none of that helps against a compromised machine.
Actually, it does.
You may fool an attacker into thinking that he hacked all the layers, while he only hacked top 2 of them.
Maybe we are misunderstanding eachother, but what do you think gets captured by a keylogger running on the *host* where you open a VM in a VM in a VM via a VNC session and you type in a TrueCrypt password, anywhere? Bonus points for guessing the same for what happens if you press PrtScr.
Quote from: ShadowOfHarbringer
Security by obscurity + surprise element.
Security by self delusion is a new one
Although, noooobody expects Self Delusion! We have two VMs.. no, we have three VMs! Wait, I'll come back in again. ... Chief amongst our surprises are such elements as TrueCrypt, VMs...Quote from: ShadowOfHarbringer
Also, a possible attacker may not be prepared for task of this level of complexity.
Security by underestimating your opponent is another good one.
I think for half a million an attacker will do push ups, run around the block every morning and wear double D in broad daylight, or alternatively pay 10k to a bunch of people who are quite prepared already.
Quote from: ShadowOfHarbringer
Generally my thinking is that you can create multiple levels of complexity and every one of the makes it more difficult for the attacker to hack you.
A hall of mirrors is so Commodore 64
The object of security is not complexity, in fact the simpler you can make the more secure, because the less components can contain additional vulnerabilities. This happened: firewalls containing problems which made the machine less secure than without them. Virus scanners that kill your data due to false positives etc.Quote from: CharlieContent
Poirot is Belgian. 
Yes, and in this case instead of complaining he would point out the murderer of the joke..
