One of the exploits involved a Gummi Bear, IIRC.
-sc From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure Secunia published a study about that last year, finding that it didn't matter if your reader was $25 or $500 - they were easily "broken". Smartcard plus PIN seems to be winning. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with some solutions for biometric AD authentication. Quick background: We are in the healthcare field and will be providing tablet PCs to some of our practitioners. We have been going around about how to provide authentication to these folks with minimal security compromises. The tablets will be running Windows 7 Pro (Dell Latitude XT2's at the moment) locked down pretty tight, but to avoid the 'sticky note' password keeper on a very portable device that will contain PHI, we are looking at requiring login with a fingerprint and pin. Any suggestions/recommendations from those that have been-there-done-that with Biometric AD auth would be greatly appreciated. Thanks, Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir informaci?n confidencial y/o informaci?n de salud protegida. La Ley Federal (HIPAA) establece que el destinatario est? obligado a mantener la informaci?n confidencial y sequra. HIPAA proh?be y castiga cualquier divulgaci?n a terceras personas sin autorizaci?n del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
