LISTSERV mailing list manager LISTSERV 15.5

Help for CCC Archives

CCC Archives

CCC Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave CCC
Reply | Post New Message
Search Archives


Subject: Re: Droid cell phones and UF Exchange Server
From: "Merdinger,Shawn C" <[log in to unmask]>
Reply-To:Merdinger,Shawn C
Date:Fri, 5 Nov 2010 11:43:00 -0400
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (22 lines) 


-----Original Message-----
From: Clinton Collins [mailto:[log in to unmask]]
>Doesn't have to be that way. What they might get is a one way encrypted hash 
>of some data points of your biometric information but that doesn't mean they 
>have your biometric information.

Well, call me a skeptic.  But if nation states can't be bothered incorporate sensible biometric security design with critical documents like passports, can we really expect some phone app developer to have clue?

http://www.guardian.co.uk/technology/2008/aug/06/news.terrorism

http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

http://www.theregister.co.uk/2007/03/06/daily_mail_passport_clone/

And even with selected data points derived from a biometric, the computing power today and the right algorithms could very well lead to intense computational analysis those data points, potentially deriving or extrapolation part of the original biometric data, or perhaps 'just enough' of it to leverage against another biometric authentication scheme -- think banking or voting, or even one that may not even exist today.

I'm no poo-pooing all of these ideas, I'm just trying to highlight the weak links, risks and above all maintain perspective of the threat landscape.

Cheers,
--scm

 

Back to: Top of Message | Previous Page | Main CCC Page

Permalink


LISTS.UFL.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager