Yearly Archives: 2007

How not to do two-factor authentication

Here is a great article that analyzes a rather ridiculous attempt at providing two-factor authentication during online banking. Recent regulations in the US require institutions to do something beyond a simple username and password, but this implementation is laughable.

Banking So Advanced

I guess you’re just out of luck if you grew up on 9th, love pie, and just can’t get enough CSI (or, god forbid, ER). Your money will be so secure that you won’t even be able to figure out what answers you need to type in to access it. Sadly, Synergy One is one of many that subscribed to this preposterous online banking system. Several others have been suckered into Cavion® and its related products. And it just keeps spreading.

Experimenter influence in parapsychology research

Here is an interesting article on experimental bias during parapsychology research. The suggestion is that subtle remarks and prompts made by the experimenters could have influenced the responses made by the subjects while they tried to “receive” psychic information.

How experimenters influenced participants in the ganzfeld parapsychology experiment

An analysis of conversations that took place during ganzfeld parapsychology experiments has revealed researchers may have exerted an influence on their participants.

Ganzfeld experiments involve a ‘sender’ trying to project images from a video clip to a ‘receiver’ who is incubated, blindfolded, in a sound-proof room. The ‘receiver’ reports the images they believe they are receiving to a researcher who notes them down. Crucially, the next stage involves the researcher reviewing these images with the ‘receiver’, before the ‘receiver’ attempts to identify the video clip seen by the ‘sender’ from among three decoys.

Fingerprint scanners no dirtier than doorknobs

It was a study that had to be done, even though the results are kind of predictable. Some people remark, when asked to use biometric devices such as fingerprint scanners, that they are unsanitary and a health risk. The obvious question is “Are they more unsanitary than other things we touch every day, such as doorknobs?” This study tells us that the answer is “No”.

The dirty details of biometrics

If the fingerprint-smudged glass plates on biometric devices skeeve you out, Purdue University researchers have some good news for you: The devices aren’t any germier than typical doorknobs. Christine Blomeke, a researcher and doctoral student in Purdue’s Biometric Standards, Performance and Assurance Laboratory, says the lab performed a study on this issue in light of concerns by those involved in fingerprint and hand-geometry studies at the lab. The study involved testing for two kinds of bacteria, staphylococcus aureus and E.coli.

Canadian legislation on identity theft coming

Here are a collection of announcements concerning Canada’s plan for new legislation on identity theft. The legislation is important because it attempts to address not only the actual acts of fraudulent use of identities, but also the collection and trafficking of the information. The reaction of the Privacy Commissioner on further steps that are needed is also notable. This will be interesting legislation to watch.

Canadian government to introduce identity theft legislation

Solving the wrong security problems and avoiding sacred cows

Here is an interesting article by Spaf (Prof. Eugene Spafford) on the state of security research and development today. The argument is that we are spending too much time of building fixes, without addressing the root problems. In this case, the root problems include development techniques and languages, and inadequate operating systems. The analogy to sacred cows is interesting.

Solving some of the Wrong Problems

We know how to prevent many of our security problems — least privilege, separation of privilege, minimization, type-safe languages, and the like. We have over 40 years of experience and research about good practice in building trustworthy software, but we aren’t using much of it. Instead of building trustworthy systems (note — I’m not referring to making existing systems trustworthy, which I don’t think can succeed) we are spending our effort on intrusion detection to discover when our systems have been compromised.

No hugs at school

While raising three teenagers, I have been impressed by their interactions with peers when it comes to friendships and emotional support. The number of spontaneous hugs is a wonderful thing to see, and something that was very uncommon when I was a male teen in the 70s.

Well, it seems that schools don’t agree, and many of them are banning hugs between children, or other forms of physical interaction. Apparently, our local primary school where my kids went has now jumped on this bandwagon. Not only are we raising our children to be overly fearful and unadventurous, we are also teaching them that healthy hugs are not appropriate.

No Hugging – Featured on BuzzFeed

Using brain imaging to measure mental workload: Applications for virtual presence?

Image courtesy of
I have been doing some reading today on Functional Near-Infrared Spectroscopy (fNIRS). This is a technique for measuring brain activity that involves shining near-infrared light into the head (usually at the forehead) and measuring the light that emerges. The light paths are affected by the amount of blood flow in the brain, so fNIRS can be used to measure blood flow, and hence, brain activity (since flow patterns are related to activity). Traditionally, this has been during using Function Magnetic Resonance Imaging (fMRI), but fNIRS is cheaper and portable.

I have long been interested in virtual presence, which is the illusion of presence created by artificial devices such as immersive displays. One of the long-standing issues in this area is how you measure this illusion, and the most common methods have used unreliable self-reports. I wonder if fMRI would be useful for measuring the illusion of presence in virtual environments?

Technology Could Enable Computers To ‘Read The Minds’ Of Users

New evaluation techniques that monitor user experiences while working with computers are increasingly necessary,” said Robert Jacob, computer science professor and researcher. “One moment a user may be bored, and the next moment, the same user may be overwhelmed. Measuring mental workload, frustration and distraction is typically limited to qualitatively observing computer users or to administering surveys after completion of a task, potentially missing valuable insight into the users’ changing experiences.” Sergio Fantini, biomedical engineering professor, in conjunction with Jacob’s human-computer interaction (HCI) group, is studying functional near-infrared spectroscopy (fNIRS) technology that uses light to monitor brain blood flow as a proxy for workload stress a user may experience when performing an increasingly difficult task.

The erosion of privacy and boiled frogs

Here is an interesting article from The Economist on the growing use of surveillance and data tracking, and the blind acceptance by citizens in most countries. I like the analogy myth of the “boiled frog” attributed to Ross Anderson at the end of the article — if the water is heated gradually enough, the frog fails to notice the difference until it is too late.

Learning to live with Big Brother

Across the rich and not-so-rich world, electronic devices are already being used to keep tabs on ordinary citizens as never before. Closed-circuit television cameras (CCTV) with infra-red night vision peer down at citizens from street corners, and in banks, airports and shopping malls. Every time someone clicks on a web page, makes a phone call, uses a credit card, or checks in with a microchipped pass at work, that person leaves a data trail that can later be tracked. Every day, billions of bits of such personal data are stored, sifted, analysed, cross-referenced with other information and, in many cases, used to build up profiles to predict possible future behaviour. Sometimes this information is collected by governments; mostly it is gathered by companies, though in many cases they are obliged to make it available to law-enforcement agencies and other state bodies when asked.

How would fingerprints and photo ID cards improve safety at a homeless shelter?

I am left puzzled about this story about using ID cards and fingerprints to authenticate visitors at a homeless shelter. The motivation appears to be problems about personal safety while staying at the shelter. But I fail to see how having clients identified in this way would help deter any behavioral problems that occur. Just like the border identification schemes that are motivated to prevent terrorism, knowing who someone is does nothing for knowing their intent. On the other hand, such an identification scheme might do a lot to discourage people from using the shelters.

Homeless shelter considers ID cards and fingerprint scans

Fingerprint scans and ID cards may be required for clients wanting to enter Calgary’s largest homeless shelter.

The Calgary Drop-In Centre is pricing out new security measures that could include biometric technology, such as fingerprints, a spokeswoman said Thursday.

The centre wants to maintain a database of client identities, which
would enhance security operations and offer clients peace of mind.

Iris recognition at a distance being demonstrated

I recently attended the Biometrics Consortium conference in Baltimore where I learned about the lastest developments in biometric security systems. Three or four vendors were demonstrating iris-at-a-distance systems that have profound privacy implications.

For example, Sarnoff’s system is able to capture iris information as people pass through a door frame or look at a drive-through kiosk. The image capture and processing can be done without the person being aware, and iris recognition can be far more accurate and reliable than the face recognition systems that have been used in these situations.

We need to have serious discussions about the societal impacts of biometric systems, and this was the topic of my presentation at a NIST workshop on usability and biometrics.

Technorati Tags: , , , , , ,