Crypto dongles to secure online transactions

Rob Townley rob.townley at
Mon Nov 16 13:39:03 EST 2009

On Wed, Nov 11, 2009 at 9:53 AM,  <dan at> wrote:
> Matt Crawford writes:
> -+-------------------
>  | Imagine a couple of hundred million devices with updatable
>  | firmware on them, and one or more rogue updates in the wild.
> So should or should not an embedded system have a remote
> management interface?  If it does not, then a late discovered
> flaw cannot be fixed without visiting all the embedded systems
> which is likely to be infeasible both because some will be where
> you cannot again go and there will be too many of them anyway.
> If it does have a remote management interface, the opponent of
> skill focuses on that and, once a break is achieved, will use
> those self-same management functions to ensure that not only
> does he retain control over the long interval but, as well, you
> will be unlikely to know that he is there.
> This leads to a proposal on what to do about the future:
> Embedded systems, if having no remote management interface and
> thus out of reach, are a life form and as the purpose of life is
> to end, an embedded system without a remote management interface
> must be so designed as to be certain to die no later than some
> fixed time.  Conversely, an embedded system with a remote
> management interface must be sufficiently self-protecting that
> it is capable of refusing a command.

Almost every U.S.A. based bank that i have used own several physical
branch locations.  Maybe
your country is different.  Disable the service until the customer
physically brings in the old hardware to be replaced with a new one to
eliminate need for remote management.  Our planet has too much
electronic garbage to build permanent preprogrammed death.

> Long live HAL,
> --dan
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list