Of the rest, I’m currently testing an Acer laptop that has a fingerprint scanner but no TPM chip, and a friend has recently bought a low-cost Lenovo laptop that includes the same and has the same ommission.  Neither of my tablets have any kind of TPM and neither does my smartphone or any other smartphone or tablet that I’ve tested.

A TPM chip is one that stores encryption keys that allow you to securely encrypt the contents of the full hard disk or SSD in the machine.  The TPM chip works in conjunction with operating system solutions, most well known being Bitlocker in Windows Vista and Windows 7, to unlock those drives on a passcode, use of a physical hardware key, contactless smartcard or automatically on log-in.  They can prevent that data from ever beaing read if the operating system is reinstalled or if the hard disk is physically removed, as the encryption key is tied to the TPM chip, which is physically undetachable from its host motherboard.

On my own laptop I use Bitlocker to encrypt all my files and data and, while it’s far from perfact still, it gives me the peace of mind I need that coupled with a very strong 10+ digit Windows password, nobody but me can ever gain access to my files.

The downside of facilities such as  Bitlocker is they’re only currently supported in the Enterprise and Ultimate editions of Windows, a problem I sincerely hope Microsoft will rectify with Windows 8, as I’ve only once been sent a laptop with Windows 7 Ultimate on it, and that was the afore-mentioned Acer that didn’t have a TPM chip anyway.

Of the laptops that include fingerprint readers, I can assure you these things are pretty useless and people soon stop using them.  Also what’s the point of just having secure access to Windows when it’s still simple to pop the hard disk out and plug it into another machine.

The situation with tablets is different, most of the time anyway, with bespoke flash storage modules that can’t be plugged into another computer and where the password can only be bypassed by flashing the machine.  With Windows 8 tablets coming next year this advantage may quickly disappear though in favour of more traditional mini-SSDs with larger capacities on board.

My argument is that, certainly on laptops, ultraportables and netbooks, but also and perhaps to a slightly lesser extent, tablets, smartphones and even desktops, TPM chips should now be everywhere and encryption should be simple and intuitive if not completely automatic and seamless (as it is on some new high-end hard disks).  The amount of data we all have and carry around with us now is incredibly valuable, not just to us but also to others.  With the prices of TPM chips at an all-time low, I really can’t see why we’re not seeing ubiquity here in the way they are implemented.

The software solutions will also need to drastically improve to make them much easier to understand and use.  We can’t still be in a position a year from now though where TPM chips are still only found on high-end business laptops costing more than $1,000.

Fingerprint calculates hash values of every file during the first selection unlike many other tools that simply report file size or file date modifications. This way might take a bit longer but it ensures that every modification can be noticed as the program compares the hash values and not data that can be easily modified.

Some aspects of a directory scan can be configured during setup. It is for instance possible to include or exclude files from the scan, switch from hash generation to file size, date and time records or schedule scans for the profile.

The Windows Task Scheduler is used to schedule file comparisons at a later time or on a regular basis. File changes will be written to a log file that is automatically displayed in the default web browser of the computer system. Fingerprint is a small program for the Windows operating system that can be downloaded from the developer’s website.

The Chaos Computer Club, a renowned and popular club of hackers and privacy advocates, decided to let the minister taste some of his own medicine by replicating the fingerprint of the minister and publishing that fingerprint in their magazine.

The fingerprint was available as a print in the magazine and on transparency slide ready to be put on the fingers of the readers of it. The sample was apparently taken from a glass that Schäuble was drinking at a panel discussion in Berlin.

The club also published a step by step instruction on how they managed to replicate the fingerprints. The process itself requires only a handful of common materials, a computer and laser printer, nothing that can’t be acquired in a regular tools store.

The sentenced that always reminds me of how amateurish Sony handled the whole affair went something in the line of “People who don’t know what rootkits do should not care about them”.

It seems Sony did it again. F-Secure is reporting that Sony is now selling a USB stick – the Sony MicroVault – which installs a hidden folder in c:\windows when installing the USB fingerprint software.

So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

F-Secure suspects that the hidden folder is used to protect the fingerprint authentication and strongly disagrees that this is the correct way to achieve a protection.

I think that Sony made a big mistake in using such a technology again even if it was intended to be of good use for the owner.

Read More:

F-Secure Blog

Stores are only allowed to pay with store credit and not with cash anymore and have to hold them for 30 days before being able to resell them. I don’t think that I’m the only person who thinks this new legislation sounds ridiculous. Especially if you consider that everyone will still be able to sell used CDs on eBay and Amazon without getting fingerprinted in first place.

Utah aims for the same legislation and Rhode Island has another pending one. When will the first record store clerk land in jail for selling used legit CDs ?