|
|
 |
 |
|
|
 |
 |
 |
| March 18, 2008
|
|
 |
 |
| |
Dear readers,
The Biometrics Info provides you with the latest news on biometrics, smartcards and network security. We provide you with this free service 2 or 3 times a week depending on the news available.
We provide a RSS feed for daily use. During the week all the news will be available through the RSS feed with a weekly summary on friday through the Biometrics Info e-zine.
We carefully selected the newsarticles for this Biometrics Info and we hope you appreciate this edition.
Enjoy reading.
Reinier M. van der Drift
BioXS
English
Ex-MS staffer to demo Vista smart card hack
A former Microsoft worker has identified security vulnerabilities in smart card plug-in software for Windows Vista that might allow hackers to take over vulnerable PCs.
Dan Griffin used a fuzzing tool he developed, dubbed SCardFuzz, to find bugs in software from an unnamed smart card vendor. Griffin, who left Redmond's smart card development team to work for small Seattle-based security consultancy JW Secure, plans to demo the hack (which he claims might allow attackers to gain full system access) at the CanSecWest security conference in Vancouver at the end of March.
A Java applet supplied by the unnamed vendor allows programs to be created. These might be potentially malicious. "Writing a hacker applet on the card is not that hard or far-fetched," Griffin told Dark Reading.....
The Register
Date: 2008-03-18 |
Dismantling contactless smartcards (video)
On March 7, 2008 researchers and students of the Digital Security group of the Radboud
University Nijmegen have discovered a serious security flaw in a widely used type of contactless
smartcard, also called RFID tag. It concerns the "Mifare Classic" RFID card produced by NXP
(formerly Philips Semiconductors). Earlier, German researchers Nohl and Plötz pointed out
security weaknesses of this cards. Worldwide around 1 billion of these cards have been sold.
This type of card is used for the Dutch `ov-chipkaart' [the RFID card for public transport throughout the
Netherlands] and public transport systems in other countries (for instance the subway in London and Hong
Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities.
All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle
possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual
system. In many situations where these cards are used there will be additional security measures; it is
advisable to strengthen these where possible.
RU Nijmegen
Date: 2008-03-18 |
Aconite ships card fraud management package
Aconite, the leading provider of smart card software solutions and professional services today announced the launch of a new software solution, Risk Status Translator (RST), designed to help card issuers exploit further the fraud and risk management benefits of EMV migration.
RST is now being deployed by Investec Private Bank South Africa to work alongside their recent deployment of Aconite's EMV Script Processor (ESP) and Transaction Enabler (TRxE) solutions.
RST acts as a link between fraud and risk management processes and the scripting engine, either for automatic analysis, such as is performed by products like Fair Isaac's Falcon and Triad, or more manual processes such as account scoring. RST converts the results of the fraud and/or risk analysis into a post-issuance action to be performed.
Children should get keys to their data when they come of age
Companies processing children's data may need explicit consent directly from a child to continue using it once that child reaches maturity, Europe's privacy officials have said. The child may also revoke consent given earlier by a parent or guardian.
The Article 29 Working Party, a committee of European countries' data protection officials, has said when a child becomes mature enough to make their own decisions anyone processing their sensitive data must ensure they have the child's permission and not just that of the child's representative.
"Sensitive personal data" is defined in data protection legislation and includes information about someone's ethnic origin, religious beliefs, health, and more.
The Working Party has outlined the requirement in its guide (pdf) to children's data protection. It said data protection policies for children must be sensitive to the point at which a child is mature enough to make his or her own decisions, and must respect those.
The Register
Date: 2008-03-18 |
4.2 Million Credit Card Numbers Stolen From Supermarket Chain
PORTLAND, Maine — A security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.
The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique account numbers were exposed.
The company is aware of about 1,800 cases of fraud reported so far relating to the breach.
No personal data such as names, addresses or telephone numbers were divulged — just account numbers.
Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough.
Business biometrics raises ID theft risk
The commercial use of biometrics will become widespread in five years, but is not without security risks
The growing use of biometrics by businesses to identify individuals is insecure and in need of serious attention, according to one IT systems company.
Fujitsu Siemens said that biometrics are being used to identify individuals in the business world, which makes it possible to find out whether they are the true holder of the identity they are presenting.
The IT company said that this tracking and monitoring of people was likely to be a risk if security controls were not tightened up.
"From a security perspective, we have already seen that criminals can create a number of different personas for themselves and more methods of identification means more openings for them," said David Pritchard, senior technology analyst.
bioMETRX Incorporates OKI's Fingerprint Engine in its smartTOUCH Product Line
ERICHO, N.Y., March 18 /PRNewswire-FirstCall/ -- bioMETRX Inc. (OTC Bulletin Board: BMRX), and Oki Semiconductor Company, a division of Oki America Inc., which is a subsidiary of Oki Electric Industry Co, Ltd., jointly announced that they are working together on a new solution that will result in significantly lowering bioMETRX's overall build costs for
its expanding smartTOUCH finger-activated consumer product lines.
OKI recently announced that it has begun sampling its ML67Q5250 a "single-chip" solution enabling fingerprint authentication. "bioMETRX has been testing various technologies supplied to it by OKI Semiconductor, with
additional engineering assistance from OKI headquarters in Japan.
Schools embrace fingerprint scanning
The lunch lines in West Virginia’s Wood County schools move much faster than they used to. After students fill their trays with food, they approach a small machine, push their thumbs against a touch pad — and with that small movement, they’ve paid for their meal.
For half the state’s school districts, as well as hundreds more across the country, the days of dealing with lost lunch cards or forgotten identification numbers are over.
“A student cannot forget their finger,” said Beverly Blough, the director of food service in Wood County School District, which in 2003 became the first district in West Virginia to use finger scanners.
Stateline
Date: 2008-03-18 |
Rodrigues hears people’s woes, orders fresh biometric survey
Chandigarh, March 17 The UT Administration will conduct a fresh biometric survey of all the people who were not covered in the previous survey.
UT Administrator General SF Rodrigues (retd) directed Finance Secretary Sanjay Kumar to conduct the fresh survey, while responding to the grievances of people who approached the administrator in the hour-long public hearing at UT Secretariat today. Rodrigues issued the directions while hearing complaints regarding allotment of houses under the Rehabilitation Programme of Chandigarh Administration.
General Rodrigues emphasised that all the administrative departments and subordinate offices must set up grievances cell in their respective establishments to monitor the day-to-day complaints of the public. He added that the implementation of various decisions involving larger public interest must be given priority and followed up with periodical monitoring at different levels.
ExpressIndia
Date: 2008-03-18 |
Putting biometrics labs to the test
The National Institute of Standards and Technology (NIST) wants your thoughts on a plan to accredit labs that test biometric systems for facial, fingerprint and other ID systems. The Department of Homeland Security has requested such a National Voluntary Laboratory Accreditation Program .
For more info, contact Brad Moore, NIST/NVLAP program manager at (301) 975-5740 or at brad.moore@nist.gov.
NetWorkWorld
Date: 2008-03-18 |
Huachuca Biometrics Device Separates Friends from Foes
A new mobile device is enabling US soldiers in Iraq to determine if individuals on the streets are civilians or insurgents, no matter what kind of clothing they wear or names they give. Developed at the Fort Huachuca Intelligence Center in Arizona, the gadget uses biometrics to find out if an individual is listed in a database of wanted persons. By using a combination of fingerprinting, eye scans and facial-recognition software, the device can determine if an individual´s biomarkers match with an individual in the database. The device then flashes either a green or red light, depending on whether the individual should be released or further investigated.
Physorg.com
Date: 2008-03-18 |
BMW INNOVATION DAY 2008
Munich. A critical element in the exceptional levels of comfort on board a premium vehicle is the degree of individualisation. Playing a leading role – alongside high-class looks and quality – in achieving this individualisation is the scope for personalisation of the ergonomic, control, seat and infotainment functions. Drivers of luxury models are already able to store these settings on their car key. Like a PIN number or password, a key can of course be passed on to other people. Biometric properties, on the other hand, cannot: physical features are unique. In order to find a way to guarantee independence from the key and thus also ensure protection of personal data, the BMW Group is conducting intensive research into the potential of video-based personal identification. This biometric authentication process builds on the existing concept of key personalisation, but identifies the driver unequivocally by distinguishing facial features.
Total Motorcycle
Date: 2008-03-18 |
Deutsch
Ekey rennt nun überall offene Türen ein
Linz. Ekey-Chef Leopold Gallner ist die Erleichterung ins Gesicht geschrieben. Jahrelang ist der ehemalige Bankdirektor den Türerzeugern mit seiner Finger-Scan-Erfindung nachgelaufen und auf einmal steht ihm die Branche weit offen. Bei der Welser Wohnbaumesse vorletzte Woche priesen gleich 13 Aussteller den elektronischen Türschlüssel als Schlager an.
"Die Biometrie-Lösung stößt als Zusatzausstattung mehr und mehr auf Käuferinteresse", meint Internorm-Geschäftsführer Silvio Spiess. Der Österreich-Marktführer geht davon aus, dass bald jede fünfte Tür mittels Ekey-System gesichert ist statt mit einem herkömmlichen Schloss. Hauptkonkurrent Actual bestätigt den Durchbruch.
Wirtschaftsblatt
Date: 2008-03-18 |
Francais
Photo : Les photographes envisagent de faire la grève des photos d’identité !
Le gouvernement envisage la mise en place de stations de prise de vue dans 2000 mairies pour l’établissement du futur passeport biométrique. Une décision qui entraînera la disparition de nombreux commerces photo de proximité.
Déjà touché par l’effondrement du marché du tirage photo argentique, les commerces photo de proximité voient le Ministère de l’Intérieur ressortir une nouvelle fois son projet d’installer dans de nombreuses mairies, plus de 2000 dès la première vague, des stations de prise de vue pour réaliser les photos destinées au nouveau passeport biométrique.
Graphiline
Date: 2008-03-18 |
Nederlands
Cio krijgt nog geen vaste voet in raad van bestuur
It wordt dan wel almaar meer beschouwd als strategische bedrijfsfunctie, voor meer dan de helft van de cio's (chief information officers) is de raad van bestuur nog onbekend terrein. Er is beterschap, maar vooral de cfo (chief financial officer) blijkt een moeilijk te omzeilen klip. Een en ander valt te concluderen uit een onderzoek van de Economist Intelligence Unit in opdracht van securitybedrijf McAfee. Economist Intelligence Unit bevroeg 185 senior executives in de EMEA-regio omtrent het belang van ict en de cio binnen het bedrijf.
Hoofdconclusie is dat cio's op het hoogste bestuurlijke niveau nog steeds buitenspel staan. Slechts 47 procent zegt de kans te krijgen it-kwesties in vergaderingen van de raad van bestuur aan de orde te stellen, terwijl in bijna de helft (45%) van de onderzochte organisaties nog altijd de ceo de beslissingen neemt over it-zaken. In 20 procent procent van de gevallen wordt de it-afdeling op het hoogste niveau vertegenwoordigd door de cfo.
Gemengde gevoelens sponsors Living Tomorrow
Gisteren berichtte Emerce dat paviljoen Living Tomorrow geen vervolg krijgt. Een scala aan grote sponsors van dit 'huis van de toekomst' wil niet voor nog eens vijf jaar tekenen. Waarom niet?De woordvoerder van Unilever op vragen van onze kant: "We hebben er destijds ongeveer twee miljoen euro in geïnvesteerd voor een periode van vijf jaar. Doelstelling was een uitwisseling van kennis, ervaringen via een interessant innovatieplatform."
In hoeverre dat is geslaagd kan Unilever niet direct aangeven. Maar opnieuw meedoen is niet aan de orde: "Die vijf jaar zijn nu voorbij en voor een nieuwe ronde doen wij niet mee, onze prioriteiten op dat gebied liggen inmiddels elders."
Philips Nederland benaderden we vanaf vrijdagmorgen via verschillende ingangen voor commentaar. En steeds weer kregen we nieuwe verwijzingen naar andere personen die er verantwoordelijk zouden zijn voor Living Tomorrow. Misschien zegt dat genoeg. Gisteravond nog wist Philips te bevestigen dat ze een brief had ontvangen dat Living Tomorrow niet doorgaat.
Teleurstelling voor HP
HP in Utrecht, dat zowel haar divisies voor consumenten (pc's, printers etc.) als zakelijke divisies (servers, diensten) liet participeren in het project, neemt geen blad voor de mond. Eerst de woordvoerder over de doelstellingen: "Wij stapten in Living Tomorrow vooral om onze klanten deelgenoot te maken van een 'experience'. De nieuwe wereld van innovatie zoals wij die met onze producten en diensten voor ons zagen werd uitstekend vertolkt in Living Tomorrow. We konden er actief aan bijdragen met de inrichting."
Maar in de uitwerking ging dat niet helemaal goed......
|
|
Advertisements
|
|
|
