I got this email from a client today and I burst out laughing. When Mythbusters is teaching you about access controls you know you need help:
So probably best to not install a world facing thumb scanner after a TV show about how simple it is to defeat. I was watching TV and as it would turn out you can just take a finger print lift off the face of the scanner which more often than not would be a valid user. Then you can scan that in to a computer, print it, lick it, put it on your finger and your in. It is in too noticeable a place and I know that is something I would want to test out if i saw it. I actually kinda do. I am shocked that I didn’t know you could do that. Better safe than sorry we wouldn’t want the data center to become a club house for some dungeons and dragons gang.
The origins of this attack were the gummi bear attack that was proven to work in certain scenarios. A scanner and some paper is far easier. Why not?