Run Linux. That's the answer. The silly Windows agent won't run on it, and your files can even be protected through filesystem encryption, and safe from magically being shared with spyware writers, botnet managers, and spam sources.
"I really think the onus is on you here--you keeping repeating the same things, so where's the proof. Let's see a comprehensive study of airline security before and after 9/11?"
Before 9/11: 0 hijackings using planes as weapons
After 9/11: 0 hijackings using planes as weapons
Best of luck to you argumentative types -- I've got some racing to go watch.
Most US flights are "regional" carriers and don't include any class of service other than coach. There is no distinction between the forward lavatory and the rear. The restriction on "congregating" near the forward lavatory is pure security theater.
I never ever used the word moron. Kindly don't put your words in mouth.
Second, while I agree with 90% of what Bruce says, I disagree with the idea that 300 people who have seen Passenger 57 are in some way a part of a successful response to a terrorist attack.
On "the cockpit door" (which I brought up as a positive thing in this thread yesterday) there is a difference between "cockpit door to prevent incursion into the cockpit" (for which it is effective) and "cockpit door to prevent all attack vectors including hijacking through coercion" (for which is is ineffective.)
E
Thanks for saying "read at least the..." I recommend you read this whole thread. It will help you understand what the posters actually said.
Hardened cockpit doors deal with the attack vectors of 8 years ago, nothing going forward.
3/4 of a loose-knit association of any terrorist who wants to claim it never happened. Al Qaeda isn't a country-club that has a set number of members and if you go and kill some of them in Afghanistan -- or pretend they're really in Iraq and go kill random people who hate you there -- you don't impact them.
Even if Al Qaeda WAS an organization *LOL*, that is one name of many of terrorist groups. Removing 3/4 of one group is like scratching half of one itching point. That doesn't increase security -- it just removes the bad terrorists (the ones who got caught or found out) and through Darwinism allows the better terrorists to advance.
You're still thinking in the past. Steering into skyscapers is an 8-year old attack vector.
The point of security is to prevent a future attack vector, and the boxcutter at the throat does well. A simple phrase like "We're not going to crash we just want to go to X" will prevent anyone from rushing the attackers, potentially risking the lives of the flight attendants. Your fat ass will stay in its seat as will those of the hundreds of people you think would follow you in your playstation-fantasy of a situation. One day when you're in a real life/death situation you'll find it's not quite as easy as your slashdot-keyboard-aloofness suggests.
In any event it's not relevant what boasters like you claim they'll do. That's not "security" and it's not "enhanced security" and it didn't make flying after 9/11 any safer, and that's what the OP was talking about.
Here's a Cliff's notes version of this little portion of the discussion about why you should NOT TRUST STRONGWEBMAIL to be safe and secure:
What I said: There's no additional security.
What others have said: But there's newer screening technology.
What I said: The puffer machines only detect fine residue of gunpowder and explosives.
What others have said: But people will rise up on the plane.
What I said: That's not security. That's people rising up on the plane. Easily stopped through coercion or acid in the face.
What others have said: Ha, you just like to say security theater (note the spelling of theater)
What I said: It IS security theater, it's not security.
So if you've read all this and grokked the big words, you'll know that it comes down to this:
Strongwebmail was hacked.
It is not secure.
The OP said he'd trust Strongwebmail BECAUSE they were hacked because NOW (that they'd been hacked) they'll be really secure... just like airports after 9/11.
I said airports were no more secure after 9/11, and still aren't.
And here we are.
That's a red herring. Today's pilots don't know whether the terrorist of tomorrow wants to use the plane as a weapon (as did the one occurrence in 2001) or whether they have other goals they wish to accomplish. These same N terrorists (pick a number -- the lack of security won't prevent ten boxcutters from being brought on board any more than they'd not prevent 4 being brought on board) can threaten a LARGE number of innocent women, children, and men.
Pilots will likely respond and land the plane. Sure, it won't be used as a weapon (but that was the 8-year-old plan... not tomorrow's plan). They can still get hundreds of hostages.
Going back to my original point. THERE IS NO MORE SECURITY TODAY. The Pilots' attitude is not a result of heightened security nor better screeners, nor the creation of DHS nor anything else.
Again, the web site does not provide stronger security. The airlines do not provide stronger security. There is equal lack of realism in saying "I'd rather fly now than before 2001" as "I'd rather trust strongwebmail now rather than before they were hacked." Neither has improved their security.
"Heightened awareness" of untrained personnel yield more chaos and more chaffe, not more data. Sorry.
Body pat downs are security theater. The 9/11 terrorists didn't have boxcutters on them nor would that have been found in a pat down.
Newer equipment has only been installed in test markets to do the "puff" test. It detects gunpowder or explosive residue. Neither the "liquid explosive" (myth) nor the boxcutters can be detected by it.
Under-cover air-marshals board first, and keep their jackets on. IF THEY WERE ADEQUATELY TRAINED, NOT CORRUPT (see many news stories to the contrary) then they might make a difference but not for any real scenarios.
You forgot to mention "reinforced cockpit doors" and "not congregating at the toilet." These also, like the former, do not prevent a terrorist with a boxcutter from putting it to the throat of a flight attendant (and four of them doing so to all four flight attendants) and threatening to kill them all.
Before you argue whether such an attack would be successful -- consider this -- if they can do it (which they can) then security since 9/11 has not increased which is exactly what I said.
"Who says security theater isn't effective?"
It's effective as mediocre entertainment if someone you don't like has to go through it.
There was nothing done after 9/11 to raise the level of security for the flying public. That includes the period right after 9/11 up to and including today. Everything that was done was in the spirit of "security theater" (credit: Bruce Schneier).
Strongmail isn't the "best" (whatever criteria you use for "best") webmail site for "security" (whatever your definition of "security"). It's proven that it's easily cracked, and that is in and of itself a stay-away sign.
I didn't say failure to acknowledge the cable made it more secure. What I said is that failure to list it on the maps does not make it more secure. Nobody needs to "acknowledge" it (whatever that means). What they need to do is list it on maps just like all other F/O cables so it doesn't stand out.
Your analogy with SSH is nice, but not cryptologically meaningful. You've created a defense that would defeat an unsophisticated attacker. We do not design security to defeat unsophisticated attacks. The sophisticated attacker isn't fooled by port-renumbering or other obscurity. It doesn't "help" nor "make it harder" in any cryptologically significant manner.
So, yes, 5 locks are more secure than 4 locks. Anyone who can break 4 will break 5, so it's not significant. Similarly hiding the port number is more secure than not hiding the port number. However, it doesn't change a one-hour break into more than a one hour one minute break.
It's a shame that the agencies entrusted with our country's security don't have the training in real security. Security through obscurity is not security; it's a sham. If these "black cables" were properly identified as "fiber optic conduits" they would be as much of a nontarget as any other.
On another note, fiber optic bundles have a copper core so they can be found by magnetic detectors (and the "blue stake people") to avoid being hit by a backhoe strike. It's more unlikely that the contractor failed to check for the cable than the Federal Government has special backhoe-attracting cable.
Those who don't document don't have job security. They are an insecure leach sucking up a paycheck fearing -- and rightfully so -- the day they are going to be replace.
Those who DO document show their value to the organization, and should have no fear of being replaced. Their position is secure -- and should they go elsewhere -- they have something to show of and for their work.
I disagree with the parent vehemently and will say so based on years of experience as a techie, a techie manager, a manager of techies, an executive, and (thankfully) a techie again. You can never document too much, but those who don't cost the organization more in the long run each and every time.
Document. Document well and often. Ignore the parent.
Use a wiki. It will make it easy for you, your colleagues, and your [eventual] replacement to modify.
Take pictures. When discussing a piece of gear a picture is worth a thousand words. Instead of "the blue thingie halfway down the rack" or "that black thingie in the corner behind the laser printer" progressive pictures of the room, corner, and black thingie are priceless.
Remember that documentation isn't for the outside consultant or even for the guy or gal who replaces you (ooh, is she hot?) It's for YOU so you don't have to remember so that if you ARE hit by a bus, this is like the "My own guide for me to help me do my job." Document as if you know nothing. If it's a strange piece of gear include a copy of the config OR where the config is backed up AND how to get the config into it OR a link to the mfg website that tells the same.
Pretend the person reading the guide you write is NOT an expert. This won't hurt you or the outside consultant or your replacement (wait, IS she hot?) but it will help anyone who needs it.
Finally, make sure it's well-documented as to where the documentation is! I've done gigs where I've wasted days reverse engineering something only to find that somewhere in the pile of charlie romeo alpha poppa was a set of good fully-written but never-mentioned docs.
Ehud
P.S. Often a printout of same in a three-ring binder with a cover "WiKi docs as per 2009-05-26 online at http://ourdocs.mydomain.org/" will have a dual purpose of providing DRP documentation (in case everything fails) as well as pointing to the real docs.
P.P.S. Ignore my being modded "troll", it's just that/. mods are herd animals.
This doesn't have ANYTHING TO DO WITH GOOGLE.
It's a slow day and the/. editors let this piece of crap through.
This is a Japanese cultural issue.
This would be like blaming PACER (http://pacer.gov) for saying bad things about criminals.
E
> I use the service, and will continue to.
So in other words nothing anyone says on slashdot or anywhere else will change your behavior.
Your lack of ability to learn and show heuristic behavior is your weakness and reflects poorly
on whatever animal you are. Man is a higher species.
>I, like most other users,
You're not like most users [of the Net]. Most people are human and capable of learning.
You've already indicated you're immune to learning.
> publicly let anyone see what I listen to.
Your exhibitionism isn't shared by others. What you listen to may not be private in your opinion, but you're the only one who thinks so.
> In fact,
In fact, that's how one starts an attempt to justify a non-fact. In fact, here's your made-up "factoid":
>that's the main functionality of the service as far as I am concerned
Oh, it's not a fact! It's just your concern. Awesome.
>(that and the recommendations). I find Last.fm very useful, and hey, it's free.
I find your comments not useful, and hey, that explains your comments. After all, who cares about rights when it's free. Woo. Hoo.
>Also, this information was supposedly leaked by people in Last.fm themselves - if so, I get the feeling they feel empowered against CBS from all this; they probably won't let CBS break contracts like this again. CBS has egg on their face.
Let me paraphrase:
"Also, blah blah supposedly blah blah IF SO blah blah I GET blah blah BFEELING blah blah PROBABLY blah blah."
> While I'm uncomfortable with my IP address given out,
While you're uncomfortable? Who cares when you're uncomfortable. Who cares whether you are uncomfortable or not.
It's a problem. It's a 24x7 problem. Your comfort with giving out your pussy IP address is not of concern.
>I don't consider it the biggest breach of confidentiality;
Your opinion is meritless.
>IP addresses should not be considered a secret.
Your suggestion is of no merit.
>I visit 100s of sites, and they all know my IP. I use bit torrent, where 100s of other people know my IP. Anyway, the RIAA cannot use my IP to incriminate me, because the tags my scrobbler send to them are not proof that I listened to that music because plenty of music is mistagged.
You're an idiot.
You visit 100s of sites. You should surf the web more
They know your IP. That's because you're an idiot.
You use bittorrent (one word, idiot). More of a reason to encrypt.
100s of other people know your IP. That's because you're an idiot.
The RIAA _CAN_ use your IP; see current pending cases.
Plenty of music is mistagged -- the burden of proof shifts, and you're an idiot.
>I realize people here may not care for my disregard for my privacy online, but I'd counter that you are insane if you think you actually have privacy on free online sites.
I started to reply to you, and then realized
It's not that I'm insane, it's that you're an idiot.
Good luck in your universe, so long from ours,
E
Slashdot Mirror
E
Before 9/11: 0 hijackings using planes as weapons
After 9/11: 0 hijackings using planes as weapons
Best of luck to you argumentative types -- I've got some racing to go watch.
Cheers,
E
Most US flights are "regional" carriers and don't include any class of service other than coach. There is no distinction between the forward lavatory and the rear. The restriction on "congregating" near the forward lavatory is pure security theater.
Bring on the Nazi-Germany analogy, throw it on the wall to see if it sticks, and stick a fork in it.
It's done.
E
Second, while I agree with 90% of what Bruce says, I disagree with the idea that 300 people who have seen Passenger 57 are in some way a part of a successful response to a terrorist attack.
On "the cockpit door" (which I brought up as a positive thing in this thread yesterday) there is a difference between "cockpit door to prevent incursion into the cockpit" (for which it is effective) and "cockpit door to prevent all attack vectors including hijacking through coercion" (for which is is ineffective.)
E ..." I recommend you read this whole thread. It will help you understand what the posters actually said.
Thanks for saying "read at least the
3/4 of a loose-knit association of any terrorist who wants to claim it never happened. Al Qaeda isn't a country-club that has a set number of members and if you go and kill some of them in Afghanistan -- or pretend they're really in Iraq and go kill random people who hate you there -- you don't impact them.
Even if Al Qaeda WAS an organization *LOL*, that is one name of many of terrorist groups. Removing 3/4 of one group is like scratching half of one itching point. That doesn't increase security -- it just removes the bad terrorists (the ones who got caught or found out) and through Darwinism allows the better terrorists to advance.
E
The point of security is to prevent a future attack vector, and the boxcutter at the throat does well. A simple phrase like "We're not going to crash we just want to go to X" will prevent anyone from rushing the attackers, potentially risking the lives of the flight attendants. Your fat ass will stay in its seat as will those of the hundreds of people you think would follow you in your playstation-fantasy of a situation. One day when you're in a real life/death situation you'll find it's not quite as easy as your slashdot-keyboard-aloofness suggests.
In any event it's not relevant what boasters like you claim they'll do. That's not "security" and it's not "enhanced security" and it didn't make flying after 9/11 any safer, and that's what the OP was talking about.
Here's a Cliff's notes version of this little portion of the discussion about why you should NOT TRUST STRONGWEBMAIL to be safe and secure:
What I said: There's no additional security.
What others have said: But there's newer screening technology.
What I said: The puffer machines only detect fine residue of gunpowder and explosives.
What others have said: But people will rise up on the plane.
What I said: That's not security. That's people rising up on the plane. Easily stopped through coercion or acid in the face.
What others have said: Ha, you just like to say security theater (note the spelling of theater)
What I said: It IS security theater, it's not security.
So if you've read all this and grokked the big words, you'll know that it comes down to this:
Strongwebmail was hacked.
It is not secure.
The OP said he'd trust Strongwebmail BECAUSE they were hacked because NOW (that they'd been hacked) they'll be really secure... just like airports after 9/11.
I said airports were no more secure after 9/11, and still aren't.
And here we are.
E
All the little wanna be heroes would remain seated.
thanks for the question. Off to enjoy my weekend. There are no terrorists nor fake would-be security in my weekend.
Best regards,
E
Sadly, sir, you are incorrect.
E
See my post (granparent's parent) on "Security theater."
It has nothing to do with beliefs. Security is a fact, or in this case a fact of nonexistence.
"This is a tough crowd"
Work harder to convince them then.
The facts speak for themselves.
It's now Friday night. Have a good one. Try not to be confused by the appearance of something vs the real thing.
E
Pilots will likely respond and land the plane. Sure, it won't be used as a weapon (but that was the 8-year-old plan... not tomorrow's plan). They can still get hundreds of hostages.
Going back to my original point. THERE IS NO MORE SECURITY TODAY. The Pilots' attitude is not a result of heightened security nor better screeners, nor the creation of DHS nor anything else.
Again, the web site does not provide stronger security. The airlines do not provide stronger security. There is equal lack of realism in saying "I'd rather fly now than before 2001" as "I'd rather trust strongwebmail now rather than before they were hacked." Neither has improved their security.
E
E
Body pat downs are security theater. The 9/11 terrorists didn't have boxcutters on them nor would that have been found in a pat down.
Newer equipment has only been installed in test markets to do the "puff" test. It detects gunpowder or explosive residue. Neither the "liquid explosive" (myth) nor the boxcutters can be detected by it.
Under-cover air-marshals board first, and keep their jackets on. IF THEY WERE ADEQUATELY TRAINED, NOT CORRUPT (see many news stories to the contrary) then they might make a difference but not for any real scenarios.
You forgot to mention "reinforced cockpit doors" and "not congregating at the toilet." These also, like the former, do not prevent a terrorist with a boxcutter from putting it to the throat of a flight attendant (and four of them doing so to all four flight attendants) and threatening to kill them all.
Before you argue whether such an attack would be successful -- consider this -- if they can do it (which they can) then security since 9/11 has not increased which is exactly what I said.
"Who says security theater isn't effective?"
It's effective as mediocre entertainment if someone you don't like has to go through it.
It's not effective as security.
Best regards
E
Strongmail isn't the "best" (whatever criteria you use for "best") webmail site for "security" (whatever your definition of "security"). It's proven that it's easily cracked, and that is in and of itself a stay-away sign.
I highly recommend Bruce's blog at http://www.schneier.com/blog/.
E
"All"? *LOL* No.
> You don't believe me? Give me all your private encryption keys...
Here you go
ssh-rsa AAAAB3NzaC1yc27AAAABIwAAAQEAu+LnwWFT8mctHTehCIIOJF8R9VAcRhJ6lwVfkJLJdONebiXSeq4Z+qk6aJX03rcrcwRfqmdOffx7XRNdtOYkj6KGHDToYKz9sfvsc4IENcYN5EOAD2sGxV5xSYcEsjiBL+2LoAf0rvDDzJlEEfPNiLf4uoOZDzFKBU0T5xNBRafqdbMx6d34Gnso/3Hby7kmhSn1RDGI/qS9g5RFrwcrlAcU3F7K3Y7233eLjQcjOlSCMkP5YZ+R0PO+wihK7WBUUbMYQAAs7b9vlBaK/doQ6zfg5e/RvPSOrDq1ho4Q6kKmB86yzlyTOfh6An+IKIJ0GqJSrhBtLfcel8i6dPpHzw== gavron@homelaptop
Come back and interrupt the adults when you've got something useful from that. Yes, it is my key.
E
I didn't say failure to acknowledge the cable made it more secure. What I said is that failure to list it on the maps does not make it more secure. Nobody needs to "acknowledge" it (whatever that means). What they need to do is list it on maps just like all other F/O cables so it doesn't stand out.
Your analogy with SSH is nice, but not cryptologically meaningful. You've created a defense that would defeat an unsophisticated attacker. We do not design security to defeat unsophisticated attacks. The sophisticated attacker isn't fooled by port-renumbering or other obscurity. It doesn't "help" nor "make it harder" in any cryptologically significant manner.
So, yes, 5 locks are more secure than 4 locks. Anyone who can break 4 will break 5, so it's not significant. Similarly hiding the port number is more secure than not hiding the port number. However, it doesn't change a one-hour break into more than a one hour one minute break.
Sorry, security through obscurity isn't.
Ehud
On another note, fiber optic bundles have a copper core so they can be found by magnetic detectors (and the "blue stake people") to avoid being hit by a backhoe strike. It's more unlikely that the contractor failed to check for the cable than the Federal Government has special backhoe-attracting cable.
E
That's always.
Those who don't document don't have job security. They are an insecure leach sucking up a paycheck fearing -- and rightfully so -- the day they are going to be replace.
Those who DO document show their value to the organization, and should have no fear of being replaced. Their position is secure -- and should they go elsewhere -- they have something to show of and for their work.
I disagree with the parent vehemently and will say so based on years of experience as a techie, a techie manager, a manager of techies, an executive, and (thankfully) a techie again. You can never document too much, but those who don't cost the organization more in the long run each and every time.
Document. Document well and often. Ignore the parent.
Ehud
Take pictures. When discussing a piece of gear a picture is worth a thousand words. Instead of "the blue thingie halfway down the rack" or "that black thingie in the corner behind the laser printer" progressive pictures of the room, corner, and black thingie are priceless.
Remember that documentation isn't for the outside consultant or even for the guy or gal who replaces you (ooh, is she hot?) It's for YOU so you don't have to remember so that if you ARE hit by a bus, this is like the "My own guide for me to help me do my job." Document as if you know nothing. If it's a strange piece of gear include a copy of the config OR where the config is backed up AND how to get the config into it OR a link to the mfg website that tells the same.
Pretend the person reading the guide you write is NOT an expert. This won't hurt you or the outside consultant or your replacement (wait, IS she hot?) but it will help anyone who needs it.
Finally, make sure it's well-documented as to where the documentation is! I've done gigs where I've wasted days reverse engineering something only to find that somewhere in the pile of charlie romeo alpha poppa was a set of good fully-written but never-mentioned docs.
Ehud /. mods are herd animals.
P.S. Often a printout of same in a three-ring binder with a cover "WiKi docs as per 2009-05-26 online at http://ourdocs.mydomain.org/" will have a dual purpose of providing DRP documentation (in case everything fails) as well as pointing to the real docs.
P.P.S. Ignore my being modded "troll", it's just that
I hate Microsoft so I can't be called a shill.
If someone brings a product to market that will actually work, then IN THE TRUE SPIRIT OF MARKET-DRIVEN CAPITALISM it shall win.
I hope this is it.
Ehud
Personally I think with a nick like that you should go kill yourself quickly.
E ...idiot...
P.S. Formatted it so you wouldn't need a brain to read it. Hope that worked for you,
This doesn't have ANYTHING TO DO WITH GOOGLE. It's a slow day and the /. editors let this piece of crap through.
This is a Japanese cultural issue.
This would be like blaming PACER (http://pacer.gov) for saying bad things about criminals.
E
> I use the service, and will continue to. So in other words nothing anyone says on slashdot or anywhere else will change your behavior. Your lack of ability to learn and show heuristic behavior is your weakness and reflects poorly on whatever animal you are. Man is a higher species. >I, like most other users, You're not like most users [of the Net]. Most people are human and capable of learning. You've already indicated you're immune to learning. > publicly let anyone see what I listen to. Your exhibitionism isn't shared by others. What you listen to may not be private in your opinion, but you're the only one who thinks so. > In fact, In fact, that's how one starts an attempt to justify a non-fact. In fact, here's your made-up "factoid": >that's the main functionality of the service as far as I am concerned Oh, it's not a fact! It's just your concern. Awesome. >(that and the recommendations). I find Last.fm very useful, and hey, it's free. I find your comments not useful, and hey, that explains your comments. After all, who cares about rights when it's free. Woo. Hoo. >Also, this information was supposedly leaked by people in Last.fm themselves - if so, I get the feeling they feel empowered against CBS from all this; they probably won't let CBS break contracts like this again. CBS has egg on their face. Let me paraphrase: "Also, blah blah supposedly blah blah IF SO blah blah I GET blah blah BFEELING blah blah PROBABLY blah blah." > While I'm uncomfortable with my IP address given out, While you're uncomfortable? Who cares when you're uncomfortable. Who cares whether you are uncomfortable or not. It's a problem. It's a 24x7 problem. Your comfort with giving out your pussy IP address is not of concern. >I don't consider it the biggest breach of confidentiality; Your opinion is meritless. >IP addresses should not be considered a secret. Your suggestion is of no merit. >I visit 100s of sites, and they all know my IP. I use bit torrent, where 100s of other people know my IP. Anyway, the RIAA cannot use my IP to incriminate me, because the tags my scrobbler send to them are not proof that I listened to that music because plenty of music is mistagged. You're an idiot. You visit 100s of sites. You should surf the web more They know your IP. That's because you're an idiot. You use bittorrent (one word, idiot). More of a reason to encrypt. 100s of other people know your IP. That's because you're an idiot. The RIAA _CAN_ use your IP; see current pending cases. Plenty of music is mistagged -- the burden of proof shifts, and you're an idiot. >I realize people here may not care for my disregard for my privacy online, but I'd counter that you are insane if you think you actually have privacy on free online sites. I started to reply to you, and then realized It's not that I'm insane, it's that you're an idiot. Good luck in your universe, so long from ours, E
It took 18 days to write? No wonder he didn't have time for research.
In Soviet Russia, computer articles attack you!
E
Internet : 1
Sony Pictures : 0
Your move, short-sighted fool.
E
P.S. The score is binary. The Internet has won.