Tag: Biometrics | Page 2

Hands off my biometrics, and a wormhole squirmish • Graham Cluley

May 12, 2022/in Computer Security

Smashing Security podcast #274: Hands off my biometrics, and a wormhole squirmish

Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

And don’t miss our featured interview with Artur Kane of GoodAccess.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Show notes:

Sponsor: Kolide

At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.

Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.

Try Kolide Free for 14 Days; no credit card required.

Sponsor: GoodAccess

GoodAccess – Free Business Cloud VPN for up to 100 Users.

Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.

Check it out now at smashingsecurity.com/goodaccess.

Sponsor: Rumble

Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.

It can even tell you which machines are missing endpoint protection, from your local network to the cloud.

Sign up for a free trial and build your asset inventory in minutes. Get your trial at www.rumble.run

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Found this article interesting? Follow Graham Cluley on Twitter to read more…

Source…

Exploring Biometrics and Trust at the Corporate Level

April 21, 2022/in Mobile Security

As the world continues to move essential functions to digital environments, companies need trustworthy methods for verifying who is behind the screen. Multifactor authentication (MFA) has become the standard for preventing cyberattacks, with the US National Cyber Security chief saying it could prevent 80% to 90% of attacks. MFA works by requiring multiple layers of authentication, such as one-time passwords (OTPs), physical hardware tokens, or soft tokens.

While these do a better job of securing access and data than traditional passwords, what are they really verifying? In the case of SMS-delivered OTPs, the system is verifying your access to a phone; with hardware tokens, it’s access to a physical card or device. But none of these require the actual person to confirm they are who they say they are. These methods rely on the assumption that the only person accessing these devices is their owner. Clearly, it’s a device, rather than a person, that is being verified. So what can organizations do to improve on traditional MFA methods and build trust with the people behind each digital interaction?

Some methods for MFA verification, including hardware tokens and SMS-based OTPs, have been widely adopted, but they present clear challenges for organizations. Phone-based options require access to a smartphone — not something everyone has and not something companies want out in all environments. Token-based systems are not much better; tokens can be lost, forgotten, or easily handed to another user. The clear solution is to have a biometric measurement that is entirely unique to the user as part of any MFA strategy. But not all biometric methods are created equal, and some still only establish trust at the device level.

Limitations of Device-Based Biometrics
Device-based biometrics, such as a fingerprint captured using the built-in sensor on a phone, PC, or dongle, are stored within the device that they are captured on. These systems offer a high level of convenience for the user, as well as strong security for personal use cases. However, device-based biometrics fall into the same trap as other MFA methods — it is still the device, and oftentimes an encrypted key, being verified, rather…

Source…

CBP Expands Facial Biometrics to Mobile, Alabama Cruise Ship Terminal

March 25, 2022/in Mobile Security

NEW ORLEANS, La. – U.S. Customs and Border Protection (CBP), in partnership with Carnival Cruise Line, expanded the use of facial biometrics into the debarkation process at the Port of Mobile, AL, becoming the latest seaport to modernize efforts to revolutionize cruise travel.

“As we prepare for the increase in cruise travel around our nation’s ports, CBP is working closely with the cruise industry to make travel safer and more efficient, while also supporting travel recovery efforts,” said Steven Stavinoha, Director, Field Operations for CBP’s Gulf Coast Field Office. “The biometric facial comparison process adds an extra layer of security and streamlines travel into the United States by replacing the manual inspection of travel documents with a secure, touchless process.”

When debarking the cruise vessel at a U.S. seaport, passengers will pause for a photo that will be compared to the traveler’s existing passport or visa photo in secure DHS systems to biometrically verify their identity. Upon an efficient match, passengers are allowed to proceed through inspections and exit the terminal. This innovative entry process further secures and enhances the customer experience while protecting the privacy of all travelers. The enhanced arrival process using facial biometrics verifies the traveler’s identity within two seconds and is more than 98% accurate.

U.S. travelers and select foreign nationals who are not required to provide biometrics and wish to opt out of the new biometric process can simply request a manual document check from a CBP Officer consistent with existing requirements for admission into the United States.

Already in use at major air and land ports of entry, facial biometrics in the cruise environment will strengthen CBP’s enforcement capabilities at several of the nation’s cruise ports while also enhancing the customer experience. Additionally, CBP and its cruise partners have expanded data sharing agreements to further strengthen security in cruise travel.