Tim Churches wrote:
Horst Herb <[EMAIL PROTECTED]> wrote:
I own something even better and I am very happy with it:
http://projectblackdog.com/
It is a tiny device with integrated fingerprint reader. You plug it into
any
XP box, Linux or OS/X box (some quirks on some Linux or OS/X boxes may
require installation of a driver).
It first appears as USB CDROM to the computer it is attached to, and
executes
a program automatically (unless this feature is deliberately disabledon
the
host computer). After authentication via finger print reader (+/-
password)
it re-establishes itself as a network device and launches a X windows
session
on the host computer.
That is, the blackdog is a computer the size of two thumb drives, using
the
host computer as a terminal via a virtual network established via USB.
In the
X session, you can launch any software that runs on (ARM architecture)
Linux,
e.g. Firefox, Thunderbird, ssh, rsync, even OpenOffice. The host
computer is
entirely unaware, and since the X-Session can be run encrypted, there is
no
practical way for the host computer to sniff or log any data other than
continuous screen shots.
It is still vulnerable to software or hardware keylogging software running on
teh host computer - these can easily capture typed passwords etc, so you still
need to be careful. But if those passwords are only used to unlock private keys
kept on teh BlackDog device, your pretty much safe. If teh passwords are used
to log in to remote Web sites, then you are still vulnerable.
But then, many people who understand such things now agree that traditional
username/password pairs are not sufficient to securely authenticate to
important Web sites. The difficulty is in arriving at practical alternatives in
the absence of co-ordinated spending on widely deployed solution by govts in
this area - something we are wrestling with now (considering better but cheap
alternatives or adjuncts to usernames/passwords, not co-ordinated spending by
govts on authentication solutions...).
Tim C
And on another similar vein...
A USB web server:
"WebServUSB is a full featured web server programmed into flash memory a
USB device. It features HTTP and FTP web services, plus a companion
email server program which provides POP3 and SMTP mail services. By
plugging WebServUSB into any PC with a USB port, it can enable that PC
to become and Intranet (LAN) or Internet based web server. WebServUSB
can provide the majority of features of a web server costing thousands
of dollars all embedded in the USB flash memory."
http://www.redferret.net/?p=6485
Andre.
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
