Perimeter security is only as good...
... as the guy who props the side door open.
Plans to use fingerprint scanners to control access to the House of Commons have been abandoned "over fears that terrorists could cut off an MP's finger to get inside," claims the Mail on Sunday, citing a recent episode of Spooks and "Commons security experts." The Register is however not entirely convinced that there were ever …
I thought decent finger scanners also made sure it was warm and pulsating. So the old 'cut it off and carry it around on ice for a bit' trick we all used to use doesn't work. Mind you, we are talking about MPs; I suspect some of them are hiding their identities as part of the zombie hoard. And then there are the 12-foot lizards.
As far as I am concerned, the more efficient way is still the gummy bear technique.
Stuffing one location with security is just a sure-fire way of making the terrorists attack you somewhere else where the security isn't so strong. But the symbolism of parliament is so much more valuable than knocking off a few ten-a-penny politicos.
I work in a fingerprint access controlled building, in light of previous exploits involving an asian fingerprint secured mercedes-benz car/owner and some thieves with a pen-knife - allegedly our system will only scan a warm finger with internally flowing blood but I haven't personally tested this yet!
Our system is about 90% reliable with a small database of users. The security pros meanwhile are working at walk-by 'off-air' fp capture at 6 metres, just ready for the 2009 introduction of all 10 fp's to the extended EU ePass.
need I remind ordinary non-terrorist ppl that 2008 looks like an extremely good year for renewing your passport, to avoid being an EU fp biometric beta-tester.
...fingerprint scanners don't work if the finger to scan from is dead.
Capacitive fingerprint scanners (i.e. the type found on laptops) work based on electrical difference. If there's no electrical difference (as would be the case if the finger was severed), the scanner won't work.
Practically-speaking, a person using a fingeprint scanner would (hopefully) use a random finger (rather than defaulting to the index finger) when registering, so one of these pesky terrorists would have to take *all* the fingers (perhaps in a purse of some kind) with him to make it work.
So there would be a man standing in the lobby of one of the most secure buildings in the country, fishing fingers (HAH!) out of his bag and trying them one by one while security looks on?
Typical Daily Mail slow-news-day bollocks.
I absolutely agree - MPs losing fingers is not really proper modern terrorist material. Retinal scans are a much better option - the terrorists would probably need to cut off the MP's entire head, a great improvement over fingerectomy (at least, for your average <insert political party> MP). Some of the terrorists already have some practice at it :-)
Now if we could just get the MEPs to do the same...
Basing security procedures on television again, are we?
These must be the same disgustingly inept muppets who saw Die Hard III and decided that liquid binary explosives actually exist, and were a real and present danger to air travel.
Seriously, how do these people get to run a country, and why do we do what they tell us?!
Mythbusters have managed to bypass laptop scanners and a top of the line door type scanner with a photocopy that was moistened by licking. Your finger provides the warmth and the licking makes it conduct just enough to fool the electric difference testing.
It's not rocket science at all to beat them - they are fundamentally rubbish and not good security at all.
So, it's possible that they have rejected a security measure because of some rare attack mode?
Isn't more likely that someone checked the research and discovered that only about 90% of the population have usable fingerprints? Thus about 60 MPs would have to use some secondary method.
Did anyone see the Mythbusters episode where they investigated Fingerprint scanning locks? IIRC the old severed finger trick was so far down the list of ways to crack these things that they didn't even get round to it.
They demonstrated how to get through them: First obtain the fingerprint. The two methods were the CSI stalwart of offering the "mark" a cup of water, then retrieving the fingerprinted cup from the bin. The other method was to go straight to the scanner, where your mark regularly leaves his print. Develop the print with your common or garden fingerprint kit.
On some locks it was possible to put a piece of blank paper over the scanner, and press a finger on it. The scanner would read the residual (enhanced) finger print and grant access.
For most of the locks, however, this didn't work. So they took a copy of the prints with the fingerprint kit, and the sticky plastic card. Scanned the card, Photoshopped it to enhance the lines, printed it out. Placed the printout on the lock scanner, put their own finger on the paper, for pressure / heat / a pulse. Every lock was opened using this method.
Severed fingers are Hollywood Security. It's just for dramatic purposes and character development. It has no place in the real world, or for real crimes. It's far too much hassle for the bad guys when there is a cleaner, easier and lower-sentence alternative.
It's ironic that the Thumbs Up and Thumbs Down icons both have 3 fingers. I'll go get Paris Hiltons Coat.
In the interests of accuracy, I can inform you that the glass screen, separating the strangers' gallery from our MPs, was installed during the 2004 Easter recess — a little over a month before the purple flour incident. Thrower Ron Davies sat in one of the two extension galleries where Lords' guests sit. Those seats remain ideal for small missile attacks.
Why do MPs think they are so much more important than the rest of us? The way to deal with this is to reduce security, after all the death of an MP or two is tragic at a personal level but nor that important for us as a country.
Once potential terrorists see that we regard MPs in this way they'll stop being serious targets.
Much cheaper too, but perhaps a few bruised egos!
I, for one, don't give a flying f*** if they only work with a live finger. By the time the guy who's chopped my finger off finds this out, it's a bit too late from my point of view. Ditto the "eyeball on a stick" approach to retinal scans, I'm damned sure that this doesn't work, but I don't trust anyone with an intelligence level that thinks "God is great" and BANG are suitably pithy last words to work this one out.
Incidently, the thing I found most amusing about the "Mythbusters" analysis was that the $20 USB fingerprint reader took some serious jiggery-pokery to fool, but the umpteen-thousand-dollar high-security biometric lock that they were building up to opened like a charm to the basic photocopied fingerprint.
IIRC they went as far as printing and etching a circuit board to provide relief, so they could make a latex print to stick on thier own fingers, thus not only getting into the secure area but leaving other peoples prints too...
( I suspect the clear thin print may even allow enough transmitted light for the pulse detector to work. )
Anyway even if the scanners did need a living (attached) finger, wouldn't it already be too late by the time Terry realised it didn't work... isn't that worse? you lost a finger for no reason at all...
"Incidently, the thing I found most amusing about the "Mythbusters" analysis was that the $20 USB fingerprint reader took some serious jiggery-pokery to fool, but the umpteen-thousand-dollar high-security biometric lock that they were building up to opened like a charm to the basic photocopied fingerprint."
Didn't this happen to Parker in Thunderbirds?
Interesting how they are willing to take downsides resulting from "increased security" into consideration when it affects *them*.
Pity they don't give a shit about the possible detrimental effects / abuse of such systems when it applies to the rest of us.
Clearly they're not fussed about kids being finger printed by their schools.
Re: binary explosives
They do exist, but not in any of the forms Airport security is searching for. Wikipedia lists Tannerite and ANFO. TATP is another (technically trinary, [acetone, peroxide, and sulfuric acid]) but they all have somethg in common: at least one of the individual ingredients would arose the suspicion of even the dimmest wand-waver.
Tannerite, one component is a white, crystalline powder. The other is a liquid that smells of bleach.
"Yes officer, that's just washing powder, and Toilet Duck. I'm one of those obsessive hygenists"
Have you EVER seen a customs official find powder and then NOT taste it? It's worth taking a small bag of washing powder with you just for the faces they make.
ANFO, fertilizer and fuel oil.
"It's for my business... I'm a...landscape gardener, so I need 40lbs of fertilizer and the fuel is for my ride on lawnmower. Certainly I'll follow you. Do I get a phone call?"
TATP, nail polish, a bag of indutrial hair bleach, and a cannister of battery acid.
"No, I was just going to do my nails, my hair and my....erm. No, the cuffs aren't too tight."
The only semi-reasonable argument given was the a deoderant canister could be used a flamethrower. But they can't confiscate matches or lighters, despite the No Smoking on planes.
So the airport confiscates your alcohol, perfume, deoderant. And then you can buy the EXACT SAME ITEMS at the Duty Free counter.
Meanwhile, customs guys get to take their [s]booty[/s] confiscated items home with them.
Why not have all MPs "work from home", where home is actually some kind of super-secure facility (no windows or doors).
This has the following benefits;
- Reduces the strain on the police - no more having to follow daft MPs around
- Reduces need for uber-security in a high-traffic building
- Keeps the MPs safe, I recommend burying their compound somewhere
- Introduces another IT angle for the Reg to report on
- It keeps the MPs out of trouble since their new home-from-home only has media-safe entertainment facilities
- The public knows where all the MPs are incase we need to do a quick bit of revolution-ing
Obviously, we would need some kind of Web 2.0 mobile flying MP-Bot for when they need to visit other places. I figure this MP-Bot would be customisable depending on current project; there's the baby-kissing interface, the finger wagger, the hand shaking attachment, machine gun etc.
Each person entitled to enter the HoC has one finger surgically removed (at an NHS hospital of their choice - thus ensuring the government's choice agenda).
Assuming this doesn't result in an unfortunate by-election caused by the government's choice agenda, a dirty mop and a particularly enthusiastic strain of C. difficile, they are now 'enrolled in the system'.
The finger will then be conveyed in a chauffer driven car (a hybrid naturally) to Westminster where in an ancient and deeply moving ceremony, it is preserved in formaldehyde (or pickling vinegar - whichever is the most cost-effective solution) and conveyed to a shelf next to the main gate.
Whenever an MP wants to turn up with a wheelbarrow to collect their expenses cheque, they will show their remaining nine fingers. The highly trained security staff will compare the fingers being waved in front of them, with the gherkin like collection on the shelf. If they are unsure, they will be able to don the 'Rubber Glove Intransigent' and try to match each preserved finger against the stump in question.
Any jihadi wanting to get into the Palace of Fools would not only have to sacrifice a finger of their own, but they'd have to make sure their finger size matched that of the MP they were impersonating.
If anyone wants to vote me a couple of billion for feasibility trials, please pop the sum (in used fivers) under a brick in the usual place.
This is all just ego massage, really. It does remind me of the time the country was basically waiting for the next attack. The citizens and taxpayers were threatened with pipe-bombs, anthrax, car bombs, hijackings and all sorts of nasties. How did the MPs respond? With the well-worn mantra "If we change anything, the terrorists have won!" - the assumption apparently being that all the terrorists wanted was for the infidels to have their cars periodically searched, and to be fractionally delayed when entering certain, key civic buildings.
Now contrast that with the reaction to some MPs suits being threatened with purple flour.......
No security is 100 percent. But there is no excuse for allowing workmen to leave doors propped open, scattering security cards like confetti to all-and-sundry and investing in pointless, flawed technology who's day is not yet hear rather then a good old pair of human eyes and lungs.
Useless, the lot. Now, a rectal scanner will keep the terrorists at bay! Idealogical grounds will stop them from sodomizing themselves to blow themselves up. (Can't get to heaven and get your virgins if you just stuck something where the sun don't shine.)
Posted anon to give me a 30 second head start from the black helicopters.
"Incidently, the thing I found most amusing about the 'Mythbusters' analysis was that the $20 USB fingerprint reader took some serious jiggery-pokery to fool, but the umpteen-thousand-dollar high-security biometric lock that they were building up to opened like a charm to the basic photocopied fingerprint." -- TeeCee
Yeah, but that $20 USB device most probably depended ultimately for its security on a closed-source, Windows-only driver. A Slax CD in the shirt pocket (or a USB drive on a keyring; there are some really tiny ones out there nowadays) most probably would have defeated it. (This method also works fine against the Sony rootkit.)
Go someplace where the targeted person has been. Dust the area for fingerprints, photograph them, and quickly clean up. Take the images to some secure location and at your leisure construct a complete set of prints, put them on a set of fake fingers. Voila, you can penetrate the security at any time in the future without the slightest warning.
Yes, you do need to know a little bit about how the fingerprint scanner is set up, but anything it checks for can also be faked. The basic idea of using a security token that is left all over every bottle of beer you drink sounds pretty stupid, if you ask me.
Not sure what this icon is supposed to represent, but I'm taking it to be the criminal is in the coat room stealing the fingerprints from some paper the target has in his coat pocket.
Not all scanners are the "Pad" type whereby the user presses their finger on it (and leaves a latent print). Here we use our own "homemade" scanners that uses a scanner IC from Atmel that you roll your finger across, and leave no print on the scanner at all.
Also to the person who suggested that scanners use "electrical difference", (whatever the hell that is) the galvanic potential of skin does not just disappear after the person dies or the finger is removed. In any event, it isn't nearly as unique as a fingerprint, and is very dependent on external conditions such as dirt on the skin, salinity, humidity etc.
Capacitive scanners refer to the means by which an image is acquired. Like capacitive vs. resistive touchscreens.
...and one for the rest of us.
So it's OK for the general public to submit to biometric scanners for ID cards, air travel, schools, etc for 'our nation's security', but as soon as the namby pampy MPs are faced with the risk of losing a finger for their country it's 'not good enough'.
Fucking hypocrites the lot of them!!
For the warm-blood pulsing scanners, you'd take the fingerprint off and stick it to your own finger.
As for eye scanners, what about the blind MP's?
No, the scanner route was discarded not for ineffectiveness or secondary dangers but because it would be a huge inconvenience to all MP's for a small possibility of aid.
'course when it comes to the plebians, that doesn't inconvenience the MP's at all...
hmmm.... biometric technology is getting more sophisticated... you have "multispectral" fingerprints now from guys like lumidgm
and also fingerPIN... www.fingerpin.net
which uses a sequence of fingerprints jobby to create a "changeable biometric"... hmmm... one for the masses... unless you forget your Sequence :)
@ Anonymous Coward
"according to stats gleaned from the largest 3 European-based insurers you have more chance dying from a meteor hit than as a result of any terrorist activity"
Of course you have. Its just that the threat of a meteor strike doesn't give the Westminster Muppets the excuse to turn the UK into the Orwellian state they so desire.
Great stat for quoting, but how do they come to it? On historical data there isn't much evidence of anyone whatsover being killed by meteorites and unless you're wearing a tinfoil hat, it's fairly clear some people have been killed by terrorists here and there.
Sure if we factor in an extinction-event level hit wiping out the lot of us, you could try and bias it out, but then what extreme terrorist events do you need to calc probablilities for.
...should be tattooed on every MPs forehead. This doesn't really help with identification but it would give members of the public more opprtunity to spot and avoid them. Then they should be microchipped like my cat. If microchips are inserted into each MPs arse, potential terrorists would have to root around some unpleasant (and usually large) real estate to find a microchip. You could have a PIN as well but they would only write it down somewhere obvious.
No, the first time Parker had an audience when he opened the safe, so he gave them a show. Value for money sort of thing, not much of that about now-a-days. The second time he needed to get the safe open quickly so he just opened it with no messing about.
I know, I am VERY sad. But Thunderbirds was a very good show.
... Or they could just go bang in the lobby?
I'm listening out for the black helicopters as we speak.
Rather than using a fingerprint, why not make every MP have a 2d barcode tattooed on the center of their forehead. Then you could spot and yell abuse at your local representative each time he/she walked past. I don't know about the security implications, but it would still be good.
Might I suggest - instead of another semi-functional, taxpayer-funded sop to our MPs' vanities - an alternative approach:
Why don't we remove all security from all government buildings? Better yet, why don't we augment this with giant, neon arrow signs inscribed with "Vulnerable Government Officials Here!"?
Now, Ken, Gordon, Dave, et al, how much do you really want to spend your lives spending my money and telling me what I can't do in my leisure time?
p.s. I will gladly contribute to the cost of the signs.
and as such they are only as strong as the database that holds them.
An OTP would be better but suffers from carrying around the hardware token, or the soft token on a mobile device. But if you use the GrIDsure technique, then you have no hardware cost, OTP and strong security. Just got to find out where I can get it.