targets a specific audience that will really benefit from it: i.e. people who have to use computers to work, but don't want to know how they work.
Sure it won't be as efficient as cut + paste (won't work on remote machines for e.g.), or as powerful + customisable as a perl script, but for day-to-day needs of people who don't have or want a clue this may be a step further to making computers invisible (kinda like the taps and sinks and washing machines we're so used to when we want water)
Is it just me or does the notion of a GUI on high performance computers sound at bit pointless. I thought the point of HPC was to crunch masses of numbers - not something joe average will want to do any time soon. So what's the point of a pretty (and resource hungry) windows interface?
Point 4 - Given Time Serious Hackers will get in - paranoia... If you're in that serious a field, you should have a comprehensive approach to security and not bet all your money on *all* your users' passwords being inviolate and strong *all* of the time. Active monitoring and recovery procedures should be in place, access to your password file should be strictly controlled and you should lock accounts after maybe 9 attempts (research suggests that 9 is far better than 3 for allowing people to remember forgotten passwords). Forcing users to change passwords every 30 days effectively forces them to write them down (as you know), but encouraging them to do so and locking the passwords up defeats the strength of passwords which is that only the system and the user has a copy - NO ONE ELSE.
Point 6 is interesting because the title is completely different from what you actually did. You didn't breed fear or paranioa, you drew attention to the problem in a different and engaging manner. Additionally a real attack seems to have changed many peoples' perceptions of exposure.
The best thing that can be done about security is to take a sensible approach. Password policies are hard to enforce, so maybe a more trusting attitude should be taken, making users responsible for their actions (as opposed to berating them for not following practice). Monitoring, audit, accountability for people who are careless with their passwords, rewards for people who aren't, fostering a culture in which people are proud to behave securely, and don't describe themselves as having psychotic symptoms such as paranoia. All these things can help.
At a University?! The whole academic process would grid to a halt if they couldn't send each other emails containing papers/funding proposals.
Actually, there is a biometric that is changeable ad infinitum: dynamic signature recognition. The reason I really like this one (and I'm thinking for commercial environments mainly) is that people are used to signing for things... You can change your signature if you want, and they're a damn sight harder to forge...
You have to be judicious about your biometrics... We know that fingerprints are easy to pinch, but other biometrics are a lot harder... Dynamic signature recognition is an example of a very promising technology, both because it's damn hard to forge, and because people are used to signing for things, so acceptance should be pretty high...
-What the heck is that going to be compared with unless you put your finger on an electronic device that belongs to someone else? (There's no inherent protection for the privacy of you fingerprint there because I still get a copy of your fingerprint, and can store it if I so choose.)
Actually I was thinking about a smartcard with an integrated reader... Pretty much how chip cards are currently working - you can't deduce the fingerprint from the stored information (in the same way that you can't deduce the pin from the chip) - but you do make a good point about lifting a fingerprint from the card itself (although you do need a fairly clean print) - I never did argue that fingerprints were a very secure solution - just a convenient one for low security needs... (I would never recommend any security solution without considering what needs to be secured and against what - fingerprints are not for banking...) They do seem to be useful for Disney theme parks who only want to stop tour operators "renting" their annual season tickets out to tourists... Sure the security is not inviolate, but it is good enough, when considering the potential losses... even if a few passes were hacked, it's really not much of a loss for disney...
But that was the whole point of my post: It's a false security! It's fundamentally flawed. The idea with password policies is to make it hard to obtain or guess your secret password. If you start using biometrics, you're using something that is EASY to get.
I respectfully disagree, it's not fundamentally flawed, it's just not applicable to every situation... You have to consider what you're protecting. Would I trust my front door lock to a fingerprint scanner? Maybe... It would depend on the crime rates in my area, how many times I've been locked out of my house because I forgot the keys (which has never happened but hey!), and finally if my insurance would still cover contents if I changed to such a mechanism. The fact that it *can* be broken is secondary to the fact that the burglar needs to know what he's doing (i.e. technically minded), and really wants to break into *my* house (as opposed to the neighbour who doesn't have such a lock)... (many other factors do come into play for that example, such as how reliable is the scanner, how likely is it to break, what happens if I cut my finger, how easy is it to actually bypass the lock...) To answer my own question, I probably wouldn't trust a scanner, but not because the technology is flawed, or because it's bad security, mainly because the reliability of scanners is not ideal, and keeping them clean is a pain...
Biometrics work very nicely in niche applications (such as the theme park example), but I completely agree that they are not the famed silver bullet, and are just not appropriate for many situations.
p.s. As other posters have mentioned, authentication has three defining aspects:
-What you know
-What you have
-What you are
Biometrics are an example of the third type, so the secrecy is not part of the security. Basing an authentication system solely on one of these is only good for low security needs. A really strong authentication mechanism would use all three (maybe more than once). i.e. two keys, an iris scanner and a passcode, but this just isn't necessary in most cases!
Biometrics are not all doom and gloom you know... Sure a biometric on it's own is not really very good for authentication, and does suffer from the problem of being hard to replace, but the strength of biometrics is not that they're secret (which no one should assume), but that they're hard to forge.
(ok not fingerprints!!!)
The real strength of biometrics is that people like to use them: they don't have to remember hard passwords, or need to change them regularly, and hence the likelihood of the security being properly used is far higher than that of people adhering to password policies. So even if the theoretical security of biometrics is weaker than that of passwords (which is not a given) we may still see an increase in actual security...
In addition, biometrics start to shine when used in conjunction with other technologies that can be reissued. Biometric smart cards with an integrated fingerprint reader, for example, require you to have a copy of both the smartcard and the fingerprint (making the difficulty of breaking the system much harder than just a fingerprint)... It's like a while back when you were both identified and authenticated with a password - people figured that it's a lot better to dissociate identity from authentication, hence username + passwords appeared (much better for auditing purposes, and means that a compromise of your authenticator does not require a reissuing of your identity)
In addition, the smartcard holds the copy of the fingerprint, so there's no privacy issues here either. Unlike many other biometric systems...
Sure, biometrics have issues, but which technology out there doesn't? Dismissing them out of hand is a touch knee-jerk for my taste...
2. Mac and Linux are a very small minority, and therefore less attractive as targets.
3. Linux is not a commercial development (and hence has had the time to spend looking at security).
4. The Windows development model is to publish and patch - not design securely.
How can having a monoculture be the source of most security problems? The os is the problem, the monoculture only serves to make it worse.
If OpenBSD was the world leader instead of windows, would you blame the security increases on the desktop monoculture? I would say that the security increases would be the result of the os.
So coming back to my point, the monoculture is not the source of the security problems we currently experience, the fact that security has not been a commercial imperative in the development of the most popular operating system on the planet is.
I completely disagree with your point that the desktop monoculture is to blame for the security weaknesses we currently experience. I blame the fact that security has not been a priority or a market force until now.
I was pointing out the difference between doing things in a standard way, and having things in a standard way. I agree that having security measures made standard, (i.e. everyone must use kerberos and only kerberos to authenticate to their ISP, for e.g.) would be foolish because:
1. Some people need more security than that.
2. Some people don't need that much.
But if we start thinking about what we need for security in a standard way (process), then we can start having constructive security. Some people will want to have authentication, some won't but as a result of thinking about their needs, and not as a result of some higher power telling them they must have it...
A standard could in this case refer to a standard means of achieving something, as opposed to a boxed/carbon copied result. So a standard for security could include a number of different technical (and social) mechanisms to be applied following the rules of the process.
Just because it's standard doesn't mean it has to be weak.
Much like crypto, if you subject the algorithm to public scrutiny you eventually end up with a really decent process for encrypting specific messages. The problems of previous algorithms feed into the creation of new ones. If someone found a problem with a standard, it's rather probable that this would then feed into the creation of a new and better one.
The strength of the identification for this card would not be in the biometric information and so on, but it is in the digital signature of that information. If I were to make an analogy, the biometric and personal information holds exactly the same role as a secret key in public-private key encryption - you are the only one who knows (or can reproduce) it. But, as with all certification structures, the problem is to identify that the person is who they are claiming to be. I can claim to be you, and the strength of the card is only as strong as the assurance that the certification authority knows who you are... Hence already knows a lot about you in some database...
For example, if you only check that the ssn is valid, all the other checks that are stored on the card can be forged. I can create a completely random pin and store it on the card (with an MD5 hash), so long as a input your SSN I can then input MY biometric identifications.
All these systems have the possibility of being abused... The question is how likely and what damage will occur if they are.
Consumers and technologists will continue to be enamored with fads and flash rather than quality and safety. Wireless will continue to be deployed in sensitive locations despite the terrible vulnerabilities and risks. Furthermore, we'll see policymakers and technicians continue to place faith in technology to solve our problems instead of investing in sound management and trained personnel.
The point being that security is frequently misunderstood, isn't sexy and doesn't appeal to the mass market. Possibly the only way to change this is for security to become a major feature of the products (a bit like microsoft is saying it's doing now) so that people will come to expect the security... Somewhat similar to the safety features in cars...
If you can't stop completely for even a day (which might mean you're completely addicted...different issue
I'd like to know how they account for these 'other factors'. I'm just wondering whether this could be attributed to the kind of working environment these people face... Stress is know to be a major cause of the symptoms they describe and I'm not sure how they factor that into their analysis... Nevertheless I agree that more research is necessary.
Nothing however stops the CA from changing the data, except that there is nothing in it for them and a lot for them to lose... Should a CA become corrupt and this become known, their business is going to become a lot smaller. Think banks, lawyers etc... Nothing stops them from stealing money, becoming unfairly biased, etc. except the threat of bad press and subsequent loss of income.
I completely agree with TGK, people should not be forced to divulge information, however we are doing this all the time... The audit trail that a typical person leaves is a mile wide and adding another ID card will not greatly affect this: you see the problem doesn't lie in the amount of data someone gathers about you, it's what they do with it... Simple example, how long did it take the FBI to reconstruct the life/habits/friends/etc. of the hijakers after 9/11 ? Not very long... The problem with that was not that they didn't have t he info, it's that they didn't know what to do with it... Hence another ID card capable of tracking your every move is pointless. More efforts in using and interpreting the intelligence currently gathered should be the next thing on the 'war against terrorism' agenda...