Fords don't have a bad mechanism either. They use one's cellphone for sending vehicle health reports and other items. So, instead of checking the forums for the antenna (or antennas) to disconnect, just disable Bluetooth on your phone, or just don't pair your phone up with the Ford console.
If they have data, they can be forced to cough it up, either by a search warrant for criminal cases or via motions of discovery/subpoenas for civil.
So far, this hasn't seemed to have happened, but if it does become public, there will be a backlash, especially OnStar which has the ability to track and disable cars in realtime [1].
[1]: I hope GM knows what they are doing with security, because some group wanting to get themselves on the map could use that ability during a disaster (hurricane, man-made catastrophe, etc.) to disable cars en masse, creating an almost impenetrable barrier for evacuations out of a city. I remember just the compromise of an Austin company that had vehicle disabling devices on their cars by an ex-employee, with the employee disabling all cars, caused a pretty big stir... think of that on a regional level.)
One can always just pull the OnStar antenna and call it done. This is a lot easier than doing a rip-job, and easily reversible when it comes time to sell the car.
The biggest reason to use McAfee is because it has antivirus scanners for AIX, SPARC Solaris, Linux, and other UNIX variants.
Not like this does a single thing useful. However, it does make the legal eagles happy, and in a lot of companies, they have some sworn statement that all computers on their network have antivirus on them... which means when you cut yourself another LPAR, you toss on McAfee and two cron jobs. One updates the definitions, the second does a filesystem scan. It won't ever detect anything but a false positive (barring the machine being used to store documents or Windows stuff), but it does check that box.
As for Windows, I just use the enterprise version of MSE (System Center Endpoint Protection.) All AV products suck, so might as well use something that is ICSA certified, makes the legal eagles happy, and doesn't completely useless-ify a machine. For the real malware protection, a content filter that blocks ad and malware sites by IP is used, in combination with a decent IDS/IPS.
In the MBA course, one is taught that workers are fungible. However, there is one of many problems with that line of reasoning... when morale hits the skids in a company, internal security issues start manifesting themselves, which wouldn't have appeared otherwise, and it might be that the cost of hiring consultants and whipcrackers to bolster internal security is a lot more than just paying a competitive wage and being sparing with the pink slips.
Times have changed. Labor is part of a business's cost, but things have shifted -- materials, licensing, compliance, R&D, transportation costs, insurance, and other overhead costs have dwarfed the cost of payroll.
Take a chicken farm for example. The cost of feed, water, electricity, space to separate sickly livestock from the main herd, coops, licensing, transportation to the market, and other expenses are definitely more than the cost of a few farmhands. However, the farmhands are doing a lot more than a farmhand would do a century ago. They have to keep vehicles maintained, work as livestock vets, perform structural/electrical/plumbing duties, as well as feeding and cleaning out the coops.
As another example of this, one can look at Costco. They are one of the few companies that have not buckled under to MPA-101 and played the worker squeeze game, and they are still profitable.
So, maybe in Marx's time, labor was a major expense, but with automation, squeezing the workers doesn't make as much sense to the bottom line compared to better manufacturing processes.
I also don't get the Instagram analogy. Unlike Kodak, which was a core part of the analog photography process from the film purchased to the development chemicals to the enlarger and the chemicals used for prints, Instagram does nothing vital in the photo chain. I can use an app on my smartphone or tablet, or just fire up the GIMP or Photoshop and get very similar results.
Other than easy to use filters, the biggest thing Instagram offers which is useful is photo storage, and that isn't unique to them. I like hosting photos from my own website (using DigiMarc) so Instagram offers me nothing other than letting advertisers know more about my personal life and throw ads at me. I can easily get by without Instagram. In the past, it would be extremely difficult to be a photographer without interacting some way with Kodak.
I wonder if it is because sprues are easier to understand than proper tool paths.
I'm curious which one makes less waste overall. On one hand, the aluminum from a mill can be binned and recycled, while depending on the 3D printer, there is likely less waste, although what waste there is isn't as easily recycled.
The parts mentioned are needed, but a cover for a cockpit radio [1] are not exactly parts facing extreme wear. If one can sinter the blades for a jet engine damaged by a bird strike, that would be a fundamental technological accomplishment, especially if the blades are balanced and could be installed.
[1]: The black box data/voice recorder enclosure is a different story.
That is the exact beauty of 3D printing [1]. Assuming one had the proper materials on hand for sintering, that pitot tube (without which one can't do much flying, as one doesn't know how fast the plane is going.) which sheared off can be replaced on site as opposed to waiting days for a part to be mailed, especially if one is at a very remote location.
For short runs, there is nothing that beats 3D printing. For high-volume items, things can be different, but it seems to have less waste and less dangerous overall to the clueless than a CNC mill, although there are some tasks which CNC mills excel at (lathes for example) which 3D printing will not get anywhere near the precision unless manually shaped afterwards.
[1] I feel old... I used to know it as stereolithography.
The less on the CANBUS the better. Even if someone couldn't seize control of a device, but force it to crash, that would be a coup for carjackers.
Automakers have a lot of economic disinterest in adequate security measures:
1: Once the vehicle is purchased, aftermarket updates are a cost center.
2: They don't want updates; they need to sell new cars, not just prolong the device life of older vehicles.
3: They rely on security through obscurity too often, and when this breaks, it can be a bonanza for thieves, especially if it offers the ability to open a vehicle without force.
4: It is far easier to stonewall or just sic the battalion of lawyers on someone.
I also prefer an air-gap, and basic functionality (Bluetooth speakers and speakerphone.) If I want a GPS, I can buy one. A GPS in the dash that can't be upgraded can be worse than useless. My current vehicle has a GPS unit, but I have yet to bother using it over Apple's, AT&T's, or Google's offerings. Basic functionality is important... leave the doodads to the doodad makers.
We had this with Facebook in the past. It would pop up a picture and you would match it up with a friend. However, a lot of people use cat pictures, red "=" symbols, just a black picture, or some other cause they are trying to champion. So, choosing between five pictures that are solid black (like Spinal Tap's album) to match up with a friend is pointless.
Of course, challenge/response questions are not great either. Palin can tell one this. Plus, sniff one password, sniff them all.
Recovery of an account is a hard nut to crack, on both the password protection/authentication front, as well as key recovery/escrow.
For key escrow/recovery, in a previous life, a place I worked at (long since bought up by another company) had a no name holding corporation which rented an office. Once past the alarm system (had both duress and holdup alarms), and into a side room, there was a large jewelry safe with glass panels that would fire off relockers if the door was hit with a hammer and a Mas-Hamilton (Now Kaba Mas) X-08 combination lock. The safe had a locked compartment that housed the private keys that were uuencoded and printed out. In the safe were a couple burned CDs with the info as well.
This office (as well as another remote site) provided adequate key recovery for this SMB, although trying to scale up from that would be tough.
Authentication is easier... you don't have to have the exact key, just prove that you are whom you claim to be. For a lot of things, having a website text a person number with a 4-6 digit code, and one inputting that in a website is good enough, especially if the SMS protocol gets augmented by better security a la Apple's iMessage. This isn't 100% though, especially if the number gets cut off by the telco. However, combining this with a scratch off card with some one use numbers might cover more bases, although if one loses everything (phone, scratch off card) in a fire, they are hosed.
I'm pretty sure this isn't done is due to the example the RIAA made of MP3.com. MP3.com was doing a decent business, but then they offered downloading/streaming if a user put in a CD and their software verified it.
They were utterly destroyed by the RIAA in short order.
I don't think any other companies want to try to dip their toes into that water after that.
The Surface, I'm leery of. However, the Surface Pro is a pretty decent tablet, and that form factor in x86 is starting to have enough CPU and GPU power to be used in a dock as a desktop, but still be able to be used on the road, with a stand and Bluetooth keyboard.
There are a few features, but I wouldn't say there was a UI "fix". That is what Classic Shell is for, or perhaps Windows 8.2.
Under the hood, there are a few nice improvements. The chkdsk command now can check a volume for errors online rather than having to reboot or unmount it. BitLocker works with just a password, no TPM or USB flash drive required (other than for saving the recovery key.) ReFS and volume deduplication are useful. I think there is better SSD support as well.
If one doesn't mind using Classic Shell or dealing with the UI, there are some decent improvements under the hood. However, for the average user, none really are earth-shattering reasons to move from Windows 7.
Solar PV cells don't work well when they get hot, which is why we don't see lens technology on panels unless it is a very small one.
Other than the no-plug aspect, why even bother with this? Instead, make a carport or pole barn, plop some solar panels on that, connect those to an inverter or charge controller, and plug that into the vehicle. It would gain more electricity overall that can be used for the vehicle compared to a Frenel lens series, and it won't fry the cat when he or she plops down by the car for an afternoon nap and the sunbeam shifts, or the vehicle moves back and Pirelli processes Fluffy.
Even better, since the vehicle is likely at an office, add a battery bank. Then, the vehicle can charge a night via just the stored electricity, or a combination of that and mains power.
Assuming this is going to be a company official solution, the IT department should look at Citrix Marketplace and XenDesktop. This will allow use of Citrix Receiver on PC Web browsers, Android devices, and iOS devices.
This is up to par with security, it can be configured to whatever security policies a company has, even including a gateway that one uses a SecurID token to get past, and it is a system that is engineered to handle various corporate and governmental regulations.
Yes, there are other ways, but this is an "official" solution that will pass audits and the legal eagles.
It mainly is an emphasis on going with endpoint security... something which should have been done well before the NSA came to be a boogeyman.
Of course, the article glosses over the biggest gotcha of endpoint encryption... key management. eDiscovery is a major part of business these days, and having a way to recover documents is often mandated by some regulation.
For a small law firm, this isn't a big deal. You get all employees to send stuff out that has the firm's ADK (additional decryption key) attached, and the private part of the ADK is printed out, stored somewhere very secure [1], and that takes care of eDiscovery requirements.
For a bigger company, key management becomes a lot more hairy. If one wants to trade some security for recoverability, S/MIME is usable and fairly easy to get set up on Android, iOS, it is a lot tougher but doable (AFIAK, requires Exchange as a backend.)
[1]: In a previous life, one company I worked for had a holding corporation. This secondary company had a small, unmarked office at a busy office building. The office was protected by an alarm with two codes (normal disarm, disarm + silent alarm), and in the back was a large TL30 x 6 safe with a Mas-Hamilton X-08 (they are up to X-09 now) lock. The safe was used for storing tapes, and a locked compartment similar to a safe deposit box held printed private keys as well as copies burned to optical media. Not 100%, but it did the job of keeping things secure. Of course, said office ended up becoming the company man cave until the business folded.
What about using PGP/gpg, setting up a web of trust, sending the encrypted data via whatever messaging protocol one wants, and not depending on someone else's word that they will destroy data on an expiration date?
Yes, having a promise that a photo will go poof is nice, but this assumes that the client-side DRM is working, and this may not be the case... so might as well just give up pretenses and use something time tested.
Yes, web of trusts take some time to build, but it is more secure than trusting a third party to do all the work.
Here are a few that are mentioned because of importance, or don't first come to mind.
1: The Bible (because good or bad, it influences our society. 2: The Koran (similar to #1) 3: 1984 4: Brave New World 5: The Magna Carta 6: Dale C. Carson's "Arrest-Proof Yourself". This is an important book in the US to learn and understand. People may not agree with it, but it is how things function. 7: Applied Cryptography 8: Atlas Shrugged (one should sometimes read stuff just to show the errors in thought to boost critical thinking.) 9: Communist Manifesto (same as #8) 10: Wealth of Nations (same as #8 and #9)
I wonder about using XenDesktop and Citrix Receiver on the Nexus 7. This isn't as good as a dedicated application, but it is good enough to allow one to use work related stuff, but still have some data separation between the company machines and a BYOD tablet.
One of the few good things I can say about this mess is that applied cryptography is back... something that hasn't been really fundamentally worked on since the mid-1990s when SSL/TLS and SSH were hammered out. People seem to be interested in PGP again, and cryptocurrencies are the rage with preeve saying one Bitcoin is worth $760 at this time.
Of course, one has fears about yet another Internet-related bubble... but this is a place where people coming in to build new stuff is a very good thing. In fact, re-evaluating virtually everything isn't such a bad idea, provided it doesn't mean a blind wheel reinvention.
Some inventions (such as perhaps having SSL use multiple root certificates and a threshold of trust) will have immediate payback. Others (like using FPGA cores to flip to a Harvard architecture to execute security sensitive code) are less real-world, but can eventually become useful at mitigating various types of attacks.
With CPU-level hypervisors, deduplication and copy on write, giving each application not just its own individual memory space, but its own filesystem and system libraries becomes doable. This can further keep things separated.
Of course, this can go one of two ways. We can get actual crypto that works, or a new generation of hucksters selling us black boxes with "trust us, this is secure. No, really, it is secure." as the only proof, similar to how a lot of cloud providers have SLAs of "don't worry, we are secure. We have passwords and firewalls".
#1: MSE or Windows Defender that comes with Windows 8 and newer. AV doesn't catch much anyway, other than Malwarebytes which blocks by IP, something no other products do. In addition, use a browser (Chrome, Opera, Firefox) that has AdBlock. By blocking the malicious sites, that is dealing with most of the infection vectors right there. SpywareBlaster is another nice tool which installs killbits, restrictions, and blacklists cookies.
#2: The cloud can easily kill data as a HDD. I've had a sync error blow away all my Dropbox files. So, having an external drive for backups is important.
#3: This is a wise thing to do, although going with the separate account is keeping it disabled until it is needed.
#4: System restore is bullshit. I've yet to see it actually be of any use against malware. Even against trashed drivers, it is iffish at best.
Previous Versions on documents functionality can be useful, but trying to "restore" the OS using System Restore may bring more pain than it cures. Instead, one should use a backup program that can do image backups, and dump to an external hard disk, switching them out every so often. That way, if one is certain malware stung them at a point of time, they can boot OS media, format the system drives, reload from the stored backup image, or even more secure, format, reload the machine from known good media, reload apps, then recopy the documents. That way, if malware did infect the backup media, the damage is mitigated.
Of course, for crucial documents, backing them up to CD-R, DVD+R, or BD+R is a good thing since once the media is finalized, it will be extremely difficult for malware to tamper with a burned copy.
As for cloud storage, it is just another piece of media, like tape, CDs, or USB flash drives. Each has their good points, each has their disadvantages. A good backup procedure uses different media types. A good compromise might be copying files to a TrueCrypt container on a Dropbox partition.
Slashdot Mirror
The problem is when one likes the trainwreck politicos, those likes seem to get propagated to friends, and they start to question my sanity.
What I'd like to have is a context split. A "follow" button which is no way the same thing as a "like" button.
Fords don't have a bad mechanism either. They use one's cellphone for sending vehicle health reports and other items. So, instead of checking the forums for the antenna (or antennas) to disconnect, just disable Bluetooth on your phone, or just don't pair your phone up with the Ford console.
If they have data, they can be forced to cough it up, either by a search warrant for criminal cases or via motions of discovery/subpoenas for civil.
So far, this hasn't seemed to have happened, but if it does become public, there will be a backlash, especially OnStar which has the ability to track and disable cars in realtime [1].
[1]: I hope GM knows what they are doing with security, because some group wanting to get themselves on the map could use that ability during a disaster (hurricane, man-made catastrophe, etc.) to disable cars en masse, creating an almost impenetrable barrier for evacuations out of a city. I remember just the compromise of an Austin company that had vehicle disabling devices on their cars by an ex-employee, with the employee disabling all cars, caused a pretty big stir... think of that on a regional level.)
One can always just pull the OnStar antenna and call it done. This is a lot easier than doing a rip-job, and easily reversible when it comes time to sell the car.
The biggest reason to use McAfee is because it has antivirus scanners for AIX, SPARC Solaris, Linux, and other UNIX variants.
Not like this does a single thing useful. However, it does make the legal eagles happy, and in a lot of companies, they have some sworn statement that all computers on their network have antivirus on them... which means when you cut yourself another LPAR, you toss on McAfee and two cron jobs. One updates the definitions, the second does a filesystem scan. It won't ever detect anything but a false positive (barring the machine being used to store documents or Windows stuff), but it does check that box.
As for Windows, I just use the enterprise version of MSE (System Center Endpoint Protection.) All AV products suck, so might as well use something that is ICSA certified, makes the legal eagles happy, and doesn't completely useless-ify a machine. For the real malware protection, a content filter that blocks ad and malware sites by IP is used, in combination with a decent IDS/IPS.
Correction: MBA-101.
In the MBA course, one is taught that workers are fungible. However, there is one of many problems with that line of reasoning... when morale hits the skids in a company, internal security issues start manifesting themselves, which wouldn't have appeared otherwise, and it might be that the cost of hiring consultants and whipcrackers to bolster internal security is a lot more than just paying a competitive wage and being sparing with the pink slips.
Times have changed. Labor is part of a business's cost, but things have shifted -- materials, licensing, compliance, R&D, transportation costs, insurance, and other overhead costs have dwarfed the cost of payroll.
Take a chicken farm for example. The cost of feed, water, electricity, space to separate sickly livestock from the main herd, coops, licensing, transportation to the market, and other expenses are definitely more than the cost of a few farmhands. However, the farmhands are doing a lot more than a farmhand would do a century ago. They have to keep vehicles maintained, work as livestock vets, perform structural/electrical/plumbing duties, as well as feeding and cleaning out the coops.
As another example of this, one can look at Costco. They are one of the few companies that have not buckled under to MPA-101 and played the worker squeeze game, and they are still profitable.
So, maybe in Marx's time, labor was a major expense, but with automation, squeezing the workers doesn't make as much sense to the bottom line compared to better manufacturing processes.
I also don't get the Instagram analogy. Unlike Kodak, which was a core part of the analog photography process from the film purchased to the development chemicals to the enlarger and the chemicals used for prints, Instagram does nothing vital in the photo chain. I can use an app on my smartphone or tablet, or just fire up the GIMP or Photoshop and get very similar results.
Other than easy to use filters, the biggest thing Instagram offers which is useful is photo storage, and that isn't unique to them. I like hosting photos from my own website (using DigiMarc) so Instagram offers me nothing other than letting advertisers know more about my personal life and throw ads at me. I can easily get by without Instagram. In the past, it would be extremely difficult to be a photographer without interacting some way with Kodak.
I wonder if it is because sprues are easier to understand than proper tool paths.
I'm curious which one makes less waste overall. On one hand, the aluminum from a mill can be binned and recycled, while depending on the 3D printer, there is likely less waste, although what waste there is isn't as easily recycled.
The parts mentioned are needed, but a cover for a cockpit radio [1] are not exactly parts facing extreme wear. If one can sinter the blades for a jet engine damaged by a bird strike, that would be a fundamental technological accomplishment, especially if the blades are balanced and could be installed.
[1]: The black box data/voice recorder enclosure is a different story.
That is the exact beauty of 3D printing [1]. Assuming one had the proper materials on hand for sintering, that pitot tube (without which one can't do much flying, as one doesn't know how fast the plane is going.) which sheared off can be replaced on site as opposed to waiting days for a part to be mailed, especially if one is at a very remote location.
For short runs, there is nothing that beats 3D printing. For high-volume items, things can be different, but it seems to have less waste and less dangerous overall to the clueless than a CNC mill, although there are some tasks which CNC mills excel at (lathes for example) which 3D printing will not get anywhere near the precision unless manually shaped afterwards.
[1] I feel old... I used to know it as stereolithography.
The less on the CANBUS the better. Even if someone couldn't seize control of a device, but force it to crash, that would be a coup for carjackers.
Automakers have a lot of economic disinterest in adequate security measures:
1: Once the vehicle is purchased, aftermarket updates are a cost center.
2: They don't want updates; they need to sell new cars, not just prolong the device life of older vehicles.
3: They rely on security through obscurity too often, and when this breaks, it can be a bonanza for thieves, especially if it offers the ability to open a vehicle without force.
4: It is far easier to stonewall or just sic the battalion of lawyers on someone.
I also prefer an air-gap, and basic functionality (Bluetooth speakers and speakerphone.) If I want a GPS, I can buy one. A GPS in the dash that can't be upgraded can be worse than useless. My current vehicle has a GPS unit, but I have yet to bother using it over Apple's, AT&T's, or Google's offerings. Basic functionality is important... leave the doodads to the doodad makers.
We had this with Facebook in the past. It would pop up a picture and you would match it up with a friend. However, a lot of people use cat pictures, red "=" symbols, just a black picture, or some other cause they are trying to champion. So, choosing between five pictures that are solid black (like Spinal Tap's album) to match up with a friend is pointless.
Of course, challenge/response questions are not great either. Palin can tell one this. Plus, sniff one password, sniff them all.
Recovery of an account is a hard nut to crack, on both the password protection/authentication front, as well as key recovery/escrow.
For key escrow/recovery, in a previous life, a place I worked at (long since bought up by another company) had a no name holding corporation which rented an office. Once past the alarm system (had both duress and holdup alarms), and into a side room, there was a large jewelry safe with glass panels that would fire off relockers if the door was hit with a hammer and a Mas-Hamilton (Now Kaba Mas) X-08 combination lock. The safe had a locked compartment that housed the private keys that were uuencoded and printed out. In the safe were a couple burned CDs with the info as well.
This office (as well as another remote site) provided adequate key recovery for this SMB, although trying to scale up from that would be tough.
Authentication is easier... you don't have to have the exact key, just prove that you are whom you claim to be. For a lot of things, having a website text a person number with a 4-6 digit code, and one inputting that in a website is good enough, especially if the SMS protocol gets augmented by better security a la Apple's iMessage. This isn't 100% though, especially if the number gets cut off by the telco. However, combining this with a scratch off card with some one use numbers might cover more bases, although if one loses everything (phone, scratch off card) in a fire, they are hosed.
I'm pretty sure this isn't done is due to the example the RIAA made of MP3.com. MP3.com was doing a decent business, but then they offered downloading/streaming if a user put in a CD and their software verified it.
They were utterly destroyed by the RIAA in short order.
I don't think any other companies want to try to dip their toes into that water after that.
The Surface, I'm leery of. However, the Surface Pro is a pretty decent tablet, and that form factor in x86 is starting to have enough CPU and GPU power to be used in a dock as a desktop, but still be able to be used on the road, with a stand and Bluetooth keyboard.
There are a few features, but I wouldn't say there was a UI "fix". That is what Classic Shell is for, or perhaps Windows 8.2.
Under the hood, there are a few nice improvements. The chkdsk command now can check a volume for errors online rather than having to reboot or unmount it. BitLocker works with just a password, no TPM or USB flash drive required (other than for saving the recovery key.) ReFS and volume deduplication are useful. I think there is better SSD support as well.
If one doesn't mind using Classic Shell or dealing with the UI, there are some decent improvements under the hood. However, for the average user, none really are earth-shattering reasons to move from Windows 7.
I have a few things to add as well:
Solar PV cells don't work well when they get hot, which is why we don't see lens technology on panels unless it is a very small one.
Other than the no-plug aspect, why even bother with this? Instead, make a carport or pole barn, plop some solar panels on that, connect those to an inverter or charge controller, and plug that into the vehicle. It would gain more electricity overall that can be used for the vehicle compared to a Frenel lens series, and it won't fry the cat when he or she plops down by the car for an afternoon nap and the sunbeam shifts, or the vehicle moves back and Pirelli processes Fluffy.
Even better, since the vehicle is likely at an office, add a battery bank. Then, the vehicle can charge a night via just the stored electricity, or a combination of that and mains power.
Assuming this is going to be a company official solution, the IT department should look at Citrix Marketplace and XenDesktop. This will allow use of Citrix Receiver on PC Web browsers, Android devices, and iOS devices.
This is up to par with security, it can be configured to whatever security policies a company has, even including a gateway that one uses a SecurID token to get past, and it is a system that is engineered to handle various corporate and governmental regulations.
Yes, there are other ways, but this is an "official" solution that will pass audits and the legal eagles.
It mainly is an emphasis on going with endpoint security... something which should have been done well before the NSA came to be a boogeyman.
Of course, the article glosses over the biggest gotcha of endpoint encryption... key management. eDiscovery is a major part of business these days, and having a way to recover documents is often mandated by some regulation.
For a small law firm, this isn't a big deal. You get all employees to send stuff out that has the firm's ADK (additional decryption key) attached, and the private part of the ADK is printed out, stored somewhere very secure [1], and that takes care of eDiscovery requirements.
For a bigger company, key management becomes a lot more hairy. If one wants to trade some security for recoverability, S/MIME is usable and fairly easy to get set up on Android, iOS, it is a lot tougher but doable (AFIAK, requires Exchange as a backend.)
[1]: In a previous life, one company I worked for had a holding corporation. This secondary company had a small, unmarked office at a busy office building. The office was protected by an alarm with two codes (normal disarm, disarm + silent alarm), and in the back was a large TL30 x 6 safe with a Mas-Hamilton X-08 (they are up to X-09 now) lock. The safe was used for storing tapes, and a locked compartment similar to a safe deposit box held printed private keys as well as copies burned to optical media. Not 100%, but it did the job of keeping things secure. Of course, said office ended up becoming the company man cave until the business folded.
What about using PGP/gpg, setting up a web of trust, sending the encrypted data via whatever messaging protocol one wants, and not depending on someone else's word that they will destroy data on an expiration date?
Yes, having a promise that a photo will go poof is nice, but this assumes that the client-side DRM is working, and this may not be the case... so might as well just give up pretenses and use something time tested.
Yes, web of trusts take some time to build, but it is more secure than trusting a third party to do all the work.
Here are a few that are mentioned because of importance, or don't first come to mind.
1: The Bible (because good or bad, it influences our society.
2: The Koran (similar to #1)
3: 1984
4: Brave New World
5: The Magna Carta
6: Dale C. Carson's "Arrest-Proof Yourself". This is an important book in the US to learn and understand. People may not agree with it, but it is how things function.
7: Applied Cryptography
8: Atlas Shrugged (one should sometimes read stuff just to show the errors in thought to boost critical thinking.)
9: Communist Manifesto (same as #8)
10: Wealth of Nations (same as #8 and #9)
I wonder about using XenDesktop and Citrix Receiver on the Nexus 7. This isn't as good as a dedicated application, but it is good enough to allow one to use work related stuff, but still have some data separation between the company machines and a BYOD tablet.
One of the few good things I can say about this mess is that applied cryptography is back... something that hasn't been really fundamentally worked on since the mid-1990s when SSL/TLS and SSH were hammered out. People seem to be interested in PGP again, and cryptocurrencies are the rage with preeve saying one Bitcoin is worth $760 at this time.
Of course, one has fears about yet another Internet-related bubble... but this is a place where people coming in to build new stuff is a very good thing. In fact, re-evaluating virtually everything isn't such a bad idea, provided it doesn't mean a blind wheel reinvention.
Some inventions (such as perhaps having SSL use multiple root certificates and a threshold of trust) will have immediate payback. Others (like using FPGA cores to flip to a Harvard architecture to execute security sensitive code) are less real-world, but can eventually become useful at mitigating various types of attacks.
With CPU-level hypervisors, deduplication and copy on write, giving each application not just its own individual memory space, but its own filesystem and system libraries becomes doable. This can further keep things separated.
Of course, this can go one of two ways. We can get actual crypto that works, or a new generation of hucksters selling us black boxes with "trust us, this is secure. No, really, it is secure." as the only proof, similar to how a lot of cloud providers have SLAs of "don't worry, we are secure. We have passwords and firewalls".
Not really. Encryption isn't going to be a performance issue on any machine made in the past decade.
Very good points. My few additions:
#1: MSE or Windows Defender that comes with Windows 8 and newer. AV doesn't catch much anyway, other than Malwarebytes which blocks by IP, something no other products do. In addition, use a browser (Chrome, Opera, Firefox) that has AdBlock. By blocking the malicious sites, that is dealing with most of the infection vectors right there. SpywareBlaster is another nice tool which installs killbits, restrictions, and blacklists cookies.
#2: The cloud can easily kill data as a HDD. I've had a sync error blow away all my Dropbox files. So, having an external drive for backups is important.
#3: This is a wise thing to do, although going with the separate account is keeping it disabled until it is needed.
#4: System restore is bullshit. I've yet to see it actually be of any use against malware. Even against trashed drivers, it is iffish at best.
Previous Versions on documents functionality can be useful, but trying to "restore" the OS using System Restore may bring more pain than it cures. Instead, one should use a backup program that can do image backups, and dump to an external hard disk, switching them out every so often. That way, if one is certain malware stung them at a point of time, they can boot OS media, format the system drives, reload from the stored backup image, or even more secure, format, reload the machine from known good media, reload apps, then recopy the documents. That way, if malware did infect the backup media, the damage is mitigated.
Of course, for crucial documents, backing them up to CD-R, DVD+R, or BD+R is a good thing since once the media is finalized, it will be extremely difficult for malware to tamper with a burned copy.
As for cloud storage, it is just another piece of media, like tape, CDs, or USB flash drives. Each has their good points, each has their disadvantages. A good backup procedure uses different media types. A good compromise might be copying files to a TrueCrypt container on a Dropbox partition.