Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How The Math Of Biometric Authentication Adds Up
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 2
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/6/2014 | 4:09:11 PM
Re: thought provoking -- toe-factor authentication
that's quite good, @DavidB199. LOL
kuwacs
100%
0%
kuwacs,
User Rank: Apprentice
6/9/2014 | 3:44:38 PM
Re: No better than passwords
I see your point, Steve. If you have a line up of prints, it's not much different from typing in an order of characters. But, as the other commenter said, finger prints cannot be written down, or accidentally shared with someone. Also, phishing for a print isn't easy, because in order to use the value the phisher receives, they have to know the hash and salt of the program that they are trying to get into. Lifting and replaying prints is delicate work, from my understanding. And while it might seem easy to find and lift a print, imagine having to lift all ten, and then trying to figure out which ones to use, and what order to use them in, to get access. Passphrases can be typed, read, written down, guessed...etc. You can't do any of these with a fingerprint.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29071
PUBLISHED: 2020-11-25
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving se...
CVE-2020-29072
PUBLISHED: 2020-11-25
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.
CVE-2020-26241
PUBLISHED: 2020-11-25
Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) co...
CVE-2020-26242
PUBLISHED: 2020-11-25
Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.
CVE-2020-26240
PUBLISHED: 2020-11-25
Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on...