By Nathan Willis
November 7, 2012
Multi-factor authentication traditionally counts "knowledge" (e.g.,
passwords), "possession" (e.g., physical tokens), and "inherence"
(e.g., biometrics) as the three options available to choose from, but
Linux's pluggable authentication modules (PAM) support rarely delves
into the inherence realm. Most often, biometric authentication comes in the
form of fingerprint scanners, which can be found as a built-in feature
on plenty of laptops. The majority of new portables already ship with
built-in user-facing webcams, however, which opens the door to another
possibility: facial recognition. And there is a PAM module
capable of doing face-recognition authentication — although it
is far from robust.
About face
The module is called, fittingly, pam_face_authentication, and
the project is hosted at
Google Code. It was initially developed over the course of 2008-2009
through the Google Summer of Code (GSoC) program, subsequently slowed
down (as all too many GSoC projects do), but has seen a small uptick
in activity in 2012.
The module uses the OpenCV
computer vision library to detect human faces in
the webcam image, identify features, and match them against its
database of samples. The samples are stored on a per-user basis, and
the recognizer needs to be trained for each user account by
accumulating a collection of snapshots. There is a Qt-based training
tool included in the downloads. The tool itself is simple enough to use, but the
real trick is amassing a large and robust enough collection of samples
to begin with.
![[Qt-facetrainer]](/images/2012/11-qtface-sm.png)
The reason a sizable sample collection is vital is that all facial
recognition algorithms are sensitive to a number of environmental (for
lack of a better word) factors, including the size of the face in the
image captured, the tilt and orientation of the subject's head, and
the illumination. Given one particular laptop, the size of the image
is fairly predictable, but illumination is certainly not.
The pam_face_authentication algorithm works by detecting both
the subject's face and eyes in the camera image, then measuring the
distance between the eyes and their location in the oval of the face.
The measurements is used to scale the captured image in order to
compare it to the sample data. The actual comparison is based on a Haar
classifier, which extracts image features in a manner similar to
wavelet transformations. This technique is sensitive to lighting
changes because backlight and sidelight can skew the detection of the
face oval. OpenCV can overcome some illumination problems by
normalizing the captured image and by working in grayscale, but it is
not foolproof. Stray shadows can be mis-identified as one eye or the
other, and the method dictates that the subject not be wearing glasses
— which could be a practical inconvenience for many users. The
2009 GSoC project improved upon the original implementation, but it is
an area where there is plenty of room left to grow.
Ultimately, the only strategy available for improving the success rate
of the recognition process is to take a large number of sample
images, preferably in a range of lighting conditions. In blog
discussions about the module, several users mentioned taking a dozen
or more sample images to train the tool for their own face. The
OpenCV documentation notes that Haar classifiers are often trained on
"a few hundreds of sample views of a particular object."
That may sound daunting to all but the staunchly self-absorbed, but
practice makes perfect.
Deployment
Still, the pam_face_authentication module is usable today.
The team has published Kubuntu packages in a personal package archive
(PPA) in the past, although they are no longer up to date.
Installation
from source is straightforward, though, with the chief hurdle being
the lengthy list of OpenCV-related dependencies. Once built, the PAM
module itself needs a configuration file at
/usr/share/pam-configs/face_authentication; the project's
documentation suggests:
Name: face_authentication profile
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_face_authentication.so enableX
These settings will replace the password prompt in the system's
graphical greeter (e.g., GDM or KDM) with the module's webcam
viewport. The module must first be activated, though, with
pam-auth-update --package face_authentication
The
pam-auth-update command persists across reboots, but it
should take effect immediately, and one can simply log out to test it.
When the user selects his or her username, the module
immediately begins sampling the webcam image looking for a human
face. When it detects and verifies the face as corresponding to the
selected user account, it proceeds with the login. If one has not
adequately trained the face-recognition database, though, the module
will relay a series of helpful instructions ("Keep proper distance
with the camera.", "Align your face.", etc.). Luckily, if these stage
directions get tiring, the module will eventually fail over and revert
to password-entry for login.
Image is everything
When it works, facial recognition login is slick and simple (plus
nicely futuristic-feeling). In practice, though, this module leaves a
bit to be desired. First and foremost, the training process deserves
more attention. The interface allows the user to snap picture after
picture, but there is not much feedback about the information
extracted. The preview image shows the face oval and the eyes as
detected by the algorithm, but nothing else. A visualization of the
composite model built from the image collection would be constructive.
There is also a high-to-low sensitivity slider under the advanced
settings, but it, too, is light on detail. One can click on the "Test"
button to see whether or not the current live image in the webcam
passes recognition, but there is only a yes/no response. A numeric
score, or a visual representation of the match, would improve the
experience and potentially shorten the time required to amass a
suitable image sample collection.
Together with the drawbacks of the facial recognition algorithm,
all of these limitations keep pam_face_authentication from
being a viable password replacement for any genuinely
security-conscious user. As it is, the 2D facial-recognition
algorithm requires considerable training to eliminate false negatives,
while remaining susceptible to simple attacks (e.g., holding up a
photograph of the targeted user). There are other facial recognition
algorithms to be considered, including some that construct a 3D model
of the user's face. Android has its own face authentication
mechanism, introduced in the "Ice Cream Sandwich" release, which
attempts to thwart the photograph attack by trying to detect blinks in
the live image.
Then again, an entirely separate issue is that this
implementation is a single-factor authentication module. A more
useful tool would be a PAM module that integrates facial recognition
with other factors; perhaps motivated developers will find
pam_face_authentication a decent starting point.
Biometrics are an iffy authentication proposition on their own —
a bandage or a scar can lock a user out of a system inadvertently,
after all — but the Linux community would do well to push
forward on them and physical authentication tokens as well. For all the
security that bad password selection and sloppy password storage
provide, any dedicated research on alternative authentication schemes
is a welcome change.
Comments (1 posted)
Brief items
The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.
-- A free online Cryptography course from Stanford Professor
Dan Boneh
Actually from what I've seen on
the security front there seems to a distinct view that secure boot is
irrelevant because Windows 8 is so suspend/resume focussed that you might
as well just trojan the box until the next reboot as its likely to be a
couple of weeks [away].
--
Alan Cox
The job placement ad reveals that the law enforcement agency is currently
looking to recruit two people to work on telecommunications interception
at the source of the messages ("Quellen-TKÜ") at its head office in
Cologne; the position is to be filled as soon as possible. The role
principally involves "planning, operating and optimising a modern
telecommunications network" designed to eavesdrop on internet telephone
calls.
--
The
H looks at a German government job posting
Sophos claim their products are deployed throughout healthcare, government,
finance and even the military. The chaos a motivated attacker could cause
to these systems is a realistic global threat. For this reason, Sophos
products should only ever be considered for low-value non-critical systems
and never deployed on networks or environments where a complete compromise
by adversaries would be inconvenient,
--
Tavis Ormandy in CSO Online
Comments (none posted)
New vulnerabilities
drupal: multiple vulnerabilities
| Package(s): | drupal |
CVE #(s): | CVE-2012-1588
CVE-2012-1589
CVE-2012-1590
CVE-2012-1591
CVE-2012-2153
|
| Created: | November 2, 2012 |
Updated: | November 7, 2012 |
| Description: |
From the Mageia advisory:
Drupal core's text filtering system provides several features
including removing inappropriate HTML tags and automatically linking
content that appears to be a link. A pattern in Drupal's text
matching was found to be inefficient with certain specially crafted
strings. This vulnerability is mitigated by the fact that users must
have the ability to post content sent to the filter system such as a
role with the "post comments" or "Forum topic: Create new content"
permission (CVE-2012-1588).
Drupal core's Form API allows users to set a destination, but failed
to validate that the URL was internal to the site. This weakness
could be abused to redirect the login to a remote site with a
malicious script that harvests the login credentials and redirects to
the live site. This vulnerability is mitigated only by the end user's
ability to recognize a URL with malicious query parameters to avoid
the social engineering required to exploit the problem (CVE-2012-1589).
Drupal core's forum lists fail to check user access to nodes when
displaying them in the forum overview page. If an unpublished node was
the most recently updated in a forum then users who should not have
access to unpublished forum posts were still be able to see meta-data
about the forum post such as the post title (CVE-2012-1590).
Drupal core provides the ability to have private files, including
images, and Image Styles which create derivative images from an
original image that may differ, for example, in size or saturation.
Drupal core failed to properly terminate the page request for cached
image styles allowing users to access image derivatives for images
they should not be able to view. Furthermore, Drupal didn't set the
right headers to prevent image styles from being cached in the
browser (CVE-2012-1591).
Drupal core provides the ability to list nodes on a site at
admin/content. Drupal core failed to confirm a user viewing that page
had access to each node in the list. This vulnerability only concerns
sites running a contributed node access module and is mitigated by the
fact that users must have a role with the "Access the content overview
page" permission. Unpublished nodes were not displayed to users who
only had the "Access the content overview page" permission
(CVE-2012-2153).
From the Drupal advisory:
A bug in the installer code was identified that allows an attacker to
re-install Drupal using an external database server under certain
transient conditions. This could allow the attacker to execute
arbitrary PHP code on the original server.
For sites using the core OpenID module, an information disclosure
vulnerability was identified that allows an attacker to read files on
the local filesystem by attempting to log in to the site using a
malicious OpenID server (Drupal SA-CORE-2012-003).
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2012-4565
|
| Created: | November 6, 2012 |
Updated: | February 28, 2013 |
| Description: |
From the Red Hat bugzilla:
Reading TCP stats when using TCP Illinois congestion control algorithm can cause a divide by zero kernel oops.
An unprivileged local user could use this flaw to crash the system. |
| Alerts: |
|
Comments (none posted)
kernel: information leak
| Package(s): | kernel |
CVE #(s): | CVE-2012-4508
|
| Created: | November 6, 2012 |
Updated: | March 15, 2013 |
| Description: |
From the Red Hat bugzilla:
A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. |
| Alerts: |
|
Comments (none posted)
mcrypt: buffer overflow
| Package(s): | mcrypt |
CVE #(s): | CVE-2012-4527
|
| Created: | November 5, 2012 |
Updated: | November 8, 2012 |
| Description: |
From the openSUSE advisory:
Some potential mcrypt buffer overflows in the commandline
tool were fixed, which could lead to early aborts of
mcrypt. Due to FORTIFY_SOURCE catching such cases, it would
have only aborted mcrypt with a buffer overflow backtrace. |
| Alerts: |
|
Comments (none posted)
munin: multiple vulnerabilities
| Package(s): | munin |
CVE #(s): | CVE-2012-2103
CVE-2012-3513
|
| Created: | November 5, 2012 |
Updated: | November 7, 2012 |
| Description: |
From the Ubuntu advisory:
It was discovered that the Munin qmailscan plugin incorrectly handled
temporary files. A local attacker could use this issue to possibly
overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS,
Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103)
It was discovered that Munin incorrectly handled specifying an alternate
configuration file. A remote attacker could possibly use this issue to
execute arbitrary code with the privileges of the web server. This issue
only affected Ubuntu 12.10. (CVE-2012-3513)
|
| Alerts: |
|
Comments (none posted)
mysql: multiple unspecified vulnerabilities
| Package(s): | mysql |
CVE #(s): | CVE-2012-3144
CVE-2012-3147
CVE-2012-3149
CVE-2012-3150
CVE-2012-3156
CVE-2012-3158
CVE-2012-3160
CVE-2012-3163
CVE-2012-3166
CVE-2012-3167
CVE-2012-3173
CVE-2012-3177
CVE-2012-3180
CVE-2012-3197
|
| Created: | November 5, 2012 |
Updated: | December 4, 2012 |
| Description: |
From the CVE entries:
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3144)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. (CVE-2012-3147)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. (CVE-2012-3149)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. (CVE-2012-3150)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3156)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. (CVE-2012-3158)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. (CVE-2012-3160)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. (CVE-2012-3163)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2012-3166)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. (CVE-2012-3167)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. (CVE-2012-3173)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. (CVE-2012-3177)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. (CVE-2012-3180)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. (CVE-2012-3197) |
| Alerts: |
|
Comments (1 posted)
openoffice.org: code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2012-4233
|
| Created: | November 1, 2012 |
Updated: | February 10, 2013 |
| Description: |
From the Debian advisory:
High-Tech Bridge SA Security Research Lab discovered multiple null-pointer
dereferences based vulnerabilities in OpenOffice which could cause
application crash or even arbitrary code execution using specially crafted
files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint
2003) and XLS (MS Excel 2003).
|
| Alerts: |
|
Comments (none posted)
otrs: cross-site scripting
| Package(s): | otrs |
CVE #(s): | CVE-2012-4751
|
| Created: | November 7, 2012 |
Updated: | January 23, 2013 |
| Description: |
From the Mageia advisory:
Cross-site scripting (XSS) vulnerability in Open Ticket Request System
(OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x
before 3.1.11 allows remote attackers to inject arbitrary web script
or HTML via an e-mail message body with whitespace before a javascript:
URL in the SRC attribute of an element, as demonstrated by an IFRAME
element. |
| Alerts: |
|
Comments (none posted)
pcp: multiple unspecified vulnerabilities
| Package(s): | pcp |
CVE #(s): | |
| Created: | November 6, 2012 |
Updated: | November 7, 2012 |
| Description: |
PCP 3.6.9 fixes several bugs that may cause security issues.
|
| Alerts: |
|
Comments (none posted)
remote-login-service: information leak
| Package(s): | remote-login-service |
CVE #(s): | CVE-2012-0959
|
| Created: | November 6, 2012 |
Updated: | November 7, 2012 |
| Description: |
From the Ubuntu advisory:
It was discovered that Remote Login Service incorrectly purged account
information when switching users. A local attacker could use this issue to
possibly obtain sensitive information. |
| Alerts: |
|
Comments (none posted)
ssmtp: no TLS certificate validation
| Package(s): | ssmtp |
CVE #(s): | |
| Created: | November 1, 2012 |
Updated: | November 7, 2012 |
| Description: |
From the Red Hat bugzilla entry:
It was reported that ssmtp, an extremely simple MTA to get mail off the system to a mail hub, did not perform x509 certificate validation when initiating a TLS connection to server. A rogue server could use this flaw to conduct man-in-the-middle attack, possibly leading to user credentials leak. |
| Alerts: |
|
Comments (none posted)
xlockmore: denial of service
| Package(s): | xlockmore |
CVE #(s): | CVE-2012-4524
|
| Created: | November 6, 2012 |
Updated: | November 9, 2012 |
| Description: |
From the Red Hat bugzilla:
A denial of service flaw was found in the way xlockmore, X screen lock and screen saver, performed passing arguments to underlying localtime() call, when the 'dlock' mode was used. An attacker could use this flaw to potentially obtain unauthorized access to screen / graphical session, previously locked by another user / victim. |
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Next page: Kernel development>>
