Keeping private data private WAS: Shifty Shell Prompts
From: Ben Scott dragonh...@gmail.com Date: Thu, 16 Apr 2009 15:27:45 -0400 On Thu, Apr 16, 2009 at 12:31 PM, virgins...@vfemail.net wrote: ... we can encrypt anything that might be incriminating ... http://xkcd.com/538/ Heh. I was half expecting to find a NSFW cartoon involving rubber hose... But really, in this day and age, our personal data can be protected beyond all practical means to obtain it. With steganographic techniques, we can hide our data such that nobody can prove that data even exists. The technology available to FOSS users today rivals that of the military. Beyond cryptography... we have industrial-grade IP firewalling, stack-protecting compilers, SE Linux (nod to the NSA), support for GPS, wireless (including ham) networking, on and on. The IT accessible to our government used to be leaps and bounds beyond that available to the private citizen. Now, it's only leaps ahead... and thanks in large part to the FOSS movement. Of course, FOSS has also empowered services like Google, which threaten to erode all the privacy which our technology is now able to protect. But, that's a whole other issue. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Keeping private data private WAS: Shifty Shell Prompts
On Thu, Apr 16, 2009 at 6:24 PM, virgins...@vfemail.net wrote: http://xkcd.com/538/ But really, in this day and age, our personal data can be protected beyond all practical means to obtain it. Again, http://xkcd.com/538/. The weakest link in security has always been the human element. Advances in crypto or other technology don't change that. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Keeping private data private WAS: Shifty Shell Prompts
Ben Scott dragonh...@gmail.com writes: On Thu, Apr 16, 2009 at 6:24 PM, virgins...@vfemail.net wrote: http://xkcd.com/538/ But really, in this day and age, our personal data can be protected beyond all practical means to obtain it. Again, http://xkcd.com/538/. The weakest link in security has always been the human element. Advances in crypto or other technology don't change that. My friend-of-a-friend story for this is that a friend of mine who knows a guy who knows a guy who knows a guy in the FBI or NSA or something (even if I could remember which group it's supposed to be, what's the certainty at 5 degrees?) says: Nobody in the secrets-business bothers *cracking encryption*--the just break into your house and install bugs. If the data in your computer is of an interest, they can open your computer and install keyboard-sniffers and whatever other sorts of bugs are relevant there, too. -- Don't be afraid to ask (Lf.((Lx.xx) (Lr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Keeping private data private WAS: Shifty Shell Prompts
On Thu, Apr 16, 2009 at 7:51 PM, Joshua Judson Rosen roz...@geekspace.com wrote: Nobody in the secrets-business bothers *cracking encryption*--the just break into your house and install bugs. I can speak with some experience here. When working with computers processing classified national security information, encryption of data within trusted computing systems is not something that I've seen much evidence of. Encryption is used to protect transport over untrusted mediums (e.g., communications lines), but once it gets to the trusted computer it's all in the clear. The security put in place around trusted systems, however, is quite intense. Lock the hard disk inside a safe inside a locked room inside a locked building on a guarded complex with multiple levels of surveillance and intrusion-detection systems. The really sensitive stuff gets 24/7 armed guards. The host doesn't communicate with the Internet or other untrusted networks. At all. Ever. Often it's an air gap firewall. If an untrusted network is used to support an encrypted tunnel, special equipment is used, separate from the host, to make sure the host only talks over the crypto tunnel. Mixed levels of security on a single system is quite rare, and typically not allowed on any OS you or I have ever used. Everyone who works with this stuff is investigated before being cleared. Be prepared to document every aspect of your life for the past ten years. Where you lived, where you worked, where you went to school, who you knew. Get it right, because if they find discrepancies they'll grill you over them. Remember the armed guards? It gets better. The really, really sensitive stuff is only opened with at least two people present (two person integrity). The really, really, *REALLY* sensitive stuff is guarded by two people at all times, and the people don't know who they'll be working with when until their assignment starts (two person control). Notice the focus in the above? None of it is technological sophistication; it's all about the human/physical element. But don't worry. I'm sure PGP will save the world. (Just to be fair: Crypto is useful, and has lots of applications. It's just not a cure-all, and can't help with most of the big security weaknesses one sees in the real world.) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/