Re: CRIME REMINDER: Free Seminar on Computer Security tomorrow!

From: Seth Arnold (sarnold@private)
Date: Wed Sep 04 2002 - 16:39:00 PDT

  • Next message: Crispin Cowan: "Re: CRIME Issues"

    On Wed, Sep 04, 2002 at 02:26:17PM -0700, Andrew Plato wrote:
    > Remember that guy Steve Gibson. He got famous back in 2000 screaming
    > that the Internet was going to come to a halt when Microsoft released
    > WinXP because it used "raw sockets." This would cause the hacker
    > community to unleash hacks hereto unheard of and wipe out life as we
    > know it. He was on every news show and web site there for a while. 
    
    Gibson is also an incredible wanker.
    
    At the time he was whining about raw sockets in XP, there were several
    operating systems (available at no cost!) that supported raw sockets:
    Linux (hundreds of distributions), NetBSD, FreeBSD, OpenBSD.
    
    Why he got upset about one specific implementation of raw sockets,
    especially one that costs so much, I don't know.
    
    I _do_ know why Crispin doesn't like biometrics: the snake oil salesmen
    do a great job making them look slick, but someone with an hour or two
    of time on his hands, some gelatin, and your coke can, completely
    obviates the security of the biometric.
    
    I'd think something like the iButton from Dallas Semiconductor would
    supplant most biometric tools _very_ nicely: http://www.ibutton.com/
    It is much more difficult to reproduce one (a secret key used inside of
    one) than your thumbprint. Being challenge/response, it doesn't suffer
    from the problem of dropping one that replies "yes" or "no" at
    convenient times onto a machine.  Fully featured, $53.21 for a single
    button. I expect the "monetary iButton" ($10.29 for a single button)
    would be able to produce a reasonably-well-protected login token. The
    USB reader is $15.
    
    It is on my TODO list to write a PAM module for one of these; maybe if I
    bought the reader and a button for greg, he'd help me with the driver..
    
    And no, oddly enough, I don't work for Dallas Semiconductor or a
    supplier or customer... :)
    
    -- 
    It seems the power has been robbed from the founding fathers and is now
    firmly in the hand of the funding fathers -- Rik van Riel
    
    
    



    This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 17:08:19 PDT