FIPS chassis/linux security engineer?
Does anyone know of a manufacturer of FIPS 140 certified or certifiable 1u/2u rack mount chassis? For a seperate project, does anyone know of a small linux-ready/able box with ethernet? Gumstix looks cool but I need hardwire networking. Last, I'm looking for a Linux expert security engineer in the SF bay area. (I'm managing a security group at a startup that has been shipping products to paying customers for a few years. No its not lne.com, this just address I use to post). This person will need to know linux/unix OS security/hardening _in depth_ and also have an understanding of crypto APIs (writing them not using them) plus significant industry experience. Sorry, no relocation assistance. Eric
On Sat, 17 Jul 2004, Eric Murray wrote:
For a seperate project, does anyone know of a small linux-ready/able box with ethernet? Gumstix looks cool but I need hardwire networking.
Soekris, <http://www.soekris.com/>. PXA255, <http://www.hw-server.com/hw_products/sld_hws.html> Are there more, and/or better?
As I predicted, transactions are increasingly going on line. And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted. So why don't we have anonymous chaumian cash by now? Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money. Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Observe Tim May, who mistook e-gold phishing spam mail for the real thing. Well, not so much that people are idiots, but that we still have not got a satisfactory security model that adequately accommodates human factors.
At 08:41 AM 7/19/2004, James A. Donald wrote:
As I predicted, transactions are increasingly going on line.
And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted.
So why don't we have anonymous chaumian cash by now?
Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money.
Only if you ignore soft/hard money issues and your internal fraud controls are not up to par.
Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots.
Or e-currency vendors don't use effective anti-phishing and key logger measures. They do seem to exist. steve
On Mon, 19 Jul 2004, James A. Donald wrote:
As I predicted, transactions are increasingly going on line.
And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted.
So why don't we have anonymous chaumian cash by now?
For anonymous cash systems outside of the government control, we first need generic unofficial cash systems. I just stumbled over two different alternative "cash" systems already in use, and there are hundreds more: http://www.calgarydollars.ca/faq.html http://www.ithacahours.com/ There are many other kinds of currencies; some of them are even exchangeable for "real money", eg. casino chips. As we can see from the aforementioned examples, the requirement for convertibility between the alternative currencies and the "mainstream" ones is not absolute. My guess is that the time for Chaumian cash didn't come yet; but the signs are already on the sky. My suggested course of action is to not worry about when it happens, and spend the time working on implementations. It's only matter of time when the already existing systems will feel the need to go electronics; they are usually local, so the physicality disadvantage of tangible material "certificates" like pieces of paper or metal isn't too annoying, but it is a limitation neverthless. That is possibly the best starting point; a set of proof-of-concept implementations is probably necessary for further expansion. This will also seed the market, and get the people used to the technology - and, if it turns out useful for them, demanding it elsewhere, further driving its expansion.
Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money.
I suppose the countermeasures against this exist. (That the banks habitually don't deploy them is another thing.)
Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Observe Tim May, who mistook e-gold phishing spam mail for the real thing. Well, not so much that people are idiots, but that we still have not got a satisfactory security model that adequately accommodates human factors.
Why aren't we working on it already then?
participants (4)
-
Eric Murray -
James A. Donald -
Steve Schear -
Thomas Shaddack