Date: Sun, 30 Dec 2001 09:36:45 -0600 (CST) From: Tina Bird <[EMAIL PROTECTED]> Subject: RE: [LIB] Re: Windows XP again
More importantly, in re being paranoid, Bruce Schneier is my CTO (I'm a security architect at Counterpane), and the book Neil's referring to is called "Secrets and Lies" and is a very good read. On Sun, 30 Dec 2001, neil barnes wrote: > Date: Sun, 30 Dec 2001 15:08:29 > From: "neil barnes" <[EMAIL PROTECTED]> > Subject: RE: [LIB] Re: Windows XP again > > > >Date: Sat, 29 Dec 2001 21:15:10 -0600 > >From: "phillip ramirez" <[EMAIL PROTECTED]> > >Subject: RE: [LIB] Re: Windows XP again > > > <snip> > >worry about?? If you don’t do anything ilegal you have nothing to worry > >about > > > > Ah, that old chestnut again - I don't do anything illegal, so I have nothing > to worry about! Only, I think I do...I have to worry about my privacy, I > have to worry about my ability to do something illegal if I decide it's > necessary, I have to worry about people performing illegal acts using *my* > computer as a conduit, I have to worry about governments performing illegal > acts on or through my computer...include the word Echelon and make them work > harder! > > I'm not enamoured of the theory that simply because a government *can* > monitor my communications it should be allowed to - if a government wants to > look inside my computer it can damn well get a search warrant - and if I > happen to have encrypted it, I see no reason why I should unencrypt for > them. > > </rant> > I should probably point out that when I was first looking for work in the > late 70s, I was simultaneously offered four jobs, two of which involved > signing the official secrets act (now there's a good one - it applies > whether you sign it or not, and can be applied retrospectively) and the one > I took involved positive vetting: are you now or have you ever been a member > of the communist party? Your parents? Your grandparents...etc > > On computer security, I'd recommend Bruce Scheier (SP?) in particular his > latest (iirc Digital Secrets) which points out that human factors are much > more significant to security than technological ones. > > It seems to me that there are various scenarios why a person at large (i.e. > us!) might be at risk: > > o Personal data: look for passwords and such in browser caches, maybe > addresses and credit card numbers, and also for personal correspondence in > /My Documents, bank details for bank on line etc > > o Second hand attacks - using your machine to launch a DNS or point attack > on a third computer to disguise the origin of the attack > > o Exposed mailer attacks - launching junk mail through your computer, again > to disguise the point of attack > > o Malice attacks on you, irrespective of who you are - virus and worm > attacks > > These last of these is made particularly easy by the construction of > commonly used windows software - in particular the bizarre conceit that > executables enclosed in mail messages or on web sites should be immediately > executed at system level - and can only be stopped by never reading mail (or > indeed usenet messages) in anything other than text only and never executing > code you can't verify. > > The middle two are opportunity attacks - script kiddies who probably don't > realise *they're* being used - and require the security updates to be in > place to prevent them. > > The first is the one that concerns most people and is probably the least > significant - and easily cured by not using default directories, encrypting > files, clearing caches, and using a secure wipe on the disk. > > Note that none of these require a virus checker... > > Just my E0.02 - I'm sure that Tina can illucidate much more clearly than I, > she's paid to be paranoid! > > Neil > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > > > ************************************************************** > http://libretto.basiclink.com - Libretto mailing list > http://libretto.basiclink.com/archive - Archives > http://www.picante.com/~gtaylor/portable/faq.html - FAQ > -------TO UNSUBSCRIBE------- > Reply to any of the list messages. The reply mail should be > addressed to: [EMAIL PROTECTED] - Then replace any text > on the message's subject line: cmd:unsubscribe > --------TO UNSUBSCRIBE DIGEST------ > Do above but with this on subject line: cmd:unsubscribe digest > ************************************************************** > ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://libretto.basiclink.com/archive - Archives http://www.picante.com/~gtaylor/portable/faq.html - FAQ -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
