At 03:15 PM 8/9/01 -0700, mmotyka@lsil.com wrote:
David Honig wrote:
Yes, but it would resolve whether software could find the trojan or whether you have to check your cables for extra lumps.
So if it is SW and you write some little ring 0 code that repeatedly walks the chain from the kyb input to your apps you'll feel safe? You're assuming a one trick pony in a static world.
Mike
Well, I said only that knowing hardware xor software would tell you what you *could* do. I didn't say it would be *easy*. If you ran a file-system-integrity-checker and kept your checksums in a different system, you'd catch some changes. As well as your more directed search. The more the merrier; defense in depth. That being said, due diligence (vigilance?) requires the readers of this list to consider both, and countermeasures to same. And 'out of the box' hazards like video bugs in the smoke detector. dh