[ltp] Slightly off topic: windows fingerprint checker bad flaw

[Jiang Qian]

If you don't have fingerprint reader or have blown away your xp 
partition, stop reading now.

This is off topic but I seem to have discovered a critical flaw in the 
dual-boot windows partition of my computer in the way it check the 
fingerprint.  It seems that if you configure windows to use fingerprint 
log in and enroll several fingers, and boot up windows. when you roll 
any finger, *not* the ones you log in, *as soon as* the fingerprint 
login screen appear but has not been properly initialized(when it's 
saying "please wait...") you get logged right in. No matter what 
finger you use. This defeat the whole fingerprint login protection.

Note this does not happen if once logged in, you log out then try to 
log in again. In that case only the fingers you enrolled log you in.

Also this does not seem to affect when you use fingerprint as power-on 
security like hard drive password. So it does not affect my linux 
partition at all, where pam, combined with beta driver, does a proper 
job authenticating finger print. It is a windows software flaw.

For those of you who keep a windows partition, be aware, you might want 
to check your fingerprint login in windows. This is on a T43 with 
windows xp sp2.

If people can confirm this, does anyone know who to report? Frankly I 
don't care about this flaw, I use windows only for hardware testing 
purpose.  Yet I'm sure there're gazillion of windows only users who 
should be aware of this.

Jiang