Victor Duchovni writes:
| ...
| The personal ATM appliance should be difficult to tamper with and should
| accept only a single set of accounts (so that stolen pin numbers are not
| portable)...
My personal guess is that the general purpose
computer is ultimately a goner -- it will later,
if
Pat Farrell wrote:
"the only secure computer is turned off, unplugged,
inside a SCIF and surrounded by US Marines."
... provided you can trust the marines.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cry
On 6/27/05, Victor Duchovni <[EMAIL PROTECTED]> wrote:
> On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote:
>
> > And now we have a market for cracked "trusted" banking clients, both
> > for phishers and lazy people... it's game copy protection wars all
> > over again. :)
> >
>
> Well
On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote:
> And now we have a market for cracked "trusted" banking clients, both
> for phishers and lazy people... it's game copy protection wars all
> over again. :)
>
Well cracking the bank application is not really in the user's interests
in
On Mon, 2005-06-27 at 10:19 -0400, John Denker wrote:
> Even more compelling is:
> -- obtain laptop hardware from a trusted source
> -- obtain software from a trusted source
> -- throw the entire laptop into a GSA-approved safe when
>not being used.
This is just a minor variation of an a
On 6/26/05, Dan Kaminsky <[EMAIL PROTECTED]> wrote:
> It is not necessary though that there exists an acceptable solution that
> keeps PC's with persistent stores secure. A bootable CD from a bank is
> an unexpectedly compelling option, as are the sort of services we're
> going to see coming out o
On 06/27/05 00:28, Dan Kaminsky wrote:
... there exists an acceptable solution that
keeps PC's with persistent stores secure. A bootable CD from a bank is
an unexpectedly compelling option
Even more compelling is:
-- obtain laptop hardware from a trusted source
-- obtain software from a tru
>If you are insisting that there is always
>a way and that, therefore, the situation is
>permanently hopeless such that the smart
>ones are getting the hell out of the
>Internet, I can go with that, but then
>we (you and I) would both be guilty of
>letting the best be the enemy of the good.
>
>
Dan Kaminsky writes:
| Dan--
|
| I had something much more complicated, but it comes down to.
|
| You trust Internet Explorer.
| Spyware considers Internet Explorer crunchy, and good with ketchup.
| Any questions?
|
| A little less snarkily, Spyware can trivially use w
Dan--
I had something much more complicated, but it comes down to.
You trust Internet Explorer.
Spyware considers Internet Explorer crunchy, and good with ketchup.
Any questions?
A little less snarkily, Spyware can trivially use what MS refers to
as a Browser Helper Object (B
What do you tell people to do?
Defense in depth, as always. As an officer at
Verdasys, data-offload is something we block
by simply installing rules like "Only these
two trusted applications can initiate outbound
HTTP" where the word "trusted" means checksummed
and the choice of HTTP represent
Allan Liska wrote:
3. Use an on-screen keyboard.
For extra points, try Dasher.
http://www.inference.phy.cam.ac.uk/dasher/
--
>>>ApacheCon Europe<<< http://www.apachecon.com/
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man
Adam Shostack wrote:
On Wed, Jun 22, 2005 at 01:54:34PM +0100, Ian Grigg wrote:
| A highly aspirated but otherwise normal watcher of black helicopters asked:
|
| > Any idea if this is true?
| > (WockerWocker, Wed Jun 22 12:07:31 2005)
| > http://c0x2.de/lol/lol.html
|
| Beats me. But what i
Ian Grigg wrote:
A highly aspirated but otherwise normal watcher of black helicopters asked:
Any idea if this is true?
(WockerWocker, Wed Jun 22 12:07:31 2005)
http://c0x2.de/lol/lol.html
Beats me. But what it if it was true. What's your advice to
clients?
First up, it certainly is not
On Wed, 22 Jun 2005, Ian Grigg wrote:
A highly aspirated but otherwise normal watcher of black helicopters asked:
Any idea if this is true?
(WockerWocker, Wed Jun 22 12:07:31 2005)
http://c0x2.de/lol/lol.html
googling 'dell keylogger' certainly turns up a lot of sites who insist
that this
It is most likely a hoax:
http://www.boingboing.net/2005/06/16/conspiracy_theory_of.html
As to your second question. There are several options available to you
depending on your level of paranoia:
1. Run a personal firewall (assuming you can find one that doesn't have
a trojan that talks ba
On Wed, Jun 22, 2005 at 01:54:34PM +0100, Ian Grigg wrote:
| A highly aspirated but otherwise normal watcher of black helicopters asked:
|
| > Any idea if this is true?
| > (WockerWocker, Wed Jun 22 12:07:31 2005)
| > http://c0x2.de/lol/lol.html
|
| Beats me. But what it if it was true. What's
A highly aspirated but otherwise normal watcher of black helicopters asked:
> Any idea if this is true?
> (WockerWocker, Wed Jun 22 12:07:31 2005)
> http://c0x2.de/lol/lol.html
Beats me. But what it if it was true. What's your advice to
clients?
iang
--
Advances in Financial Cryptography, Is
18 matches
Mail list logo
