OK, shall we savage another security solution?
Steven M. Bellovin
smb at cs.columbia.edu
Wed Sep 19 16:46:03 EDT 2007
On Wed, 19 Sep 2007 09:29:53 +0100
"Dave Korn" <dave.korn at artimi.com> wrote:
> On 18 September 2007 23:22, Leichter, Jerry wrote:
>
> > Anyone know anything about the Yoggie Pico (www.yoggie.com)? It
> > claims to do much more than the Ironkey, though the language is a
> > bit less "marketing-speak". On the other hand, once I got through
> > the marketing stuff to the technical discussions at Ironkey, I ended
> > up with much more in the way of warm fuzzies than I do with Yoggie.
> >
> > -- Jerry
>
> Effectively, it's just an offload processor in fancy dress.
>
> It relies on diverting all your network traffic out to the USB and
> back just before/after the NIC, which it presumably has to do with
> some sort of filter driver, so it's subject to all the same problems
> vs. malware as any desktop pfw.
>
> Unless your box is so overloaded that the pfw is starved of cpu
> cycles, I can't see the use of it myself.
>
If done properly -- i.e., with cryptographic protection against new
firmware or policy uploads to it -- it's immune to host or user
compromise as a way to disable the filter.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list