Faking a fingerprint (part 1)

Back in nineties I was working with TeKey Research group, supplying them raw materials for their tests.  The task was to study if fingerprint sensors accept dead fingers. Yes, I was pathologist these years and got plenty of themJ. After few experiments we realized that optical sensors cannot distinguish dead fingers from alive. Even worse, they accepted fingerprint images.

See how we did it. You will like the idea and simplicity.

First you will need some equipment. We used something always available in every office or home.

1. PPC transparence film
2. Stamp-pad
3. Scissors

 

 

Touch a stamp-pad to blot the finger tip with ink. You can use any other method, like ink marker, water or oil color, carbon paper etc.

 

 

 

Seal the transparence film with your finger. You can experiment with various types of films. It could be any transparence plastic flexible material. 

Make sure that you’ve got a clear fingerprint. If not, repeat previous steps.

 

Cut the fingerprint out close to the outline. For the sensor that was used in our study it was important to fit the film to the window of the device. If you have to sweep the image along the sensor cut the  ribbon corresponding to the direction of sweeping.

 

 

Place the film on the sensitive part of the device. Now the devise is ready for an “optical illusion”

 

 

 

In order to reduce the risk to expose your own fingerprint, cover your falsification with soft material, hold it tight and wait for the result.

When presented to an optical sensor the fingerprint image is accepted and identified like the original finger.

 

What is the bottom line?

1. Optical fingerprint sensors accept fake fingerprints, fingerprint images and scans
2. If you use one for protection of your computer you are always at risk
3. Biometrics offers a false sence of security and protection, especially when using optical sensors.

But this is far not all. In my next post I will show you the second part of this experiment, which is even more impressive. Keep reading

June 26, 2008 Posted by patholog | Biometrics, How-to, Security, Security Threats | Biometrics, How-to, Security Threats and Vulnerability | 8 Comments

5 reasons to use Portable Encryption (part 1)

As I have already mentioned in my previous post, if you are Pope or even more innocent than a Pope, you can skip this page and move directly to heaven.

Everything that I post here is for you normal sinner people, and for you abnormal sinner people and even for you ladies. You and I agree that you always have something to hide. We both know that you definitely have your fair reasons to do so. Then the best way to do so is to encrypt your data.
But that is only one and even not the main reason to use encryption.

What can be more important than hiding information? –  The need to secure it!
Let us picture a typical situation – you are sales person. You work hard on every sales lead, flying from one coast to another doing more miles a day than 5^th US fleet. You know more people by contacts in 50 states than the president of the United States. All of them are your customers and you keep carefully their details, and names of their wives, pets and kids. You carefully keep contracts, price lists, and all information you need to close the deal. 
You are very successful – your managers love you, your clients tolerate you, your competitors hate you. What can be a worst nightmare that you can imagine? No, it is not the earthquake in Sichuan neither tornado in Texas.
Your worst nightmare is that information stored on your laptop somehow falls to dirty hands of your competitor. What? They will need password to open it? You cannot be that naïve. Let’s pretend that I did not hear this question. Just believe me – the worst thing that can happen to your information is to fall to wrong hands. You need some prove? Here is one story, and here is another one, and you’ve heard about this story for sure. If you Google the string “lost laptop” you get over 60,000 links. Why do they write that much about some lost laptops? Because you never know the real value of information you keep before you lose it.
The above was a long prelude to the reason number 1 – Your information is valuable (and not only for you). What can be done to prevent access to your secrets? The answer is obvious – encrypt.  You select your favorite tool and method for encryption, but if you ask me – the easiest way is the best one. What can be easier than n-Pass? Give it a try.

It took me so long to write about 1^st reason that I will leave the rest to another post, but I want to summarize. 5 main reasons are:

1. Your information is valuable
2. Your identity is important
3. Your privacy shall be of high priority
4. You are advanced user, surfer, you name it
5. You are working on many workstations or using public internet access points

If all these points are talking to you, you have to use encryption and you need it portable.
Want to learn more – continue reading, or visit a website of the n-Pass

Added on June 27. Today another story popped-up. This will never stop till they start using encryption on every laptop and PC

June 26, 2008 Posted by patholog | Encryption, identity theft, passwords, Security, Security Threats | Encryption, Security, Security Threats and Vulnerability | 1 Comment

Your password is not a secret

5 terrifying facts about your passwords and 1 simple and free solution

Did you ever notice that someone opened your computer or entered your mailbox? Did you notice someone spying on you when typing a password or a PIN-code? Are you aware that your password was guessed?  Do you remove the Stick-it note when you leave your workplace? Do you lock your computer?OK, you are aware now that there are risks. But what can you do? What is a way to remember many complicated passwords? You do not have to! More of that, I say “FORGET YOUR PASSWORDS”. How?
Before I share the most powerful secret, I would like to tell you one story from real life.

Why am I so sure that you are exposed to risk? The answer is obvious. If you read this message – you are not an alien, you are human. Therefore you are exposed to 5 risks:

1.       Your administrator is a terrible guy that changes passwords every month or makes you changing it; and you have to write it down because otherwise you will forget. Where do you keep this note? On a stick-it sheet under or on the bottom side of the keyboard? Near the screen? Under the paperweight on your desk? Are you sure the place is safe?

2.       You rely on the MS Windows protection. You keep all your passwords in a text file on a hard disk of your computer. Yes, you know that you make a hacker’s life even easier, but you think that he have to log-on first… doesn’t he…?

3.       You never write your password, that’s why you use a simple one. What shall one know to guess your password? A name of your spouse, son or daughter? Your pet name? Your address or your date of birth? This is called “human engineering” and you can learn a lot about it from Kevin Mitnick.  

4.       You use one password for all accounts. Yes, you do not forget it. Maybe it is not a simple one. Maybe it even contains symbols and numbers, small and capital letters. But it is still the one. If someone put a hand on it… guess what.  

5.       You have friends. The ancients used to say “if two people share one secret – it is not a secret any more”

Not long ago I have received an e-mail from my bank asking me to enter the online account and to change a password. There was a link at the end of the message and I clicked on it. The web page opened. It looked exactly like my bank’s website, but… But my password manager did not fill the form. I do not remember my passwords; I use n-Pass Pro.  And it did not fill the form. It never happened before and I was curious. I thought that something is wrong with a program, but when I looked at the URL I understood why the n-Pass refused to cooperate. It was not my bank’s web page, though it looked exactly the same. It was a phishing message and fake website. The n-Pass knew it and did not fill my credentials. It kept my money safe. Moreover it kept my identity

 

Why do I tell this story? Because the secret I wanted to share is the n-Pass – a password manager. I do not remember passwords; I simply do not need to. I can use very strong and complicated passwords, and n-Pass generates them for me. I do use lots of passwords; all of them are unique and strong. They are not dictionary words. They contain symbols, numbers and letters. And I do not remember them. If a friend of mine asks me for my password I even cannot say it. I do not know what my passwords are.

Do you believe it? No? Just give it a try! You can download n-Pass and use it absolutely free for 60 days.

 

I am sure that you will love it.  Even if not, it is risk-free. You download it to any pendrive and use it for 60 days free. If you do not like it, you do not pay.

But this is far not all you will get for your $45 free.

You will get also:

·         n-Crypt, an ultimate tool for keeping your files protected

·         n-Crypt EVD – a tool for creation of encrypted virtual disks

·         Shredder for files you want to destroy without ability to recover

·         Passwords Generator

·         Contacts management – an active address book that is always with you

·         One-click VPN and RDC connection tool

·         A launcher for Portable Applications

·         Free access to over 100 portable applications

·         And much more

Are you ready to give it a try? Download it from here

 

If you liked it – leave your comment here

June 25, 2008 Posted by patholog | How-to, passwords, Security Threats | passwords, Security, Security Threats | Leave a comment