[As usual, the From: is a black hole, as a broken-autoresponder defense. Use the address in the signature if you want to reach me.] > imagine i'm going to access an e-gold acocunt of $1M ... > first [...]; then [...]; [...] > i cannot figure out what could go wrong in the above process ... How about a "reflash your BIOS" infection? I've heard of malware loose in the wild that trashes flashable BIOSes; it would take only a little more care to build one that flashes a carefully infected image instead. I've never liked the flashable BIOS idea, though I'm OK with it if there's a way to disable reflashing that can't be changed by software (eg, a jumper must be on a certain pair of pins). I've seen boards which "defend" against malware reflashing them by having two copies, both flashable, which may help against getting randomly trashed but is of no value against careful malicious reflashing; whatever the vendor reflashing software can do, malware can do too. > Q: can you really trust Google? Trust Google with what? Trust Google to do, or not do, what? No, I don't actually myself care about the answers to those. I'm just trying to point out that trust is not a simple yes-or-no thing. For example, I trust my upstream to deliver (almost) all of the data I send through them unchanged, but I don't trust them with my passwords on other than their machines. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse@xxxxxxxxxxxxxxxxxxxxxx / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
