On Fri, 14 Jul 2000, Bruce McCulley wrote:
> I'm at this very moment working on porting a security application to Linux. I
> need to be able to access as much information as possible to identify the
> environment, and the CPU id would be a great advantage to be able to tell the
> bad guys from the good guys.
It can be forged...
> It's a two-edged sword, Derek. How do *YOU* know who your friends are? How
> do you know that letter or email came from the purported source? (Or even
> that voice phone-mail, given slick enough technology)?
You don't, and nothing you can do can make you 100% certain. I'll take my
anonimity, thank you very much.
> For that matter, how does NASDAQ or the DoD or Ma Bell know what
> machine is sending that system admin command to some critical firewall
> or router? Anonymity is a two-edged sword too, you can't tell friend
> from foe with perfect anonymity.
You can't really tell friend from foe with imperfect anonymity either.
> Be careful what you wish for....
Whenever you try to rely on technology to save you, you are lost. If you
want to have secure transactions (of any kind, not just monetary), do them
in person. That's about the best you can do. Even then you can't be 100%
certain, especially if you don't know the person.
The bottom line is, for most applications, you don't need to know that I
am who I say I am, or even to hear me tell you who I am. If my currency
is good, wether it is credit or cash, you just take it.
If you're talking about banking transactions and similar, that's another
story, but on-line banking and similar are just a really really Bad(tm)
idea.
--
Derek Martin
System Administrator
Mission Critical Linux
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
