RE: Don't type your yes/fraud response into your computer

["A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>]

>	At base, the moral to the story is that a compromised user machine
>permits essentially any and all activities to be suborned.  Only a smart
>card mechanism stands a chance of standing up to this, but that, in effect,
>makes the smart card the 'user machine'.

True and has been one reason the smartcards/tokens/etc have been available
for years. The other side of the coin is expense - for a smart card and 
reader you are looking at over $100. For a token alone (you enter the 
one-time response) $30-$60. In a mass-market environment, this is not
supportable.

OTOH, keyboard sniffing software is easy to detect because it must go 
resident and it must intercept the keystrokes. The fact that no software
has bothered to do this does not mean that it cannot be done. The 
easiest way for such software to act would be to ignore the machine software
and when sensitive material is to be passed, to do so via direct port 
(hardware) access - been a while since I looked at it but AFAIR is around
port 60h. (PC type machines)

This would take care of anything sitting on Int 09 or Int 16 since it would
be bypassed. Often a problem that looks difficult when viewed as a whole
becomes simple once you disassemble it.

Rather than try to find a workaround for a machine you do not trust, why not
develop a means to trust it ? Can do with software alone and that is cheap.

						Warmly,
							Padgett

ps Dave, what is this thingie on the 21st ? May be in the area (opportunity
   for plug here 8*).

pps Before y'all get too wrapped up in free-speech vs libel in the US I would 
    suggest studying the difference between criminal law and civil.