Re: Security. WPA?/-TKIP /-CCMP

On Sun, 07 Dec 2008 00:06:09 +0000, Mark McIntyre
<markmcintyre@xxxxxxxxxxxxxxxxxxx> wrote in
<UrE_k.100536$i92.27467@xxxxxxxxxxxxxxxxxxxxxxxxxxx>:

Jeff Liebermann wrote:
On Sat, 6 Dec 2008 05:42:55 -0800 (PST), Chrisjoy
<ultralibertarianer@xxxxxxxxx> wrote:

Logging on to windows need users to know this:

1) Knowing the name of your own account.
2) Knowing the spelling of your own account password, and where the
keys are at the keyborard.

A fingerprint reader can be used in place of the login and password.
I've had rather bad luck at getting users to consistently use the
reader, but it does work. The ones where you swipe the finger over a
narrow reader window seem to be a problem. The ones where you just
press your finger onto a larger window, work much better (but cost
more).

Unless you go high-end these things are horribly insecure. I've toyed
with deploying them but having watched the issues that others have had,
shied away. Typical problems would seem to be too many false negatives,
too easy to sniff, foolable by a variety of creative methods not
including severing digits, and not hooked into the OS at a low enough
level to properly secure the login.

That's a joke, right? LOL! Assuming you can get past that worry, check
out the integrated security solution in Lenovo ThinkPads equipped with
security chips, fingerprint readers, and encrypting hard disk -- they
are very reliable and secure.

The way a lot of banks and market data vendors do it nowadays for
internal logins is with a chip-n-pin type card and a card reader slot in
the keyboard. The next level up is a pin and an RSA securid dongle to be
used in conjunction with your normal uid and pwd to login to the company
vpn.

A physical token is of course much easier to compromise than severing a
digit. ;) Regardless, I'm frankly not terribly impressed by the bank
measures I've seen, which is why I'm not terribly surprised by all the
security breaches that have occurred, most of which never make the
press.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>
.

Relevant Pages

  • Re: Adobe Alternatives
    ... I would second just about any alternative PDF reader, ... prefer Foxit as well--not just for security, ... There are some open source flash player projects, ... IT Security Policy and Risk Assessment Analyst ...
    (Security-Basics)
  • Re: Microsoft Fingerprint Reader
    ... reader for several years now without any issues. ... across a few web pages that are login pages that don't actually register as a login page with the ... I have 20 or so logins that work just fine but 1 page that won't register as a login page. ... icon image appears briefly on the screen), but the logon dialog window ...
    (microsoft.public.windowsxp.hardware)
  • Re: SharePoint Security Inquiry...
    ... For all users to read all resources, ... go into SharePoint security and add 'NT ... Authority/Authenticated Users' into the Reader group. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Unlock A Computer
    ... > Is Locked And Nobody Knows Her Password Is There Any Way I Can Use This ... prompts and change the Administrator password (preferably, ... Then, when you login, login as Administrator using ... liable for problems or mishaps that occur from the reader using advice ...
    (microsoft.public.windowsxp.newusers)
  • Re: Microsoft Fingerprint Reader - Slow?
    ... I have the fingerprint reader. ... The point of the fingerprint reader is so that by recongnizing the ... Windows XP. ... If it is a close enough match, it will type in the password and username ...
    (microsoft.public.windowsxp.hardware)