>as I can tell, this is the kind of gear that banks and brokerages are
>using to protect data that, if compromised, could wreak havoc costing
>not just millions, but potentially billions (10**9's) of dollars. (If
>you know of something better, please tell me).
I think I know what you mean, but you have it backwards. You probably
want to see "they use this to secure billion-dollar transactions,
and perhaps down to million-dollar transactions." In the security
business, it's more impressive how little money justfies protection,
not how much you have.
And anyway, I betcha a million dollars and a lead story on the NYTimes
or WSJournal is enough. :)
Just using secure hardware isn't enough. If an attacker can get
(momentary) software access to the machine, they can install a
new driver. That driver could intercept and/or modify your commands
to the device. It probably doesn't take much to get a third-shift
cleaning person to stick a floppy in the desired machine; depending
on the O/S they might have to do a bit more, of course. (Do floppies
support [autostart]? :)
This is wandering a bit afar from the list's charter...
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
