At 12:52 PM 10/31/02, The Fool wrote:
http://www.kuro5hin.org/story/2002/10/29/184031/40The Great Security Panic (Op-Ed) By mingofmongo Thu Oct 31st, 2002 at 07:07:22 AM EST After a good solid 40+ years of handing our credit card info to minimum-wage workers at stores that don't shred anything and often throw out this info in dumpsters in the alley - we are now taking a rather inexplicable interest in the security of information that is strongly encrypted from end to end. Do we really need more security in home computers, and on the net in general, or is this just a bunch of greedy nerds trying to flex their geek-muscles in public? Is this a legitimate concern, or just sheep being fattened up for the slaughter? Is my sarcasm coming through, or are you really unsure of my stance on the issue? Observe two criminals. Each one wants your stuff. Criminal A is sitting at home in his underwear staring at a computer monitor. Criminal B is sitting in a van across the street from your house. A has to gain access to the network your computer is often on. This may or may not be easy. Best case (for A) is that he is on the same 'last mile' as you and is simply there with you. Worst case is that he has to hack his way across several networks to a machine on your network. B just waits until you aren't home. A's options at this point are to try to get into your machine, or just sniff your network traffic. Breaking into your machine requires either guessing authentication info from things A knows about you or by analyzing network traffic in hopes of getting some info, or by making use of a security hole (bug) that may or may not exist on your system, and may or may not have been fixed. If A is really sneaky, he may try to trick you into installing something that makes his job easier, but you need to be really stupid for this. B's options are: pick a lock, break a window or break a door with a big hammer. A must take care to clean all logs on each machine he has used in this process, and any logging routers he passes through if he wants to cover his trail adequately. B should wear gloves, and keep his visit short. A will learn the contents of your grocery list, the love letters you wrote to your bosses wife, all those digital camera photos of your cat
You mean "A" is one of the at most three people in the world with access to a computer to whom I haven't already sent multiple photos of my cats?
and if you are really dumb, he may get a credit card number. He may or may not get the expiration date, which makes it useful. If A just sniffs the network, he will get those love letters again, the cat photos you sent to your cousin, and a big garbled mess of encrypted data from your last Internet purchase. If A is skilled, and has a fast machine, he might crack this encryption over a period of 10-20 months if at all, and then you may be out the $50 you are responsible for in case of fraud. Meanwhile, B has just stolen your computer, your jewelry, the mad-money in the soup can, your DVD collection and your favorite velvet Elvis painting. Not surprisingly, more people have more stuff stolen from them in real life than on-line, by a very wide margin. The fact is, if you aren't a complete schmuck, you have very little to loose to a hacker as long as you don't keep important data on your machine, and you don't send it insecurely. You have absolutely no need for "palladium" or any other heavy metals to protect data you are not being careless with. The fact is, you are not even a target. You, as a normal computer user, are the most un-interesting person on earth to a hacker. You don't have anything they want. There is not likely anything they can use or learn from on your machine. You do not likely have any porn
Not even kitty porn!
that they can't get for free on Usenet. They don't want your financial info, when they can go dumpster diving for 20 or 30 cardz in a night. The answer is not draconian security measures that you will not benefit from at all.
Simply put, To defend against "A", you need PGP. To defend against "B", you need S&W.
The answer is to use the same logic that keeps you from eating food you find laying in the street. At some point, you were probably taught that it is bad to eat candy-bars you find laying on the ground. At some slightly later point, you realized that this was good advice. I'm betting that the vast majority of my gentle readers do not on a regular basis, eat food they find laying in the street. You just don't do it. There is no intestinal security device that keeps you from putting trash in your mouth - you just don't do it.
However, a sufficient quantity of EtOH can quite effectively circumvent that intestinal security device . . .
--Ronn! :)
I always knew that I would see the first man on the Moon.
I never dreamed that I would see the last.
--Dr. Jerry Pournelle
_______________________________________________
http://www.mccmedia.com/mailman/listinfo/brin-l
