On Sat, Jul 30, 2011 at 12:29:24AM +0900, 夜神　岩男 wrote:

> Coming originally from secret squirrel land, one of the cardinal 
> security rules for us was simply "If the attacker has physical access, 
> you don't have security".

I would say "... you have much less security".  No security is just
not true.  Doing all the things Dag said and using encrypted filesystems
provides a certain security level even when physical access.

> Physical acces to a system is where coded security gives way in absolute 
> terms to physical security measures. But again, that is if we're talking 
> about serious security environments and almost none of our use cases 
> probably represent that -- so we're left simply balancing usability vs 
> security like normal people.

The assumption "almost none of our use cases probablt represent that" is
a very bad starting point.  Probably the people that completely fucked
up GNOME (GNOME3 in Fedora 15 is almost unusable for most people I know)
had a similar thought when they destroyed the GNOME desktop.

-- 
--    Jos Vos <[log in to unmask]>
--    X/OS Experts in Open Systems BV   |   Phone: +31 20 6938364
--    Amsterdam, The Netherlands        |     Fax: +31 20 6948204