Re: [fw-wiz] REXX
From: ArkanoiD (ark_at_eltex.net)
Date: 02/25/05
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: MHawkins@TULLIB.COM Date: Fri, 25 Feb 2005 10:40:56 +0300
I know a person who hacked it pretty much, as i mentioned it is z80-based
and easy programmable. His blog is http://www.livejournal.com/users/tnt23/,
mostly in russian..
I'm afraid even sha1 is damn slow on it, but..
On Thu, Feb 24, 2005 at 09:16:18AM -0500, MHawkins@TULLIB.COM wrote:
> I have a REXX too. It now lives in my bedside drawer.
>
> I still have a look at it now and then wondering whether I could get a JVM
> running on it or Linux. lol
>
> Has anyone here ever heard of anyone EVER being able to download their own
> app to a REXX? I would love to here about it.
>
>
>
>
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Dragos Ruiu
> Sent: Wednesday, February 23, 2005 10:13 PM
> To: Marcus J. Ranum; Frank Knobbe
> Cc: Hawkins, Michael; firewall-wizards@honor.icsalabs.com
> Subject: Re: [fw-wiz] Username password VS hardware token plus PIN
>
>
> On February 23, 2005 05:18 pm, you wrote:
> > Dragos Ruiu wrote:
> > >The problem with the old PDA idea is user reluctance.
> >
> > Then get SecurIDs or whatever for the few users who
> > insist on 'em. But there are PDAs that are tiny, too -
> > credit card size like the Oregon Scientific PDA293
> > ($9.95 at officedepot.com) or Xircom's Rex, which needs
> > no cradle because it fits in a PCMCIA slot to sync
> > and recharge...
>
> Heh, being a gadgetaholic, I own a Rex... (which was not
> amongst my most stellar purchases btw, or long-lived in
> terms of use, though it was small enough in its pcmcia
> form factor that it rattled around in my suitcase for
> years before i noticed it and threw it in the dinosaur
> equipment pile with the newtons and many other
> strange oddball devices). I don't know anything
> about the Oregon Scientific device, but the Rex
> is a non starter. First killer is the frighteningly limited
> input system, and second is the high level of reverse
> engineering needed to retrofit anything onto that
> device as it has nothing resembling a programmatic
> interface or any user accessible code bits. It's only
> marginally more useful than a paper printout of your
> contacts, though the batteries don't die on paper. :-)
>
> > Basically, you're just conveying excuses. And you're
> > making them sound better by implying that they are
> > from some senior manager who can't carry a credit
> > card sized device along with his golf clubs. But the
> > truth is that he's not going to tolerate *anything*
> > that enhances security because he's a moron.
>
> Morons happen. They frequently happen in senior
> management. And yes, I've seen plenty of resistance
> to even credit card sized tokens as I recommend
> the devices.
>
> For the record, remember, I said I _liked_ external
> two factor authentication. I just think that rather than
> trying to defeat the cost issue with old PDAs, you
> will have more success selling it as an excuse to
> buy a svelte new sexy modern PDA on a company
> budget. Or go buy some token thingies... Cobbling
> together some frankenstein solution of dubious
> software plus cheap pdas off ebay sounds like
> a recipe for disaster. In the end, if even the
> arguably low cost of the commercial tokens
> is too much of a hurdle for a company's data
> integrity/security, then there is a security issue
> that will likely only be rectified at the board level. :-)
>
> cheers,
> --dr
>
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Vancouver, Canada May 4-6 2005 http://cansecwest.com
> pgpkey http://dragos.com/ kyxpgp
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> -------------------------
> The information contained in this email is confidential and may also contain
> privileged information. Sender does not waive confidentiality or legal
> privilege. If you are not the intended recipient please notify the sender
> immediately; you should not retain this message or disclose its content to
> anyone.
> Internet communications are not secure or error free and the sender does not
> accept any liability for the content of the email. Although emails are
> routinely screened for viruses, the sender does not accept responsibility
> for any damage caused. Replies to this email may be monitored.
> For more information about the Collins Stewart Tullett group of companies
> please visit the following web site: www.cstplc.com
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> --------------------------
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
> [host=TEST]
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Username password VS hardware token plus PIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
