How safe is your biometric data in Vista

Cantab.

Hi all,

Anyone know how safe your biometric data is in Vista. I'm always suspicious of those programs that seem to constantly churn my hard disk. I've trained the voice recogniser and I have my fingerprint stored -- can Microsoft/the US government access my data? Or is it already too late. I imagine my facebook pics are stored on some CIA database somewhere too. Or am I just being paranoid?

jd83

yh and you also should wear a tin foil hat!
All joking aside you dont have to put this information on your computer or the net. Especially the social networking sites people put up all there information and anyone can read it ie future employers. As for your fingerprint i dont isnt that usually stored by the software such as softex and not windows

CptSternn

Cantab -

First, if the government wants your fingerprint or voice print, they will get it off your checks/bank deposits or mobile phone calls.

Second, if the government wants to access your PC, it will. It doesn't matter what OS you have or the encryption/security you use - if someone wants it, they will get it and you will never know.

So don't be paranoid. Yes, you are being watched and they can come in whenever they want, but on a good note - it's been that way for years, you just haven't known about it (or thought about it) until now.

CelloPoint

CptSternn wrote: »

Cantab -

First, if the government wants your fingerprint or voice print, they will get it off your checks/bank deposits or mobile phone calls.

Second, if the government wants to access your PC, it will. It doesn't matter what OS you have or the encryption/security you use - if someone wants it, they will get it and you will never know.

So don't be paranoid. Yes, you are being watched and they can come in whenever they want, but on a good note - it's been that way for years, you just haven't known about it (or thought about it) until now.

I'm doing a lot of voice recognition these days and a cursory glance at the literature shows most of the hard development work done over the last couple of decades has been stimulated by various US government programs. I've no doubt there are data centres in the US that are processing voice calls, converting them to text, storing the text, running semantic text analysis and building profiles. The demand for efficient and compact algorithms for recognising speech is huge -- highly accurate systems currently need multi-processors and lots of memory. This cost can be cut using custom hardware. I wouldn't at all be surprised if voice processing is also being done internally in large banks etc.

In the future, we may be able to record and store every single conversation for future reference. We effectively already do this for text-messaging and emails. Imagine the power one could wield having access to this knowledge?

Capt'n Midnight

Thumb prints (plural in case you loose a thumb) are handy because you can't loose the key and it's faster than typing instuff.

Bottom line.

a - Biometrics aren't as unique as you would like simply because they are analog and have to still work with small changes in the environment and the person.

b - You can change password and certificates, the average person can't change their bio-metrics.

c - at least one person has had their thumb cut off. wasn't for a computer it was for a big german car.

probe

Capt'n Midnight wrote: »

Thumb prints (plural in case you loose a thumb) are handy because you can't loose the key and it's faster than typing instuff.

Bottom line.

a - Biometrics aren't as unique as you would like simply because they are analog and have to still work with small changes in the environment and the person.

b - You can change password and certificates, the average person can't change their bio-metrics.

c - at least one person has had their thumb cut off. wasn't for a computer it was for a big german car.

Not a problem really if your biometric ID data is stolen from some laptop or DVDs "lost in the post"…..

1) Eye transplants to get new retinas
2) Ten new fingers attached to your hand
3) Plastic surgery to give you a new facial appearance

Unless they have got your DNA as well. It would be mighty tough to do a reformat and reinstall of that :-)

Never part with your biometric data. They have no excuse to take it from you unless you seriously break the law. And never travel to Great Britain or Northern Ireland – the country has no constitution and they can forcibly steal you biometric data for any reason (eg a minor traffic offence – parking on a double yellow line for 5 seconds). And of course the USA will steal your biometric data if you ever venture into their country.

.probe

Capt'n Midnight

probe wrote: »

Unless they have got your DNA as well. It would be mighty tough to do a reformat and reinstall of that :-)

you could try with some retroviruses

And never travel to Great Britain or Northern Ireland – the country has no constitution

The UK have a constitution, it's three words long.
Parliament is God
they don't even need to fudge the issue like in the US, any law can be passed once you have a majority.

CptSternn

Capt'n Midnight wrote: »

The UK have a constitution, it's three words long.
Parliament is God
they don't even need to fudge the issue like in the US, any law can be passed once you have a majority.

Don't get me started on this topic.

You know the 'official' government type of the uk is listed as 'constitutional monarchy', even though they don't have, and have never had, a constitution of any sort.

Isn't 'constitutional monarchy' a oxymoron? Like (american) 'military intelligence'?

Capt'n Midnight

They don't really have a monarchy either , the Windsors are one vote from the dole queue.

/my bad I forgot that the House of Lords gave up it's right to veto stuff.
So the updated UK constitiution should read
"The House of Commons is God" well at least until the PM follows the US example where the president has done stuff like declaring wars illegally without consulting congress.

In the UK they have like 300% more security cameras than the rest of the world put together with mobile phone tracking data , and you won't ever convince me that GCHQ don't have someone inside microsoft and other large software companies.

Cantab.

Capt'n Midnight wrote: »

They don't really have a monarchy either , the Windsors are one vote from the dole queue.

/my bad I forgot that the House of Lords gave up it's right to veto stuff.
So the updated UK constitiution should read
"The House of Commons is God" well at least until the PM follows the US example where the president has done stuff like declaring wars illegally without consulting congress.

In the UK they have like 300% more security cameras than the rest of the world put together with mobile phone tracking data , and you won't ever convince me that GCHQ don't have someone inside microsoft and other large software companies.

I'm not surprised the German government is changing over to Linux. If there's a problem, they can find out exactly what their code is doing instead of having to rely on some Microsoft employee to "look into the problem".

In hindsight, I'm sorry I ever scanned my print, trained my voice recogniser and set up a facebook account!

probe

Capt'n Midnight wrote: »

you could try with some retroviruses

The UK have a constitution, it's three words long.
Parliament is God
they don't even need to fudge the issue like in the US, any law can be passed once you have a majority.

Five words actually! "Dipso, Fatso, Bingo, Asbo, and Tesco"

.probe

probe

Today’s International Herald Tribune has an item on some Bruxelles proposals for all non-EU citizens to apply for an electronic Visa on the web before entering the EU. The proposal includes the collection of biometric information from non-EUs as they enter Euroland-27.

While one’s initial reaction might be it won’t impact me, being an EU state passport holder, people entering/leaving the rest of the EU from/to Ireland are treated as non-EU and have to go through passport controls – which can take ages. Making travel to/from Ireland more painful and time wasting than it need be. This situation will continue while Ian Paisley & Co succeed in keeping the Island of Ireland outside of the Schengen zone of passport-free travel. Ireland has given-in left, right and centre to Northern Ireland interests, and their problems have cost the State dearly over the past 30 years or so. It is time Northern Ireland reciprocated with something in return.

One can easily envisage a situation where one is in a line of people at some airport passport control station waiting to enter the real EU from Ireland, and several people in front of one, travelling with non-EU IDs either haven’t taken the trouble to apply for a webvisa for their trip or have to get their fingerprints or retina scans taken. It will take ages to process them.

I was at Munich airport recently, and waited half an hour in front of ten Russian passport holders (in the “EU citizens line”!), while each of them had their criminal records checked in painful detail in the BKA and Schengen computer systems. I nearly missed my flight – despite the fact that I was well within my check-in deadlines, and only took 1 second to proceed through passport control myself when my turn came.

If I had been travelling to/from Nice (rather than Ireland) or even to Norway or Iceland (who are not EU members) there would have been no passport checks at all. If you have checked-in online for a flight for travel within the Schengen area, you can arrive at an airport and walk straight to the departure gate. Switzerland is not in the EU, but will have passport free travel within the Schengen area very soon.

High time Northern Ireland woke up and smelt the coffee and allowed the island of Ireland to join the Schengen area. They will have to show ID on flights to/from GB whether they are within or outside of the Schengen area based on current British plans anyway. Being in Schengen would help eliminate most illegal immigration into IRL because most of it goes via Northern Ireland. It is easy to pick out illegal immigration at Irish airports even without passport controls.

Ireland would be an ideal air hub for transatlantic travel to/from Europe if it was in the Schengen zone, with pre-clearance on westbound flights, and totally free movement without controls within the rest of the EU, once you have gone through an Irish airport.

.probe

http://www.iht.com/articles/2008/01/25/europe/union.php

Black Swan

Biometric is not Vista, but rather an app that comes with some rigs. If you only use it for logging on to your computer and not as a substitute for normally keyed in passwords to online accounts, doubt that it would be captured by most hacker/cracker snoops. Why would they go to all the trouble to target you with the level of sophistication needed to capture your biometric (e.g., fingerprint)? There are way too many easy targets that do not require the work or cost it would take, many with poorly configured firewalls and open ports, so why should they bother with biometric you?

Biometric logon onto your computer is grand for Internet hotspot coffeehouses where there are more shoulder surfer's than you would imagine.

Now, if your real name is Diana and your double died in the car crash (and not you), then there may be an interest to crack your biometric.

Or if you are doing something naughty and are worried about law enforcement or government intrusion, be advised that most security software firms give them access without all the trouble of using their sophisticated government cyber-muscle to crack security programmes (as reported in Wired magazine awhile back).

probe

Cantab. wrote: »

I'm not surprised the German government is changing over to Linux.

The Irish government could save a fortune by using Linux - some of the time. Eg in schools old PCs that are on their last legs with windows. These machines could be instantly recycled into fast machines with a hard disk reformat and a Linux install. People who have only used Windows remain essentially computer illiterate for their entire lives.

Ireland's involvement with the software industry will remain as it is (essentially the role of a middleman) while children are forced to grow up in a Windows only environment.

.probe

Capt'n Midnight

One problem with biometrics is that if you computer is compromised it might be possible for the hacker to export the locally stored hash. Not much use since they would still have to crack it.

But if you had a bot net of 100,000 PC's you now have 100,000 's of passwords to test for and so much better chance of a collision, even better still if any of the hashes match you can grab other local data. Biometics are for life so 40 or 50 year old hashes would still be worth trying to crack. And that's the big worry.

If there are collisions then there could be a new market where by you could sell off biometrics to people who match.

Capt'n Midnight

probe wrote: »

The Irish government could save a fortune by using Linux - some of the time.
...
Ireland's involvement with the software industry will remain as it is (essentially the role of a middleman) while children are forced to grow up in a Windows only environment.

Don't get me started on all the ECDL literature being based Microsoft office.

And university courses that need microsoft software for tasks where similar free products exist.

To connect to a microsoft terminal server you need a linux live CD and one command
rdesktop servername
Only problem is that Microsoft Licensing require that each client needs a client license (fair enough) AND a license for the software they are going to run on the terminal server.

CptSternn

Is this a biometric security thread or is it being hijacked and turned into another 'lets bash microsoft' thread?


The bottom line is companies choose microsoft instead of any free/open source solutions because of accountability. If a security flaw or bug causes the network to crash and in turn then costs the company a hefty sum due to down time and repair, who do you recoupe costs from if your running 'free' software? Who do you look to in the future to keep it from happening again? The simple answer is, there is no accountability, and your at the mercy of whoever is currently working for you modifying your code - and once they leave the next guy has a huge learning curve, not to mention no accountability for past work.

Companies and other organisation like things like insurance, accountability, and of course software that has 24/7 support and will pay for any issues that may arise on their watch.

Cantab.

probe wrote: »

The Irish government could save a fortune by using Linux - some of the time. Eg in schools old PCs that are on their last legs with windows. These machines could be instantly recycled into fast machines with a hard disk reformat and a Linux install. People who have only used Windows remain essentially computer illiterate for their entire lives.

Ireland's involvement with the software industry will remain as it is (essentially the role of a middleman) while children are forced to grow up in a Windows only environment.

.probe

I doubt Microsoft Ireland would be very happy. They'd probably move to Lithuania or somewhere.

Also, I doubt Dell Ireland would be very happy if computers weren't constantly being replaced to handle the latest MS software.

Some people were talking about accountability -- well, there are lots of open-source projects now offering support for a reasonable charge.

probe

Cantab. wrote: »

I doubt Microsoft Ireland would be very happy. They'd probably move to Lithuania or somewhere.

1) probe said "some of the time" in terms of government use of Linux etc. In the unlikely event that MS shut their Irish operations because the Irish government was seeking to get the best value for public money, it would reflect badly on them (MS). The other side of the coin also applies - if the Irish government is slavishly buying MS product all of the time, it might be accused of not getting best VFM for the public.

2) If MS want to move to Lithuania as a result, so be it. Ireland is too dependent on MNCs, who cause salary levels generally in the economy to be inflated. This makes it more expensive / difficult to recruit bright people for business start-ups.

You need a balance in everything - and the pendulum in Ireland has swung too far in the direction of the MNC end.

3) Moving the thread back to security, with open source software we can review the code and satisfy ourselves in relation to what it is doing with our data. MS software on the other hand is a black box..... a black box that has been known to call home....

.probe

Capt'n Midnight

Cantab. wrote: »

Also, I doubt Dell Ireland would be very happy if computers weren't constantly being replaced to handle the latest MS software.

they won't have to worry until home users have changed their desktop 's to laptops. Corporates will change PC's based on age anyway

Some people were talking about accountability -- well, there are lots of open-source projects now offering support for a reasonable charge.

accountability ?
Microsoft at best will refund you your purchase price / $5 , if you have OEM they give no support. If you have server products you have to pay for support. At the other end of the scale I've not heard good stories about SAP support unless you are a big enough customer to affect their balance sheet. Doesn't the buck stop with the developers / integrators rather than the SW they buy off the shelf ??


Vista has had patches to stop a remote exploit owning your computer. Linux and BSD need patches like this too. But windows apps seemed to just love to store stuff in the registry and temp files, old versions of backup exec used to do this with the service account password :rolleyes: even if vista is more secure your old apps may need more rights and undermine your security too.

CptSternn

Capt'n Midnight wrote: »

accountability ?
Microsoft at best will refund you your purchase price / $5 , if you have OEM they give no support. If you have server products you have to pay for support. At the other end of the scale I've not heard good stories about SAP support unless you are a big enough customer to affect their balance sheet. Doesn't the buck stop with the developers / integrators rather than the SW they buy off the shelf ??

Having worked in the industry for over 15 years, and spent many hours on the phone to MS, I can personally attest thats not true. Yes, you do pay for support, but one fee for a whole company, which includes all the phone support you need for the year. That combined with a nice support contract that comes with the Dell servers is all an IT department needs. Dell will even dispatch new hardware to replace damaged or malfunctioning hardware within hours, or in some cases send out their own techs to do the work.

I sat on the board of directors for a Fortune 500 company in America for some time and know the cost analysis of these things - MS offers the best bang for the buck out there. They also will take responsibility for server errors, if it is found to be a problem on their end, and they will 'make it right'.

I do agree with you on SAP though. I am no fan of SAP. We had it at a while in one of the warehouses that was part of another company which was bought out by our company back in the 90's. Pure pain in the hole. SAP is very customisable, and like the *nix server software, you can do much more with it. That being said the same problems existed with it - once the guy who made/set it up/modified it left the company (which happened before we bought the company) he took with him all the pertinent knowledge. We spent weeks interviewing other SAP specialists, and the top candidates were shown the system, and all had the same response - it would take a couple of months to sort out the system and see whats where.

In the end we replaced the system with an MS solution on a SQL back-end and had it up in running in a week.

Also, a side note, if you run a small company and want to get quality MS support for next to nothing, join the MSDN. MSDN is only like a couple hundred dollars a year (it used to be $249 a year), and you get 10 support calls included for free which you can then use in a bind. Plus, you get all the new beta software to play with, even stuff that never makes it out of development, and server licenses for your development team who then can setup servers to bang around on and you don't have to pay for full server licensing for your testing servers.