Re: [LINK] UN declares that the right to privacy,
When you can communicate via email to someone who is not technical then maybe but at the moment, gpg/pgp is not ready for non-tech use. Even techs find it hard to use. On 2013/Dec/18, at 10:27 PM, Karl Auer wrote: On Wed, 2013-12-18 at 21:35 +1100, Kim Holburn wrote: Indeed Jim, you and anyone can have state-of-the-art email privacy right now, without doing anything radically difficult or special. If you can find a secure email server. Not necessary - just use PGP. Or a certificate from a CA you actually trust (hint: there are none worthy of your trust). Yes, GPG/PGP is a (slight) pain to set up. Yes, you need to arrange a public key exchange before you can exchange secure emails. Yes, some email programs don't integrate it very well. But you CAN have a secure email exchange with someone if you want it, at the cost of a little setup work. This does not protect the fact of an email exchange, the time of the exchange, the received list and so on, but it completely protects the content of the message. Not even the administrators of the servers your email passes through or is stored on can access the content. You still have to trust the server. Not with GPG/PGP. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link -- Kim Holburn IT Network Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:k...@holburn.net aim://kimholburn skype://kholburn - PGP Public Key on request ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] UN declares that the right to privacy,
On 18/12/13 6:10 PM, step...@melbpc.org.au wrote: And right now breaking https takes time and processing grunt If https was secure, the NSA wouldn't allow it to exist. ...R. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On 18/12/13 08:03, Dr Bob Jansen wrote: ... ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. ... These fobs do provide a high level of security, if they have not been compromised. St George bank uses a lower cost approach, where their system sends a code by SMS to the customer's phone, to verify the first high value transfer to a new account. This has the added advantage that if the customer did not initiate the transaction they would know something was wring when they got an SMS from the bank. -- Tom Worthington FACS CP, TomW Communications Pty Ltd. t: 0419496150 The Higher Education Whisperer http://blog.highereducationwhisperer.com/ PO Box 13, Belconnen ACT 2617, Australia http://www.tomw.net.au Liability limited by a scheme approved under Professional Standards Legislation Adjunct Senior Lecturer, Research School of Computer Science, Australian National University http://cs.anu.edu.au/courses/COMP7310/ ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On 2013-12-18 15:23 Dr Bob wrote: As I said in my original email, ING and CitiBank required the use of a token and each have provided a RSA fob. Sorry for the spam then - I should have read your email more closely before responding! As an aside, ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. I wonder as well if having a fob to generate a one time password is more secure (not ignoring the fact that RSA got hacked a some time ago). Westpac will also provide an RSA SecurID fob for authorisation of withdrawals over a certain user-defined amount, though I think I had to request one. The RSA attack was over two years ago I believe and involved theft of the database which maps each fob serial-number to its seed, so any SecurID device manufactured since shortly afterwards should be reasonably safe. Thanks for your email though. Also thanks for everyone else who have made suggestions. I am looking at Tails and that seems an interesting option but nothing is really secure I guess. I just have to keep a wary eye on the accounts. I have never had any hack into my Internet banking in the 16-odd years I've had accounts (touch wood...) however I moved away from Windows many years ago and I wouldn't have an account without something-you-have access control. If you feel able to speak about it I'd be interested to know if, and how willingly, the bank involved made up the amount of the theft? I haven't seen any recent statistics on such crimes, but I'm amazed that the level of theft hasn't made Internet banking very much more expensive. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] UN declares that the right to privacy,
On 18 December 2013 18:10, step...@melbpc.org.au wrote: Maybe. Although I respect this opinion, personal responsibility matters. I have a quote on this that I lifted from somewhere :) Auer's Theorem: Any solution that involves everybody will fail. I might be misrepresenting Karl but to me this means a solution that only works if everyone takes individual action will have no chance. Especially when 99% of the population don't know what they have to do, or why. - Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] UN declares that the right to privacy,
On Thu, 2013-12-19 at 09:19 +1100, Bernard Robertson-Dunn wrote: On 18/12/2013 10:27 PM, Karl Auer wrote: This does not protect the fact of an email exchange, the time of the exchange, the received list and so on, but it completely protects the content of the message. Not even the administrators of the servers your email passes through or is stored on can access the content. Why use email at all? PGP over ftp? Of course you can GPG-encrypt your message then place it on an FTP server or similar for download, but that's way less convenient than email, and doesn't hide any more than email does. The time of the upload, the fact of the upload, the size of the upload etc are all visible. The correspondents are visible too, because information about downloads would also be visible. It's pull rather than push, but does that matter if it's less visible? It's not less visible. How much of a trail does ftp leave? In the logs - as mush as the site admin wants. Sniffable - anything except the encrypted content. Same as email. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A Old fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017 ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
From the behaviour of banks we might infer: (1) Multifactor identification is too hard for a proportion of their customers (2) The actual level of successful hacking is passably low (3) So, it is simpler to run suspicious activity monitors and guarantee accounts - Jim On 19 December 2013 10:23, David Lochrin dloch...@d2.net.au wrote: On 2013-12-18 15:23 Dr Bob wrote: As I said in my original email, ING and CitiBank required the use of a token and each have provided a RSA fob. Sorry for the spam then - I should have read your email more closely before responding! As an aside, ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. I wonder as well if having a fob to generate a one time password is more secure (not ignoring the fact that RSA got hacked a some time ago). Westpac will also provide an RSA SecurID fob for authorisation of withdrawals over a certain user-defined amount, though I think I had to request one. The RSA attack was over two years ago I believe and involved theft of the database which maps each fob serial-number to its seed, so any SecurID device manufactured since shortly afterwards should be reasonably safe. Thanks for your email though. Also thanks for everyone else who have made suggestions. I am looking at Tails and that seems an interesting option but nothing is really secure I guess. I just have to keep a wary eye on the accounts. I have never had any hack into my Internet banking in the 16-odd years I've had accounts (touch wood...) however I moved away from Windows many years ago and I wouldn't have an account without something-you-have access control. If you feel able to speak about it I'd be interested to know if, and how willingly, the bank involved made up the amount of the theft? I haven't seen any recent statistics on such crimes, but I'm amazed that the level of theft hasn't made Internet banking very much more expensive. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On 19/12/2013 8:33 AM, Tom Worthington wrote: These fobs do provide a high level of security, if they have not been compromised. St George bank uses a lower cost approach, where their system sends a code by SMS to the customer's phone, to verify the first high value transfer to a new account. This has the added advantage that if the customer did not initiate the transaction they would know something was wring when they got an SMS from the bank. Trouble with mobile phone/SMS is that it relies on the phone number, still being in the correct hands. There have been several articles about prepared thieves using mobile number portability to move the target's number to a device in their own hands - and then the SMS falls in the wrong hands as well. P. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On 18/12/13 15:23, Dr Bob Jansen wrote: I don't think ANZ offers the token option, at least they have not mentioned it to me when I discussed my coming to Korea with them. At 15:33 +1100 18/12/13, Hamish Moffatt wrote: No, not yet for personal customers. Annoying While we're handing out brickbats to major banks ... NAB has only a single one-time password mechanism - SMS to mobile. I have no mobile phone. So one of the 'four pillars' can't provide a what-you-have authenticator to me. Nor to others who do not have a suitable device. Nor indeed to those sensible people who want to use their mobile for banking, and are not prepared to use the same channel for transmission of what is supposed to be an out-of-channel communication. NAB's 'solution' for such customers is to set a bank-imposed (not customer-selected) daily transaction ceiling ($2500), and preclude use of Internet Banking for overseas data transfers. (The transaction costs involved in switching a mortgage have precluded me from completely abandoning NAB, but of course I now use other FIs more intensively than I use NAB). -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
Jim, I think you are right in one sense. I now have two fobs, one for ING and the other for Citibank. One per account could quickly become very confusing, remembering which was which. Also, my wife has a fob for Citibank, and this is all just too much technology for her. Both fobs look identical and if I had not marked each, would be indistinguishable from each other on the table so the chance of using the wrong fob would be high. Not a major issue but again, an issue of comfortability. I still wonder if a fob to generate a one-time password would be more secure and that could be used for all accounts providing you don't loose it of course or the fob gets cracked. Maybe banks could offer that functionality as an option so an individual could decide on the level of security they were comfortable with. Bobj Dr Bob Jansen Turtle Lane Studios PO Box 26 Erskineville NSW 2043 Australia Ph: +61 414 297 448 Skype: bobjtls http://www.turtlelane.com.au On 19 Dec 2013, at 9:06, Jim Birch planet...@gmail.com wrote: From the behaviour of banks we might infer: (1) Multifactor identification is too hard for a proportion of their customers (2) The actual level of successful hacking is passably low (3) So, it is simpler to run suspicious activity monitors and guarantee accounts - Jim ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On Wed, Dec 18, 2013 at 4:14 PM, Roger Clarke roger.cla...@xamax.com.auwrote: NAB's 'solution' for such customers is to set a bank-imposed (not customer-selected) daily transaction ceiling ($2500), and preclude use of Internet Banking for overseas data transfers. They also offer a number of other options for such transfers, including fax/phone-based authentication/confirmation for transfers that allow for amounts up to $1 million (or potentially more). You can also use BPay to transfer up to $2 million (presuming the destination accepts it, of course). And finally it is (or at least, was) possible to increase the $2,500 limit to something a little higher - it just involves filling in some paperwork. My non-SMS limit is set to $10,000. Scott ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
Where do security/privacy overlap? Who decides? On 19 December 2013 11:02, Scott Howard sc...@doc.net.au wrote: On Wed, Dec 18, 2013 at 4:14 PM, Roger Clarke roger.cla...@xamax.com.au wrote: NAB's 'solution' for such customers is to set a bank-imposed (not customer-selected) daily transaction ceiling ($2500), and preclude use of Internet Banking for overseas data transfers. They also offer a number of other options for such transfers, including fax/phone-based authentication/confirmation for transfers that allow for amounts up to $1 million (or potentially more). You can also use BPay to transfer up to $2 million (presuming the destination accepts it, of course). And finally it is (or at least, was) possible to increase the $2,500 limit to something a little higher - it just involves filling in some paperwork. My non-SMS limit is set to $10,000. Scott ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
[LINK] Security 'vs.' Privacy [Was Re: A security question
At 11:09 +1030 19/12/13, Janet Hawtin wrote: Where do security/privacy overlap? Reject the 'you can have security or privacy - choose one' mythology. It was created by national security extremists to get control of the agenda. There are multiple alternative scope definitions, from data, via the organisation, external users, industry sectors, nations and society, up to the biosphere. All are legitimate. (If defined sensibly, and kept under democratic control, 'national security' included). All have to be traded off against one another. All powers and rights have to be subject to controls. That applies to the security interests of individuals. And it applies even more so to the interests of the very powerful, including and especially intel agencies. http://www.rogerclarke.com/SOS/OECDS-1311.html http://www.rogerclarke.com/EC/WS-1301.html If the question is 'how do privacy and *data* security overlap?', then the way I've always put it is that 'data security is about 1/12th of privacy'. That's intentionally glib (for radio and TV, and attention-grabbing). It's justifiable on the basis that 'data security' is covered by just one of the c. 12 Principles that make up data privacy protection. -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
At 11:06 +1100 19/12/13, Jim Birch wrote: From the behaviour of banks we might infer: (1) Multifactor identification is too hard for a proportion of their customers (2) The actual level of successful hacking is passably low I think that factor needs re-phrasing, e.g.: (2) The level of successful hacking that costs banks serious money or material reputational harm is sufficiently low. Costs can arise from: - refunds that can't be charged on to someone else - seldom? - handling complaints Reputational harm can arise from: - customers churning away from that particular bank faster than they churn inbound - a media stink that is sustained over 2-4 years, and becomes serious enough for regulators to start asking awkward questions (3) So, it is simpler to run suspicious activity monitors and guarantee accounts ___ On 19 December 2013 10:23, David Lochrin dloch...@d2.net.au wrote: On 2013-12-18 15:23 Dr Bob wrote: As I said in my original email, ING and CitiBank required the use of a token and each have provided a RSA fob. Sorry for the spam then - I should have read your email more closely before responding! As an aside, ING and Citibank have provided me with an RSA fob to verify who I am in certain transactions. I wonder as well if having a fob to generate a one time password is more secure (not ignoring the fact that RSA got hacked a some time ago). Westpac will also provide an RSA SecurID fob for authorisation of withdrawals over a certain user-defined amount, though I think I had to request one. The RSA attack was over two years ago I believe and involved theft of the database which maps each fob serial-number to its seed, so any SecurID device manufactured since shortly afterwards should be reasonably safe. Thanks for your email though. Also thanks for everyone else who have made suggestions. I am looking at Tails and that seems an interesting option but nothing is really secure I guess. I just have to keep a wary eye on the accounts. I have never had any hack into my Internet banking in the 16-odd years I've had accounts (touch wood...) however I moved away from Windows many years ago and I wouldn't have an account without something-you-have access control. If you feel able to speak about it I'd be interested to know if, and how willingly, the bank involved made up the amount of the theft? I haven't seen any recent statistics on such crimes, but I'm amazed that the level of theft hasn't made Internet banking very much more expensive. David L. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On Wed, Dec 18, 2013 at 4:25 PM, Roger Clarke roger.cla...@xamax.com.auwrote: (2) The actual level of successful hacking is passably low I think that factor needs re-phrasing, e.g.: (2) The level of successful hacking that costs banks serious money or material reputational harm is sufficiently low. Rephrase it however you want, it's wrong. Whilst it's true that some banks have relatively low losses, many do have very real losses. I was talking to one particular bank recently who was losing over a million dollars a week due to Internet Banking fraud. This certainly puts them at the high end of the scale, but they certainly aren't unique. From what I've heard the Australian banks have less of a problem than those in many other countries, but it's only a matter of time. The challenge for the banks is exactly what's being discussed - how to balance the impact to the user of additional security, v's the cost of the fraud occurring. There are numerous products that banks use to attempt to detect/block fraudulent logins and transactions - many of which are either somewhat or even completely transparent to the end user - but at the end of the day no product works perfectly. Scott ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy [Was Re: A security question
On 19 December 2013 11:35, Roger Clarke roger.cla...@xamax.com.au wrote: At 11:09 +1030 19/12/13, Janet Hawtin wrote: Where do security/privacy overlap? Reject the 'you can have security or privacy - choose one' mythology. I am playing an online computer game. It used to have trouble with bot players distorting the economy. It does not now. Other players said that the game can now check if the computer is running a bot through the Windows desktop. I thought that was interesting. Facebook. Political parties have people liking them or not. Campaigns for civil rights, through Facebook and other sites. People liking companies and products. Music, film, books each other Twitter ongoing opinions and connections Phone apps pick a topic.. Customised search results. Meanwhile cases are being fought to have evidence in camera for motorbike groups. TPP is conducted secretly. How much of UN or WIPO is accessible publically. imho people are becoming transparent systems government and corporate interests have the means and leverage to secure privacy. that changes the balance of rights companies are not people that used to mean rights for people allowed for civil rights. what does it mean now? voting is private what does that mean now if everything outside the ballot box is transparent what were the reasons for political privacy, how does democracy tilt without it i think the public and private spheres are getting different pressures on security/privacy i don't think we are talking about the both of them in context and what they mean in terms of power differential/right of way. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy [Was Re: A security question
Great stuff Janet! Join an appropriate Committee or Board of APF, or EFA, and multiply your and our impacts. http://www.privacy.org.au/About/Contacts.html http://www.efa.org.au _ At 12:22 +1030 19/12/13, Janet Hawtin wrote: On 19 December 2013 11:35, Roger Clarke mailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.au wrote: At 11:09 +1030 19/12/13, Janet Hawtin wrote: Where do security/privacy overlap? Reject the 'you can have security or privacy - choose one' mythology. I am playing an online computer game. It used to have trouble with bot players distorting the economy. It does not now. Other players said that the game can now check if the computer is running a bot through the Windows desktop. I thought that was interesting. Facebook. Political parties have people liking them or not. Campaigns for civil rights, through Facebook and other sites. People liking companies and products. Music, film, books each other Twitter ongoing opinions and connections Phone apps pick a topic.. Customised search results. Meanwhile cases are being fought to have evidence in camera for motorbike groups. TPP is conducted secretly. How much of UN or WIPO is accessible publically. imho people are becoming transparent systems government and corporate interests have the means and leverage to secure privacy. that changes the balance of rights companies are not people that used to mean rights for people allowed for civil rights. what does it mean now? voting is private what does that mean now if everything outside the ballot box is transparent what were the reasons for political privacy, how does democracy tilt without it i think the public and private spheres are getting different pressures on security/privacy i don't think we are talking about the both of them in context and what they mean in terms of power differential/right of way. -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy [Was Re: A security question
if n entities(individuals and companies) have effectively infinite wealth leverage and privacy why would transparent civil groups have an impact if the law can be changed through secret trade agreements (dmca) and governments do not resist private priorities. people learn from what happens to those who seek change eg. what happens to whistle blowers? if change is possible it needs to address $ and other leverage. do the entities who have the leverage want it to change? what would make change attractive to those entities? On 19 December 2013 13:04, Roger Clarke roger.cla...@xamax.com.au wrote: Great stuff Janet! Join an appropriate Committee or Board of APF, or EFA, and multiply your and our impacts. http://www.privacy.org.au/About/Contacts.html http://www.efa.org.au _ At 12:22 +1030 19/12/13, Janet Hawtin wrote: On 19 December 2013 11:35, Roger Clarke mailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.au wrote: At 11:09 +1030 19/12/13, Janet Hawtin wrote: Where do security/privacy overlap? Reject the 'you can have security or privacy - choose one' mythology. I am playing an online computer game. It used to have trouble with bot players distorting the economy. It does not now. Other players said that the game can now check if the computer is running a bot through the Windows desktop. I thought that was interesting. Facebook. Political parties have people liking them or not. Campaigns for civil rights, through Facebook and other sites. People liking companies and products. Music, film, books each other Twitter ongoing opinions and connections Phone apps pick a topic.. Customised search results. Meanwhile cases are being fought to have evidence in camera for motorbike groups. TPP is conducted secretly. How much of UN or WIPO is accessible publically. imho people are becoming transparent systems government and corporate interests have the means and leverage to secure privacy. that changes the balance of rights companies are not people that used to mean rights for people allowed for civil rights. what does it mean now? voting is private what does that mean now if everything outside the ballot box is transparent what were the reasons for political privacy, how does democracy tilt without it i think the public and private spheres are getting different pressures on security/privacy i don't think we are talking about the both of them in context and what they mean in terms of power differential/right of way. -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy [Was Re: A security question
Better still, Janet, please start 'Privacy and Freedom Underground'. With those insights, you can do the activist stuff that us stuffy suits have to stay away from in order to seem respectable (:-)} At 13:16 +1030 19/12/13, Janet Hawtin wrote: if n entities(individuals and companies) have effectively infinite wealth leverage and privacy why would transparent civil groups have an impact if the law can be changed through secret trade agreements (dmca) and governments do not resist private priorities. people learn from what happens to those who seek change eg. what happens to whistle blowers? if change is possible it needs to address $ and other leverage. do the entities who have the leverage want it to change? what would make change attractive to those entities? ___ On 19 December 2013 13:04, Roger Clarke mailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.au wrote: Great stuff Janet! Join an appropriate Committee or Board of APF, or EFA, and multiply your and our impacts. http://www.privacy.org.au/About/Contacts.htmlhttp://www.privacy.org.au/About/Contacts.html http://www.efa.org.auhttp://www.efa.org.au _ At 12:22 +1030 19/12/13, Janet Hawtin wrote: On 19 December 2013 11:35, Roger Clarke mailto:mailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.aumailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.au wrote: At 11:09 +1030 19/12/13, Janet Hawtin wrote: Where do security/privacy overlap? Reject the 'you can have security or privacy - choose one' mythology. I am playing an online computer game. It used to have trouble with bot players distorting the economy. It does not now. Other players said that the game can now check if the computer is running a bot through the Windows desktop. I thought that was interesting. Facebook. Political parties have people liking them or not. Campaigns for civil rights, through Facebook and other sites. People liking companies and products. Music, film, books each other Twitter ongoing opinions and connections Phone apps pick a topic.. Customised search results. Meanwhile cases are being fought to have evidence in camera for motorbike groups. TPP is conducted secretly. How much of UN or WIPO is accessible publically. imho people are becoming transparent systems government and corporate interests have the means and leverage to secure privacy. that changes the balance of rights companies are not people that used to mean rights for people allowed for civil rights. what does it mean now? voting is private what does that mean now if everything outside the ballot box is transparent what were the reasons for political privacy, how does democracy tilt without it i think the public and private spheres are getting different pressures on security/privacy i don't think we are talking about the both of them in context and what they mean in terms of power differential/right of way. -- Roger Clarke http://www.rogerclarke.com/http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: tel:%2B61%202%206288%206916+61 2 6288 6916 http://about.me/roger.clarkehttp://about.me/roger.clarke mailto:mailto:roger.cla...@xamax.com.auroger.cla...@xamax.com.au http://www.xamax.com.au/http://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list mailto:Link@mailman.anu.edu.auLink@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/linkhttp://mailman.anu.edu.au/mailman/listinfo/link -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy [Was Re: A security question
On 19 December 2013 13:22, Roger Clarke roger.cla...@xamax.com.au wrote: Better still, Janet, please start 'Privacy and Freedom Underground'. With those insights, you can do the activist stuff that us stuffy suits have to stay away from in order to seem respectable (:-)} A few 'underground' people against infinite leverage .. Public opinion en masse might be effective but we learn civics in the existing system the NSA has not prompted response en masse i am not sure what will i don't have that kind of background. ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] A security question
On Wed, Dec 18, 2013 at 6:12 PM, David Lochrin dloch...@d2.net.au wrote: Trouble with mobile phone/SMS is that it relies on the phone number, still being in the correct hands. There have been several articles about prepared thieves using mobile number portability to move the target's number to a device in their own hands - and then the SMS falls in the wrong hands as well. That's interesting...do you have a reference? I don't have any public references, but it's definitely happening - although rather than using mobile number portability it's normally done with a more basic SIM swap as you'd do if you lost your phone, had a SIM card fail, etc. At this stage it's generally a fairly small problem in most countries, however in some countries it's a major problem - especially where corruption is more of an problem as the criminals will simply pay off someone from a phone shop to carry out the swap or to hand over their username/password to the (Internet based!) systems for doing the swap. For example, in South Africa it's a big enough of a problem that some of the banks are working with the telcos to allow them to query the telco to determine if a SIM swap has been carried out in the last 24 hours, and if it has then they will block the transfer/authentication. Obviously this has false positives (buy a new phone and you can't use internet banking for 24 hours), but it's deemed acceptable. Scott ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
[LINK] OT: Bundy [Was Re: Depiction of wind
At 14:05 +1000 19/12/13, Andy Farkas wrote: ps. The climate in Bundaberg is the most equable of any Australian town or city and ranked 5th on a worldwide comparison. - http://en.wikipedia.org/wiki/Bundaberg#Climate In the 12 years I lived there, the temperature was in the range 42-92. That's F for Fahrenheit, for the youngsters among us. Let's see now, '-32, times 5/9' = range 5.5 to 33 in Celsius. It's 35.2 in Canberra - 11 degrees of lat and 1200km to the south. I gather that the equable weather hasn't changed since 1956-66 ... -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916http://about.me/roger.clarke mailto:roger.cla...@xamax.com.auhttp://www.xamax.com.au/ Visiting Professor in the Faculty of LawUniversity of N.S.W. Visiting Professor in Computer ScienceAustralian National University ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] OT: Bundy [Was Re: Depiction of wind
On 19/12/13 14:18, Roger Clarke wrote: At 14:05 +1000 19/12/13, Andy Farkas wrote: ps. The climate in Bundaberg is the most equable of any Australian town or city and ranked 5th on a worldwide comparison. - http://en.wikipedia.org/wiki/Bundaberg#Climate In the 12 years I lived there, the temperature was in the range 42-92. That's F for Fahrenheit, for the youngsters among us. Let's see now, '-32, times 5/9' = range 5.5 to 33 in Celsius. It's 35.2 in Canberra - 11 degrees of lat and 1200km to the south. I gather that the equable weather hasn't changed since 1956-66 ... 5.5C is too low. It rarely gets below 10C. There is a chart at the WP link. It seems the WP article references a Bundaberg council document, which in turn does not include any references. I have emailed the council asking for clarification to where they got their info. -andyf ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Depiction of wind at various altitudes, other weather pages
On 19/12/13 16:05, Kim Holburn wrote: That wind earth site is awesome Robin. I can see two cyclones in the Indian Ocean. Apparently the one closer to Australia is Cyclone Bruce. Yeah, that site is very nice, and the two cyclones look very pretty. Fortunately, TC Bruce is heading away from Australia, but it will get bigger: http://www.bom.gov.au/products/IDW60281.shtml -andyf ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link
Re: [LINK] Security 'vs.' Privacy
On 19 December 2013 17:24, step...@melbpc.org.au wrote: Janet writes, the planet is a finite interwoven system of reciprocity, interdependence Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has. Margaret Mead And, Little nails hold the hinges of history Bismark true Janet, in terms of the Internet, all our IETF guys and gals 'run' things. And IETF folk are 'really' pissed at NSA morons screwing with their baby. Please, have some faith :) yep shutting up now =) Internet Engineering Task Force (IETF) www.ietf.org A Large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet. IETF News: The IETF reaches broad consensus to improve the security of Internet protocols to respond to pervasive surveillance Compared with the world IETF, the NSA is just a tiny group of criminals. Message sent using MelbPC WebMail Server ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link ___ Link mailing list Link@mailman.anu.edu.au http://mailman.anu.edu.au/mailman/listinfo/link