Slashdot Mirror

NEVER put your password on a post-it note stuck to your monitor!!

The correct place for it is under the keyboard

According to Bruce Schneier, the correct place for it is the user's wallet.

https://www.schneier.com/essay-246.html

Let's round this out with a little bit of biography from his website.

Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.

You'll find more facts about him here. In addition to being an internationally recognized security expert and author he's the chief security officer for BT Group.

So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

You mean clueless people like Bruce Schneier?

Maybe they all 10,000 residents read Bruce Schneier's blog:

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night :)

For example, nobody with a Top Secret security clearance should have to undergo more than a cursory check. Their background, habits and the people they know have already been fully investigated.

You know, that sounds good at first, but probably isn't worth the effort:

http://www.schneier.com/blog/archives/2006/10/screening_peopl.html

Even the new HSPD-12 federal credentials don't list one's clearances in a standard way. For example, the DOE indicates the badge-holder's clearance level in an "Agency Specific Text" field:

http://www.fedidcard.gov/images/card_front.jpg
http://www.hss.doe.gov/HSPD12/HSPD12_DOE_Credential_Samples_2_5_08.ppt

Other agencies have different standards. How is a TSA agent supposed to correctly determine one's clearance level without access to a centralized database? And is it really worth the effort at that point?

Schneier wrote some time ago about the advantages of visible passwords. One (small) shitstorm later he compiled an interesting pro/con list.

Schneier wrote some time ago about the advantages of visible passwords. One (small) shitstorm later he compiled an interesting pro/con list.

I shouldn't answer an AC, but what the fuck I'm bored. the core of the matter is this ain't security, its classic security theater. You know this, i know this, hell everyone knows this.

I could write a long detailed explanation but I think it would be better coming from an expert, so I defer the floor to Mr Bruce Schneier who points out on the last test,and I quote "screeners missed 70 percent of knives, 30 percent of guns and 60 percent of (fake) bombs. "

So it doesn't work, you are potentially poisoning people with the scanners, and you're groping little kids. Did I miss anything? Oh yeah it lets the companies that makes the scanners and trains the TSA goons to make some nice grift off the USA gov, so it is all right then.

[R]einforced cockpit doors and one USMC MP with a 9mm loaded with low grain bullets solves the chance of another 9/11 and doesn't strip us of our rights or cost us out the ass.

Reinforced cockpit doors combined with a populace aware of the updated hijacking protocol is sufficient.

Bruce Schneier wrote about arming pilots: https://www.schneier.com/crypto-gram-0208.html#8

Their words, not mine

http://www.schneier.com/blog/archives/2008/06/the_war_on_phot.html
http://pajamasmedia.com/instapundit/115726/
http://www.google.com/search?q=war+against+photography

Bruce Schneier has written about the effectiveness of this sort of legislation before:
http://www.schneier.com/blog/archives/2006/04/identitytheft_d.html

Without disclosure laws, there's a darn good chance that the recent Citibank and Sony breaches might never have become public. Are they perfect? No, but they're a heck of a lot better than no disclosure laws.

Make sure you use something 128+ bit (preferably 256+ bit). Some functions, especially those covered from RFC 3268 would be preferred.

It is not always true that the higher bit version of an encryption function is stronger then the lower bit version. Specifically in AES-128 vs AES-256, but can apply to other algorithms.

(Basically, when they designed AES-256, they flubbed the key scheduling portion compared to AES-128. Which makes AES-256 weaker then it should be.)

Bruce Scheneir once said "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography". See more on that in the preface to Secrets and Lies

A single book, no matter how good, doesn't make one an expert. Now if you're interested in crypto, by all means get it. I have it and I think it's a good one. But it makes oh so tempting to start coding something without really understanding what are you doing and why. Be careful with that.

Now, despite the excellent intro, I think Secrets and Lies is of more value to normal people than geeks. I think it's a fine book, but to anybody who already is interested in security and crypto topics a very large part of it is going to come off as blindingly obvious. It's a good book to have to lend to non-technical people though.

From: http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html

From there:

There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all. ...

The big problem is that all these new war machines and the surrounding infrastructure are created with the tools of abundance. The irony is that these tools of abundance are being wielded by people still obsessed with fighting over scarcity. So, the scarcity-based political mindset driving the military uses the technologies of abundance to create artificial scarcity. That is a tremendously deep irony that remains so far unappreciated by the mainstream.

We the people need to redefine security in a sustainable and resilient way. Much current US military doctrine is based around unilateral security ("I'm safe because you are nervous") and extrinsic security ("I'm safe despite long supply lines because I have a bunch of soldiers to defend them"), which both lead to expensive arms races. We need as a society to move to other paradigms like Morton Deutsch's mutual security ("We're all looking out for each other's safety")
http://www.beyondintractability.org/audio/morton_deutsch/?nid=2430
and Amory Lovin's intrinsic security ("Our redundant decentralized local systems can take a lot of pounding whether from storm, earthquake, or bombs and would still would keep working").
http://en.wikipedia.org/wiki/Brittle_Power

There are lots of alternatives I helped organize here for helping transcend an economy based around militarism and artificial scarcity:
http://knol.google.com/k/paul-d-fernhout/beyond-a-jobless-recovery

===

Anyway, so expanding "the war on the different" and the "war on the unexpected" is just more of the same...
http://www.schneier.com/blog/archives/2007/11/the_war_on_the.html
"We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested -- even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats."

Of course, that link is from one person on the list in the article about people publishing things being asked to be censored... Even if just "self-censored". In the end, most censorship only works by creating a climate of self-censorship.

From Noam Chomsky on "What makes the mainstream media mainstream":
http://www.chomsky.info/articles/199710--.htm
"The universities, for example, are not independent institutions. There may be independent people scattered around in them but that is true of the media as well. And it's generally true of

If the padding is random you'll decrease the amount of information leaked, but there may still be enough information leaked to reconstruct some conversations. What you really need for total security from this attack is to eliminate the side-channel completely, such as by sending packets of the same size and with the same frequency no matter how much data you've actually got that needs sending. That is a form of padding too, but it is better than random.

^^ This. I'm actually surprised to hear that with Skype the packets are of variable length and (somewhat) a function of the contents. I would have imagined that, after encryption, the communication protocol would split the content into packets of either random or same size.

But OTH, there might have been performance implications that forced Skype to not do just that. After all, there are legit reasons to not do super encryptions (as with the Predator's unencrypted download links.)

Also, nobody speaks of 256 bit RSA in this century; the recommended key size for use with a 128 bit block cipher is 3072 bits when I last checked.

You only need a key size that big if you're doing asymmetric keys -- see Schneier and ridiculous key lengths. The encryption on these phones is symmetric, and the reason it's so easy to crack is the 256 bit keys are in fact selected from a very restricted space: they just take four numeric digits from the phone entry and then maybe hash them to get better bit coverage.

Do you work for one of the investment banks, the ones that ' invested ` us all into the toilet?

"We don't need a secondary economy inflating online prices. Screw that", marnues

Yea, that's the job of the primary economy, and you're right we are getting screwed. I notice you have nothing to say about the ability to steal product online with nothing more secure than a sequence of digits, the same ones printed on the front of the card. A bit like giving away a make-your-own-money-kit with ever desktop computer. Something only beaten in the dumbest idea ever by putting the ATM card data on a magnetic strip. Making it so much easier to extract the card info using skimmers.

Burning Down The House

"This video .. discusses policy changes 13 years ago that unleashed the sub-prime mortgage-backed securities market, which accelerated prices erratically, inviting speculation and loose lending practices which were both condoned and encouraged by existing regulation and carried out by risk-blind executives and Fannie Mae and Freddie Mac.

Short answer: No.

Longer answer:

Biometrics might (or might not, depending on accuracy) uniquely identify you, but it neither proves that you were present (your fingerprint or retina might have been stolen, either as a copy or more directly!) nor that you authorize access to whatever resource a password might secure (e.g. you might be dead or otherwise impaired and someone else slides your fingerprint or retina or DNA over the scanner).

Biometrics are convenient and still feel cool, but for really important resources, they increase danger rather than decrease it. For example, imagine that a billion USD is protected by your retina scan; I expect some folks would consider it reasonable to relieve you of your eyes (or even your whole head) for access to that much money.

On the other hand, using them as a username replacement (which still requires some other authentication like a password, and perhaps some two-factor mechanism like an RSA token) makes all kinds of sense. Just don't confuse "identity" with "authentication".

See also http://www.schneier.com/blog/archives/2009/01/biometrics.html and many other pertinent comments by Bruce and others.

Yes, downloading and installing a vim plugin (or using vim in the first place) is indeed reasonably difficult for most people.

That's why PasswordSafe [ http://pwsafe.org/ and http://sourceforge.net/projects/passwordsafe/ originally written by Bruce Schneier http://www.schneier.com/passsafe.html ] is what people need.

It doesn't solve every problem (e.g. key loggers and such things as might be on an untrusted system) but nothing does. It's a very simple, flexible, convenient piece of software that not only securely stores usernames and passwords, but URLs, email address, notes and more with the ability to copy/paste and/or drag/drop and/or autofill forms. Although it is mainly a Windows application, it's FOSS portable installs (e.g. U3) available. There is also a recent Linux port.

At the moment, I have 87 passwords in my primary passwordsafe file with related usernames, URLs, email, notes, password generation parameters, password expirations and more, all stored in a convenient hierarchy where work, banking, retail, hardware and other types of passwords are grouped in a tree that makes sense to me. For folks with simple needs, the hierarchy is optional and the entries can all be a flat list.

Sony's latest debacle has prompted me to wade through all my "important" entries (banks and such) and generate unique, random, secure passwords with expiration dates recommended by my PWsafe settings. Sadly, many of the accounts I created before I started using PWsafe used the same username and password combination for similar sites (e.g. retailers with CC info); I have now made my data much more secure with passwords I could never remember, except that PWsafe now remembers them all for me.

SMS of Death

Bad coding is ubiquitous on all devices running any software. Remember that these are consumer end devices and not scrutinised in the same way as, say, military software is.

Oh, wait...

I've heard about it because Brazilian Federal Police arrested an Al Qaeda member (or sympathizer) in Sao Paulo last year and has taken precautions to ensure that his computer was turned on at the moment of the arrest. The software is called Mujahideen Secrets. Schneier has a small article on it: http://www.schneier.com/blog/archives/2008/02/mujahideen_secr_1.html

Encryption is hard. Really hard to do right.

The NSA can hire the best. It's entirely possible that they (or some other comparable agency) hired somebody to inject a weakness into it's algorithms that would only be noticed in a code audit by somebody extremely skilled in the art. I'm not saying there's a backdoor such as "if you == NSA, decrypt everything!" but there may be something that greatly restricts the key combination that must be tested to crack it or something.

Yeah, I agree that's a reasonable concern. That said, TrueCrypt is not only open-source, but also famous enough that heavyweights tend to use it for security research. It's no guarantee, but I think enough knowledgeable people look at it that I'd think it's most likely free of backdoors and known weaknesses.

I do agree that I'd trust open source code more than closed source code in this regard, but it's certainly possible for open source code to have backdoors or weaknesses -- intentional or accidental -- and for nobody to notice it for a long time.

Yeah, you're right, and I had no intention whatsoever of making my post sound like, "open source = safe!!!" I think it's unlikely to contain purposeful weaknesses, but yes, it's not impossible.

Either way, it's irrelevant. Even if bin laden's hard drives were fully encrypted with something with no known weaknesses and no backdoors, I don't doubt that that they still would be able to crack it fairly quickly. The world is full of data encrypted with 256-bit AES protected by a dictionary password. The encryption scheme is rarely the weakest link in the chain.

Schneier runs an open network

In my own experience, I learn that trusting a link is *never* a good practice. You must trust an end-point, an entity, a device. Trusting a link is only a convenience (it eases things).

They SHOULD be hassled if something goes wrong on their open network as a lesson to secure their system.

Why? One can run a perfectly secure network over internet (heard about VPNs), so why someone should be punished when he has an open network at home??? Following your advice, we should put in jail parents of kids stealing in supermarket as a good lesson for not teaching them the importance of respecting property of others.

I left a comment in support of open networks, but Schneir states my argument more cogently than I did myself. Read what he has to say: http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html I couldn't agree more.

However my network does have some unprotected devices. (most noticably: media player) and my wireless router does not have an option to have a second ssid that has internet only routing.

Also this this post from bruce shows that you still might be harressed because of open wifi, even if you end up innocent in the end.

I *like* to help people. Providing password-less wireless access is a nice way to help others. I don't do it at the moment, but only because of time pressures; I hope to do this in the future. It'd be best if there was a common convention that "no password means anyone can use" because there's no other way to make that obvious. In the meantime, I suggest using "public" somewhere in the network name, so that people will know that you're intentionally providing a service to others. Bruce Schneier has similar comments.

Bruce Schneier wrote an insightful essay explaining why he does not protect his wireless node. There are pointers to other essays agreeing and disagreeing with him. I personally agree with Schneier. I consider myself the steward of my Internet connection, more than owner.

Quick note: some analysts have found some completely impractical vulnerabilities in AES-256 (but not AES-128 !?!).
http://www.schneier.com/blog/archives/2009/07/another_new_aes.html

Check this blog post out: http://www.schneier.com/blog/archives/2011/04/software_as_evi.html

Software seems to be considered a perfect witness, never making mistakes. An IP address is little more use than a post code, i.e. it identified a general area where something might possibly have happened but it also trivially easy to fake (just write the wrong one down), is often wrong due to poor record keeping and doesn't identify any particular individual anyway.

AES-256 has been broken under some circumstances, last I checked AES-128 was considered to be more secure.

http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html

Definitely avoid using a real or traceable name in online discussion forums and social sites. Also, avoid embedding your real name into your email address, such as "JohnSurfer@cox.net" or the like.

That's unlikely to help. I'm afraid this fight is already lost

Yes. Eventually.
Reverse engineering and hacking closed stuff is ____NOT___ a victory.
It sends the wrong signals.
'Protected stuff sells just fine'.
'We don't need to worry about little guys stealing our market as the nerds can hack our cheap boxes'.
'Appeasing content providers is an easy buisness model'

The problem with hacking is that it's getting easier to protect stuff.
A decade ago, if you were making a router, you had little choice to make it from a CPU chip, a ROM chip, and a RAM chip.
All soldered to a board, with comparatively accessible traces.

Ok - worst case, you needed to desolder the flash, and it was really annoying to do.

There is almost no way to protect keys in this beyond the 'normal' code obfuscation methods.

Now, increasingly security architecture is moving on-chip, and becoming cheap. Partially as a
side-effect of making devices more flexible.
Many or even most small 32 bit chips now have a small area of ROM that handles the initial boot,
and some user-settable one-time writable memory.

Because it's 'free' (a K or two), these often now include routines that will let the user on initial flash
(or in production of the a large number of chips) say 'only boot from a bootloader with key authenticated
by the in-ROM key'

To get to this key is practically very hard - especially if the vendor has taken measures - covering the few
bytes of ROM in question with metalisation - to prevent this.
You can't get at it with a soldering iron.
You can't often now even get at the off-'chip' RAM or ROM easily now, as it's not on seperate chips, it's on
chips laminated to the CPU.

Geohot - for example - did nothing at all clever cryptographically.
He exploited a basic bug in the implementation that is the sort of thing you get when someone reads the
manpage on a crypto function, and implements it, not really understanding all of the twiddly bits, and leaving
some out.

Getting crypto right with modern chips is getting increasingly easy - it is not more expensive or needing more
hardware to get it right, it simply needs employing someone with a clue to look over your code.
Drop 20K on http://www.schneier.com/ - for example - or basically anyone that's actually understood crypto,
and is not just writing it as a 'normal' program.

The only 'right' way to respond to this is to buy open platforms.
Unfortunately, this is often hard.

Alternatively come in the same colour as the shop assistants. If asked give misleading advice, especially to go to the store round the corner.

Even better, give them brutally honest advice and history lessons. Tell them about the rootkits, the disabling of features on customers devices, the lawsuits, and anything else screwed up that Sony has done to their customers. It would be nice to have some pamphlets made up with all the sordid details (or at least an overview and a URL to find the details) to hand out.

And you're going to 'block sales' without trespassing or obstructing traffic how exactly?

'cmon. Has everybody forgotten how to protest. If the protesters want to get away with it there are so many ways this can be done. Wait until other customers start to arrive in the store. Go into the store (together with more friends than there are assistants). Pretend to be a customer. Demand attention then ask long and annoying but plausible questions about something expensive best of all if it's something you really do want to buy somewhere else. Act unsure; keep all the assistants busy. Then give up. Walk to a different part of the store. Repeat. Alternatively stand outside and be loud. Most customers won't come. Alternatively come in the same colour as the shop assistants. If asked give misleading advice, especially to go to the store round the corner.

Anyway you probably don't care too much about being charged with trespassing. That's the whole point of civil disobedience.

You know, I hope you people who do these things don't object when right wing wackos boycott Ford for 'promoting' homosexuality or anything..

Of course I object; to the homophobia. I don't care about the fact of the boycott if it wasn't for such a bad reason.

P.S. The best way to boycott Sony is not buying their stuff. Buy a Wii instead. That's what I do. I won't be turning up in a Sony store tomorrow because I haven't cared about Sony for years.

a couple of days ago.

Let's just hope they're not rolling out RSA Tokens :)

Recently discussed on Bruce Schneier's blog ("Identifying Tor Users Through Insecure Applications"):

http://www.schneier.com/blog/archives/2011/03/identifying_tor.html

I mean, if I'm not doing anything wrong, what's the problem if Google, the goverment, or such, track me?

By all means read the paper 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy, it will give you lots of reasons for why this is a fallacy. Also recommended reading is Bruce Schneier's blog post about the subject.

...then I'm sure you don't mind sharing your financial details, medical history etc with us, your boss, insurance, etc... It's already electronically available somewhere anyway, right?

(and we're back to the whole "if you have something to hide" debate. I personally side with Schneier on this, privacy is a necessity: http://www.schneier.com/essay-114.html)

How much do you think such a proposal would cost, say, Bruce Schneier when he sends out his Crypto-Gram newsletter to people that have requested it?

Or how about the Linux Kernel Mailing List?

Or the messages Slashdot can send you when someone replies to or moderates your comment? [See the Account link at the top of the screen.]

($0.001 per email) * (many many emails to which the recipient has opted-in) = a lot of money for list owners to pay.

I don't want to see the mailing lists I like all go behind paywalls or stop sending out messages entirely.

Two proverbs say it best: Quis custodiet custodes ipsos? ("Who watches the watchers?") and "Absolute power corrupts absolutely."

Cardinal Richelieu understood the value of surveillance when he famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." Watch someone long enough, and you'll find something to arrest -- or just blackmail -- with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies -- whoever they happen to be at the time.

Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.


- Schneier: The value of privacy

Sorry but when she breaks out the 10 inch "scanner wand" with the straps I'm afraid I'm gonna have to change the channel there bud.

Seriously though how much longer are we gonna keep wasting money on this security theater bullshit? The Israelis aren't doing this crap and they have a hell of a lot more threats to deal with than we do. As Bruce Schneier pointed out with all their "enhanced security" bullshit they still miss 70% of knives,30% of guns, and 60% of fake bombs used to test their system. I think we can all agree for the money being spent that would equal a giant fail in anybody's book.

So maybe we should do as Schneier suggests and better spend that money on intelligence gathering and boots on the ground? Because with stats like that the odds they will actually stop anybody who really wants to do harm is pretty damned slim.

If the private key was actually destroyed, then it cannot be recovered in the timeframe of an election unless the system itself is flawed. Someone needs to read a book.

That was what jumped out at me as well. If the election managers can "reconstruct" a supposed private key - how is that key considered secure? The WHOLE POINT of a private key is supposed to be that you - and ONLY you - have the ability to access it.

Lots of dancing around to avoid using "technical terms". Go google for "Shamir's Secret Sharing" or

http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

I am about 99% certain the Shamir in SSS and the Shamir in RSA are the same Shamir but I'm too lazy to look it up and it doesn't really prove anything other than SSS was designed by a smart guy (then again, most broken systems were also designed by smart guys).

Or more generally:

http://en.wikipedia.org/wiki/Secret_sharing

Anyway, "apt-get install ssss" on a modern system will provide many interesting and informative lab opportunities.

The idea of SSSS is private data can be made public if you can just get X number of people to agree to conspire and pool their shares, where X might be, say, 200.

If the private key was actually destroyed, then it cannot be recovered in the timeframe of an election unless the system itself is flawed. Someone needs to read a book.

That was what jumped out at me as well. If the election managers can "reconstruct" a supposed private key - how is that key considered secure? The WHOLE POINT of a private key is supposed to be that you - and ONLY you - have the ability to access it.

If the private key was actually destroyed, then it cannot be recovered in the timeframe of an election unless the system itself is flawed. Someone needs to read a book.

Really, secret messages from Al Qaeda in Al Jazeera? Why not hidden messages from Al Qaeda on MTV or CNN? That would be just as plausible.

They were worried about those, too. Even now, and especially back then, there was great reluctance to rebroadcast any terrorist video for fear it would contain hidden signals, such as a "go code" or somesuch (steganography). If you were worried about that, Al Jazeera would be the biggest threat vector simply because they normally get the scoop on terrorist videos.

And I suppose I should use a different one on every site I register with. I guess I'll just write these down on the back of the slip of paper where I keep my list of secure passwords.

L0pht phoned from 1998, they want their story back.

http://www.schneier.com/essay-003.html

It is obscure. You can keep saying it's not, but it nonetheless is. (You do the dictionary look-up on that word as homework.)

Combine the tenacity of something like Blaster with the fact that random generally isn't, and such software will land somewhere. Furthermore, I think you genuinely underestimate the number of folks downloading and running such niceties as "FREE Registry Cleaner 9000" and the "OMG PONIES!!!" screensaver, which allows a fair number of seed nodes out of the gate. (I made those names up. You get the point.)

And, of course: Nevermind the fact that such a routeable address will not exactly be secret to begin with: In the absence of NAT, whatever host(s) you communicate with will know this address, and it will no longer be obscure. Given enough datamining on a popular and compromised/ill-intended sites, and producing rather complete maps of an individual's home subnet should be practical.

And speaking practicality: You can have multiple addresses per host. Lots of them. And you can assign them "randomly," and change them periodically. You can multiple firewall rules concocted to mitigate risks individually on these many addresses, and do all manner of other fuckery and confusion (unique addresses for each IPV6 connection pair?) to try to keep things obscure.

But the obscurity will fail. It won't likely fail for you or me (for the same reason I don't plan on winning the lottery), and it won't ever fail for Bruce Schneier (because the force is strong with that one), but it will fail for someone.

So, if we're cannot rely on obscurity by itself, then we'll have to rely on firewalls. This is all well and good, but by the time we firewall the piss out of IPV6 at the border, we've lost most of the advantages of having all of those addresses to begin with.

At that point, one might as well just use NAT and dumb port forwarding anyway, maybe with a couple of extra hooks added to let multicast work and/or some sort of automatia similar to UPnP for those who can't be bothered.

In other news: I've got way more addresses than I can use on my current RFC 1918 subnet. I don't need IPV6 -- the Internet does. I will re-evaluate my position as the environment dictates.

Although you said in jest... REAL security pros do write it down...
http://www.schneier.com/news-101.html

http://www.schneier.com/blog/archives/2005/06/write_down_your.html