Horst Herb <[EMAIL PROTECTED]> wrote: > I own something even better and I am very happy with it: > http://projectblackdog.com/ > > It is a tiny device with integrated fingerprint reader. You plug it into > any > XP box, Linux or OS/X box (some quirks on some Linux or OS/X boxes may > require installation of a driver). > > It first appears as USB CDROM to the computer it is attached to, and > executes > a program automatically (unless this feature is deliberately disabledon > the > host computer). After authentication via finger print reader (+/- > password) > it re-establishes itself as a network device and launches a X windows > session > on the host computer. > > That is, the blackdog is a computer the size of two thumb drives, using > the > host computer as a terminal via a virtual network established via USB. > In the > X session, you can launch any software that runs on (ARM architecture) > Linux, > e.g. Firefox, Thunderbird, ssh, rsync, even OpenOffice. The host > computer is > entirely unaware, and since the X-Session can be run encrypted, there is > no > practical way for the host computer to sniff or log any data other than > continuous screen shots.
It is still vulnerable to software or hardware keylogging software running on teh host computer - these can easily capture typed passwords etc, so you still need to be careful. But if those passwords are only used to unlock private keys kept on teh BlackDog device, your pretty much safe. If teh passwords are used to log in to remote Web sites, then you are still vulnerable. But then, many people who understand such things now agree that traditional username/password pairs are not sufficient to securely authenticate to important Web sites. The difficulty is in arriving at practical alternatives in the absence of co-ordinated spending on widely deployed solution by govts in this area - something we are wrestling with now (considering better but cheap alternatives or adjuncts to usernames/passwords, not co-ordinated spending by govts on authentication solutions...). Tim C _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
