Slashdot Mirror
Just How Paranoid Are You?
An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"
Like I'm going to discuss that here on Slashdot! You know who might be reading.
I have OpenBSD on my firewall and main work machine. Encrypted partitions too. GPG everything. My Windows 2000 game machine is locked tight and on a DMZ without IE being used. My monitor is wrapped in tinfoil, naturally, with a small cutout just large enough to have a 640x480 window viewable. I wrapped my mouse in tinfoil but that made it hard to use so I cut a hole in the bottom which allowed the light to hit the desk surface. Problem there was the desk was wrapped in tinfoil, too. So I made my own mousepad because I don't trust the ones made by The Man. It's made from a dead rabbit I found on the street. I flattened it out and dehydrated it. When I need a random number I pinch some fur and pull. however many strands of fur I get in that pull is the random number I use. Of course I need a new mousepad every few weeks as I never reuse the same tuft of fur twice. Never trust the PRNG in any OS, even OpenBSD. Theo is watching. Speaking of that, the other day I was installing OpenBSD 3.6 on a new machine and then I realized... CDs are a form of RFID tag. The unique bit patterns on them can be detected from space. So I wrap my CDs in tinfoil when not in use. Speaking of tinfoil, I find it best to buy the cheapest stuff from dollar stores. They don't usually use the UPC barcoding at those places. Just "$1.. $1.. $1..". Barcode readers don't use OpenBSD but I think Theo is trying to get in there. Speaking of barcodes, the other day I pulled a package of gum from my pocket and the person I was with said "Ohh... Spearmint!" I ran away. He obviously has a remote UPC scanner and knew that I had spearmint gum. He says the wrapper was in plain site but I think that's just an excuse.
Trolling is a art,
After all, doesn't everyone have my best interests at heart? Why, just the other day, a nice Nigerian man sent me an e-mail about a wonderful offer, and I don't even know him!
Hellooooo, Mr. Government Man!
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
My computer is encased in Carbonite, and it is stored in a file cabinet in the basement with a sign on the door "Beware of Leopard". The password? I tore it to bits, put bacon grease on it, and fed it to the dog. However, these measures are not enough for security: the machine itself happens to be one of those cardboard replica PCs you find on furniture in the back of "Staples". No WAY you gonna hack this sucker!
Don't blame Durga. I voted for Centauri.
Rename allMyPron.zip to mssys.dat
I run only knoppix Live CD, and I incinerate my RAM after I am done just to be sure there's nothing left on that RamDisk. Kingston loves me now!
Thanks for letting us know you have a 30 character password. That'll be much easier to crack than having to deal with 1 - 29 and 31 - infinity length password.
-- There is no sig line, only Zuul.
I keep a bunch of nerds surrounding my house for security. I feed them doritos and keep them motivated by issuing fake Duke Nukem Forever press releases. When I see them becoming too docile, I toss Windows Magazine at them to get them all riled up.
I always save my last mod point to mod up a good troll. You people are too serious.
Who wants to know?
Oh, yeah......and I DO pay attention to my logs, so that dude at 67.13X.XXX.XX in Vancouver Washington who linked to my machine from Slashdot just now and is trying to get access, I am watching you as we speak . A little more work and I can have your GPS coordinates too. :-)
Visit Jonesblog and say hello.
"I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?""
:)
I just crack your system and store my stuff there.
I made an end run on this whole problem. With some carefully executed electro shock therapy, I erased all of my personal information from my own brain!
Just try your evil identity theft tricks now!
Sometimes my arms bend back.
Never thought of effecting security by relocating my home server to the no-man's-land in the middle of the Korean peninsula. I think you may be on to something. No one would ever think to check there!
Don't blame Durga. I voted for Centauri.
At home, I am not nearly as worried about "Big Brother" as I am my actual big brother. Therefore my first line of defense is a "No Big Brothers Allowed" sign on my bedroom door, with some skulls-and-crossbones for added effect.
Ut Tensio, Sic Vis
I don't even bother with passwords on most of my machines, not even for root.
Hmmm. You do know that in Windows you can just unplug the network cable and plug it back whenever you want, and things will Just Work -- no need to reach for "ifconfig eth0 up", right?
I pile my old computer hardware into a wall around the house, and from time to time pour gasoline and light it on fire. A hadware firewall. The neighbors don't appreciate it, but it gives me a lot of security
Turns out bad sex is better than no sex. I'll have to be more grateful for what I get with the next girlfriend.
...this is just a trick post to lure me out.
tasks(723) drafts(105) languages(484) examples(29106)
How far will you go to protect your pr0n collection from your wife's prying, suspicious eyes? :)
I have to scan my butt cheeks to gain access to my pr0n collection.
Sorry, won't happen again. I mixed it up with a goat-porn link.
256-bit AES?
That's nothing.
Try a removable HD with a small thermite "charge" inside ignited on removal from the drive bay. Instant HD slush.
Off-site secure storage, of course, but the second the black-ops guys storm the house that HD is gone.
Then you turn off his power, cut his phone line, and cause his gas oven to blow up. Ohh. wait.. real life doesn't follow movie rules about what "hackers" can do?
Anyone without a strong root password is likely to have a strong root password provided for them by an "outside consultant". :-)
Life is short: void the warranty.
My hard drives are covered with thermite packs set to ignite every day at 1:57pm unless the code is entered. If they capture me, and I cant enter the code, my PC will self-destruct. My case is pressurized; any change in pressure will set off the thermite. My computer room is an access-controlled area patrolled by ninjas and attack dogs. The floor is pressure sensitive and there are cameras. The only possible weak point is the oversized ventilator shaft that goes directly over the room.
But nobody knows about that.
I keep my data on a proprietary system of my own devising - the gibbon/pigeonhole arrangement:
Deep inside my personal mountain lair is my own manually operated paperbased datacentre housing a colony of approximately 6,000 intricately trained gibbons who perform the day to day roles of system administration and data archiving.
When I access my partitions from windows in the comfort of my home, I'm not browsing local hard drives, oh no. I have had one of my gibbons integrate his brain into the windows kernel so that he is at one with my filesystems. I call him Ook. When I read/write to the partitions, Ook interprets the commands and passes them on to a waiting messenger gibbon, using a custom developed encrypted adaptation of the gibbon language, unintelligible to other gibbons in case big brother trains some gibbons of his own and infiltrates my workforce.
Anyway, the messenger gibbons (who are hand picked in a rigorous training scheme for their incredible memories) scamper off to my mountain datacentre, passing through retinal, palm, and voice identification scans, before entering a 128bit hexadecimal password (case sensitive) into a keyboard that is not QWERTY in format, but is made up of blocks in the ground which must be jumped on to enter each character. The blocks aren't labelled as such, but are cryptically imprinted with pictorial representations of the alphanumeric characters they represent (eg: picture of toast, rhymes with ghost, ghosts are scary, scary rhymes with hairy, hairy has five letres, thereforce that block represents the number 5, see?).
So anyhow, once the messenger gibbon enters the secure area of my datacentre, he passes the message on to one of the worker gibbons, light in build and superb gymnasts, who moves to the appropriate pigeon hole in a 2D array laid out on a rock wall measuring more or less 1km square in surface area. Each 5cm^2 pigeon hole houses a piece of paper, on which is written a 32bit binary word. The worker gibbons are trained to encrypt and decrypt the binary strings, as the binary is not regular binary, but is instead shuffled according to a complex mathematical hashing algorithm. Once the gibbon has decrypted and either memorised or modified and re-encrypted the binary, he scampers back to the messenger gibbon and using a proprietary gibbon dance, reports either a fail or a sucess in the operation, along with any data requested for a read operation.
This all comes back up the chain to Ook, who has windows tell me that everything is fine.
I'm sure you can't deny that it's as secure as all get out, and it's pretty much transparent apart from the half hour access times, which makes playing counter strike quite the bitch, but for your everyday Word and Email, it's perfect.
Please go back in time and stop yourself from writing that story before I have the chance to read it...
My password's set to my dog's name.
My dog's name is currently 4$ter*Zf1, but I change it every 90 days.
bp
"Anyone without a strong root password is likely to have a strong root password provided for them by an 'outside consultant'" That would be funnier if it didn't follow:"Yes, of course it's the right cable [le0: NO CARRIER]" "Outside consultants" usually don't care about machines with no network access- even if they can break in and get it.
Ohh. wait.. real life doesn't follow movie rules about what "hackers" can do?
Shhhh... don't tell people that!!! I like the all-consuming power I have as a computer geek.
Find coupons in Greeley
30 character password
... [later:] bamm, fracking puter lands on the sidewalk.
Now, that;s not paranoid, just plain stupid. Just imagine, early in the morning, quickly checking mail before tumbling out the door going to work, and I mistype 1 character: bamm, type again, mistype 1 character again: bamm, type again,
Why would someone do such a thing to oneself, being sane to a very minimal extent ? Buy a darn iris scanner, or fingerprint authentication stuff, whatever floats your boat. But 30 chars to type just to get into your spyware-house ? Get a life.
Regarding the main question, i.e. being paranoid: one can efficiently and effectively protect even a Windows PC without becoming, well, posessed.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
"I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"
You call that security? I have my computer rigged up to some C4, that's set to detonate you type in and incorrect password, all of my files are translated into swahili before being encrypted in 512bit encryption, before it's all put onto a hardrive enclosed in tin foil so the commies can't scan it using their radar (cos RADAR KNOWS EVERYTHING, cos I saw some film about it once), and if I ever need to print something out I print it in white ink so nobody can see it, and don't even get me started on software...
Man, you have it easy - call that security?
My Linux Command of the Day site : LCOD
Is there a way to encrypt a filesystem so that it has two different decryption keys. Where one key will hide the real stuff and the other key is a dummy key that will decrypt my stuff to look like an innocent adult porn viewer.
There is some truth in what you say but it is impractical. My mind just doesn't have enough space to store 160gigs of pr0n.
It's hard to soar like an eagle when you're surrounded by turkeys.
"I'm so paranoid, I think the guy in front of me is following me the long way around [the earth]."
Dilbert: I'll just reprogram your computer through the LAN so it's radiation will alter your DNA.
Marketing: You can do that?
Dilbert: As far as you know!
I google for 2 minutes and find a great instructional video on how to open said laptop lock with a piece of paper and some tape.
A few days go by, a new directive: "Please keep your laptop locked away in a drawer when you leave for the day."
So I have a dual homed laptop that is doing nothing but NAT, port filtering and routing using IPTables under linux. Is that a hardware or a software firewall?
09F911029D74E35BD84156C5635688C0
Jesus loves you, I think you suck
I have to scan my butt cheeks to gain access to my pr0n collection.
Either the software you're using for facial recognition sucks, or you are one ugly mofo.
It's funny you should mention that. What you wrote reminded me of something that happened at a previous job. I'd been working there for about a 3 months as the campus netadm. Myself and another coworker had just gotten back from a trip to a peer campus to inspect their network and "get some pointers." (apparently they thought I needed to see how another campus did it so I'd know how...) The network I'd inherited was as flat as a board and had grown well beyond a reasonable means. It was fairly sizeable (seen much bigger networks but this was a nice sized one). Anyhow, my coworker and I were in the conference room getting more or less debriefed by someone that quite frankly had no business involving themself in the matter. This person assumed everyone worked for them which of course we didn't. Nevertheless we were being debriefed. My coworker and I started talking about routing. He wasn't a network guy but he was pretty smart and had a fair grasp of the basics. The other person just sat their and listened as we brain-stormed. As soon as I mentioned routers she butted in and said she knew all about routers and that we were to absolutely not to use software routers but to only use hardware routers. I told her they were basically the same thing when it got down to it. "All routers have software "running" on them," I told her. Oh no. She repeated that none of our routers were going to be running software of any kind, that software routers were junk and that we were supposed to use hardware routers only. So I asked her, "do you mean routers with no software, where you manually configure them with wires, jumpers and dip switches?" She replied that that was right and that's what she wanted (nevermind that she had no say in the matter). My coworker and I just looked at each other, and then moved on. My colleagues and friends that were privy to the story thereafter called her "Dip." Seemed appropriate to us in more ways than one.
Then you turn off his power, cut his phone line, and cause his gas oven to blow up. Ohh. wait.. real life doesn't follow movie rules about what "hackers" can do?
Quiet you! I'm busily hacking into the orbital defense satellite system to shoot a plasma cannon at the interloper.
No honey, it's not a pr0n site... that's just a slick facade the government uses to hide access to their weapons platform controls... yes, this will take a while...
NB: Not responsible for the reactions of the humor impaired.
A Human Right
Finally, someone explains what .NET is supposed to do.
~Idarubicin
My computer is a 286 and runs a 1988 version of SCO Xenix. I feel reasonable sure nobody is targeting viruses at me.
When I'm not using my computer, I pour 15,000 lbs of concrete over it. Granted, this makes it hard to just "sit down and hack." Last week, my dad called and said "Read your email, I sent you something important." My stupid upstairs neighbour called the cops over the sound of the jackhammer at 2 AM. Stupid neighbour.
My internet connection is a 110 baud modem. It's not connected to my computer, but rather to a teletype, which prints out the incoming packets. I manually enter the packets using an old morse code key (long=0, short=1). I have the same setup attached to my computer. I am now up to 75 bps in two-handed morse-code-binary transcription.
The password to my computer is set to the winning numbers in next week's lottery. Unfortunately, this means I can only log in within one hour after the lottery draw, because that's the only time I know the pastword. One of my friends suggested I instead use the fact that my computer is predicting the winning numbers to enter the lottery, but that would be revealing my password. Stupid friend.
The key with evil TLAs is invisibilty, deniability, then security. If they ever see you, you've lost 1 line, so you better be very sure of the second line, because on that 3rd line you are playing a David vs Goliath game.
To keep yourself invisible is easy. Keep your nose clean, and don't do anything to attract attention.
If you must make yourself visible, make sure everything is deniable. Cover your tracks, and put out bait to cover you. For example, encode your sensitive data within borderline pornography pictures, then encrypt those pictures with a massive key. Then hide your server in a hollow tree on public land, powered by solar panels, with Wi-fi access protected by WEP, and lose the key. Of course, none of that will really help you when the TLA comes, because these days, they don't need real evidence.
As for physical security: Buy 5 second hand machines from 5 different locations, and only use one. Pick an absurd key size, double it, then double it again. Encrypt everything, hide the machine inside a metal cage, and never ever connect it to anything. Never store a bit of data you don't have to, and never store anything complete. Fill the disks with plausible fake data, or better still, real data of a less serious nature. Your passwords should be machine generated, one time, and never less than 32 chars. Write your own software, and use your own formats. They'll still get in, but at least you'll have made them work.
I'll write a follow up post after I find out who's banging on my door.
"Those who cast the votes decide nothing; those who count the votes decide everything." (attrib. Joseph Stalin)
Or for something equally cryptic and at least somewhat intelligible, try running "top"...
Then, when they ask, you can talk load averages, memory swap, cpu utilization, blah blah blah.
30 seconds of that will put many people right to sleep...
I have no problem with your religion until you decide it's reason to deprive others of the truth.