On May 6, 2013, at 7:56 AM, Richard Gaskin <[email protected]> wrote:
> Andrew Kluthe wrote: >> Was it not mentioned long ago that a password protected stack's script and >> custom properties could be accessed in memory while it is running in a >> stand alone? So your data was probably never as secure as you really >> thought it was. Thank you for your comments Richard. I never thought my data was profoundly secure. The level of security was acceptable to me. This stack was never a standalone -- I don't know if that's relevant. Like I said, I am mostly concerned about identity theft by a fairly ordinary criminal, with a little technical knowledge, if the machine were lost or stolen, while asleep (requiring a login password to wake) or shut down. On May 6, 2013, at 6:58 AM, Paul Hibbert <[email protected]> wrote: > It seems if you have $995 to spare you can access almost any password > protected file or volume, so they say. Thanks, Paul. If someone obtained my lost or stolen machine, he could easily make a profit on the invested $995 by stealing my identity and those of others, if he were a skilled and highly motivated identity thief. On the other hand, he would have to know my machine held all that sensitive information. Otherwise, he would not want to invest the $995. Few thieves want to invest money in a theft. They want quick cash. I'd be more concerned about a crooked technician. Even then, dishonest technicians are going to pick the low-hanging fruit. They aren't going to invest $995, hoping to make a profit. On May 6, 2013, at 7:39 AM, Andrew Kluthe <[email protected]> wrote: > As for the documentation on those encrypt/decrypt commands, they seem > pretty straight forward. > get "bla" > encrypt it using "blowfish" with "1234567" > put it Thank you, Andrew. Sure, it's possible I will figure out how to script these commands. I don't get your example. As far as I can tell, it's worthless if anyone can look at the relevant script to discover the encrypting keys. But let's save that for another thread. Getting back to my original question. I should have been more precise and concise. Mostly, I'm trying to understand how secure, or insecure, my machine is, if lost or stolen, if protected only with a login password. I'll repeat my main questions: On May 5, 2013, at 11:29 PM, Timothy Miller <[email protected]> wrote: > 1-If my machine is lost or stolen, while shut down, how hard would it be to > get past the log-in password, to my relatively insecure "rolodex" stack? How > does one get past the log-in password? (for this question and the next two, > assume FileVault is turned off.) > > 2-If I set up an administrator account for technicians, with a different > log-in password, how hard would it be for the technician to get past the > log-in password for my user account? > > 3-In recent versions of the OS, does my log-in password protect the hard disk > when it's removed from my machine? How hard is it to defeat that protection? > > 4-Given that you can't use my machine to launch a nuclear missile, do I > really need the ultra-secure protection provided by FileVault? Thanks in advance, Tim Miller _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
