On Thu, Jan 20, 2011 at 5:53 PM, Ross Walker rswwalker@gmail.com wrote:
On Thu, Jan 20, 2011 at 12:03 PM, m.roth@5-cent.us wrote:
I can beat that: I read, a month or so ago, how a bunch of elementary school kids discovered that wet Gummi Bears would hold a fingerprint, *and* (they didn't understand this) have more or less the same electrical conductivity....
Fortunately I don't go sticking my fingers in wet gummy bears, so that risk is mitigated!
While finger prints can be faked, it often requires access to the finger to fake. I haven't heard of someone lifting a latent oil print and creating a fake out of that. I'm sure with enough ingenuity it can be done. Then again if someone is that intent on accessing your data, well I'm sure they could figure another way as well...
Nope.
I found this link in a reference from 2002, and have seen nothing to indicate any significant improvement of fingerprint scanners to ignore gelatin based fake fingerprints, overlaid on a living person's finger to fool the electrostatic or thermal sensors of some sensors, and and with the fingeprints transferred from a Xerox of a police or other official fingerprint.
http://www.schneier.com/crypto-gram-0205.html
This has me laughing my tail off at the insistence on including fingerprint authorization as a default in RHEL 6, and the difficulty of extracting the daemons and utilities from the base image. Too many scattered RPM dependencies for other utilities. It's actually now a default "enabled" feature in anaconda for kickstart installations.