On Tue, Aug 25, 2009 at 10:56 PM, Ben Scott <dragonh...@gmail.com> wrote:
> On Tue, Aug 25, 2009 at 10:43 PM, Bill McGonigle<b...@bfccomputing.com> > wrote: > >> Boot from a CD or USB key? > > > > Does anybody really do this? > I know security people that remove the battery from the phone when they're not using it so they don't get tracked. But they probably wouldn't use a computer they didn't know, even if booting from a CD. As I mentioned earlier, USB keyboards can be recoded. And they're paranoid about security. > I've booted computers that aren't mine from Ubuntu media. Not a > "Internet cafe", per se, but same principle. > > > I would have guessed drivers would be hit-or-miss ... > > True, but Ubuntu's pretty good these days. > > > BIOS fiddling would often be required (I'd keep BIOS > > setup locked if I ran such a cafe). > > If you ran such a cafe, you'd also have the user accounts locked > down so malware couldn't run in the first place. > > On Tue, Aug 25, 2009 at 10:46 PM, Bill McGonigle<b...@bfccomputing.com> > wrote: > >> Better still would be some kind of OTP generator ... You *can* do pre generated OTP lists. I've seen it done with NetBSD in '00. No token, just a list on a PDA or paper. > hrm, my phone can't run apps, but it can do SMS messages. Interesting > option. There ya go. Start by emailing a password to your server from your > phone. (I'd suggest a different password for this mechanism.) When > the server gets the right password, it sends an OTP to your phone via > SMS (every carrier I know of has an SMTP-to-SMS gateway). Login with > the OTP; don't use your regular password. That way you're also got a > sort-of two-factor authentication; unless someone can receive your SMS > messages *and* knows your trigger password, they can't get a OTP. > If it's an iPhone, make sure SMS is patched.... :-) For the paranoid. > > >> I've heard tell that some spyware specifically looks for form fields > >> to capture ... > > > > via network stream intercepting or as a browser plugin? >
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/