OK, shall we savage another security solution?

Steven M. Bellovin smb at cs.columbia.edu
Wed Sep 19 16:46:03 EDT 2007


On Wed, 19 Sep 2007 09:29:53 +0100
"Dave Korn" <dave.korn at artimi.com> wrote:

> On 18 September 2007 23:22, Leichter, Jerry wrote:
> 
> > Anyone know anything about the Yoggie Pico (www.yoggie.com)?  It
> > claims to do much more than the Ironkey, though the language is a
> > bit less "marketing-speak".  On the other hand, once I got through
> > the marketing stuff to the technical discussions at Ironkey, I ended
> > up with much more in the way of warm fuzzies than I do with Yoggie.
> > 
> >  							-- Jerry
> 
>   Effectively, it's just an offload processor in fancy dress.
> 
>   It relies on diverting all your network traffic out to the USB and
> back just before/after the NIC, which it presumably has to do with
> some sort of filter driver, so it's subject to all the same problems
> vs. malware as any desktop pfw.
> 
>   Unless your box is so overloaded that the pfw is starved of cpu
> cycles, I can't see the use of it myself.
> 
If done properly -- i.e., with cryptographic protection against new
firmware or policy uploads to it -- it's immune to host or user
compromise as a way to disable the filter.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list