Date: Mon, 04 Jan 1999 11:26:09 -0800 From: Mike Smith <mike@smith.net.au> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Mike Smith <mike@smith.net.au>, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Tom Bartol <bartol@salk.edu>, current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... Message-ID: <199901041926.LAA14171@dingo.cdrom.com> In-Reply-To: Your message of "Mon, 04 Jan 1999 20:14:25 %2B0100." <15157.915477265@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <199901041858.KAA14013@dingo.cdrom.com>, Mike Smith writes: > >> In message <38397.915473345@zippy.cdrom.com>, "Jordan K. Hubbard" writes: > >> >> Not at all. Ever heard of a padlock? > >> > > >> >Give me physical access to your machine, with or without a padlock, > >> >and I'll have root on that baby before you have a chance to come back > >> >from lunch. > >> > > >> >I think the original comment that there's no security without physical > >> >security has definite merit. The NSA learned this decades ago! :) > >> > >> Uhm, well there is, but it is called "tamper-proof hardware" and costs > >> a fortune. > > > >It's not "tamper-proof", it's "tamper-resistant", and I can suggest a > >wide range of "tampering" hardware that it won't stand up to for long. > > No, you bet it is tamper-PROOF. > > They will guarantee that you will not get access to anything in > the computer. Last perimeter will inject 220V (mains) through > vital bits of the computer (including your flash disk) if broken. > > By the time you have gotten through the 10mm steel plate, the computer > is dead. And quite likely you as well, they have versions with > poison-gas release and all sorts of nasties. > > Primary market: ATM & Banking terminals. > > Smallest model and the closest they have to a portable in the > catalog I have here weighs 450 kg (thats 900 pounds), sports 10mm > steel casing (both the outher case and the CPU module case inside > it) it comes with optional holes in the bottom so you can bolt it > to a foundation. It is also IP67 watertight and they will paint > it in any color you like. Price: $CALL. I recommend you find and read a copy of the very excellent, if somewhat dated, "Danger UXB" before being quite so certain. And consider; you still have to be able to open it for maintenance - if a direct physical approach is inefficient, hack the supporting organisation. I could also point out that I have a family background that covers financial IT, and I've seen the aftermath of a number of ATM takeovers both successful and otherwise. I was old enough to be very interested while my father was building a new datacentre (his third, and the second for this company), and got some fairly interesting holiday work in that organisation. 8) Believe me; it doesn't matter how much Heath Robinson hardware you attach to a device to "secure" it - people will still get in. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901041926.LAA14171>