With all the talk of using biometric devices to read fingerprints as one a means of verifying identity its sobering to read a letter by Ton van der Putte, co-author of “Don't Get Your Fingers Burned”, who claims he can now duplicate a lifted fingerprint in half an hour using $20 worth of materials.

The only equipment you need is a digital camera and an UV lamp, Putte says in a letter to Crypto-Gram, a newsletter by security consultant Bruce Schneier. The time is an improvement of an experiment conducted by Putte and his co-researcher Jeroen Keuning ten years ago.

Then they were able to make a duplicate of a lifted fingerprint over several days and about the same price. They tested the latents on a number of major fingerprint sensors, all of which accepted the dummy finger as a real finger, almost all at the first attempt.

“It seems to be impossible for manufacturers to implement a technology that can distinguish between the upper skin of a finger (which is almost dead material) and artificially created dummy fingers of silicon rubber, acrylic paint, etc.,” they wrote. “Every day, you leave numerous perfect fingerprints behind on glasses, doors, vending machines, tables, and many other places. These latent fingerprints can be lifted and used to create perfect duplicates. To create dummy fingers, the techniques require few skills and the materials are readily available (all materials can be bought in normal stores) and cheap (material price is around 10 - 25).”

They redid the techniques on making the dummy fingers for a programme on the BBC in October. The UK is considering adding biometric security to a new British identity card. One of the options is fingerprint biometrics.

“Although, most of the fingerprint manufacturers still ignore that there is a problem or claim to have solved it, some are willing to admit, but use the argument that it is very difficult and expensive to duplicate fingerprints and that it can only be done by highly skilled professionals,” says Putte.

“In the first place I think this is not a very strong argument, second I admit I am a professional, but now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.”

Read all about how to make fake fingerprints in their 2000 paper (they provide instructions in the appendix) at www.keuning.com/biometry.

The link to a PDF file is at the bottom of the page. My thanks to Slashdot (www.slashdot.org) for the reference.

Please, if you ever feel like passing on a wonderful e-mail story to someone else, visit www.snopes.com to see if it is on the “Urban Legends Reference Pages” list. I say this after receiving again and again that tired out “Legend” about the father of Alexander Fleming, the discoverer of penicillin, saved a young Winston Churchill from drowning.

In gratitude, Churchill's father paid for Fleming's education. Penicillin then cures Churchill of pneumonia. You know the one: “His name was Fleming, and he was a poor Scottish farmer. One day, while trying to eke out a living for his family, he heard a cry for help coming from a nearby bog...etc.”

False! as Snopes goes on to explain. It is a nice story though. Another one to enjoy is the famous “Sushi Memo”, a document purportedly produced in July 2003 by a paralegal at Paul, Weiss, Rifkind, Wharton & Garrison, a New York law firm.

Produced, apparently after one of the firm's partners, disappointed with the quality of takeout sushi in the area, asked a paralegal to find a better source for sushi. The paralegal responded by interviewing co-workers, conducting on-line research and scanning Zagat reviews to generate a three-page memo with footnotes and exhibits.

“Was this memo a form of tacit protest by an underling disgruntled at being selected for a menial undertaking, or was it, in the words of the New York Times, an illustration of ‘the climate of a large law firm for many paralegals, who may feel compelled to give every assignment the single-minded vigour of a filing in a capital case, even if they are only helping to find some particularly fresh raw tuna',” Snopes asks.

“Or was it perhaps simply a parody, something deliberately crafted as a joke to lampoon both these concepts?”

Read “Sushi Options” at www.snopes.com/legal/info/sushi.pdf.

I've been getting messages from people I had forgotten I knew through a new service called Plaxo, which has been set up as an online means of automating updating e-mail address books.

Plaxo works by prompting the user to choose people from their address book they want to get updated contact information from. The free software then sends an e-mail message to the contact.

The person contacted can either reply by e-mail or by Plaxo's secure web site. Plaxo then processes the replies and integrates the updated information into your Microsoft Outlook and Outlook Express address books.

If a contact becomes a Plaxo user then your address book is automatically updated whenever the contact information changes.

Plaxo works with PDAs and other devices that synchronise with Microsoft Outlook or Outlook Express. The company says studies show that a third of all e-mail addresses change annually. Check it out at www.plaxo.com.

Contact Ahmed at: editor@offshoreon.com