http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Reviews
Link: Secure Mac and Linux authentication (http://www.macbytes.com/link.php?sid=20050601094913)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

Some useful info, and useful ammunition against some IT people's false objection that Macs and Linux lack secure authentication options.

And all wrapped in the author's list of reasons why he personally chooses to boycott Apple and Mac OS X :rolleyes:

* Macs cost too much (in which case PCs do too once you add the stuff the cheap ones are missing)

* Lawsuits against bloggers (aka ThinkSecret to uncover theft of trade secrets, which the courts have sided with even though TS does have a good lawyer--and they've sided with Apple WITHOUT even having to touch the journalism issue)

* First-generation iPods from years ago get less battery life than current-generation products from other companies?

* iTunes Music Store uses DRM (no doubt this is Apple's choice, not the RIAAs, while Microsoft and Intel are innocent of using DRM)

Must have felt good for him to get all that irrelevance out of his system :o

good for the future, but hard to move all at once.

the only place i have ever worked with a strict pc locking policy was at a bank, one of the biggest.

if u didnt lock your nt4 work station, u could practically get fired.

so, this is cool, we can now lock mac work stations, etc... but companies that will use this, in my opinion, are big banks, gov agencies, etc...

and those companies arent about ready to dump thier as400s in the basement for some new child on the block

i know they wont and are not, becuase i currently work for a ibm business partner, and the bank i worked for, is one of our customers. and their still working with all IBM gear.

this is not a flame, its great to see this, and if i get my company off the ground, id probably get it. im not working with banking materials or such, but security is important to me and this would help.

that, and its cool :) think the article said u could use the same key for the pc as for the doors. thats pretty cool

anyone got a card reader for the iginition of a car ?

-Mario

anyone got a card reader for the iginition of a car ?

A Prius is pretty close...

Using the same card as security for both the doors and the PC sounds great and all until you realize that booting someone's card off of them would allow you not only access to their facilities, but to all their data as well. I'll stick with separate options, thanks.

I personally think at least the idea of the Thinkpad fingerprint reader is very trick.... If it works reliably (I haven't used one), I think it would be a sweeeet addition to the powerbook line. And everyone knows that Apple doesn't mind borrowing notebook features from IBM...there are worse people to borrow from! *cough* hard drive drop protection *cough* :D

I understand that up until recently it has been the internal security features or lack of that has kept Apple out of Banks and and the corporate world. The internal security features required for the graphics or creative arena are somewhat less than for a bank or corporate which is why Apple probably hasnt been to concerned of late.

Using the same card as security for both the doors and the PC sounds great and all until you realize that booting someone's card off of them would allow you not only access to their facilities, but to all their data as well. I'll stick with separate options, thanks.
Encryption cards should be used in addition to passwords, not in place of them.

Security people will tell you that there are three categories for identifying a user - what he knows (e.g. password), what he has (e.g. key) and what he is (e.g. biometrics). Secure systems should use at least two of the three.

Relying on just one of the three (any one) is a potential vulnerability. Passwords can be stolen (keystroke loggers, eavesdropping, etc.), keys can be lost or stolen, and biometrics can be fooled. It's harder (but obviously not impossible) to break in to the system if you have to get past two or all three kinds of identification.

As for door locks, I once worked in a secure facility. The secure doors required both a PIN and a card-swipe. So someone stealing your card can't have instant access to the facility.

And everyone knows that Apple doesn't mind borrowing notebook features from IBM...there are worse people to borrow from! *cough* hard drive drop protection *cough* :D

I think--but maybe someone can correct me--that IBM drop-protection uses a special drive with that built-in. Apple, on the other hand, is supposedly the first to offer a LAPTOP with a drop-sensor and the ability to use ANY drive. More efficient, flexible, and cheaper, then. A similar end result, but not entirely "borrowing" what was done before.

Anyone know the details of that?

I think--but maybe someone can correct me--that IBM drop-protection uses a special drive with that built-in. Apple, on the other hand, is supposedly the first to offer a LAPTOP with a drop-sensor and the ability to use ANY drive. More efficient, flexible, and cheaper, then. A similar end result, but not entirely "borrowing" what was done before.

Anyone know the details of that?


Right. Any hard drive, same drop protection. They "use the motion sensor as a general purpose input device, and provides software to [do the rest]"

"AMS is an integrated feature of the main logic board, and is not tied to a specific disk drive."

http://www.kernelthread.com/software/ams/

Ahhh...nice. I still love the integrated biometric scanner... :)

* iTunes Music Store uses DRM (no doubt this is Apple's choice, not the RIAAs, while Microsoft and Intel are innocent of using DRM)

Wonder if he now hates Intel as much he hates Apple:
Pentium D ships with built-in DRM (http://forums.macrumors.com/showthread.php?t=129103)

Wonder if he now hates Intel as much he hates Apple:
Pentium D ships with built-in DRM (http://forums.macrumors.com/showthread.php?t=129103)
I would start boycotting Intel-based PCs over this, except I've been avoiding them for years already due to their high prices. (When I build PCs, I only choose AMD-based systems. Same performance, much lower price. And now, no DRM in the CPU.)