Re: WYTM - "but what if it was true?"
On Mon, Jun 27, 2005 at 09:58:31AM -0600, Chris Kuethe wrote: > And now we have a market for cracked "trusted" banking clients, both > for phishers and lazy people... it's game copy protection wars all > over again. :) > Well cracking the bank application is not really in the user's interests in this case. My view is, that when the banking application delivery platform becomes cheap enough (say $50 or less), it will make sense for the bank to provide a complete ATM system (sans cash) to each user. The personal ATM appliance should be difficult to tamper with and should accept only a single set of accounts (so that stolen pin numbers are not portable)... -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: WYTM - "but what if it was true?"
On Mon, 2005-06-27 at 10:19 -0400, John Denker wrote: > Even more compelling is: > -- obtain laptop hardware from a trusted source > -- obtain software from a trusted source > -- throw the entire laptop into a GSA-approved safe when >not being used. This is just a minor variation of an approach I heard from Carl Ellison a decade or more ago: "the only secure computer is turned off, unplugged, inside a SCIF and surrounded by US Marines." [a SCIF is a Secure Compartmentalized Information Facility, used by the US Government folks] I think we tend to accept a bit more gray in the security versus usefullness grayscale. Pat -- Pat Farrell http://www.pfarrell.com/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: WYTM - "but what if it was true?"
On 6/26/05, Dan Kaminsky <[EMAIL PROTECTED]> wrote: > It is not necessary though that there exists an acceptable solution that > keeps PC's with persistent stores secure. A bootable CD from a bank is > an unexpectedly compelling option, as are the sort of services we're > going to see coming out of all those new net-connected gaming systems > coming out soon. You just know that people won't want to totally reboot their machines every time they want to bank, because that'll break their excel+quicken+msmoney integrated finances. So they try make a bootable HD partition, or run it under vmware, or copy the "trusted" client off. These of course cannot be allowed by the banks if they want to preserve the illusion of their secure banking app... And now we have a market for cracked "trusted" banking clients, both for phishers and lazy people... it's game copy protection wars all over again. :) -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: WYTM - "but what if it was true?"
On 06/27/05 00:28, Dan Kaminsky wrote: ... there exists an acceptable solution that keeps PC's with persistent stores secure. A bootable CD from a bank is an unexpectedly compelling option Even more compelling is: -- obtain laptop hardware from a trusted source -- obtain software from a trusted source -- throw the entire laptop into a GSA-approved safe when not being used. This is a widely-used procedure for dealing with classified data. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: WYTM - "but what if it was true?"
>If you are insisting that there is always >a way and that, therefore, the situation is >permanently hopeless such that the smart >ones are getting the hell out of the >Internet, I can go with that, but then >we (you and I) would both be guilty of >letting the best be the enemy of the good. > > A reasonable critique. It is not necessary though that there exists an acceptable solution that keeps PC's with persistent stores secure. A bootable CD from a bank is an unexpectedly compelling option, as are the sort of services we're going to see coming out of all those new net-connected gaming systems coming out soon. --Dan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
