Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The Hidden Dangers Of 'Bring Your Own Body'
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
8/31/2016 | 2:39:10 PM
Think about the OPM breach is far more worse for individuals
I agree, we have only one body but can have many passwords.  I reminds me of the OPM breach in which sensistive data about former gov't employees and their family was stolen, information that you cannot erase and replace, information that can identity an individual solely.  But yet still information, not a finger, a pupil, a heart...i am staying away for biometrics until we have a better answer on how to keep that data safe...i am sure it will be a while.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/30/2016 | 9:43:53 PM
Re: what will happen after a breach?
@Whoopty: The methodology might be the trick to it, but these types of biometrics -- fingerprints, heart rhythms, etc. -- are pretty replicable.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/30/2016 | 9:40:24 PM
Re: what will happen after a breach?
"The aftermath of that data breach cost me an arm and a leg!"
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/30/2016 | 9:39:40 PM
Re: Security
Multiple InfoSec experts I know put it this way: You have ten fingers and ten toes -- and that's it.  But the number of possible passwords you can have is nearly infinite.

Besides: biometrics aren't generally protected under the 4th Amendment, whereas passwords (sometimes) are.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
8/30/2016 | 7:28:23 AM
Re: what will happen after a breach?
Try a heart transplant! Biometric data can use internal metrics like your own unique heart rhythm, so I don't think plastic surgery would cut it. 
hykerfred
50%
50%
hykerfred,
User Rank: Apprentice
8/29/2016 | 10:13:16 AM
what will happen after a breach?
What will happen when your biometrical data has been breached? Will you be fired or forced to take a long vacation since you are the vulnerability? Or will the company just provide you with some plastic surgery? :)
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
8/29/2016 | 6:58:53 AM
Security
I definitely want real safeguards in place before I hand over any biometric data to any companies. As you point out, while biometric data is more unique than passwords and other forms of security, it's still only as useful as the security in place protecting that data.

I'm also concerned that the NSA and other intelligence agencies would love to get their hands on that sort of data. I'd want guarantees that it would only be sent over in the case of a warranted, criminal investigation, not just scooped up randomly when I use it for a login.


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21197
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.