[fw-wiz] REXX
MHawkins_at_TULLIB.COM
Date: 02/24/05
- Previous message: David Lang: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: dr@kyx.net, mjr@ranum.com, frank@knobbe.us Date: Thu, 24 Feb 2005 09:16:18 -0500
I have a REXX too. It now lives in my bedside drawer.
I still have a look at it now and then wondering whether I could get a JVM
running on it or Linux. lol
Has anyone here ever heard of anyone EVER being able to download their own
app to a REXX? I would love to here about it.
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Dragos Ruiu
Sent: Wednesday, February 23, 2005 10:13 PM
To: Marcus J. Ranum; Frank Knobbe
Cc: Hawkins, Michael; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Username password VS hardware token plus PIN
On February 23, 2005 05:18 pm, you wrote:
> Dragos Ruiu wrote:
> >The problem with the old PDA idea is user reluctance.
>
> Then get SecurIDs or whatever for the few users who
> insist on 'em. But there are PDAs that are tiny, too -
> credit card size like the Oregon Scientific PDA293
> ($9.95 at officedepot.com) or Xircom's Rex, which needs
> no cradle because it fits in a PCMCIA slot to sync
> and recharge...
Heh, being a gadgetaholic, I own a Rex... (which was not
amongst my most stellar purchases btw, or long-lived in
terms of use, though it was small enough in its pcmcia
form factor that it rattled around in my suitcase for
years before i noticed it and threw it in the dinosaur
equipment pile with the newtons and many other
strange oddball devices). I don't know anything
about the Oregon Scientific device, but the Rex
is a non starter. First killer is the frighteningly limited
input system, and second is the high level of reverse
engineering needed to retrofit anything onto that
device as it has nothing resembling a programmatic
interface or any user accessible code bits. It's only
marginally more useful than a paper printout of your
contacts, though the batteries don't die on paper. :-)
> Basically, you're just conveying excuses. And you're
> making them sound better by implying that they are
> from some senior manager who can't carry a credit
> card sized device along with his golf clubs. But the
> truth is that he's not going to tolerate *anything*
> that enhances security because he's a moron.
Morons happen. They frequently happen in senior
management. And yes, I've seen plenty of resistance
to even credit card sized tokens as I recommend
the devices.
For the record, remember, I said I _liked_ external
two factor authentication. I just think that rather than
trying to defeat the cost issue with old PDAs, you
will have more success selling it as an excuse to
buy a svelte new sexy modern PDA on a company
budget. Or go buy some token thingies... Cobbling
together some frankenstein solution of dubious
software plus cheap pdas off ebay sounds like
a recipe for disaster. In the end, if even the
arguably low cost of the commercial tokens
is too much of a hurdle for a company's data
integrity/security, then there is a security issue
that will likely only be rectified at the board level. :-)
cheers,
--dr
-- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. For more information about the Collins Stewart Tullett group of companies please visit the following web site: www.cstplc.com ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- -------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: David Lang: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
