Knuckles for Pluto!
Tuesday, December 30th 2008 @ 9:43 AM (not yet rated)
As you know, I enjoy listening to the Security Now podcast with Leo Laporte and Steve Gibson. They usually talk about some pretty technical concepts, but they do have some intereseting news stories that are worth commenting on. This is from Security Now episode #165 (click HERE for the episode transcript and search on the word "knuckle").
Apparently, Ben Isenhour of Lexington Kentucky was visiting Disney World with his family, and was surprised to come across a security mechanism for passes in the amusement park that employed a finger-print scanner...
This was supposed to control passing a multiday ticket to another individual. So instead I put the crease of my knuckle on the machine. It worked. I have no idea what type of security practices they use in their corporate IT department, and I don't want a future biometric identifier escaping to the highest bidder.
This could be the beginning of a new wave of bio-metric security mechanisms being used more for "light-duty" human access control.
The reason it will probably become more common is that the technology is more reliable and cheap than it used to be. But it's pretty interesting that a knuckle print could work in a finger-print scanner.
Steve and Leo discuss the risks of allowing your fingerprint to be taken by organizations that have not clearly communicated their security policies nor their safeguards for protecting your personal information (and figerprints are about as personal as you can get).
The next time you are asked to give a finger print for anything other than law enforcement, try using another body part if it's feasible, and see what happens!
I'll give a prize to the most creative submission with some evidence showing that it worked to successfully allow access.
| | If your organization is looking for innovative, cost-effective security awareness tools or training, please call or email me at the coordinates below; or CLICK HERE to learn more about Streetwise Security Awareness solutions.
Scott Wright
The Streetwise Security Coach
Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html
Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec
To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.
 |
Candidate for the Streetwise Security Gaff of the Year Award ?
Monday, December 15th 2008 @ 7:22 PM (not yet rated)
Well, it seems like you can always count on politicians for a good demonstration on how not to handle technology responsibly - and I guess we shouldn't be surprised to hear that McCain and Palin would offer something in their own particular... idiom.
If you haven't seen this clip from CNN about how Senator John McCain and Governor Sarah Palin had their Blackberries auctioned off for $20 without first wiping all the data off the devices, including email contacts, phone numbers and email messages.
This is really unbelievable, especially considering how easy it is to erase all the data from the device in one command. This could be the 2009 Streetwise Security Gaff of the Year. But I need to first consider if this one beats the British government devices auctioned off on eBay with very sensitive information on them, before I decide on the winner.
http://www.cnn.com/video/#/video/tech/2008/12/15/de.la.cruz.mccain.palin.blackberry.cnn< /p>
| | If your organization is looking for innovative, cost-effective security awareness tools or training, please call or email me at the coordinates below; or CLICK HERE to learn more about Streetwise Security Awareness solutions.
Scott Wright
The Streetwise Security Coach
Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html
Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec
To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.
|
