The most common infection vector is because people run executables from untrusted sources. And now Tillmann and Felix expect us to download a scanner and run it on our systems ?
Next time someone recommends GTA for driving schools....
You can easily crash a Mac by running poorly written OpenGL-Software, and that's most likely what that video editing software does. Contrary to Vista's OpenGL implementation, Apple's is extremely finicky (read: forces you to do it right) and will reliably crash the whole system, even from user space programs run as ordinary user.
Please show me where I can get all these "higher quality products" for 10% more! Or 100% more FWIW! Whenever I look for some decently made piece of equipment, I see a whole range of products in a large price range, all made in the same country (you know which one). Computers? Probably even come out of the same factory. Yes, this also applies to Apple Computer. Low to medium grade stereo equipment (up to 1000 Euros a piece)? Same thing. All plastic junk from China (made to european or US junk specs, of course). Photographic equipment? Look again.
Customers would be to blame if they had a choice. Running around for days before possibly (but not likely) finding something made in Malaysia would not count as choice in my books.
What's even funnier is that he provided links to all platform suppliers except for linux. Did his firewall prevent him from accessing or referencing linux sites ? (I don't think so but it's still funny)
While mobile phone companies may not care much for garage tinkerers, some of these "hobbyists" might actually turn into market opportunities. Imagine a company writing software normally targetted at PCs or embedded platforms. They could see an opportunity to port their stuff to mobile phones, but only if someone within that company has experience with this from tinkering at home or if entering into this field of programming is easy and painless, e.g. a linux based SDK which looks and feels like programming for linux/embedded. At least that's how a lot of things were done in my work environment.
Don't forget, tinkering in a garage doesn't have to mean a pure hobbyist, it may well be a bunch of PhD students with a funny idea and no money... think of HP and google.
Also, in Europe ATM systems tend to be government-subsidized. And to be blunt, I think we have enough government handouts for dubious security technologies already. Basically, biometrics in banking are largely a scam used to shift liability.
You seem to be quite obsessed with calling biometry a scam, yet you have nothing to back it up. Instead of insulting people producing and buying such products, I encourage you to go out and take a look at a reasonably modern biometric system and judge for your self, but please quit spouting hatred and FUD which you pull out of nowhere.
Ask me how cheap it is in rural Kansas.
It doesn't matter if this kind of system works in BFE. If it brings extra convenience to people in rural areas, it's worth the effort. If people in Kansas realize it's worth something, they will struggle to get connected, it's not that hard.
Remember, you're designing a system that has to work THERE.
No, it doesn't. People in Kansas and similar areas already miss out on a lot of decent opportunities for having no decent connection to the internet, I guess they'll have to put up with losing another one. Banks may give them lower withdrawal limits or similar inconveniences for using old, insecure technology. I don't see why the vast majority of us shall give up basic conveniences just because some folks think they don't need that newfangled thing called the intarweb.
How many thousands of dollars does the prison lose if visitation is delayed? Not many I'll wager.
You are incorrect. It's not for the visitation system, it's for trial lawyers, judges, investigators and other folks, who are in direct contact with the inmates. Those are highly paid and influential people, who would abolish the system in a heart beat if it didn't work.
Let's say the prison warden (or whatever you call the person in charge) walks up to system and it rejects him. Now the warden could simply have the gate guard buzz him in using the backup system of the guard's eyeballs, since the guard would recognize him. But in the bank scenario there is no backup. So the guard, EVEN THOUGH HE RECOGNIZED THE WARDEN, would have to turn him away.
You draw conclusions here which simply don't hold.
First, it happened to me before that I had my ATM card rejected by the current system and nobody could tell me why. Ten minutes later it worked again, no idea why. Anything that's based on technology, fails infrequently, and the world doesn't go under. If the biometric system refuses
my face (which very rarely happens, BTW), I can still walk up to a teller and have me verified in person. It's all up to the bank how it's implemented.
Also, the bank may decide that they allow you to withdraw a certain amount of money without biometry, and a much larger amount with biometric checks. In that case you substantially reduce the risk, while giving you a lot of extra flexibility and convenience in most cases.
The year was 2003.
An this is 2007. 4 years have passed, and facial recognition has improved to the point where it is better than the human brain (see the face recognition vendor test 2006). That was even posted here on slashdot, but you may have chosen to ignore the facts.
And you're acknowledging that the field is rife with fraud, but you're pushing it to secure our banks anyway.
I am not pushing 'it', I'm suggesting solutions which have proven to work in the mean time.
Why the hell should I, or any sane person, devote the security of our banking system to a technology with a successful track record of less than 5 years that has "lots of fraudsters"?
You don't have to. And fortunately you are not be in a position to devote or not devote anything in 'our banking system'. Actual banks are currently in the process of evaluating biometry and will take liberty to choose it if it works, whether you like it or not. By the time it hits the majority of custome
If he has a lot of problem using the biometric system at his local bank (the scenario we're discussing) he'll complain to the bank and then switch banks.
That is certainly true, if biometric verification is forced on their customers against their will. Some bank may be that stupid, but the free market will solve this. Any bank which wants to retain their customers will do it right. Think of this: you get the option to work as usual with your keypad, but biometrically verified people get to do a lot more on those ATM machines...
A keypad is cheaper under any scenario. A 1.5 GHz Celeron is dramatically faster than the capacity of all but the newest ATM machines. Though any way you slice it under this system you will have to replace the entire ATM network and all the data links links anyway, so new machines are really just a drop in the bucket. How is this cheap again?
Well, not so in Europe. Modern ATMs are run by P4 CPUs, which are plenty fast enough for this task. Nobody plans on retrofitting old ATM machines. I see no reason to modify the data links, any halfway modern data link will be able to transfer facial records around 5 kB in size.
You are right: ATM with biometry is more expensive than ATM without. The same holds true for car with ABS, AC and ESP or car without. The same holds true for computer with 80x25 text terminal vs. computer with 1600x1200 graphics terminal. People are willing to put more effort into a solution if it gives them positive return. It's up to the banks to make biometric verification something people want, not something people just consider an extra hassle.
You seem to forget the MASSIVE additional costs of maintaining an up-to-date photo database of every customer. This requires a quality video/still camera with internet capability (cheap), a high-speed internet connection (expensive), and an IT staffer (very expensive) at EVERY SINGLE BRANCH. That's the absolute minimum. Busy branches would presumably need multiple cameras and branches. And yes, it's needed at EVERY branch. Nobody is going to drive 50 or 100 miles just to get their ATM cards (I'm thinking about people in rural areas).
You draw a horror scenario that's based on wild imagination but not on facts in any way.
I simply can't figure out how you would consider a high speed internet connection expensive (even in Europe you get decent broadband for less than 20 Euros/month, but I suspect every decent bank branch already has something way beyond that).
Also the highly paid IT staffer is not necessary. We use face recognition in one of our prison facilities and enrolment is done by wards. Some of those wards have been trained by us (one hour of "that's how you do it"), most of the wards were trained by their colleges. The people enroled are lawyers, judges and priests, all people with no technical background and highly unwilling to cooperate mit modern computer equipment. Most of them are honestly surprized that there is a camera in our verification system (They believe the computer magically recognizes them). Yet the system works flawlessly and has been working flawlessly for several months now.
Key thing: Enrolled properly. In my experience, with the help of experts including the designer of the facial recognition system, it took about one hour to enroll each staffer. And false negatives were in the 60% range (i.e. a staffer would have to try to verify an average of 3 times to use the system) and the scanning was not exactly fast. It ALWAYS took between 1 and 5 minutes to verify (in large part due to the false negatives). Within a week the door was just propped open.
Either this was a few years ago (when facial recognition software was in a pretty bad state), or the people handling this are highly incompetent, or both. If done correctly, face recognition works very well. As mentioned before, those few companies which haven't figured it out yet, are bound to go away soon. There was a very unhealthy market
Sorry dude, but must of your information is either highly outdated or just plain wrong:
You have to consciously enter a PIN to give it away - unless you're fooled by a complete rebuild of an ATM, you're not likely to enter this particular number anywhere else
It has happened over and over again. People use their ATM cards to enter indoor bank terminals (that's pretty common in Europe at least). Crooks have set up key pads and card copying devices instead of the card swipers, successfully copying thousands of cards together with pin code information. Also ATM machines have been successfully and repeatedly modified to copy the ATM cards inserted. A little camera mounted close to the ATM key pad recorded the PIN entered by unsuspecting victims.
but you show your face to everyone in the street, making it trivial to get several photographs of it and even do a 3D reconstruction if desired
If you know how to make such a 3D copy from a few random camera images, a lot of people would pay you wads of cash for that. There was until recently a 3D scanner lab operating at Stanford University (http://graphics.stanford.edu/projects/mich/), which used complicated
equipment to achieve this task. Even there I'm not sure whether you can reproduce the detail required to pass biometric face verification.
Facial recognition, on the other hand, requires - unless there have been vast advances - very good lighting, a clear image of the face not obscured by sunglasses, intensive make-up or bruises, and no vast changes in hair style or beard growth
Every 1 hour foto shop clerk can tell you how to create consistent lighting for a mug shot. Believe me that biometric equipment makers either have figured this out by now or are going out of business shortly.
Believe me, the face being unobscured by sunglasses will be happily provided by its rightful owner if he wants access to a room protected by a biometric verification system or to his money through a biometric ATM machine.
Make up is virtually invisible if you work with infrared light - pretty much standard nowadays. If you have ever had any experience with biometric face verification you know that the mouth part of you face is not considered by face verification software because it changes too much - beards, body fat, movable jaws
Image recognition is cost intensive, energy intensive and computationally expensive; a keypad of the highest level, secure and proof against vandalism will cost what? A couple of hundred bucks at most?
I have no idea where you got that from. An infrared flash is vastly less energy intensive as the CRT display of must ATM machines in use today, same holds for LCD. The cost is as close to zero as you want it. As far as computational power is concerned: An Intel Celeron M running at 1.5 GHz does a high quality face comparison in well under a second. So your keypad may be cheaper in the short run. But you forgot about additional costs because people forget their PINs or leave notes with that info lying around where it can be seen by not so honest folks.
To get facial recognition you need light sources that don't interfere with the cameras
Every disposable camera maker has figured this out by now.
the cameras themselves
US$10 buys you decent OEM camera modules doing 640x480 at 30 fps
complex software behind them
Which you need to write once but this has been done already
you need large amounts of data on the facial features. Granted, it might be easy to compress them to a couple of hundred kb's if you're willing to sacrifice some accuracy
Have you every worked with any kind of biometric system before ????
Images of faces are condensed down to a few kB at the moment and yield fantastically low false acceptance and false rejection rates.
Even if you compress your mug shot with JPEG, 20 kB can do the job quite well
Sorry dude, but Mosanto's crops don't work like that. Instead they made their crops resistant to a certain herbicide. Farmers who use their crops can use that herbicide (called roundup, also owned by Mosanto) without hurting their own crops.
It has been proven scientifically that genes can spread across species (doesn't happen often but does), so who's going to be responsible if bad herbs become resistant and would have to be weeded out manually ? You think the world can't support its populace (which is definitely not true. Starving is not causes by drought or poor harvest, it's caused by war and corrupt politicians in the countries affected). But we definitely will have a problem if decades of herbicide research go to waste because one greedy irresponsible company releases random genes out into our environment.
If Mosanto and their brethen cared about world hunger they wouldn't sue farmers for using grain that happened to have been fertilized with their GM pollen. At the moment it appears that GM is not bad by itself but it is unprofitable unless you employ highly questionable business tactics.
There is a huge difference if you use a moderation system that is as complex and evolved like the slashdot one. If you read slashdot at +4 or +5 threshold you often get a highly informative and comprehensive list of well thought out posts.
Try reading some random blog or even the comments sections in local news papers instead and you see what I mean.
The claim that the SR-71 was orininally meant to be called RS-71 and then misread by LBJ comes from the book "Skunk Works: A Personal Memoir of My Years of Lockheed", written by a guy who should know what he writes (he was the head of the Lockheed Skunk Works after all...)
Ben Rich's memories may be inaccurate, but the GP story is not just a baseless myth.
Because that's not what face recognition software was made for. When people watched John Cleese, they knew they watched a celebrity and they also knew that not too many celebrities would dress up like this and do the silly walk. Only using all this extra information made people recognize John Cleese. Chances are that even in a small town you'd find quite a few people who, if dressed up and walking like that, would easily pass as "John Cleese". On the other side most actors/models would not be recognized by anyone reliably if they don't have their make up and if lighting differs from the studio where they usually have their pictures taken.
Face recognition software on the other side doesn't make those assumptions but instead focusses on identifying people from a large population of registered images, using no extra knowledge and making no assumptions. All the face recognition vendor test says is if you put up 1000000 random faces, people would misidentify more of these faces as John Cleese than modern algorithms would.
Second, as strange as it may seem, a lot of practicing law is a matter of avoiding the real issue at hand. Take the SCO case - very little time has been spent addressing the case itself. Almost all the time has been spent on discovery motions, procedural arguments, evidence rules, etc. As a geek, I like to see results fairly quickly in a repeatable and consistent manner. Obviously you have never worked for a larger software company....
If someone actually sends a fax with a companies letter head (I assume a regular fax number is used) that person can be easily tracked back and faces a trial for fraud. Unless you store some exceedingly valuable information most con artists probably wouldn't consider this worth the risk. Also assume that if that fraudulent act does cause a lot of damage, significant resources would be committed to tracking the perpetrator.
In case of email you'd have to be quite slick, since you'd have to send it from an untracable IP address, which is more difficult than it may sound. Again, depends on what's at stake if the account gets hacked.
Faking the return address of a postal letter may already be illegal. Writing a fraudulent one that can not be traced back to you may be quite difficult. Just think of DNA analysis, character set analysis (may reveal the printer you used) and all the other methods investigators won't tell you about.
To make a long story short: The only reason you get away with those social engineering tricks is because you don't cause any damage (you're hacking your own accounts). If you pulled the same scam in order to get access you're not entitled to, you'd probably be in jail by now.
To make a short story even shorter: Your investigations may not reveal what you are trying to reveal.
Alcohol is both legal and cheap (at least in most parts of Europe), yet addicted people commit all sorts of crimes to support their habit. Once you are addicted, chances are you won't be able to work anything decent, so you won't be able to afford your addiction.
Kids are frequently portayed as a cost factor with no ROI whatsoever. I can tell you otherwise. I have seen many old people in retirement homes and see a huge difference between those who have a family and those who don't.
Those with no kids often have nobody, who
- looks after their well being (nurses and doctors are often overworked and do not notice health problems until it is too late)
- visits them regularly. You can immediately spot people who haven't seen friends or relatives in a long time, they are often highly depressed and apathetic.
- can take care of them so they stay out of retirement homes as long as possible. You will find that most people in retirement homes are folks with no family. Most of them could survive easily in their own house if someone cared for them properly.
- really takes the time to understand their needs. Nobody knows your parents like you do. Nurses don't have the time to find out what you want if you can't talk after a heart attack...
- gives you love and comfort if you are sick and/or dying. You can't pay for that.
Remember, that you spend many years being old and fragile, dependent on help. And at that age you don't look like an actor anymore, so most other people won't care about you. You can't take for granted that you kids will care about you, but from what I've seen, if you were a good parent, they will.
Thirty years ago Bavaria (southern part of Germany) was a somewhat backwards, conservative, agricultural state of Germany, whereas the northers states were highly industrialized and rich. Then the Bavarians started high tech business and have passed the north by far in the mean time.
Now the smart and educated come to Bavaria to find a decent job...
From what you tell Indiana tries exactly the same... we'll see what comes out of that.
Well, if you look at current CPU development, they do invent ways of addressing the problem with memory band width: Cache management, fast memory busses, smarter code generation,...
That's exactly what I meant when I said: "There is a lot of inovation in this field"
But explain me one little fact:
When PCs got their first CD burners, everybody started burning music CDs and other stuff. It was assumed: Why would anyone buy a CD burner if you couldn't do that?
I have yet to find a computer which can copy DVDs out of the box. What's the point of buying a new computer right now?
That's the big problem with Intel's marketing: You are correct, they do produce faster and more powerful products every year (people who say all Intel does is cranking up the GHz have no clue about silicon processing IMHO) but the general public doesn't really get excited.
Back in those days it was exciting to see MHz climb up every year, we got excited about RISC technology (while most of us didn't know what the actual benefits of RISC are) introduced by Pentium and PowerPC. We were thrilled about DVD players and being able to see our digital photo collection just downloaded from our brand new digital camera. And we loved our music collection from the internet^H^H^H^H^H^H^H online music store:-)
You couldn't do any of this with P100s... remember, it was the geeks who had to have the fastest meanest computer on the block back then.
Flip to present: New technologies are still being invented, although most of it for the purpose of imposing copy right enforcement (HD-DVD, BlueRay, Sony root kit CDs) or to spy on our surfing habits (Spyware hardly existed 10 years ago, viruses were just gaining real momentum) or to hammer us with SPAM (Ten years ago I got none. nada. nichts).
Now tell me why one would actually spend money and buy into this! Try really hard to get excited about this technology!
THAT is what the GP possibly wanted to express. You (the potential customer) see increases in GHz but no real value for yourself.
I had a US robotics modem in the late 90s. It did indeed have that guard time feature but for reasons not known to me they set this time by default to 0, i.e. ineffective. I got thrown off the web numerous times before I ran across exploit code on packetstorm which abused exactly this misconfiguration to throw other people off the net. Only then I learned what guard time is and that indeed some pathetic modems (including mine) had this silly setting.
And for all who think otherwise: I used linux back then and no, this was not a cheesy winmodem!
People write bots and operate bot nets because there is money to be made from this kind of operation. Numerous stories have been posted here and elsewhere about botnets bringing down big companies' servers or being used to extort money. This means there is a lot of money to be earned (especially in countries with no decent judical system and/or high levels of corruption), so obviously it attracts talented folks.
What this whole story brings to us is not, that AV and security experts deal with botnets (they've been doing this for many years, this would not at all be news worthy in the year of 2006). It means that some higher level folks got pissed off by this situation and start pouring significant amounts of money into the anti-botnet effort.
Rest assured, that the people who are sent to hunt down botnets are not beginners who just know ROT13 and XOR, they know what they are doing and because they will be in high demand, they will get paid well, which brings more smart people into the field.
Don't forget, the italian mafia was able to operate for decades without significant interference from the FBI and the government. But when the mob got too obnoxious, RICO was passed and a number of these suckers went to prison for good.
Slashdot Mirror
The most common infection vector is because people run executables from untrusted sources. And now Tillmann and Felix expect us to download a scanner and run it on our systems ?
Next time someone recommends GTA for driving schools ....
Only those with 4 digit IDs :)
Fear works both ways. I had a 100+k offer from Intel several years ago. When I heard of their 5%-program, I didn't even consider going there.
You can easily crash a Mac by running poorly written OpenGL-Software, and that's most likely what that video editing software does. Contrary to Vista's OpenGL implementation, Apple's is extremely finicky (read: forces you to do it right) and will reliably crash the whole system, even from user space programs run as ordinary user.
Please show me where I can get all these "higher quality products" for 10% more! Or 100% more FWIW! Whenever I look for some decently made piece of equipment, I see a whole range of products in a large price range, all made in the same country (you know which one). Computers? Probably even come out of the same factory. Yes, this also applies to Apple Computer. Low to medium grade stereo equipment (up to 1000 Euros a piece)? Same thing. All plastic junk from China (made to european or US junk specs, of course). Photographic equipment? Look again.
Customers would be to blame if they had a choice. Running around for days before possibly (but not likely) finding something made in Malaysia would not count as choice in my books.
Maybe bacause Qt/KDE also runs on other platforms? :-)
What's even funnier is that he provided links to all platform suppliers except for linux. Did his firewall prevent him from accessing or referencing linux sites ? (I don't think so but it's still funny)
While mobile phone companies may not care much for garage tinkerers, some of these "hobbyists" might actually turn into market opportunities. Imagine a company writing software normally targetted at PCs or embedded platforms. They could see an opportunity to port their stuff to mobile phones, but only if someone within that company has experience with this from tinkering at home or if entering into this field of programming is easy and painless, e.g. a linux based SDK which looks and feels like programming for linux/embedded. At least that's how a lot of things were done in my work environment.
Don't forget, tinkering in a garage doesn't have to mean a pure hobbyist, it may well be a bunch of PhD students with a funny idea and no money ... think of HP and google.
Doing this may have the following results:
- You may be indicted for destruction of evidence, because when the lawyers put the RAM in their computers, they found no data.
- They are unable to fit the RAM sticks into their laptops, so they impound your computer in order to access the data.
- The lawyers boot with the RAM sticks on their computers and find illegal materials. Then they sue you because they found it on your RAM.
- The lawyers claim you gave them the wrong RAM because they couldn't find any data on them. You are ordered to send them all RAM you have.
Also, in Europe ATM systems tend to be government-subsidized. And to be blunt, I think we have enough government handouts for dubious security technologies already. Basically, biometrics in banking are largely a scam used to shift liability.
You seem to be quite obsessed with calling biometry a scam, yet you have nothing to back it up. Instead of insulting people producing and buying such products, I encourage you to go out and take a look at a reasonably modern biometric system and judge for your self, but please quit spouting hatred and FUD which you pull out of nowhere.
Ask me how cheap it is in rural Kansas.
It doesn't matter if this kind of system works in BFE. If it brings extra convenience to people in rural areas, it's worth the effort. If people in Kansas realize it's worth something, they will struggle to get connected, it's not that hard.
Remember, you're designing a system that has to work THERE.
No, it doesn't. People in Kansas and similar areas already miss out on a lot of decent opportunities for having no decent connection to the internet, I guess they'll have to put up with losing another one. Banks may give them lower withdrawal limits or similar inconveniences for using old, insecure technology. I don't see why the vast majority of us shall give up basic conveniences just because some folks think they don't need that newfangled thing called the intarweb.
How many thousands of dollars does the prison lose if visitation is delayed? Not many I'll wager.
You are incorrect. It's not for the visitation system, it's for trial lawyers, judges, investigators and other folks, who are in direct contact with the inmates. Those are highly paid and influential people, who would abolish the system in a heart beat if it didn't work.
Let's say the prison warden (or whatever you call the person in charge) walks up to system and it rejects him. Now the warden could simply have the gate guard buzz him in using the backup system of the guard's eyeballs, since the guard would recognize him. But in the bank scenario there is no backup. So the guard, EVEN THOUGH HE RECOGNIZED THE WARDEN, would have to turn him away.
You draw conclusions here which simply don't hold. First, it happened to me before that I had my ATM card rejected by the current system and nobody could tell me why. Ten minutes later it worked again, no idea why. Anything that's based on technology, fails infrequently, and the world doesn't go under. If the biometric system refuses my face (which very rarely happens, BTW), I can still walk up to a teller and have me verified in person. It's all up to the bank how it's implemented. Also, the bank may decide that they allow you to withdraw a certain amount of money without biometry, and a much larger amount with biometric checks. In that case you substantially reduce the risk, while giving you a lot of extra flexibility and convenience in most cases.
The year was 2003.
An this is 2007. 4 years have passed, and facial recognition has improved to the point where it is better than the human brain (see the face recognition vendor test 2006). That was even posted here on slashdot, but you may have chosen to ignore the facts.
And you're acknowledging that the field is rife with fraud, but you're pushing it to secure our banks anyway.
I am not pushing 'it', I'm suggesting solutions which have proven to work in the mean time.
Why the hell should I, or any sane person, devote the security of our banking system to a technology with a successful track record of less than 5 years that has "lots of fraudsters"?
You don't have to. And fortunately you are not be in a position to devote or not devote anything in 'our banking system'. Actual banks are currently in the process of evaluating biometry and will take liberty to choose it if it works, whether you like it or not. By the time it hits the majority of custome
If he has a lot of problem using the biometric system at his local bank (the scenario we're discussing) he'll complain to the bank and then switch banks.
That is certainly true, if biometric verification is forced on their customers against their will. Some bank may be that stupid, but the free market will solve this. Any bank which wants to retain their customers will do it right. Think of this: you get the option to work as usual with your keypad, but biometrically verified people get to do a lot more on those ATM machines ...
A keypad is cheaper under any scenario. A 1.5 GHz Celeron is dramatically faster than the capacity of all but the newest ATM machines. Though any way you slice it under this system you will have to replace the entire ATM network and all the data links links anyway, so new machines are really just a drop in the bucket. How is this cheap again?
Well, not so in Europe. Modern ATMs are run by P4 CPUs, which are plenty fast enough for this task. Nobody plans on retrofitting old ATM machines. I see no reason to modify the data links, any halfway modern data link will be able to transfer facial records around 5 kB in size. You are right: ATM with biometry is more expensive than ATM without. The same holds true for car with ABS, AC and ESP or car without. The same holds true for computer with 80x25 text terminal vs. computer with 1600x1200 graphics terminal. People are willing to put more effort into a solution if it gives them positive return. It's up to the banks to make biometric verification something people want, not something people just consider an extra hassle.
You seem to forget the MASSIVE additional costs of maintaining an up-to-date photo database of every customer. This requires a quality video/still camera with internet capability (cheap), a high-speed internet connection (expensive), and an IT staffer (very expensive) at EVERY SINGLE BRANCH. That's the absolute minimum. Busy branches would presumably need multiple cameras and branches. And yes, it's needed at EVERY branch. Nobody is going to drive 50 or 100 miles just to get their ATM cards (I'm thinking about people in rural areas).
You draw a horror scenario that's based on wild imagination but not on facts in any way. I simply can't figure out how you would consider a high speed internet connection expensive (even in Europe you get decent broadband for less than 20 Euros/month, but I suspect every decent bank branch already has something way beyond that). Also the highly paid IT staffer is not necessary. We use face recognition in one of our prison facilities and enrolment is done by wards. Some of those wards have been trained by us (one hour of "that's how you do it"), most of the wards were trained by their colleges. The people enroled are lawyers, judges and priests, all people with no technical background and highly unwilling to cooperate mit modern computer equipment. Most of them are honestly surprized that there is a camera in our verification system (They believe the computer magically recognizes them). Yet the system works flawlessly and has been working flawlessly for several months now.
Key thing: Enrolled properly. In my experience, with the help of experts including the designer of the facial recognition system, it took about one hour to enroll each staffer. And false negatives were in the 60% range (i.e. a staffer would have to try to verify an average of 3 times to use the system) and the scanning was not exactly fast. It ALWAYS took between 1 and 5 minutes to verify (in large part due to the false negatives). Within a week the door was just propped open.
Either this was a few years ago (when facial recognition software was in a pretty bad state), or the people handling this are highly incompetent, or both. If done correctly, face recognition works very well. As mentioned before, those few companies which haven't figured it out yet, are bound to go away soon. There was a very unhealthy market
You have to consciously enter a PIN to give it away - unless you're fooled by a complete rebuild of an ATM, you're not likely to enter this particular number anywhere else
It has happened over and over again. People use their ATM cards to enter indoor bank terminals (that's pretty common in Europe at least). Crooks have set up key pads and card copying devices instead of the card swipers, successfully copying thousands of cards together with pin code information. Also ATM machines have been successfully and repeatedly modified to copy the ATM cards inserted. A little camera mounted close to the ATM key pad recorded the PIN entered by unsuspecting victims.
but you show your face to everyone in the street, making it trivial to get several photographs of it and even do a 3D reconstruction if desired
If you know how to make such a 3D copy from a few random camera images, a lot of people would pay you wads of cash for that. There was until recently a 3D scanner lab operating at Stanford University (http://graphics.stanford.edu/projects/mich/), which used complicated equipment to achieve this task. Even there I'm not sure whether you can reproduce the detail required to pass biometric face verification.
Facial recognition, on the other hand, requires - unless there have been vast advances - very good lighting, a clear image of the face not obscured by sunglasses, intensive make-up or bruises, and no vast changes in hair style or beard growth
Every 1 hour foto shop clerk can tell you how to create consistent lighting for a mug shot. Believe me that biometric equipment makers either have figured this out by now or are going out of business shortly. Believe me, the face being unobscured by sunglasses will be happily provided by its rightful owner if he wants access to a room protected by a biometric verification system or to his money through a biometric ATM machine. Make up is virtually invisible if you work with infrared light - pretty much standard nowadays. If you have ever had any experience with biometric face verification you know that the mouth part of you face is not considered by face verification software because it changes too much - beards, body fat, movable jaws
Image recognition is cost intensive, energy intensive and computationally expensive; a keypad of the highest level, secure and proof against vandalism will cost what? A couple of hundred bucks at most?
I have no idea where you got that from. An infrared flash is vastly less energy intensive as the CRT display of must ATM machines in use today, same holds for LCD. The cost is as close to zero as you want it. As far as computational power is concerned: An Intel Celeron M running at 1.5 GHz does a high quality face comparison in well under a second. So your keypad may be cheaper in the short run. But you forgot about additional costs because people forget their PINs or leave notes with that info lying around where it can be seen by not so honest folks.
To get facial recognition you need light sources that don't interfere with the cameras
Every disposable camera maker has figured this out by now.
the cameras themselves
US$10 buys you decent OEM camera modules doing 640x480 at 30 fps
complex software behind them
Which you need to write once but this has been done already
you need large amounts of data on the facial features. Granted, it might be easy to compress them to a couple of hundred kb's if you're willing to sacrifice some accuracy
Have you every worked with any kind of biometric system before ???? Images of faces are condensed down to a few kB at the moment and yield fantastically low false acceptance and false rejection rates. Even if you compress your mug shot with JPEG, 20 kB can do the job quite well
Problem of false negatives and
Sorry dude, but Mosanto's crops don't work like that. Instead they made their crops resistant to a certain herbicide. Farmers who use their crops can use that herbicide (called roundup, also owned by Mosanto) without hurting their own crops.
It has been proven scientifically that genes can spread across species (doesn't happen often but does), so who's going to be responsible if bad herbs become resistant and would have to be weeded out manually ? You think the world can't support its populace (which is definitely not true. Starving is not causes by drought or poor harvest, it's caused by war and corrupt politicians in the countries affected). But we definitely will have a problem if decades of herbicide research go to waste because one greedy irresponsible company releases random genes out into our environment.
If Mosanto and their brethen cared about world hunger they wouldn't sue farmers for using grain that happened to have been fertilized with their GM pollen. At the moment it appears that GM is not bad by itself but it is unprofitable unless you employ highly questionable business tactics.
There is a huge difference if you use a moderation system that is as complex and evolved like the slashdot one. If you read slashdot at +4 or +5 threshold you often get a highly informative and comprehensive list of well thought out posts.
Try reading some random blog or even the comments sections in local news papers instead and you see what I mean.
The claim that the SR-71 was orininally meant to be called RS-71 and then misread by LBJ comes from the book "Skunk Works: A Personal Memoir of My Years of Lockheed", written by a guy who should know what he writes (he was the head of the Lockheed Skunk Works after all ...)
Ben Rich's memories may be inaccurate, but the GP story is not just a baseless myth.
Because that's not what face recognition software was made for. When people watched John Cleese, they knew they watched a celebrity and they also knew that not too many celebrities would dress up like this and do the silly walk. Only using all this extra information made people recognize John Cleese. Chances are that even in a small town you'd find quite a few people who, if dressed up and walking like that, would easily pass as "John Cleese". On the other side most actors/models would not be recognized by anyone reliably if they don't have their make up and if lighting differs from the studio where they usually have their pictures taken.
Face recognition software on the other side doesn't make those assumptions but instead focusses on identifying people from a large population of registered images, using no extra knowledge and making no assumptions. All the face recognition vendor test says is if you put up 1000000 random faces, people would misidentify more of these faces as John Cleese than modern algorithms would.
If someone actually sends a fax with a companies letter head (I assume a regular fax number is used) that person can be easily tracked back and faces a trial for fraud. Unless you store some exceedingly valuable information most con artists probably wouldn't consider this worth the risk. Also assume that if that fraudulent act does cause a lot of damage, significant resources would be committed to tracking the perpetrator.
In case of email you'd have to be quite slick, since you'd have to send it from an untracable IP address, which is more difficult than it may sound. Again, depends on what's at stake if the account gets hacked.
Faking the return address of a postal letter may already be illegal. Writing a fraudulent one that can not be traced back to you may be quite difficult. Just think of DNA analysis, character set analysis (may reveal the printer you used) and all the other methods investigators won't tell you about.
To make a long story short: The only reason you get away with those social engineering tricks is because you don't cause any damage (you're hacking your own accounts). If you pulled the same scam in order to get access you're not entitled to, you'd probably be in jail by now.
To make a short story even shorter: Your investigations may not reveal what you are trying to reveal.
Alcohol is both legal and cheap (at least in most parts of Europe), yet addicted people commit all sorts of crimes to support their habit. Once you are addicted, chances are you won't be able to work anything decent, so you won't be able to afford your addiction.
Kids are frequently portayed as a cost factor with no ROI whatsoever. I can tell you otherwise. I have seen many old people in retirement homes and see a huge difference between those who have a family and those who don't.
...
Those with no kids often have nobody, who
- looks after their well being (nurses and doctors are often overworked and do not notice health problems until it is too late)
- visits them regularly. You can immediately spot people who haven't seen friends or relatives in a long time, they are often highly depressed and apathetic.
- can take care of them so they stay out of retirement homes as long as possible. You will find that most people in retirement homes are folks with no family. Most of them could survive easily in their own house if someone cared for them properly.
- really takes the time to understand their needs. Nobody knows your parents like you do. Nurses don't have the time to find out what you want if you can't talk after a heart attack
- gives you love and comfort if you are sick and/or dying. You can't pay for that.
Remember, that you spend many years being old and fragile, dependent on help. And at that age you don't look like an actor anymore, so most other people won't care about you. You can't take for granted that you kids will care about you, but from what I've seen, if you were a good parent, they will.
Thirty years ago Bavaria (southern part of Germany) was a somewhat backwards, conservative, agricultural state of Germany, whereas the northers states were highly industrialized and rich. Then the Bavarians started high tech business and have passed the north by far in the mean time.
... we'll see what comes out of that.
Now the smart and educated come to Bavaria to find a decent job...
From what you tell Indiana tries exactly the same
Well, if you look at current CPU development, they do invent ways of addressing the problem with memory band width: Cache management, fast memory busses, smarter code generation, ...
That's exactly what I meant when I said: "There is a lot of inovation in this field"
But explain me one little fact: When PCs got their first CD burners, everybody started burning music CDs and other stuff. It was assumed: Why would anyone buy a CD burner if you couldn't do that? I have yet to find a computer which can copy DVDs out of the box. What's the point of buying a new computer right now?
That's the big problem with Intel's marketing: You are correct, they do produce faster and more powerful products every year (people who say all Intel does is cranking up the GHz have no clue about silicon processing IMHO) but the general public doesn't really get excited.
Back in those days it was exciting to see MHz climb up every year, we got excited about RISC technology (while most of us didn't know what the actual benefits of RISC are) introduced by Pentium and PowerPC. We were thrilled about DVD players and being able to see our digital photo collection just downloaded from our brand new digital camera. And we loved our music collection from the internet^H^H^H^H^H^H^H online music store :-)
You couldn't do any of this with P100s ... remember, it was the geeks who had to have the fastest meanest computer on the block back then.
Flip to present: New technologies are still being invented, although most of it for the purpose of imposing copy right enforcement (HD-DVD, BlueRay, Sony root kit CDs) or to spy on our surfing habits (Spyware hardly existed 10 years ago, viruses were just gaining real momentum) or to hammer us with SPAM (Ten years ago I got none. nada. nichts).
Now tell me why one would actually spend money and buy into this! Try really hard to get excited about this technology!
THAT is what the GP possibly wanted to express. You (the potential customer) see increases in GHz but no real value for yourself.
I had a US robotics modem in the late 90s. It did indeed have that guard time feature but for reasons not known to me they set this time by default to 0, i.e. ineffective. I got thrown off the web numerous times before I ran across exploit code on packetstorm which abused exactly this misconfiguration to throw other people off the net. Only then I learned what guard time is and that indeed some pathetic modems (including mine) had this silly setting.
And for all who think otherwise: I used linux back then and no, this was not a cheesy winmodem!
People write bots and operate bot nets because there is money to be made from this kind of operation. Numerous stories have been posted here and elsewhere about botnets bringing down big companies' servers or being used to extort money. This means there is a lot of money to be earned (especially in countries with no decent judical system and/or high levels of corruption), so obviously it attracts talented folks.
What this whole story brings to us is not, that AV and security experts deal with botnets (they've been doing this for many years, this would not at all be news worthy in the year of 2006). It means that some higher level folks got pissed off by this situation and start pouring significant amounts of money into the anti-botnet effort.
Rest assured, that the people who are sent to hunt down botnets are not beginners who just know ROT13 and XOR, they know what they are doing and because they will be in high demand, they will get paid well, which brings more smart people into the field.
Don't forget, the italian mafia was able to operate for decades without significant interference from the FBI and the government. But when the mob got too obnoxious, RICO was passed and a number of these suckers went to prison for good.