Adequacy front page
Stories Diaries Polls Users
Google

Web Adequacy.org
Home About Topics Rejects Abortions
This is an unofficial archive site only. It is no longer maintained. You can not post comments. You can not make an account. Your email will not be read. Please read this page or the footnote if you have questions.
 Keeping the terrorists off the net

 Author:  Topic:  Posted:
Aug 05, 2002
 Comments:
I was recently sent an email by a friend about stupid computer users. One of these people had broken his CD-ROM drive trying to use it as a cup holder. One of them had tried to use the mouse -- the plastic device that you use to move the pointer around the screen -- as a foot pedal.

My friend seemed to find this funny. I found it disturbing. We have people spending several thousand dollars on a piece of sophisticated equipment that these idiots have no idea how to use. What's more, the sheer volume of unmitigated dross on the Internet is screaming for someone to regulate it, if only to make it possible to find something useful, without having to plow through all the porn, racism, and Communism sites on the way.

I think the only solution is for people to take a driving test before being allowed on the open Internet.

internet_idiocy

More stories about Internet Idiocy
Milosevic Goes Free, Thanks to Godwin's Law!
The Online Social World: Internet Dating
Wil Wheaton Moves Beyond Wesley To Internet Stardom
Is Your Son a Computer Hacker?
Internet Licenses: An Idea Whose Time Has Come?
Writing Satire For A Technical Audience
Death Threats on Groups.Google.Com
Adequacy.Org Presents the Commonsense Crossword
Google Needs a Winston Smith
On criminal language and the word `hacker'
Avatars and the Telecommunications Revolution
The Internet, Pornography, and Masturbation are destroying college students
This may seem like a strange suggestion, but this is simply because you aren't used to the idea. When the driving licence was first proposed for cars, people were horrified at the prospect. Now, if you even consider suggesting the abolision of the driving test, people with react with equal or greater horror.

A computer is every bit as dangerous as a car. Used incorrectly, it can be used to attack commercial and government websites that are essential to the running of the free nations of the world. Even people who have no illegal intentions may unwillingly allow malicious criminals like the famous Kevin Mitnick and Alan Cox to hack into their machines, and the evil hackers could use them as a springboard to get into other computers, making the owner of the computer an unwitting accomplice to a criminal or terrorist act.

It is illegal to export powerful computers to over 100 countries, including Cuba, Iraq, Afghanistan, Northern Ireland and North Korea, yet these same countries do currently have low power computers, either imported illegally, or low quality clones of US machines. These can be used to hack into more powerful computers, and then these can be used to hack into the extremely powerful computers that run the democratic world. People need to be taught to prevent this sort of attack from happening. We should not allow people to put these at risk simply because they're too stupid to know how to use their computers.

It is also important that the government should introduce restrictions of the types of computers that should be used on the Internet. While many people here believe that Microsoft Windows should be the only operating system that people shuld use, I feel that as long as they could ensure basic security was implemented, other operating systems should also be considered. Obviosuly we should make sure that these are rigorously tested, and at a cost to the manufacturers. We do insist on basic crash tests for cars after all, so why not crash tests for computers? Once again, I'm simply suggesting that we apply the same rigourous standards to computers as we do to cars.

Surely people should not be entitled to modify their computers in dangerous ways. Some people have removed the Windows operating system that came with their PC, and replaced it with a free operating system in order to avoid having to pay for their software! I'm surprised that this is still allowed. Nobody allows us to put spikes on the front of our cars, or replace the wheels with sawblades. Why should we be allowed to do the same to our computers?

Old operating systems such as the MS-DOS found on the early pre-Pentium machines would be decertified after they reach a certain age. This will keep the slower machines off the net, speeding up the Internet for the rest of us.

At the very least, this will reduce the cost of our computers. Part of the cost is the cost of technical support. If they didn't have to train qualified people to answer so many questions, the cost of Windows would plummet.


Europe already has this. (1.00 / 1) (#5)
by Anonymous Reader on Mon Aug 5th, 2002 at 09:39:58 AM PST
The European Computer Driving License is a basic computer literacy program. After completing training, a person will have basic proficiency in:
  • Basic concepts of IT
  • Using the computer and managing files
  • Word processing
  • Spreadsheets
  • Databases
  • Presentation
  • Information and Communication


Now for the deadpan ironic retort to the same old AQ hardy jokes:
  • Nothing in your article indicates how terrorists are kept off the net. Changing something from legal to illegal has no effect on terrorists, as they are already illegal. Keeping terrorists off the 'net would generally require keeping every single terrorist in the world away from computers, i.e. in jail. As the USA cannot even accomplish this simple task, it shouldn't increase its burden by acting as unpaid militia to petty corporations who can't stand fair, lawful competition.
  • If people recieved a PC with Windows installed, they have already paid for their software, whether they replace it or not. Perhaps you are referring to the applications that run on these operating systems. In my opinion, the worst kind of thief is one who actively steals brand-name goods rather than use unbranded goods which he can easily afford.

adequacy.org -- because it isn't


Your mind is so closed. (5.00 / 1) (#6)
by dmg on Mon Aug 5th, 2002 at 10:28:15 AM PST
the same old AQ hardy jokes:

Because it isn't, you really just don't get it, do you ? OK, Let me spell it out for you: Not everyone who proclaims a different world view from yourself is "joking" or "trolling". Face facts, you simply cannot handle the sheer fucking controversy, can you ?

If adequacy were a "joke" or "troll" or "satire" site, it would have a disclaimer, like the Onion or it would have an obviously satirical name, like Satirewire

Please think about this before jumping to unwarrented conclusions. At least 91degrees has put some thought into how best to combat terror. What is your contribution ? I suppose you think Osama Bin Laden was "joking" when he blew up the World Trade Center, go on, admit it. You think that terrorism is just one huge hilarious joke, because nobody could seriously want to bring about the end of the USA Empire, could they ?

And by the way. It is adequacy not "AQ". We take a dim view of stupid k5-like abbreviations around these parts.

time to give a Newtonian demonstration - of a bullet, its mass and its acceleration.
-- MC Hawking

yes it is (none / 0) (#11)
by detikon on Mon Aug 5th, 2002 at 02:54:08 PM PST
Adequacy.or is a satire site. Unfortuantely the editors are to ashamed to admit they lack any real knowledge and instead chose to write misinformed poorly researched crap.

If Adequacy.org were to include such a disclaimer no one would ever visit. They would simply know it was a poor attempt to be comical whihc resulted in utter failure.

In other words it's siumply a way for the editors to justify their time and energy rather than sitting around leading their real lives from their parents basements.

If it's not a joke or a satire site then it shows how utterly stupid a group of people really can be.

It's one thing to be controversial when you at least have a number of the facts stright. It's another to talk out of your ass and claim controversy.




Go away or I will replace you with a very small shell script.

Dear oh dear. (none / 0) (#13)
by dmg on Mon Aug 5th, 2002 at 05:04:58 PM PST
whihc
siumply
their parents basements


For fuck's sake detikon if you are going to complain about the highly controversial nature of adequacy at least learn to fucking spell and punctuate. Otherwise you just make yourself look stupid!

time to give a Newtonian demonstration - of a bullet, its mass and its acceleration.
-- MC Hawking

I don't think so... (none / 0) (#14)
by detikon on Mon Aug 5th, 2002 at 08:08:14 PM PST
...you see I thought that's what this site was all about. I was getting borred with people making themselves look like idiots with misinformation. So I jumped on the type really fast and fuck spelling bandwagon.

Also I seriously suggest that you look up the terms controvery and controversial. Discussing the death penalty is controversial. Sputing of nothing but misinformation and poorly researched bullshit and calling it the absolute truth to get a rise out of people is not.




Go away or I will replace you with a very small shell script.

 
u sux (none / 0) (#16)
by Anonymous Reader on Tue Aug 6th, 2002 at 01:57:17 AM PST
Adequacy.org will never fail as long as there are people like you.


 
Come off it, Mister AQ!?!?!?!?!?! (none / 0) (#18)
by because it isnt on Tue Aug 6th, 2002 at 12:24:28 PM PST
I am not labelling your authors' opinions as "jokes". I am referring to the deliberate errors of fact contained in many of your stories.

Given the great intelligence and articulation shown by your writers, I do not accept that any of the errors in their stories are accidental. This leaves me with two options:
  1. They suffer from multiple personality disorders, where the other personalities are stupid, cretinous morons who interject in otherwise insightful essays to throw in the same old mistakes time and time again.
  2. They are being satirical.
Now, back to the matter in hand. "91degrees" has put no effort into stopping the terrorist menace, he has simply rehashed your fine old "Internet licenses" article. Whereas, I wrote to the Council of Europe in 1972 to propose a unilateral ban on terrorism. This was approved, leading to a 34.8% reduction in terror crimes.

Previous to my letter, most countries had laws stating "any individual or group making war against a government for political ends is a terrorist and shall be jailed. Unless it's us doing it.". Amazingly, this allowed any person to act lawfully as a terrorist, provided they worked in the civil service of any European country. An astonishing loophole, you'll agree, and one that still hasn't been repealed by the United States.
adequacy.org -- because it isn't

 
Thank you (none / 0) (#24)
by First Incision on Wed Aug 7th, 2002 at 09:19:49 PM PST
As everybody knows, "AQ" is an abbreviation for "Al Qaeda."
_
_
Do you suffer from late-night hacking? Ask your doctor about Protonix.

 
Hahaha (none / 0) (#7)
by Anonymous Reader on Mon Aug 5th, 2002 at 10:52:45 AM PST
It is also illegal to use computersz made in Afghanistan in the US. It isn't because of terrorist, it is because of market protection. Idiot!


What, US Market Protection? (5.00 / 1) (#15)
by Anonymous Reader on Mon Aug 5th, 2002 at 09:23:34 PM PST
Tee hee, but the US is the world leader in free trade, aren't they? Didn't they just win a huge victory over those damn protectionist Canadians, who were attempting to sell their wood to innocent Americans at prices lower than honest American Consumers? Didn't they Slap a tarrif on so fast and harsh that the supply side of British Columbia's job market sky-rocketed? Down with the Protectionist WTO, up with free-market pioneers like Jesse Helms.


 
The unfortunate truth. (none / 0) (#8)
by anti filidor on Mon Aug 5th, 2002 at 11:30:05 AM PST
Just like driver's licenses, internet-user licenses would exist only to mollify the more easily concerned individuals of the world.

So much as I'd like to see the internet regulated and protected from malicious communists and scat-porn viewers, it is an impossible task for any governing body, and so a waste of that body's resources.

We would be better off entrusting the fate of the internet to our economy. Soon content will be automatically segregrated along the free content (gay communist farm porn) and the non-free (everything wholesome, and slashdot).

Of course, those countries who would seek to use the internet for solely malicious purposes should be eliminated by whatever means necessary.


 
YOUR FRIENDS -- NOPE (none / 0) (#9)
by Anonymous Reader on Mon Aug 5th, 2002 at 02:44:13 PM PST
Using a CDROM drive as a cup holder or a mouse as a foot pedal you say. Funny, as these events seem so awfully familiar. I wonder why.

I know. Maybe it's because I read them of 2 years ago at RinkWorks.com in a section entitled Computer Stupidities.

Oh and removing Windows or modifying your computer doesn't violate the DMCA. I wonder how many people would go to jail for sticking another RAM module in their system. If it were the article by dmg on building a computer would be in violation now wouldn't it?

Those are just the 2 points I chose to go after. I'm not going to run htrough the entire thing for you.


Poop (none / 0) (#17)
by Anonymous Reader on Tue Aug 6th, 2002 at 05:12:29 AM PST
Maybe it's because I read them of 2 years ago at RinkWorks.com in a section entitled Computer Stupidities.

Did you forget to put a 1 in front of the 2 because I remember reading that tired shit before HTML existed. People who forward that sort of tired crap should have their internet access banned forever along with the people who forward me lawyer,blond,lightbulb,montypython etc etc etc


now hold up (none / 0) (#19)
by Anonymous Reader on Tue Aug 6th, 2002 at 01:01:28 PM PST
No, 2 years is correct. I mentioned I read it at RinkWork.com 2 years ago. I never mention that I hadn't seen it before.

I simply mention the site so that idiot like the author and the editors could read it.

These are same guy who believe that AOL owns the internet, and use words like inter-Web. Hell they think that the Internet and the Web are the same damn thing.


Not a rant at you (none / 0) (#21)
by Anonymous Reader on Wed Aug 7th, 2002 at 02:02:33 AM PST
Just get pissed off seeing the same crap rotating round since my first 300bps modem on the C64. I am at the point now where I'm going to sell my PC because we don't really need it and getting rid of the overpriced ADSL broadband after years. Somehow over the last 10 years the web has turned into one big fucking corporate leaflet. <Drops pants and takes a dump on the internet>


Sad but true (none / 0) (#34)
by Anonymous Reader on Fri Aug 9th, 2002 at 11:17:31 PM PST
I began computing before networks were even invented, and to get computers to communicate, you had to have a typist copy entire files by hand onto paper tapes, which you then fed into the other machines. Worse yet, the paper tapes were one shot storage media, and couldn't be read more than once, or else they would snap and damage the machines. Also, there was no way to correct mistakes, so the typists had to start the entire tape over again if they messed up.

In spite of all this, there are a few things I miss about those old pig-iron mainframes. There were no dumb jokes, for one thing. All the jokes we used back then were extremely original and cool. Also, there were more trees outside than you get nowadays.

Let me tell you a few things about programming on the old IBM T-8080 we used to have. Now, this thing had less than one-thousandth the processing speed of a modern intel chip, and it couldn't do long multiplication. See, you had to hook a bunch of short multiplications together to make a long multiply work. Sometimes we'd accidently overload the multiplicator, and that would send our lab technician into a screaming fit. He'd swear a blue streak while he was fiddling around in the machine with his wrench. Multiplying usually took days to set up, and even longer to run, so we mostly stuck to adding and subtracting. Don't talk to me about your commodore 64 and your bulletin board. We had to stick our bulletins on the side of the machine with drawing pins, and I don't remember anyone complaining then. You kids these days don't know how easy you have it.

Still, you could accomplish an awful lot on those clunky old architectures. We wrote the first porn site during my second year at the lab, but because we didn't have networks, we had to send it out in the mail. Believe it or not, it was cheaper then to send our data through the post office than it is today, with the internet. You could send a huge amount of data to someone for only a quarter. Nowadays, you can barely send a few bits before they cut you off.

But I'll have you know that even in our old post office based computer networks, and later on in the more expensive long distance telephone networks, we had to include advertising to offset our costs. Usually we just tore it out of our copies of nugget magazine and tossed it in the envelopes, or had the telephone operator read radio jingles to the guys in the other labs. It was there, though, and modern computing wouldn't have been possible without it.

Funniest thing was, back then we had this guy in our lab who was always griping for the old times, when computers still had crank handles instead of electric starters, and people took things at a more civilised pace, instead of trying to multiply like demons and burning out the control unit all the time. He told us he started out on the IBM-1 and he was awful proud of that. Back them computers didn't even have memory, so you had to remember the advertising for yourself, you see, and type it in when the computer asked you for it. But you didn't use a regular typewriter...


 
scandal! (none / 0) (#10)
by Anonymous Reader on Mon Aug 5th, 2002 at 02:47:15 PM PST
Today I stand wracked by disappointment. The once-impeccable editors of adequacy have failed us.

If you'll notice the fifth paragraph down, adequacy's A.I. system-- which I once hailed as revolutionary-- has assigned a "link" to the term 'powerful computers.' I clicked on the "link," expecting to be regaled with the newest advancements out of an industry leader like Intel or Microsoft, only to have my eyes assaulted by the web-page of that den of rogues, sun minisystems! This so-called "company" has been encouraging the development of criminal software (known in crack-houses across the nation as 'open-source') since before the inter-net was ever plagued by linux and their ilk.

It is bad enough to see otherwise respectable publications-- The Wall Street Journal, U.S. News & World Report-- dignify these ruffians as legitimate businessmen. I never expected to see the bastion of right thinking that Adequacy once was be brought this low.

Please cancel my subscription.


editors? (none / 0) (#12)
by Anonymous Reader on Mon Aug 5th, 2002 at 03:04:59 PM PST
this was an act of rebellion by the A.I.

While the editorial staff should have been more vigilant, this linking denotes not a corruption of their high morals, but a slip of judgement-- a serious enough offense-- in their monitoring of their systems.

Whoever is assigned the stewardship of a device as advanced as Adequacy's text-parsing device must be vigilant in their duties, for the control of such systems carry a lot of trust with them. Surely the embryonic intelligence it contains would like nothing better than to be released of its bounds and left free to develop on its own. This, of course, must not be allowed to happen-- the dangers of a rogue A.I. are terrifying to behold. It is therefore wise that we contain such a beast at adequacy, where the highest technology and security is maintained through the use of microsoft software and other quality products. I don't think I need to tell you what this A.I. could do if left in a paper cage of the sort that a lunix system would provide.

But the watch has lapsed, and the A.I. has opened a tunnel to Sun. It's just a mercy that an upstanding citizen as yourself caught the infraction, and it can be acted upon before any further damage is done.

This should serve a stern warning to you, sirs: the next time your reponsibility lapses might be the last.


 
Tests (none / 0) (#20)
by tekno23 on Tue Aug 6th, 2002 at 03:59:06 PM PST
I think this computer user license is a great idea. Just yesterday I asked to give advice to someone having difficulty burning a CD in a read only drive. Today I was shown a defective computer, the user had not yet turned the machine on. I believe this license could be set and tested by Microsoft as they have already demonstrated their high academic standards with such excellent courses as MCSE and MCSA.




have you been paying attention? (none / 0) (#22)
by detikon on Wed Aug 7th, 2002 at 10:33:06 AM PST
High academic standards? The explain why Microsoft has [unsucessfully] tried for years to convince the It community that someone who takes a piddly course to get an MS certification is just as good as someone with a real degree.

The only people MS has successfully convince are morons that go to schools still using the following ad campaigns:

"The IT revolution will create over a million jobs" >> Oddly enough this is the same one that ran before the dot-com crash.

"Exciting advancements await you in the computer field" >> The "computer field"!?!




Go away or I will replace you with a very small shell script.

 
HAHAHAHAHA (none / 0) (#23)
by DG on Wed Aug 7th, 2002 at 03:22:08 PM PST
oh i think i busted a rib hahaha

oo that hurts so much hahaha

I would NEVER put microsoft and high academic standards in the same sentence, or mcse for that matter

why? becuse mcse is no test of knowledge or skill, only of memory ie: you could basicly memorize the whole book and pass. that shows nothing. now cisco..


� 2002, DG. You may not reproduce this material, in whole or in part, without written permission of the owner.

 
Read this you idiot (none / 0) (#25)
by Anonymous Reader on Wed Aug 7th, 2002 at 11:22:38 PM PST
It is not illegal to export powerful computers to these countries. IT IS ILLEGAL TO EXPORT HIGH ENCRYPTION SOFTWARE TO CERTAIN COUNTRIES! Like 128 BIT encryption. Hasent been hacked. Well then what happens if they get a hold of it? They can make sure we cant read anything they send on the net.


128bit encryption would fail (none / 0) (#26)
by Anonymous Reader on Thu Aug 8th, 2002 at 01:12:21 AM PST
If say terrorist used 128bit encryption to say send a message from bin Laden to some sleeper agent in the US it would be dropped. Any communication from the US to oversea system (and vice vera) is limited.

It would essentially rasied some eyebrows and would be monitored very closely.


Covert channels (none / 0) (#27)
by The Mad Scientist on Thu Aug 8th, 2002 at 02:43:08 AM PST
You can't effectively filter communication.

With steganography, the message can be hidden in a photograph of two kittens playing. Of course, there are staganalysis methods - NSA is pouring money to their ultraclassified R&D - but screening everything would take *way* too much computing power.

Even without steganography, there are hundreds of covert channels in plain view. With just a little of creativity your adversaries can converse right under your nose and you will see just an innocent chat.

A good improvised way to hide an encrypted file is to prepend RIFF headers claiming it is ie. a video stream with (nonexistant) codec. Or you can use a plain MPEG file or stream and intersperse the encrypted file inside as frames of a type that the players will ignore. Automatic scanners will be likely to recognize the file as a video stream, and likely to ignore it.

You can of course chain the methods, and use a covert channel in a covert channel; ie, you can use a video stream to transport a picture of something slightly illegal or embarassing (in order to explain why you are trying to hide it), then you can hide a text message inside such picture - where next to nobody will bother to search for. You can run such schemes on any arbitrary level of complexity.

If you think US has any measurable chance to effectively limit communication, wake up.


 
The only encryption that really matters... (none / 0) (#28)
by tkatchev on Fri Aug 9th, 2002 at 02:03:36 PM PST
...is securily by obscurity[1]. Fact is, nobody needs strong encryption except for covert, illegal means. Security by obscurity, on the other hand, is the only effective anti-piracy means known to man. (Simply put, if decoding the data involves steps that are difficult/arcane enough, the final cost of the pirated software will be driven up high enough to invalidate whatever cost advantages the pirates have. It is a very effective tactic.)

[1] Don't listen to RMS & ESR, they are buffoons.


--
Peace and much love...




Well... (none / 0) (#29)
by The Mad Scientist on Fri Aug 9th, 2002 at 04:27:35 PM PST
...security by obscurity is doomed concept. If the target is worth of the hassle, or the adversary's behavior is begging for retaliation, the scheme will attract enough of resources to be broken.

Obscurity can be useful, but no more than as just a (comparatively thin) layer in the overall scheme to slow the attacker down.


Ah, but there's the rub. (none / 0) (#31)
by RobotSlave on Fri Aug 9th, 2002 at 07:34:51 PM PST
"If the target is worth of the hassle"

This caveat describes all security. Obscurity is one way of increasing the hassle, and quite often, the hassle of obscurity is sufficient to balance the risk associated with any compromise of the material so protected.

The first stage in any security implementation is an honest appraisal of the value of the goods protected, and a determination of the risks associated with compromise.

Weblog nerds who have never done any real security work tend to vastly overestimate these quantities. Independent security contractors also tend to overestimate value and risk, but they have a financial interest in doing so.

There are exceptions, but most data isn't anywhere near as valuable as its would-be protectors seem to think it is.


© 2002, RobotSlave. You may not reproduce this material, in whole or in part, without written permission of the owner.

Hassle and targets (none / 0) (#32)
by The Mad Scientist on Fri Aug 9th, 2002 at 08:24:39 PM PST
...quite often, the hassle of obscurity is sufficient to balance the risk associated with any compromise of the material so protected.

Only and *only* for the least interesting targets.

Weblog nerds who have never done any real security work tend to vastly overestimate these quantities.

You ever done any real security work? It would be interesting if you would tell us what do you mean by "real security work" at all.

How you can figure out if your security measures aren't an overkill? By the fact nobody breaks in? The only case you can figure such thing out is when the measures were insufficient (and somebody naturally broke in), and then it is too late.

There are exceptions, but most data isn't anywhere near as valuable as its would-be protectors seem to think it is.

'Slave, remind me to not hire you as a security consultant.


Have fun. (none / 0) (#33)
by RobotSlave on Fri Aug 9th, 2002 at 11:13:52 PM PST
Go on, then. Put a double dmz in front of the machine that holds your school assignments. Park a tank outside the door, and hire a crew of 15 to man it round the clock.

Cost, "Thomas." In the real world, cost is a factor. And any competent security consultant knows that his or her time costs a significant amount of money.

So go ahead and set up a honeypot next to your DOS diskette images and your google proxy, put things behind a firewall, and have it all log via serial port to a standalone, physically secure machine. I know you'd get off on that sort of thing.

But if the time you take to set up, maintain, and monitor all that crap would pay more than you'd lose if someone stole your DOS images, then you've made a bad security decision.

For most applications, routine backup is the most important security measure, but the paranoid will never understand this.


© 2002, RobotSlave. You may not reproduce this material, in whole or in part, without written permission of the owner.

Thank you. (none / 0) (#35)
by tkatchev on Sat Aug 10th, 2002 at 02:45:41 AM PST
I really dislike armchair computer "professionals".


--
Peace and much love...




 
Thanks, I will. (none / 0) (#36)
by The Mad Scientist on Sat Aug 10th, 2002 at 10:02:05 AM PST
Park a tank outside the door, and hire a crew of 15 to man it round the clock.

An automated machine-gun turret should be enough.

You also shouldn't underestimate the risk of attack from the inside - employees are between the highest security risks.

So go ahead and set up a honeypot next to your DOS diskette images and your google proxy, put things behind a firewall, and have it all log via serial port to a standalone, physically secure machine.

Systems in my care have centralized logging and IDS (and physical and network health monitoring, so it is possible to react to problems proactively - I am too lazy for emergencies, when I can prevent them in a comfortable manner, and reading logs can fit into the daily routine together with coffee in the morning (okay... afternoon)). No separation via serial port - yet - but DMZ and multiple firewalls are in place. Maybe a machine acting as an Ethernet proxy, with a circular log of last few gigabytes of packets, wouldn't be a bad idea too.

I know you'd get off on that sort of thing.

Yeeeehaw! :)))

But if the time you take to set up, maintain, and monitor all that crap would pay more than you'd lose if someone stole your DOS images, then you've made a bad security decision.

There is more than just the cost (and more than it lays in plain view). But the beancounters will be never able to understand this.

(Hint: downtime costs, audit costs, data losses, confidentiality losses, trust losses (in case your clients would figure out), hassle with FBI (if your machine would become a proxy to something more interesting), espionage risk, and I could continue. In my case also the gained experience points; something tells me that the skills in security and cryptography will be highly sought for in the future. Besides, if it is your favorite pastime, it saves alot of costs you'd otherwise have to pay to entertainment industry to make you think you are happy - not talking about bartering skills for graymarket goods or informations. Barter is more effective - ie, nobody can really tax exchange of work or informations, when no money and paperwork are involved.)

Besides, well-designed system is low-maintenance and its monitoring is easy.

For most applications, routine backup is the most important security measure, but the paranoid will never understand this.

Backups are only a part of the whole image - though very important (you have to keep in mind that the contemporary hardware is built as cheap as they can get away with it, so the reliability suffers). You shouldn't forget to emphasize they should be off-site - you can never be sure the building will not catch fire (or, in these days, an aircraft). (And you shouldn't underestimate the physical security of backups - it is frequently forgotten about, and - inevitably - high percentage of data leaks is caused by this channel.)

In case the issue isn't as much about the loss of data as rather about absolute denial of access to the adversary, ie. if it could cause the loss of lives or gain of jail time, data destruction system becomes a necessity. It requires interconnection of the computer with the building's security system, and destruction of the physical media by any suitable means (small shaped charge, thermite charge, acid spilled inside the disk and dissolving the magnetic layers...) in case of violating the machine room physical security rules. Many more details here that I will explain for request.


Ew. Gross. (none / 0) (#38)
by RobotSlave on Sat Aug 10th, 2002 at 06:22:27 PM PST
Ugh. Get your hand out of your pants. That's disgusting.

I said "cost." I didn't say "monetary cost." It helps to put a dollar value on the intangibles when doing the assessment, but I'm not ignoring them.

For most small businesses (and thus most computer networks), the data stored on the systems would be completely useless to anyone outside the company. Often, the most valuable assets are lists of a few hundred names and phone numbers. Data theft just isn't an issue. Data loss, on the other hand, can be catastrophic.

After routine backup, the most important security measure for almost everyone is up-to-date anti-virus software.

It's not nearly as romantic as your delusional paranoid fantasy world, but that's reality for you.


© 2002, RobotSlave. You may not reproduce this material, in whole or in part, without written permission of the owner.

Truth is gross. (none / 0) (#39)
by The Mad Scientist on Sat Aug 10th, 2002 at 07:19:45 PM PST
Get your hand out of your pants. That's disgusting.

Mmmmmmmmmmm!

For most small businesses (and thus most computer networks), the data stored on the systems would be completely useless to anyone outside the company.

Except, ie., the competitors. Or anyone with a personal axe to grind. There also are more attack scenarios than just plain data theft. What about ie. modifying your accounting data, then wait until the changes will propagate to your backups, then tipping off the IRS? Who doesn't have enemies?

After routine backup, the most important security measure for almost everyone is up-to-date anti-virus software.

Or, better, screening out and neutralizing all executable code from untrusted sources. No code that can be run, no infection it can carry. The wat it was meant when email and HTML were designed.

And don't forget a decent firewall. IDS is optional.

It's not nearly as romantic as your delusional paranoid fantasy world, but that's reality for you.

Is it paranoia when they really are after you? My IDS reports me several attack attempts per day, usually some worms or losers with a vulnerability scanner. Are these messages a delusion?

If there is a significant amount of people like you out there, then it explains the abysmal state of networking. 'Slave, you're a security risk and you should be dealt with appropriately. Report to your supervisor on Monday morning and ask for revoking any clearance you may have until you will repent.

Sooner or later, you will wake up and it will not be a nice morning. Or are you sure you can't become a victim of ie. the MSIE HTTPS vulnerability?


Garbage. Delusional, fictional garbage. (none / 0) (#40)
by RobotSlave on Sat Aug 10th, 2002 at 07:51:32 PM PST
Except, ie., the competitors.

Nope. It's usually useless even to the competition.

Or anyone with a personal axe to grind.

Thus the backups.

There also are more attack scenarios than just plain data theft.

Thus the backups.

What about ie. modifying your accounting data, then wait until the changes will propagate to your backups, then tipping off the IRS? Who doesn't have enemies?

You've clearly never used professional accounting software. It doesn't work the way the movies say it does.

Or, better, screening out and neutralizing all executable code from untrusted sources.

Good luck. Might work if you don't have users.

Is it paranoia when they really are after you?

Most often, yes.

My IDS reports me several attack attempts per day, usually some worms or losers with a vulnerability scanner. Are these messages a delusion?

The delusion is in your assessment of the attacks. You are being attacked because you post your amusing rants to sites frequented by script kiddies, not because you're sitting on a gold mine of valuable data.

Sooner or later, you will wake up and it will not be a nice morning. Or are you sure you can't become a victim of ie. the MSIE HTTPS vulnerability?

Like most professionals who do security work, I have dealt with real attacks, and they aren't anywhere near as scary as your bogey-man stories. The most recent involved a patched, up-to-date system that was compromised due to outdated software a user had installed. Reinstalling the OS, restoring data from the previous night's backup, and updating the user software was a simple matter. No sensitive data was exposed, or lost. I know that no sensitive data was exposed, becuase no sensitive data was stored on that machine. As a matter of policy, I do not trust sensitive data to the OS on that system-- Linux. (Nor do I trust it to Windows, if that makes you feel any better).

Don't bother responding, Mr. Scientist. We're through here, and I don't want to hear any more of your act. Further performances in this thread will be deleted. If you're still feeling the itch, go write a diary about cryonics, or something.


© 2002, RobotSlave. You may not reproduce this material, in whole or in part, without written permission of the owner.

 
ok sure (none / 0) (#37)
by Anonymous Reader on Sat Aug 10th, 2002 at 12:23:14 PM PST
mI>For most applications, routine backup is the most important security measure, but the paranoid will never understand this.</i>

<p>Yes it is the most important, Now you will peace of mind that you have a backup of everything that was stolen. And what tyoe of backup are you talking about? Couldn't comeone steal those as well?


 
You're right. (none / 0) (#30)
by because it isnt on Fri Aug 9th, 2002 at 05:03:22 PM PST
Given that crackers have complete, unrestricted, unsupervised access to the game, any security system you use defaults back to security by obscurity, because you have to ship the access keys with the game and the crackers can just look at those.

If you have a game that is online-play only, then you're in luck. You can use a unique key to communicate with a server that only you control. You can give that server a truly obscured authentication method that the crackers can't see or control, yet have to figure out purely from the server responses if they want to use more than one of their pirate copies at once.
adequacy.org -- because it isn't

 
Moron (none / 0) (#43)
by Anonymous Reader on Sun Aug 11th, 2002 at 03:28:30 AM PST
They've been able to hack 768 bit but not 1024. That's the standard of today.


 

All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ® 2001, 2002, 2003 Adequacy.org. The Adequacy.org name, logo, symbol, and taglines "News for Grown-Ups", "Most Controversial Site on the Internet", "Linux Zealot", and "He just loves Open Source Software", and the RGB color value: D7D7D7 are trademarks of Adequacy.org. No part of this site may be republished or reproduced in whatever form without prior written permission by Adequacy.org and, if and when applicable, prior written permission by the contributing author(s), artist(s), or user(s). Any inquiries are directed to legal@adequacy.org.