Yortuk Festrunk wrote:
> On Sun, 24 Jul 2005 04:57:25 GMT, nemo_outis wrote:
>
>
>>However, they are grotesquely deficient against skilled adversaries.
>
>
> you mean like fuckin' Braniac, man?

No, he refers to commonly applied methods. These devices, including the
smart card, only create some level of assurance. In the case of
biometric devices, their are a number of methods and techniques that
make these devices close to useless. They do provide a level of
assurance, but they do not provide a high level of assurance. All
consumer grade biometric devices commercially marketed today are quite
capable of being compromised or bypassed, perhaps by the 12 year old
down the street. Nemo is absolutely correct. The device can make the
system no more secure than the systems access availability. This
deficiency applies not only to biometric devices but a number of other
encryption techniques. Key loggers aren't even needed to capture (for
example) data from the CRT emissions. Recently I read and article about
reading data being transmitted via a NIC card or written to a hard drive
by monitoring the LCD light emission flicker on a device from a distance
away. Often simply thinking of the appropriate approach to emulate the
function of a device is enough. The approach usually is not the direct
approach but a vector. Just because you don't know how it can be done
doesn't mean it can't be done and it is usually easier than you think.
It isn't rocket science, it is understanding.

It is not only governments that have this risk but corporations and
research facilities. It is far cheaper to learn what your competition
knows by stealing their data or knowledge base than it is to develop the
data from scratch. These tools and techniques are known by both sides
of the security equation.

Winged

PS The best coders I know are black hats.