!!HOT!! Deal if you use Windows XP - USB Biometric Device $55 each with Software!!!

TheDon · Dec 14, 2001

<< Addendum to previous post: I've got a bad feeling that the fingerprint scanner just sends out a picture of your fingerprint over the USB wire, with the actual recognition done by Digital Persona's software, making software development probably impossible without their SDK. Bummer. >>

Your entire fingerprint is not actually stored, (that could be a bad thing!), only key areas.

MISMan · Dec 14, 2001

If I understand correctly, only a mathematical representation of your fingerprint (angles, lines, trajectories, etc..) is stores, not any actual picture of a finger or a print. I could be wrong though.

NauTiKa128 · Dec 14, 2001

Guys I don't kno if you notice this.. But lets say I'm signed-in to my* account for windows and I happen to leave my desk for a few minutes.. Someone can run the "Finger Registration Wizard" and register his finger as one of mines! (And I may never find out that someone else's finger is in my profile.) And there's 1 more bad thing about this.. After registering his* finger, he can den open my* U.are.U menu w/ it!! Which means he's going to see wut all my stored web passwords are!! (under "profiles" in "replace passwords")

So den I called Digital Persona up & told 'em about this. The guy tried to make it sound like this is not a problem.. that the password protected screen saver will kick in if you're away from the desk.. But wut if I don't* want the screen saver to kick in so early or at all! Or wut if I don't wanna log-off everytime I take a break?? So I asked him to pass this info to the "important" ppl & hopefully they'll change it in the future.. He told me there's no way to block 'em.. (well except for the screen saver crap..)

But I think I found a way... (tell me if this'll be secure guys)
Go into C:\Program Files\DigitalPersona\Bin, find the file "DPConsol.exe", right-click it and encrypt the file w/ ur finger. I tried that and it seems to work. The Finger Registration can't open anymore... (unless I decrypt it w/ my finger or the recovery password)

After I found out that I can do that i'm not so disappointed anymore..

MISMan · Dec 14, 2001

That is a barrier with ALL the technologies. Only proximity cards address that, and they are way too expensive.

On the encrypt, that is an ingenuous way to accomplish it. Great thinking. Should work fine as long as no one else needs to use the app.

Peter

DjmCam · Dec 17, 2001

I just received mine today and am pleasantly suprised.

Accuracy is great and I found some cool trek sound clips that are the computer saying approved / denied / shutdown sequence etc. I though it would be cool that right after I put my finger on the thing it would say Authorization Approved =) I'm a true geek at heart.

Quality seems good. The only drawback that I've found so far is that when making it "memorize" passwords for logging into stuff online it doesn't have an option for a checkbox (for example the "stay logged in") one here on AT & FW. If it had that, then I'd probably use it all the time.

I feel like a complete geek now, but it's all good =)

Slacker · Dec 17, 2001

Wait, this is a secure identification program and you dont need a password to open the configuration utility? lame, after setting up the "administrator" I.D. it should require a finger to change anything! they should definitely address that in the next revision.

kermalou · Dec 17, 2001

can i rig this into a sort of time clock for my employees, when they walk in the door, they just fingerprint in and when they leave they fingerprint out instead of using a time card?

Luden · Dec 17, 2001

cool, just ordered one for my bro. he was having problems with people getting on his computer and calling pr0n sites.

TheDon · Dec 17, 2001

<< Guys I don't kno if you notice this.. But lets say I'm signed-in to my* account for windows and I happen to leave my desk for a few minutes.. Someone can run the "Finger Registration Wizard" and register his finger as one of mines! (And I may never find out that someone else's finger is in my profile.) And there's 1 more bad thing about this.. After registering his* finger, he can den open my* U.are.U menu w/ it!! Which means he's going to see wut all my stored web passwords are!! (under "profiles" in "replace passwords")

So den I called Digital Persona up & told 'em about this. The guy tried to make it sound like this is not a problem.. that the password protected screen saver will kick in if you're away from the desk.. But wut if I don't* want the screen saver to kick in so early or at all! Or wut if I don't wanna log-off everytime I take a break?? So I asked him to pass this info to the "important" ppl & hopefully they'll change it in the future.. He told me there's no way to block 'em.. (well except for the screen saver crap..)

But I think I found a way... (tell me if this'll be secure guys)
Go into C:\Program Files\DigitalPersona\Bin, find the file "DPConsol.exe", right-click it and encrypt the file w/ ur finger. I tried that and it seems to work. The Finger Registration can't open anymore... (unless I decrypt it w/ my finger or the recovery password)

After I found out that I can do that i'm not so disappointed anymore.. >>

I told you the tech support sucked. Don't count on any updates to the software either. I had made a few such obvious suggestions, and they told me they were not modifying the (old) software in any way. I don't think it changed since the original release. Anyway, the was a creative solution to an obvious problem...good job!

TheDon · Dec 17, 2001

Would someone be so kind as to send me a copy of the driver disc? I?ll reimburse the shipping costs. If it?s not too large, perhaps someone could put it on FTP.

Thanks!

don_guerito@hotmail.com

Chipset · Dec 17, 2001

What type of encryption is used? If it's something that the 14 year old hacker down the street can break then there is really no point to it.

unsped · Dec 18, 2001

I just put xp on so I could use this, and I left my driver cd in a computer in my dorm room doh!. and I wont be back until jan. could someone send the files to me? im on aim almost 24/7 and have cable so it shouldn't take to long. ill even fire some paypal your way if you want it.

aim: unsped42

thanks a ton

luv2chill · Dec 18, 2001

Hi,

Can any of you who received these check something for me please? Go to Control Panel ---> User Accounts ---> "Change the way users log on or off" and de-select the checkboxes for "Use the Welcome Screen" and "Use Fast User Switching". Then try to log off and log in again. Does the fingerprint software still ask for your finger to login or is it now bypassed? Anyway, you can turn those options back on by going back in and checking them again.

Anyone who can help me out testing this I'd really appreciate it!

y00ycdz · Dec 19, 2001

luv2chil: It doesn't seem to work, When we did it and tried to use the finger login, it just came up with the error "Fast User Switching is disabled. To use finger login enable it" (something like that, not exact words)

So I guess that doesn't work....

-y00yCDz

BSRdr · Dec 19, 2001

I also have one of the original models, but no XP drivers, I would really be interested in a copy of the drivers too if someone has them posted up anywhere or can email them. An iso of the driver cd anything like that.

Thanks

johto · Dec 19, 2001

about the whole ip issue, its obvious that they're legit now.

fyi, some of you are all to quick to copy a domiain whois, but that doesn't really help.

use ARIN whois, the american registry for internet numbers. you can look up who owns a block of ips.

MPInet (NETBLK-MPRD-MPINET)
1101 N. Keller Rd, Suite E
Orlando, FL 32810
US

Netname: MPRD-MPINET
Netblock: 216.53.128.0 - 216.53.255.255
Maintainer: MPRD

In this case it doesn't help us too much. We see that that subnet is owned by the same provider, especially since the two ips were on the same subnet, along with a tracert and some other tools, we can see that it was legit.

nekote · Dec 19, 2001

NauTiKa128,

Gold Star - cool work around solution to prevent additional fingerprint registrations (encrypting the DPConsol.exe file in C:\Program Files\DigitalPersona\Bin)!

Relayer · Dec 19, 2001

FYI: I bought and received one from that site without any problems.

MISMan · Dec 19, 2001

If someone has an FTP site, I will GLADLY put the drivers out for you. Looks like the licensing is not exclusive! It allows for distribution according to the EULA.

MISMan · Dec 19, 2001

Guys,

I did some checking, and the fingerprint is registered into your profile subset of the registry. Since other users can not get into your profiles registry, having them get access to the software is irrelevant. It will only allow them to get to their stuff, and likewise you can not get to their stuff. It allows you to register as many users as you have on a CPU.

Peter

TheDon · Dec 19, 2001

<< If someone has an FTP site, I will GLADLY put the drivers out for you. Looks like the licensing is not exclusive! It allows for distribution according to the EULA. >>

Thanks MISMan! I need these to get mine going again!

wombat44 · Dec 20, 2001

Yep - anyone can waltz on in to the Finger Registration Wizard, and register their finger to get full access to all your sites, and your passwords from your Profile list - but only if you don't have a Windows password. If you have a Wndows password, the Wizard makes you verify your identity with a registered finger or Windows password, before it will let you register new fingers.

And no-one can remove your Windows password without knowing it. All the same, lack of a Windows password shouldn't stop the Wizard from requiring a previously registered finger as identity verification before letting you register another finger...

To this non-cracker's eyes, it seems pretty safe. All the same, I'd be a lot happier if the Profiles list didn't expand to show passwords in plain text. Seems to me, if you selected "Mask text" for a field, it should show up masked in the Profile list too.

Logloglog · Dec 20, 2001

To avoid the "get up and walkaway" problem, why not right click the systray icon and choose Lock Session? It will kick XP back to the User Screen that you then need to login to with password or fingerprint to get back to Windows. Obviously, they "should" write the drivers to allow fingerprint back from the password protected screen saver. Honestly though, how else would they write the software to sense that you just got up and took a coffee break rather than you just got a telephone call and stopped doing stuff on the computer for a few?

On a brighter note, thanks to the original poster for the deal

NauTiKa128 · Dec 20, 2001

<< Yep - anyone can waltz on in to the Finger Registration Wizard, and register their finger to get full access to all your sites, and your passwords from your Profile list - but only if you don't have a Windows password. If you have a Wndows password, the Wizard makes you verify your identity with a registered finger or Windows password, before it will let you register new fingers.

And no-one can remove your Windows password without knowing it. All the same, lack of a Windows password shouldn't stop the Wizard from requiring a previously registered finger as identity verification before letting you register another finger...

To this non-cracker's eyes, it seems pretty safe. All the same, I'd be a lot happier if the Profiles list didn't expand to show passwords in plain text. Seems to me, if you selected "Mask text" for a field, it should show up masked in the Profile list too. >>

I don't think the passwords will show up masked in the profile even if you select "mask text" when you're setting it up.

But you are rite about the ability for other ppl to open ur wizard only if you didn't specify a windows password. I kno because after my last post, I replaced my harddrive (damn thing was making weird noises) & I reinstalled everything.. I also setup multiple accounts instead of just having one account w/ no password. Now if i'm logged on and someone else try to register their finger as me, they will need either my finger or my password to do so.. So, I guess it's only a problem if no windows logon password is specified. But of course you can always encrypt the registration file (exe) if you don't want a password protected logon.. Other den that, this thing works pretty well.. very accurate.

wombat44 · Dec 20, 2001

I agree - it works great, and is incredibly convenient. So convenient, that I want to put all my passwords into it, and never type a password again. But that makes me awfully nervous; I'd love to see a technical discussion on the security of this thing. I tried a Google search, but the first 100 or so returns were press releases and reviews extolling the added security gained from finger print recognition and the URU. I couldn't find any serious discussion on its encryption alogorithms or possible vulnerabilities.

!!HOT!! Deal if you use Windows XP - USB Biometric Device $55 each with Software!!!

Senior member

Senior member

Senior member

Senior member

Senior member

Diamond Member

Diamond Member

Platinum Member

Senior member

Senior member

Member

Platinum Member

Diamond Member

Golden Member

Senior member

Senior member

Senior member

Diamond Member

Senior member

Senior member

Senior member

Member

Member

Senior member

Member