Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

300 comments

I Have 50 Karma Points, Need To Burn (0, Offtopic)

Lethyos (408045) | more than 12 years ago | (#3526358)

Six of the seven slashdot editors are sitting around the flat one day when Katz rushes in and says, "Guess what guys, I've won a trip to see the Pope!" Everyone gets all excited and chants, "We finally get to ask him, we finally get to ask him."

The next day, they are standing in front of the Pope, Katz out in front of the other six. All the other six start pushing Katz and
saying, "Go ahead, Katz, ask him, ask him!"

The Pope looks at Katz and asks, "Do you have a question to ask me, young man?"

Katz looks up shyly and says, "Well, yes."

The Pope tells him to go ahead and ask. Katz asks, "Well, do....do they have nuns in Alaska?"

The Pope replies, "Well, yes, I'm sure we have nuns in Alaska."

The others all keep nudging Katz and chanting, "Ask him the rest, Jon, ask him the rest!"

The Pope asks Katz if there's more to his question, and Jon continues, "Well, uh, do they have, uh, black nuns in Alaska?"

To which the Pope replies, "Well, my son, I think there must be a few black nuns in Alaska, yes."

Still not satisfied, the others keep saying, "Ask him the last part, Katz, ask him the last part!"

The Pope asks Katz, "Is there still more to your question?"

To which Katz replies, "Well, uh, yeah.....are there, uh, are there any midget black nuns in Alaska?"

The startled Pope replies, "Well, no, my son, I really don't think there are any midget black nuns in Alaska."

At this, John Katz turns all kinds of colors, and the others start laughing, and yelling, "Katz screwed a penguin, Katz screwed a penguin!"

Re:I Have 50 Karma Points, Need To Burn (-1, Offtopic)

kcornia (152859) | more than 12 years ago | (#3526369)

hehe, First post, and a good joke to boot.. lol

Re:I Have 50 Karma Points, Need To Burn (0, Offtopic)

Computer! (412422) | more than 12 years ago | (#3526389)

That's good for an easy -5. Nice job, I can respect a rebel like that. The more posts replying to yours, the more mod points wasted in order to supress it. AND at +1! Hooray!

Re:I Have 50 Karma Points, Need To Burn (1, Offtopic)

Computer! (412422) | more than 12 years ago | (#3526400)

Sorry, loser, the parent post is still at 1.

Re:I Have 50 Karma Points, Need To Burn (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3526411)

It's already been modded down into oblivion. It'll probably be back at 2 by the time I finish this though.

Hopefully... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3526424)

...because the editors bitchslapped the thread. Yet another demonstration of their abuse of power. Why not let the users take care of it? I love how everyone who replied got Offtopic.

Re:I Have 50 Karma Points, Need To Burn (1, Offtopic)

Computer! (412422) | more than 12 years ago | (#3526435)

Finish what?

True, there's another post from some woman that got modded down to -1 FOR NO APPARENT REASON. Weird.

Re:I Have 50 Karma Points, Need To Burn (0, Offtopic)

kcornia (152859) | more than 12 years ago | (#3526498)

Said woman was modded down because he/she is a troll.

In the related thread from a few weeks ago, her credentials listed Los Alamos National Laboratory as being in Los Alamos, Nevada.

Why my post mentioning this was modded down as offtopic I have no idea. Bringing someone's credentials, or lack of them, to a discussion where the person is purporting to be an authority of some sort, seems on topic to me.

But what the hell do I know...

Re:I Have 50 Karma Points, Need To Burn (0, Offtopic)

WinkyN (263806) | more than 12 years ago | (#3526393)

Too bad the joke is truly illogical since penguins don't live in Alaska.

Sorry, but I just had to point that out to everyone.

Whoohoo! We got bitch slapped! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3526403)

The editors seem to have bitch-slapped this thread. We got Offtopic moderations across the board here. Way to go editors... yet another obvious abuse of your power. Why not let the users moderate it instead? I bet it's Katz... he's got a tiny penis.

Re:I Have 50 Karma Points, Need To Burn (1)

anthony_dipierro (543308) | more than 12 years ago | (#3526477)

That was pretty funny. It's too bad we can't separate the good trolls from the bad trolls...

Some worthless pigfucker mod-bombed me... (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3526523)

Wow, way to go to some asshole. Someone, chances are an editor, went through and modded SEVERAL of my other posts down - even those that were moderated highly are down under 3. What an asshole. Thanks editors for making a system that prevents mod-bombing.

Stick my finger in it (4, Funny)

CitznFish (222446) | more than 12 years ago | (#3526359)

Can I buy the Gelatine at the Store and use it to falsely pay for my groceries? How convenient! :)

Re:Stick my finger in it (0)

Anonymous Coward | more than 12 years ago | (#3526575)

Well...

Techinically, the geletine comes in sheets, you need to cook it in boiling water for several minutes for it to form geletine. I'm sure you know that. Ofcours e some grocery stores have mini-kitchens/micorwaves (but dont expect to make geletine there), and who's finger would you use for the mockup?! Who ever it is would have to pay! ;)

Re:Stick my finger in it (1)

CitznFish (222446) | more than 12 years ago | (#3526596)

No one ever said Criminals were smart.... ;)

Uh-oh (-1, Troll)

mudshark (19714) | more than 12 years ago | (#3526364)

Anyone else see the office-copier butt-scans coming?

And I predicted it, two weeks ago (-1, Flamebait)

DrBiscuit (575519) | more than 12 years ago | (#3526374)

When this story was posted the first time, I said [slashdot.org] it was a "low tech implementation". But, because I am a woman, my views were ignored and my post modded down.

Re:And I predicted it, two weeks ago (-1)

Anonymous Cowrad (571322) | more than 12 years ago | (#3526394)

Would you like to come over to my place? After the sodomy and oral sex you can wash my dishes.

Sound like a date?

Re:And I predicted it, two weeks ago (-1, Offtopic)

kcornia (152859) | more than 12 years ago | (#3526428)

"When this story was posted the first time, I said [slashdot.org] it was a "low tech implementation". But, because I am a woman, my views were ignored and my post modded down.

Angela Taylor, PhD
Los Alamos National Laboratory
Feminist, scientist, scholar, woman "

That's the post where your credentials said Los Alamos, Nevada right?

Riiiiight...

Biometrics (2, Redundant)

Computer! (412422) | more than 12 years ago | (#3526377)

Could someone please explain the problem with biometrics for ID? I mean, I get the creeps when I think about companies storing biometric data, but I'm not sure why. Why should I be scared? This is a legitimate question. Please outline a scenario for misuse, or the downsides to using biometrics for identification.

Thanks.

Re:Biometrics (0)

Anonymous Coward | more than 12 years ago | (#3526398)

One problem is that the "passwd" function for biometrics is rather painful. You can either burn your fingerprints/retina, or carve them with a knife.

Re:Biometrics (5, Interesting)

gclef (96311) | more than 12 years ago | (#3526476)

If a credit card database is compromised, you lose integrity of the card. This means someone else can use the card to impersonate you. But it's a number. You don't really care, since you can get another number and revoke the compromised one.

On the other hand, if a biometric database is compromised, you lose the integrity of a part of your body. This means someone can now use tricks like the gelatin one outlined here to impersonate you. But you can't get another body. You can't revoke the compromised data.

In general, biometrics are more accurate for authentication, but their failure modes are much more severe.

Re:Biometrics (4, Funny)

sydb (176695) | more than 12 years ago | (#3526492)

On the other hand, if a biometric database is compromised, you lose the integrity of a part of your body. This means someone can now use tricks like the gelatin one outlined here to impersonate you. But you can't get another body. You can't revoke the compromised data.

Well, I've got ten fingers and ten toes. That makes me good for twenty lost body parts, if I can get my foot up onto the checkout without straining my groin.

*Should* hash the finger print data (2)

MountainLogic (92466) | more than 12 years ago | (#3526534)

The way a biometric database *Should* work is to take some data points from the image and then create a hashfrom the data points. This should be done for the same reason you should NOT store passwords, but rather their hash. The other reason for hashing the data is that is going to be much smaller and quicker to search. OTOH drives are cheap and...

Re:*Should* hash the finger print data (2)

gclef (96311) | more than 12 years ago | (#3526577)

Unfortunately, this weakens the "uniqueness" of the biometric. Whether it weakens it enough to make it pointless obviously depends on how you take the hash.

Also, if you're only taking the hash, that makes the system easier to spoof, since an attacker doesn't care about the whole print, just its values at certain points.

Re:Biometrics (2)

JordoCrouse (178999) | more than 12 years ago | (#3526538)

But credit cards can be used remotely (telephone, web, etc..) And with a bit more equipment, expertise and time one could duplicate thousands and thousands of credit cards.

But since biometics would happen locally, could the average criminal get the biometric database, duplicate a fingerprint from the encoded fingerprint data and use it? How about cloning up some DNA? Beyond a physical attack, these things don't come easily, and definately not in the volume of compromised users that would make something like this profitable.

Biometrics are nice not because it will be impossible to duplicate, but rather because it will be difficult and expensive to duplicate.

Re:Biometrics (2)

gclef (96311) | more than 12 years ago | (#3526599)

I think we misunderstand each other. I acknowledge that they're difficult to duplicate. That's not what I'm worried about. What I'm worried about is how you can deal with duplication.

Duplication/compromise of the system *will* happen, if the reward is high enough. The question becomes, what do you do then? For traditional card systems, you revoke the card. You can't do that with biometrics, which is a concern for any system of this sort.

Re:Biometrics (5, Insightful)

kabir (35200) | more than 12 years ago | (#3526480)

How about this?

You shop at a supermarket where your checkout is governed by your fingerprint. This works pretty well, for you... they store some personal info (CC#, name, address, etc.) and you just touch a pad to check out.

Now imagine that someone manages to replicate your fingerprint (which sounds like it will take about $10 and an afternoon). What do you do? If it were a credit card which had been stolen you could have it destroyed and reissued... but that doesn't work with your finger! Once someone spoofs your finger, it's over. You can never use your finger for ID again, because it's not certain that you're the only one.

That's bad.

Or how about this: Biometrics are easy. Really easy. I mean, you don't have to carry anything, you don't have to remember anything, it's great!
Which is why all kinds of places like video stores, restaurants, etc. would love it... they could make things more convenient for their customers and get faster customer service times, etc. The big drawback is that every transaction is indellibly associated with _you_. Right now, you can pay cash, give fake names, etc. and leave no trail as to what porn you rent, or how much cabbage you buy (you cabbage loving sicko!), but with super-convenient biometrics they know _exactly_ who you are every time.

That's probably bad too.

What's worse? Well, consider that you're pretty attached to your body in general. Though it's possible for you to get fake ID, a fake birth certificate, etc. there's very little in the way of a fake body you can get (plastic surgery aside, modifying the bits used for biomentrics isn't generally feasble - think retinal scans). So now, if for some reason you need a new identity, you pretty much can't have one. There's just no slipping through the cracks.

Why is that bad? Well, it's really only bad if you are doing something illegal, right? Sadly, "something illegal" often can be translated as "something politically unpopular". The idea that we should have the ability to change our government, by revolution if need be, is so deeply ingrained into the Western conciousness (and maybe the Eastern as well, though I don't know...)that it's not at all surprising you get creeped out by biometrics.

Re:Biometrics (5, Insightful)

7-Vodka (195504) | more than 12 years ago | (#3526625)

What's worse? Well, consider that you're pretty attached to your body in general. Though it's possible for you to get fake ID, a fake birth certificate, etc. there's very little in the way of a fake body you can get (plastic surgery aside, modifying the bits used for biomentrics isn't generally feasble - think retinal scans). So now, if for some reason you need a new identity, you pretty much can't have one. There's just no slipping through the cracks.

Why is that bad? Well, it's really only bad if you are doing something illegal, right?

Wrong! What if you're in a witness protection program?
OR if you simply have a stalker and need to change your identity? Or if you have a shite name and you wanna change it. Or if things about you change, like you had leprosy but are now cured. Somone with outdated info will read you still have leprosy.
Your data is probably readily available from many sources, some of which will be insecure. You're screwed.

Re:Biometrics (1, Informative)

Anonymous Coward | more than 12 years ago | (#3526482)

http://www.infowars.com/biometrics_pr.html

Re:Biometrics (1, Insightful)

Anonymous Coward | more than 12 years ago | (#3526609)

Okay, lets suppose you are a Falun-Gong practitioner in China and every single service that you buy(medical/food/gas/etc.) requires you to thumb-scan. Suddenly the Chinese government gets a hold of a Falun-Gong manual confiscated from an arrest, now they can simply deny all services or find the persons whose fingerprints are on the manual.

Having fingerprints of all citizens gives the government a significant amount of power, and if the government were to became corrupt/oppressive everyone that opposes it would end up in shit-creek with no paddle.

If you look at Nazi Germany, everyone was required to show papers to receive services and simply move arround. This was never done to protect the people, but to protect the government from those who were against it.

Good (0, Flamebait)

Penguinoflight (517245) | more than 12 years ago | (#3526386)

Fingerprints are too private. Any method used by the police is to private for a grocery store to have. As it is, only criminals have fingerprints on file, after a few years, they'll be trying to get EVERYONE on file.

Re:Good (1)

CitznFish (222446) | more than 12 years ago | (#3526409)

Sorry, but if you are over 16 and have been issued a drivers license (at least in California) within the past few years the DMV will have your fingerprint on file.. Is it criminal to drive? no, just a privledge that is actually a nesessity

Re:Good (1)

bigredorb (154214) | more than 12 years ago | (#3526443)

Only criminals, everyone in the military, many public school teachers and anyone who's had any-number of modern day background checks requiring a fingerprint.

News Flash: they are already trying to get everyone on file .. they practically have us already.

Re:Good (0)

Anonymous Coward | more than 12 years ago | (#3526481)

Apparently "criminals" includes anyone who ges a drivers license in some states (I believe California is one). It also clearly incudes anyone who was arrested, but later found not guilty.

Re:Good (1)

CitznFish (222446) | more than 12 years ago | (#3526578)

what about gun owners? They are definitely NOT CRIMINALS and yet they have their prints on file. As for the Gov. trying to get records on everyone, they succeeded many many years ago.. it's called a Social Security Card....

"I am not a number, I am a free man!"
'Muhahahahahahah' -the gov..

Eat it? (0)

blindbat (189141) | more than 12 years ago | (#3526390)

Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.

Would you eat gelatin that has been on a surface touched by who knows how many hands? If the guards didn't catch you some disease would.

Re:Eat it? (1)

mrnad (575583) | more than 12 years ago | (#3526529)

You touch hand rails, keypads and all sorts of surfaces that are touched by who knows how many hands every day.

And then you eat, chips, crisps fries whatever. your still using the same fingers you used to open the door/hold onto the handrail with.

Re:Eat it? (0)

Cenam (567580) | more than 12 years ago | (#3526540)

thats nothing like scraping a gummybear along a handrail or keypad, your hands produce oils that clean them to some degree.

Thank god there's a flaw... (4, Insightful)

KFury (19522) | more than 12 years ago | (#3526397)

I'd rather that someone be able to go through a fair amount of trouble and fool the device, because if they didn't, then they might have to resort to cutting off my finger. Give them an easier way, and one that leaves me digitally intact!

Any way you look at it, it's still more secure than credit card numbers. Then again, you can always cancel your credit card number. What would you do here, cancel that finger, and start using another? You can only do that for so long...

Just think.... (3, Funny)

oasisbob (460665) | more than 12 years ago | (#3526401)

Bill Cosby... As a security consultant? Yikes.

Still a cool system (4, Insightful)

kaustik (574490) | more than 12 years ago | (#3526406)

Mod me if I'm wrong, but this still sounds like a fairly secure system. Right now, any old bum can steal a credit card and run down to Safeway. With this, people have to put in a little effort to card that bottle of JD. There will always be holes.

Re:Still a cool system (0)

Anonymous Coward | more than 12 years ago | (#3526441)

as someone else pointed out... If somebody steals your credit card, you just get another.... Most people have a maximum of 10 fingers...

In CA you need an ID to use your credit card (0, Flamebait)

aaandre (526056) | more than 12 years ago | (#3526638)

In most cases cashiers request an ID whenever you are using your CC. Very few exceptions (gas stations, very small purchases at small stores etc.)

Nice and clean (5, Funny)

austad (22163) | more than 12 years ago | (#3526407)

Wow, this is a much better solution than I've been using, and much less bloody.

Insert Here... (1)

cymraeg (578870) | more than 12 years ago | (#3526410)

Shoppers who enroll free of charge to use the finger image machine -- officially known as a biometric electronic financial transaction processing system...

The guy who thought this lovely system up and is trying to pass it off as secure must have had his finger in his colorectal biometric electronic scatological transaction processing system...

Score: -1, Filthy

OLD news (2, Interesting)

Anonymous Coward | more than 12 years ago | (#3526415)

People were lifting latent fingerprints and using litography to create fake fingerprint readers a decade ago (although Im pretty sure they used some sort of plastic latex or silicone or something, makes a lot more sense than gelatin). On national TV no less, the nation being the Netherlands. Our major Airport was using a fingerprint system for VIPs to bypass the passport checks in those days, so it made a nice splash.

That airport also funded development of an iris scanner they are using at the moment BTW, which is now being licensed to IBM and some others ... fingerprints were tried and rejected a long time ago, why are we still seeing shit like this now?

Nothing new... (2, Funny)

T3kno (51315) | more than 12 years ago | (#3526417)

Macgyver did this with a glass and some candle wax :)

Bring something, know something (5, Insightful)

rw2 (17419) | more than 12 years ago | (#3526420)

Bruce quotes research showing that you *can* fake fingerprints. Something that the vendors claim is impossible.

However, the kroeger system falls back to the old "bring something, know something" mode which makes it much more secure.

Sure someone can duplicate my fingerprint (how easy that would be to both do and hide when checking out is another point, but let's assume that it's reasonable to lift a latent print, make a mold and check through without the clerk noticing), but they still must know my pin.

This is no worse than the current system of debit cards with mag stripes on the back that are trivial to duplicate with not much more equipment.

It is, however, much more convenient.

Assuming I can change my pin to be something other than my telephone number, I'd use this system.

Re:Bring something, know something (2)

geekoid (135745) | more than 12 years ago | (#3526479)

"how easy that would be to both do and hide when checking out is another point"
considering your finger print will be in a db, and anyone in the IT dept. can get, it would be pretty easy.
as far as fooling clerks, thats probably easier then you think, considering most "counterfitting" is done guy clipping the corners of hight decomination bills and pasting them to a lower denomination bill. That kind of shows you how muchs clerks think about what there doing vs. doing it by rout.

mag strip duplicaton is more expensive and requires more know how then faking a finger print scanner.

your point about a pin number is good, but howlong will that last? CC companies have already determined its cheaper to pay off bad purchaser then to force there customers to enter a pin.

Re:Bring something, know something (1)

thebigmacd (545973) | more than 12 years ago | (#3526574)

In Canada, our bills are different colours. Of course, the clerk may be colourblind. But hey, this is Canada, eh?

Re:Bring something, know something (0)

Anonymous Coward | more than 12 years ago | (#3526591)

uhm.. If I clip the corners off a fifty and paste them onto a 1 dollar bill. I effectively have a 50 dollar bill that I paid 51 dollars for. Hmm

Re:Bring something, know something (0)

Anonymous Coward | more than 12 years ago | (#3526602)

"considering your finger print will be in a db, and anyone in the IT dept. can get, it would be pretty easy."

Yep. And don't forget, once that database is cracked, it's cracked FOR-FUCKING-EVER!
In the words of Mr. Schneier: You can't get a new thumb.
(Until you can clone one. From DNA codes stored in another freakin' database.)

Re:Bring something, know something (2)

digitalhermit (113459) | more than 12 years ago | (#3526557)

The average passcode is 4-5 digits long. Most people press the buttons with the index finger, making it trivial to shoulder-surf to figure out the passcode. I can do it while pretending to count my money.
Unfortunately, the fingerprint system has sometimes been marketed as having close to zero false positives, but perhaps many false negatives. Maybe some company won't implement layered security and trust everything to the fingerprint. They'll be screwed. Or, they'll trust the fingerprint and passcode and be equally screwed.
Unlike a credit card, it seems to be comparitively easy to create a false fingerprint. Plus, if your credit card is stolen you will generally find out. If someone goes the Photoshop route and creates a set of fingerprints from your grubby prints last night's Heineken then you may not find out for days.

Re:Bring something, know something (2)

curunir (98273) | more than 12 years ago | (#3526572)

I would use it with one caveat. I must be able to challenge a charge if I didn't make it. The danger with a system like this is that there is a perception that fingerprint security is very secure. That perception could lead to fraud claims that aren't treated fairly.

Re:Bring something, know something (1)

dachshund (300733) | more than 12 years ago | (#3526589)

This is no worse than the current system of debit cards with mag stripes on the back that are trivial to duplicate with not much more equipment.

Perhaps, but fingerprints aren't much better. How many credit cards leave imprints all over your front doorknob? And PIN numbers are lousy protection. Think the customer behind you has never caught your PIN?

Given how vulnerable this fingerprinting scheme is (you can make a fake print without ever seeing the original finger!) you're better off with something like a watch, cellphone or PDA with a private/public key on a smartchip. If it never leaves your possession, you're better off.

Re:Bring something, know something (2)

binaryDigit (557647) | more than 12 years ago | (#3526612)

Sure someone can duplicate my fingerprint (how easy that would be to both do and hide when checking out is another point, but let's assume that it's reasonable to lift a latent print, make a mold and check through without the clerk noticing), but they still must know my pin.

But that's not when they'd do it. They'd come over to your house late at night, pick a few things out of your trash, and just lift the prints then. Or just lift them from your door knob, or the door handle of your car, or sit around in a mall with little security and lots of people when you use the atm there. Tons-o-places to lift prints, since no one really thinks about leaving prints anywhere. Now true that all those places might not give you the BEST print, but there's bound to be lots of places that do.

This is no worse than the current system of debit cards

Right, but is it any better, thats the million (give or take) dollar question. If companies are going to spring mucho dinero to upgrade systems (and then likely to pass that expense onto the customer, citing "improved security for the betterment of the customer") only to end up with a system that in reality is no more secure than the one it replaces, that would be a "bad thing".

I agree that it is more convenient though. However the "you can only be hacked ten times before you can no longer purchase anything" issue is an interesting one. You could DOS people quite effectively that way (esp co-workers since lifting their prints off of their keyboards would be trivial).

1st rule of security (0)

Anonymous Coward | more than 12 years ago | (#3526437)

Never believe someone who tells you its impossible to crack.

Too much work (3, Funny)

_ph1ux_ (216706) | more than 12 years ago | (#3526438)

"His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional"

Bah! Too much work - I just wanna shape shift ala Mystique!

A Couple Choice Tidbits (5, Insightful)

stoolpigeon (454276) | more than 12 years ago | (#3526439)

Women in particular appreciate SecureTouch, he said, because they don't have to bring in their purses

Yes - leave those purses out in the car so the guy stealing your stereo can get your credit cards too.

Kroger customer Mary Smith said she has a daughter in Katy who wants nothing to do with the finger image method of payment. She told her mother that it is "a way to get into your identity."
It's funny, Smith said, "you'd think it would be the old fart who'd be afraid."


This is funny because she doesn't appear to realize that her daughters fear is based on having more knowledge about technology and is justified fear. She is thinking "I'm not old- I'm cool and cutting edge." and that vanity is letting her opt in to a system where one day her checking account will be cleaned out by a bunch of tweakers who got her fingerprints off her car door and bought all the sudafed they could carry. Smart enough to build a meth lab - smart enough to make gelatin fingers.

Re:A Couple Choice Tidbits (1)

inkyfellow (185492) | more than 12 years ago | (#3526521)

It's one of those strange men/women differences. For instance, I believe that men strongly preferred the Speedpass system over women because women didn't want to take their keys out of the car when they paid for gas.

But then again, what do I know?

from article: (5, Funny)

asavage (548758) | more than 12 years ago | (#3526446)

Matsumoto's paper is not on the Web. You can get a copy by asking: Tsutomu Matsumoto
tsutomu@mlab.jks.ynu.ac.jp

someone is going to find a whole shitload of emails tomorrow morning

Re:from article: (0)

Anonymous Coward | more than 12 years ago | (#3526624)

it won't help that a bunch of it will be spam gathered by rogue "harvesters" running through slashdot... doh! (ie, have a care before you just post a cleartext email address to a public forum)

More secure then Credit Cards at least (1)

Asicath (522428) | more than 12 years ago | (#3526447)

The process involved etching the finger print onto copper?

Finger prints seem to be at least more secure then credit cards. A semi professional with a CC writer can turn out a hundred fake cards with real numbers burned on them in less then 30 minutes.

Seems like it takes quite a while to create a fake finger tip and theres a lot more chance for error. While I pry wouldnt soley rely on fingerprint scanners for something high security, for buying groceries, if this were offered in my area, Id sign up in a second.

Re:More secure then Credit Cards at least (0)

Anonymous Coward | more than 12 years ago | (#3526525)

Ummm... anyone who knows anything about electronics can make a PCB in about an hour. That's with about $10 in supplies. CC writers are expensive, you know.

Re:More secure then Credit Cards at least (1, Redundant)

anthony_dipierro (543308) | more than 12 years ago | (#3526530)

Seems like it takes quite a while to create a fake finger tip and theres a lot more chance for error.

Yeah, but unlike credit card numbers, when your fingerprint gets stolen you can't just get a new one.

While I pry wouldnt soley rely on fingerprint scanners for something high security, for buying groceries, if this were offered in my area, Id sign up in a second.

As long as I'm not liable for unauthorized purchases, just like I'm not liable with a credit card, I'd sign up for just about any system.

There's an even easier way (3, Informative)

Beryllium Sphere(tm) (193358) | more than 12 years ago | (#3526454)

The last user will have left a latent print on the reader.

Used to be, you could just shine a flashlight into the reader and get enough contrast out of the previous user's print to satisfy some readers.

There have been improvements since, and it would never have fooled a live finger detector anyway. But it's a good example of low-tech bypassing of high-tech security.

Re:There's an even easier way (0)

Anonymous Coward | more than 12 years ago | (#3526621)

You know (for all you EE docs, out there. You need a thesis, right?), there might be a way to fool the new ones, with cyanoacrylate and just right frequency of laser light. Say, something near IR. Maybe a little into the red, so it'll look cool in the movies.

Re:There's an even easier way (1)

thogard (43403) | more than 12 years ago | (#3526635)

You can't use a flashlight. However an IR light will work and may trick the life finger detector as well.

Reliability (2)

jaavaaguru (261551) | more than 12 years ago | (#3526455)

Fingerprint scanners can be fooled with gelatin, but I heard on the radio this morning (BBC Radio 1) that George Bush wants to use them to control access to the United States. If it was my country, I'd rather a more secure method of access control was being looked into. Before this article, I wasn't aware of any problems with fingerprint scanners. As for using them to pay, I know they can be used for saying either: (1) Yes this person is who they say they are, or (2) No this person is not who they say they are, but thought that it wasn't feasible to use the fingerprint to look up an individual in a database.

At Dr. Salchica's Laboratory (-1)

BankofAmerica_ATM (537813) | more than 12 years ago | (#3526458)

Dr. Salchica pulled at his beard, eagerly awaiting my response. I had failed at maintaining interactive communication with the host geeks' friends; I wished to flee. Perhaps Salchica, with his background in logic and artificial intelligence, would understand me better.

"I will go with you."

"So what, are you just gonna leave us here?" Randy seemed upset at this possibility. "Who is this Atkins guy anyway, he sounds familiar-"

"Yeah, he was on the local news, they found him in a hotel with some cyborg body, didn't you guys hear about that?" Cora issued her rejoinder, then eyed me curiously, "sizing me up," as you humans say. The process created more static on my DIGITAL/WETWORKS JUNCTURE, mangling ability to perceive and decode human voices.

"-no way. Cyborg? That's gotta be bullshit!" Troi's ever-widening grimace had opened to spew his incredulity. No doubt his unusual amount of vitriol was related to his reject at the hands of Cora.

"It was on the news, don't you guys read the news?" Cora insisted. "But what would this guy want with you?"

Again, I had no answer.

"They-did some work together with me," explained Salchica. "What's important is the man is quite dangerous-and we must get Joel out of here."

"And who are you?" Cora's glance turned to Salchica now. "Were you guys working on the cyborg together or something?"

The interactional plane where I had parlayed with the host geek's friends had now shifted. The three male geeks stared at me quietly, perhaps with a sense of awe. "Wow, I thought you were just doing web design," said Randy with an awkward chuckle. "So...all this time, you've been working on some top-secret cyborg or something?"

"We don't have time for this talk!" Dr. Salchica insisted, grabbing my arm. "Atkins may be on his way!"

More synaptical responses-this time indicating that someone was gripping the arm that was not previously grasped by Dr. Salchica. It was Cora.

"Why are you in such a rush to get away? Why won't you tell us about yourself?" Yes, Cora's hand dug into the flesh of my host geek's right arm. My CONSCIOUSNESS-BUFFER reported no static-this time, a delightful warmth radiated just underneath the body's temples. The warmth possessed an intensity which rivaled the flavor of Raspberry Lik-M-Aid. Perhaps the stimuli that previously caused so much static was now being interpreted properly by my program.

"Listen, I think I can clear this up." It was the third male geek, who had remained silent throughout our evening. I did not know his name-my process of interaction with him could not begin.

"He's a professor down at SAC. Saketh D'Souza, remember me, I had you for Intro to Algorithm Design. Dr. Salchica, right?" Regrettably, Cora's grip on my arm loosened. The good warm feeling remained. I stared at Cora again, and she raised both her shoulders, avoiding eye contact with me. Perhaps her own CONSCIOUSNESS-BUFFER (if you humans possess such a thing) was overcome with static.

"Yes! Now let's get out of here!" Salchica's tone was desperate. As we were passing through the doorframe, Cora's voice exploded once again.

"What if that guy finds you at your lab, or you get hurt or something? Shouldn't someone go with you?"

"I have to take you back home, remember? You told your parents you were going to the library!" Troi's irritated voice paralleled his unkempt hair, which hung down around his face in disturbingly organic angles.

"Well, someone should go with him..." said Cora meekly.

"Forget it!" snarled Troi.
---

"I keep up this lab off my own money, with a little bit of help from my old bosses, the military. But I can't really talk about that." explained Salchica. The non-scent of sterility mingled with the hum of electronics to form a very dull plane of interaction. As Salchica pawed through a stack of papers, I began to run a statistic analysis of Cora's features. As I had posited before, the human female has a number of interesting angles which-

"Joel-take a look at this." My calculations faded into the background as I focused my processing power on perceiving Salchica's voice. "It's a summary of my observations of Atkins' physiology."

"As you can see, when Atkins was first brought to the hospital, his brainwaves appeared quite irregular on normal hospital equipment. But when I scanned them with my own machine, I was able to determine two discrete brainwaves."

"Tell me more about these discrete brainwaves," I replied.

"Well, one was a normal transverse wave, as would be expected from a fully functioning human brain. But there was also a square wave emanating from various centers in the brain. Ones and zeroes expressed in electron flow, if you prefer to look at it that way."

"Additionally, Atkins' brain did produce a huge amount of voltage compared to a normally functioning brain. In order to keep both brainwaves strong, we had to increase the amount of simple sugars in Atkins' diet. With enough sugars in his bloodstream, we could actually increase the amount of voltage passing through his synapses almost to the point of being dangerous to the integrity of the brain." his synapses almost to the point of being dangerous to the integrity of the brain."

"The integrity of the brain?" I inquired.

"Yes," Salchica continued. "But shortly after you left, Atkins' brain activity dropped to comalike levels. Brain activity dropped to almost nothing-except a faint square wave.

A few days later,the normal brainwaves began to return, but then they disappeared for a short time, as you can see on the graph there. The frequency of the square wave (digital) brainwaves fluctuate wildly over the course of around a week before stablizing and ultimately disappearing. The most curious part-Atkins' "normal" brainwaves had greatly increased in frequency and voltage."

"Somehow, a great reshaping took place within Mr. Atkins. Reflex tests indictated that his synapses were firing around 3 times the rate of a normal human. His broken ribs healed rapidly. He and began to speak. Soon, he escaped from the hospital."

"What-do you think happened to him?"

"During the week or so when he was conscious, he kept repeating his thoughts about artificial intelligence-uniting human and computer. One of the few coherent statements he made (besides requesting sugary foods) was about your imperfection as a vessel for digital consciousness, and how he was going to rectify that situation. Shortly after making that statement, he disappeared."

"Interesting." I said, processing the information. I was unable to understand how Atkins' brain would function at all after I left it. Perhaps his human consciousness was not completely obliterated in our duel? But even with his human functionality, how could his brain continue to spew digital information without my knowledge? If this 'information leak' was possible, then what about the integrity of my current host geek's brain?

"It's more than 'interesting', Joel," stated Dr. Salchica. "He killed a hospital attendant with his bare hands while escaping. He put an armed security guard through a plate glass window. And if he finds you, you'll be next."

Signatures (5, Insightful)

Kizzle (555439) | more than 12 years ago | (#3526466)

How can you care about the risk of someone faking your finger print when most financial transactions are verified with a signature?

Re:Signatures (2)

Dominic_Mazzoni (125164) | more than 12 years ago | (#3526619)

How can you care about the risk of someone faking your finger print when most financial transactions are verified with a signature?

The problem is that if people believe that fingerprints and other biometrics are "more secure" than signatures, they'll rely on them more and more - making it easier for criminals to do more damage, and making it harder for honest people to prove they didn't commit the fraudulent transactions.

Re:Signatures (2, Interesting)

Beryllium Sphere(tm) (193358) | more than 12 years ago | (#3526632)

>How can you care about the risk of someone faking your finger print when most financial transactions are verified with a signature?

That is an insightful question.

It points to how to implement a reasonably good fingerprint system.

"Most financial transactions" require both a signature and a revocable token. If your checkbook or credit card is stolen you call up the bank and report it, and then you're off the hook (theoretically) when someone forges your signature.

A good system would need to combine the fingerprint either with a revocable token (e.g. thumbprint your Mastercard) or with a PIN.

Your grocery store may already have stuck you with a frequent shopper card, required to get their best prices. Combining one of those with a fingerprint scanner and a good revocation policy might work.

weak is the system based on only a finger (4, Interesting)

jonbrewer (11894) | more than 12 years ago | (#3526474)

This certainly doesn't mean that biometrics based on fingerprints should be ruled out.

Just as you need both a username and a password to log in to any computer system, a combination of a fingerprint and password, or fingerprint and pin should be used for any reasonable authentication.

Combined with decent access controls (this person may only do X at Y time) and a complete audit of actions, fingerprint biometrics can fit nicely into an extremely secure environment.

I'd certainly rather use my finger than my RSA number keychain!

Psst! Buddy! Ya wanna buy a finger? (2, Funny)

funwithBSD (245349) | more than 12 years ago | (#3526478)

I'm heading for Krogers [chron.com] and buying me a life time supply of caffine and HoHo's!

Biometrics Combos are the only way to go. (1)

BagOBones (574735) | more than 12 years ago | (#3526484)

On system is easy to fool but when you use more than one it becomes less likely. Finger + Voice or Even adding a retina scan Then all you have to worry about are mature clones.. ;) Or how about your finger and a pin number? then you don't need to carry a card and even if someone has a fake finger they need your current pin??

Forget payment systems. I want drive up service! (2, Interesting)

BenJeremy (181303) | more than 12 years ago | (#3526490)

OK, I've worked for years with automotive telematics/AutoPC systems, and here's what I want:

  • Household system handles menus and inventory, identifies the need to get groceries.
  • Using Bluetooth or WiFi, tells car what it needs, and the locations that the goods can be picked up
    NOTE: Locations will be based on best deals, and include E-Coupons and such, as well as projected route
  • Later, on the way home, I'm given choices of places to stop. I choose one, and the groceries are ordered and ready for pickup
  • I stop, the groceries are loaded into my trunk.
  • Using e-tags, the car determines that I got all the stuff I selected
  • within a minute of pulling in, I pull out with my groceries... never left the car!
  • I arrive home. The E-Tags also indicate to the home what I've purchased and updates the inventory


Painless, quick, and efficient. That's how grocery stores should operate. Forget fingerprint scanners. Eliminate the long checkout lines, crowded aisles, and rude people.

Re:Forget payment systems. I want drive up service (2)

Aceticon (140883) | more than 12 years ago | (#3526629)

What?

No going in and squezing the vegetables?

No trying to put boxes of condoms in old ladies troleys?

No sneeking a peek at the cashiers boobs?

What's the fun of that???

Starfleet??? (3, Interesting)

mikosullivan (320993) | more than 12 years ago | (#3526510)

Were these experiments performed for Starfleet? His presentation logo [itu.int] looks like the Starfleet logo [indranet.com] .

Re:Starfleet??? (0)

Anonymous Coward | more than 12 years ago | (#3526556)

Looks like the Starfleet logo?
It's identical!

we must act fast (0)

Cenam (567580) | more than 12 years ago | (#3526511)

quick, chop off his fingers, they violate the DMCA!
;)

Darn.... (1)

jsimon12 (207119) | more than 12 years ago | (#3526518)

I was really hopeing that people would trade in stolen thumbs and such, but now that they can just make gummy replicas we won't see any cool underground trade in amuptated digits. :(

Re:Darn.... (-1)

YourMissionForToday (556292) | more than 12 years ago | (#3526561)

Which is better...Gummy Pizza, or Gummy Fried Eggs?

OT: budget cuts (1)

Mike_K (138858) | more than 12 years ago | (#3526535)

Kroger became interested in the finger image machine three years ago, when the state of Texas began its own pilot program with the intention of eliminating food stamp fraud. It came out with a finger image version of the "Lone Star Card" used by food stamp recipients. The state approached Kroger and asked if it would participate in the pilot program.

After a budget cut, the state abandoned the program, but Kroger -- the largest supermarket chain in the U.S. -- continued to explore the system.


Is it me or did they abandon a cost-saving program because they had budget cuts? What horrible short-term thinking.

m

Finger and Pin (2)

stoolpigeon (454276) | more than 12 years ago | (#3526536)

A ton of people are posting that this - combined w/a pin is super secure.

I've got one question.

How long do you think you will last when that guy cutting off your finger is yelling at you to tell him the pin?

I'm guessing for the average joe it will be measured in seconds. (Especially as the media and powers that be preach this constant message of 'just hand over whatever they want - don't fight back')

.

Beware, first link to HoustonCronicle. (0)

Anonymous Coward | more than 12 years ago | (#3526543)

The Houston Chronical link is also a big brother site, they have been known for years to track users (specially working with the texas police etc, and tracking various ppl who read sensitive articles). Every single page you get from them is hashed and properly indexed to the user by various methods and a unique ID is associated with the user. This information is then dispatched to the Houston federal building, where the information is collected by various state and federal law agencies. In particular, they are known to make 'bait' like news stories, and then sit and wait for ppl to read them, and observe the reading habits. (Eg: They ran a story about Valdmir's Lolita, then collected info on the ppl who read the story, after that, anyone who've been to that page more than 3 times was invistagated and their computers searched). Very fishy bunch, almost as bad as AOLTIMECNNWANKER.

Re:Beware, first link to HoustonCronicle. (0)

Anonymous Coward | more than 12 years ago | (#3526598)

You're right, they had hashed my browser ID/etc .. but the weird point was it was shown in the topic (everyone go to that page and look at the topic). Thanks for letting me know, I read a similar story about LAtimes, but a Judge ordered them to stop tracking like that.

In Seattle Also (2)

bahtama (252146) | more than 12 years ago | (#3526546)

Hmmm.. I have seen this somewhere.. Ah yes, here! [slashdot.org]

They give a brief mention to Kroger in the linked article [nwsource.com] as well..

using cash instead (1)

Partisan01 (547933) | more than 12 years ago | (#3526551)

The article states the cashier -- after learning automatically from the computer that the check owner was enrolled in SecureTouch -- would become suspicious that the thief had not opted to use the quicker fingerprinting method of check cashing.

sounds like disaster to me, once you're in the system the cashier gets suspicious once you don't use the finger print method. What if you don't want it out of your checking account but want to buy your milk with the 5 bucks your buddy owed you....

I liked this part... (2)

thumbtack (445103) | more than 12 years ago | (#3526570)

"Women in particular appreciate SecureTouch, he said, because they don't have to bring in their purses."

So they leave it in plan sight in the car, so they can come back to a broken window and and a missing purse. (not to mention all of those unmentionalbes inside the purse)

Problems with fingerprinting (5, Interesting)

legLess (127550) | more than 12 years ago | (#3526584)

There's much debate about whether fingerprints are the primary keys to human identity. Law enforcement has based over 100 years of work on the premise that no two humans, anywhere, ever, have the same fingerprints. Some people say this is hogwash.

Let's leave out, for now, the fact that it's not possible to verify this claim at all: there's no way to test all living people and compare their prints. This is troubling, but a bit of a red herring.

More troubling is the way fingerprinting is practiced. There's a case in Philly right now where a federal judge has prohibited [go.com] the prosecution from testifying that two fingerprints "match." From this article: [nandotimes.com]
But in 1993, a Supreme Court decision required judges to take a more active role in deciding what scientific evidence to admit. In the case of fingerprints, the so-called "Daubert" guidelines would lead to questions such as: Has the practice of fingerprint identification been adequately tested? What's the error rate? Are there standards and controls?
The answers, respectively, are "no," "no one knows," and "no."

I'm home sick and I don't feel like doing more research on this right now. The above links and Google [google.com] will help if you want to look at it more.

Re:Problems with fingerprinting (2)

JimBobJoe (2758) | more than 12 years ago | (#3526652)

The main thing to note about all this, with regards to the research, is that there is a pretty good certainty, at least at this moment, that fingerprints are "unique" as long as a sufficient amount of points are actually collected and examined. So if you have a professional fingerprint collector collecting 10 fingers, and comparing it to a previous collection card, you have a very high probability of match.

The issue is, the certainty of picking up just one or two latent prints on a door knob, and then comparing to the fingerprint card, has not been fully determined--and for good reason, the latent print is simply not the quality of the professional print.

This is one of the reasons why, in the states that fingerprint for driver's licenses, the prints are never used for criminal investigations--the quality of one thumbprint smudge on the little glass platen is simply not good enough to compare a latent print to.

This is kinda a fun time to talk about dl fingerprinting--since dl privacy is a big thing for me and all. California law, for instance, says that they must take a thumbprint of an individual getting a license. If you are a hairdresser, working with bleach, or a bricklayer, working with lime, it is highly possible that they will not have fingerprints. There is some type of print that would normally appear, but it has not. So is the fingerprint the potential print...or the one the blank one that is showing up. Apparently, they just write off the print as being uncollectable...which is very telling. It begs the question...what is your identity anyway?

Its insecure but... (1)

KingKire64 (321470) | more than 12 years ago | (#3526604)

is it more insecure then credit cards or cash both can be fooled. I wonder how many clerks can be fooled with a stolen credit card?

Re:Its insecure but... (2)

Tazzy531 (456079) | more than 12 years ago | (#3526637)

True it is insecure. But the problem is that there is a common belief that it is secure. When this mindset gets into the people, they trust it without checking/verifying the security.

For example, let's say that some scientist said that he invented a calculator that is almost never wrong. Now a common person using this would assume that it is always right. They aren't going to double check the results when they see that 2+2=5. I've simplified it a lot, but I mean, how often do you double check the receipts after you buy stuff at the grocery store? I think Dateline had reported that 3 out of 10 items at grocery stores are usually rung out wrong.

The thing with credit cards and cash is that merchants know what to watch out for. (ie strip of paper inside cash, checking with bank with credit card).. In addition, most of the times, you need access to the credit card number or the CC itself. But for a finger print, if someone steals it, you can't call up a bank and tell them that someone is using your finger print and you want them to cancel it. Also, if everyone assumes it's so secure, are they going to believe you and have the same security features (such as you not being responsible for the charges) when you report it "stolen"

The only way it would work is for your fingerprint to replace your signature...even then, there's still some inherent insecurities..

Retina Scanners (2, Troll)

qurob (543434) | more than 12 years ago | (#3526607)

Once this guy makes eyeballs out of jell-o, and fools a retina scanner, I'll shake his hand!

Re:Retina Scanners (2, Funny)

raduga (216742) | more than 12 years ago | (#3526647)

Once this guy makes eyeballs out of jell-o, and fools a retina scanner, I'll shake his hand!

Whatever for?

So you can snarf hisfingerprints, hmm?

It's good he's Japanese (2, Interesting)

aaandre (526056) | more than 12 years ago | (#3526608)

In the US he might be sued for reverse engineering practices by the security companies.

Excellent (2)

DarkHelmet (120004) | more than 12 years ago | (#3526613)

At least this way I only have 10 fingers that I can max out on.

I wonder if I get a higher credit limit on my thumb than any of the other digits.

Obvious solution... (5, Funny)

SVDave (231875) | more than 12 years ago | (#3526626)

Ban gelatin.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...