For us to have a safer computing experience, we must have a secure way to accept authentication and other things.
1. we need a PDA with USB networking capability for carrying arround data... USB keys are not safe. Our Mobile keys should be on the PDA, and if we are at an unknown computer, we should be able to plug our PDA into it, and do the signing on the device, with absolutely no way for the computer to hack into it.
2. We must start signing and checking up on the signatures of the email. There is no excuse for not using a signed email.
3. We must have our own web server , for our own data. Google, Yahoo and MSN could host a copy, or be mirroring services
4. There should be a portion of the screen, or a second monitor, that ONLY the root user can access. There is a hardware problem with accelerated video on many cards though, the video consumes the entire screen, and therefore allows for spoofing of the UI. I suppose there could be a measure where if a program consumes the entire screen, it cannot do anything with the cursor, and can always be exited with a certain key combination. There could be other sandboxing measures.
Basically, I envision the taskbar and system tray as being that service. Notifications of user logins and other security related items should be displayed down there. kdesu and kdesudo should display their messages entirely within that space. The taskbar should indicate the user that the process is running as.
4. Clear computers should allow people to see key logging devices.
5. All computers should have bios passwords, and some sort of tamper evident hardware seal. It would be nice if more user authentication occurred before the computer logged all the way into the OS. That way one single login could bring up the UI much quicker, and basic rights to boot the computer go with the user, so multiple users could be granted administrator, others could be allowed to boot from CD and other devices, and others from only a certain OS. This might be implementable in GRUB, and probably actually is..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment