Date: Sun, 30 Dec 2001 15:08:29 From: "neil barnes" <[EMAIL PROTECTED]> Subject: RE: [LIB] Re: Windows XP again
>Date: Sat, 29 Dec 2001 21:15:10 -0600 >From: "phillip ramirez" <[EMAIL PROTECTED]> >Subject: RE: [LIB] Re: Windows XP again > <snip> >worry about?? If you don’t do anything ilegal you have nothing to worry >about > Ah, that old chestnut again - I don't do anything illegal, so I have nothing to worry about! Only, I think I do...I have to worry about my privacy, I have to worry about my ability to do something illegal if I decide it's necessary, I have to worry about people performing illegal acts using *my* computer as a conduit, I have to worry about governments performing illegal acts on or through my computer...include the word Echelon and make them work harder! I'm not enamoured of the theory that simply because a government *can* monitor my communications it should be allowed to - if a government wants to look inside my computer it can damn well get a search warrant - and if I happen to have encrypted it, I see no reason why I should unencrypt for them. </rant> I should probably point out that when I was first looking for work in the late 70s, I was simultaneously offered four jobs, two of which involved signing the official secrets act (now there's a good one - it applies whether you sign it or not, and can be applied retrospectively) and the one I took involved positive vetting: are you now or have you ever been a member of the communist party? Your parents? Your grandparents...etc On computer security, I'd recommend Bruce Scheier (SP?) in particular his latest (iirc Digital Secrets) which points out that human factors are much more significant to security than technological ones. It seems to me that there are various scenarios why a person at large (i.e. us!) might be at risk: o Personal data: look for passwords and such in browser caches, maybe addresses and credit card numbers, and also for personal correspondence in /My Documents, bank details for bank on line etc o Second hand attacks - using your machine to launch a DNS or point attack on a third computer to disguise the origin of the attack o Exposed mailer attacks - launching junk mail through your computer, again to disguise the point of attack o Malice attacks on you, irrespective of who you are - virus and worm attacks These last of these is made particularly easy by the construction of commonly used windows software - in particular the bizarre conceit that executables enclosed in mail messages or on web sites should be immediately executed at system level - and can only be stopped by never reading mail (or indeed usenet messages) in anything other than text only and never executing code you can't verify. The middle two are opportunity attacks - script kiddies who probably don't realise *they're* being used - and require the security updates to be in place to prevent them. The first is the one that concerns most people and is probably the least significant - and easily cured by not using default directories, encrypting files, clearing caches, and using a secure wipe on the disk. Note that none of these require a virus checker... Just my E0.02 - I'm sure that Tina can illucidate much more clearly than I, she's paid to be paranoid! Neil _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://libretto.basiclink.com/archive - Archives http://www.picante.com/~gtaylor/portable/faq.html - FAQ -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
