Ilya Konstantinov wrote: > On Wed, Nov 29, 2000 at 12:50:32PM +0200, Gilad Ben-Yossef wrote: > >> Other methods of configuration could be very well added. How about >> attaching an GSM phone to the machine and accepting instruction only >> from SMS messages coming from a certain phone number. > > > That's a rather insecure way, BTW. > Any company with direct access to the GSM exchange can create > messages with whatever source numbers they want. A security measure is never meassured in terms of the aboslute protection its provides but rather in terms of how easy or hard it is to circumvent it the alternatives. Any attacker which is after your stuff and is able to penetrate a GSM exchange and send an unauthrized message without anyone noticing (remember that banks rely on the number as a ID good enough to identify you and divolge your account details on SMS) can just as well break into your phisical location and take what he wants or kidnap the children of the sysadmin or any other large scale operations such as those. It all depends on what you are protecting. I think that for 95% of the people and LANs out there it's secure enough, combined with a one time password carried by the SMS message itself. -- Gilad Ben-Yossef <[EMAIL PROTECTED]> http://benyossef.com :: +972(54)756701 ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
