[brlug-general] Email passwords are.. special?

Petri Laihonen pietu at weblizards.net
Thu Feb 15 16:03:38 CST 2007 

That fingerprint stuff does not work too well.
I have an IBM StinkPad, and I was never able to input my fingerprints to 
it. I went through the "training" program and then when I was in a 
process of setting it up, the system never accepted the last "scan"....  
no matter how many times I tried....

Furthermore, in mythbusters they already tested a movie-myth where one 
fakes the fingerprints. They were able to open the fingerprint protected 
lock easily. --> not-busted.

Petri

Mathew Branyon wrote:
> I have an idea... Input isn't accepted into the devices unless the
> fingerprints are actively being read, i.e. fingerprint scanners on all
> of the keys on a keyboard, or on the back of a cell/pda, something like
> that.
>
> RFID tags under the skin could also work.  If you want, I can help
> inject those into your clients (keep in mind, I'm not trained or
> anything, I just think it could be fun)
>
> --mat
>
> Dustin Puryear wrote:
>   
>> Let's keep in mind that I never said that having multiple passwords
>> *was* the solution. I'm just looking for ideas. So, keep them coming.
>> ;-)
>>
>> ---
>> Puryear Information Technology, LLC
>> Baton Rouge, LA * 225-706-8414
>> http://www.puryear-it.com
>>
>> Author:
>>   "Best Practices for Managing Linux and UNIX Servers"
>>   "Spam Fighting and Email Security in the 21st Century"
>>
>> Download your free copies:
>>   http://www.puryear-it.com/publications.htm
>>
>>
>> Thursday, February 15, 2007, 3:30:55 PM, you wrote:
>>
>>   
>>     
>>>    
>>>  Tim Fournet wrote: 
>>>   
>>> I've checked with four different email applications on the Palm Treo, as
>>> well as some available on the Blackberry, and none of them show the 
>>> password as cleartext on the config screens. Sure, someone could 
>>> conceivably hook up the device to a reader, perform a hex dump of the 
>>> contents of the memory, and the passwords are probably visibly in there;
>>> but my point is that by the time this can be done, a user can change his
>>> password ---- as long as he knows how and when to change it! Giving him
>>> a password that is "just for email" doesn't necessarily make his "real"
>>> password more secure, because he can store that on the PDA just as well
>>>  
>>>  None of these mitigation activities get around the fact that 
>>>  1) some users are stupid
>>>  and
>>>  2) some vendors are stupid and have buggy/easily broken applications.
>>>  
>>>  I don't necessarily see having multiple passwords as doing much to help the situation.
>>>  
>>>  The DoD is starting to require two factor authentication. Users
>>> must log in with smart cards and use a password. So you have to have
>>> the card and the password.  Even their webmail and VPNs are accessed that way.  
>>>  
>>>   
>>> Shannon Roddy wrote: 
>>>   
>>>   
>>> On 2/15/07, Tim Fournet <tfournet at tfour.net> wrote: 
>>>   
>>>   
>>>  I doubt many devices actually store the passwords in an
>>> easy-to-access cleartext sort of way. 
>>>   
>>>   
>>> Umm... wrong answer.  ;-)   You'd be surprised.
>>>     
>>>       
>>   
>>     
>>> _______________________________________________
>>> General mailing
>>> listGeneral at brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net
>>>   
>>>   
>>> _______________________________________________
>>> General mailing
>>> listGeneral at brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net
>>>  
>>>  
>>>  
>>>    
>>>     
>>>       
>> _______________________________________________
>> General mailing list
>> General at brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
>>   
>>     
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
>

More information about the General mailing list