On Mon, Dec 20, 2010 at 10:27:52PM +0530, Pranesh Prakash wrote: > Eugen, can you imagine a system that is vulnerable to (undetectable) > attack, but because of (external, non-software) processes in place, is
Why having an electronic system in place, then, if you're already using non-software processes to check on your non-dead-tree ones? > such that all that the attack can succeed in doing is screwing with the > system rather than favouring a particular candidate or another? The trouble is that there is no "the system" but multiple versions of multiple systems, some of them compromised, or designed to be compromisable. That I can think of a particular protocol to detect tampering (in absence of a particular protocol I can't) it doesn't mean that all such systems suscepted to all attacks (most I can't think of) will succeed. In general, the whole mode of thinking runs contrary to any security-minded analysis. It's hard enough to debug dead tree, why trying to bind a yet another albatross around your neck? -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
