On Wed, Nov 30, 2011 at 03:22:50PM +0100, Ma Begaj wrote: > 2011/10/4 Heinz Diehl <htd@xxxxxxxxxxxxxxxxx>: > > On 04.10.2011, Jan wrote: > > > >> You have a fully encrypted system on your USB stick like privatix > >> (see http://www.mandalka.name/privatix/index.html.en ) and you are > >> sitting in an internet cafe. There's a hardware keylogger installed > >> on that the PC you use. You lose your USB stick, maybe you even > >> forget it in the internet cafe (this happens)! > > [.....] > > > > Privacy on a machine outside of your control is a no-go. > > There are by far more options to get access to your data if > > somebody other than yourself has admin/root access to the machine > > you're using. A simple script which does a copy of anything inserted > > will do it. Or the admin himself logged in from another machine, and > > many more... > > > that is not true. two factor authorization solves this problem pretty easy. It seems to until you look more closely. Current attacks on online-banking demonstrate the attack. The only way around that is basically to delegate all interaction to a device the attacker did not have access to. Everything else just increases attackert effort, but is still feasible. > I am using barada on my machines for SSH and it is working pretty great. > http://barada.sourceforge.net/ What has "working well" to do with "being secure"? Not a lot, I would say. If the machine you do this one has been pepared to hijack ssh-sessions, it can easily look over all your stuff without you ever knowing and install a backdoor on the machine you logged in to. This is a practical attack, even if it causes some effort on the attacker's side. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
