[erlang-questions] How to exchange sensitive data with ports?
Illo de' Illis
illo@REDACTED
Fri Aug 7 18:20:04 CEST 2009
On Aug 7, 2009, at 6:07 PM, Hynek Vychodil wrote:
> No, no, no, you must be sure that bad guy has not ever been logged
> as root or a malicious program has not been running with root
> privileges in any time in past. You can't trust your kernel! It
> could been patched! You must be sure that bad guy has not been
> logged at your user level or a malicious program has not been
> running in same time as any your still running process. It can be
> new malicious program patched on fly. You must be sure that when you
> start your Erlang VM or any other program you don't execute any code
> which could be modified when bad guy has been logged or malicious
> program has been running. Etc.
I was talking about a _good_ level of security, not a _I'm freaking
paranoid_ level of security. As it has been memed all over internet
since ages, a secure system is a system which is switched off, not
connected to internet, and locked up in a safe.
And speaking of that, since the original poster is dealing with a
smartcard, every transaction should be encrypted by the smartcard
private and unaccessible key by using a lcoked-out computer in a
vacuum chamber.
Ciao,
Illo.
More information about the erlang-questions
mailing list