Sooo... if the idea is DPI and VPNs block inspection then it's either a clipper chip for VPNs or no VPNs, cause after all if you've got nothing to hide....
I can't blame them for trying this again but I really wish they'd prove they can act in the public good first. Hey - eliminate spam first, then you can take a shot at eliminateing my privacy.
Ummmm.... No. You're trying to secure your communications not your filesystem - though you should do that as well.
It comes down to deciding what you want to do with your time - you could spend a hunk of it being paranoid, see below, or you could conceivably spend a good hunk of it in jail. Your choice.
Depending on the nature of your requirements, you can use proxies to have your traffic appear from else where on the net or, just as effectively, take your laptop for a drive and send your traffic from open WiFi systems. Set it up to go at a certain time unless the lid is opened, then drive until your keyfob finds an open system. Don't use the same spot too often. Find a decent covering activity based on how long you'll need access for. Be aware.
If you have to use a fixed connection, what you *could* do is isolate sensitive traffic to one machine/port on your network. That machine/port only transfers sensitive info - no general purpose traffic. It should be setup with a bi-directional firewall to take care of everything except the few (1, maybe 2) application level protocols that you'll use. If it's not your traffic, log it and drop it.
Then sniff every packet transiting that machine/port and audit them. Use straw-men with innocent traffic to validate your comms security is intact. Every packet should be accounted for, some for your secure traffic, some for things like routing updates. Most required background network services exhibit a heart-beat traffic pattern. Analyze service end-points and frequency departures. Be especially attentive to your log of dropped traffic.
Most of this can be scripted to take the drudge out. Set it up so when/if the system alarms it automatically takes itself off the network. It works for me, not that I do anything interesting - I'm just paranoid. YMMV
Gee - so what happens if a disgruntled/bored INS worker updates a photo/print record to indicate that personal friends of is on the watch list?
Somehow I don't think that Heinrich Pierer (CEO of Siemens) will enjoy the anal probes during his "interview".
Then of course you also have the consideration of the INS employee with three ex-wives and a gambling problem who is asked to "do a favour" for someone.
I've been working in IT for about 15 years. During this time I've spent, on average, over $1,000/yr on books (I've got 3 book cases filled).
I'd really like to see non-trivial language and environment tutorials in hard copy, the kind of books that lay flat so you can actually read them.
Here's an example of something I'm currently looking for:
Programming with KDevelop 2.0.x, KDE 2.2.x + QT 2.3.x
I'd like the book to start with, gasp, a SRD and proceed through the GUI design, Object design and finally a complete implementation.
Too many books have near useless "toy" examples that break down as soon as you try and do anything interesting with the technology.
On the other hand, having loads of reference documentation available via CDROM is invaluable. I travel 100K+ miles each year, Airlines won't let me bring my library with me:)
I usually buy books from O'Reilly, Prentice Hall, Macmillan and Addison-Wesley on "spec". Other publishers don't rate quite as high and I like to leaf through their books before paying for them.
In some places you only need the consent of one of the participants. Some jurisdictions you need the consent of all participants and some places you're not allowed to do it at all.
What makes this really interesting is when you do a telephone interview/contract neg. over the phone internationally - then who's law applies?
I wonder what this would do for my RC5 keyrate?
on
FPGA Supercomputers
·
· Score: 1
This would be a fun toy to use in attacking RC5. I wonder if the NSA already has one (or a whole room full)?
Slashdot Mirror
Sooo... if the idea is DPI and VPNs block inspection then it's either a clipper chip for VPNs or no VPNs, cause after all if you've got nothing to hide ....
I can't blame them for trying this again but I really wish they'd prove they can act in the public good first. Hey - eliminate spam first, then you can take a shot at eliminateing my privacy.
Ummmm.... No. You're trying to secure your communications not your filesystem - though you should do that as well.
It comes down to deciding what you want to do with your time - you could spend a hunk of it being paranoid, see below, or you could conceivably spend a good hunk of it in jail. Your choice.
Depending on the nature of your requirements, you can use proxies to have your traffic appear from else where on the net or, just as effectively, take your laptop for a drive and send your traffic from open WiFi systems. Set it up to go at a certain time unless the lid is opened, then drive until your keyfob finds an open system. Don't use the same spot too often. Find a decent covering activity based on how long you'll need access for. Be aware.
If you have to use a fixed connection, what you *could* do is isolate sensitive traffic to one machine/port on your network. That machine/port only transfers sensitive info - no general purpose traffic. It should be setup with a bi-directional firewall to take care of everything except the few (1, maybe 2) application level protocols that you'll use. If it's not your traffic, log it and drop it.
Then sniff every packet transiting that machine/port and audit them. Use straw-men with innocent traffic to validate your comms security is intact. Every packet should be accounted for, some for your secure traffic, some for things like routing updates. Most required background network services exhibit a heart-beat traffic pattern. Analyze service end-points and frequency departures. Be especially attentive to your log of dropped traffic.
Most of this can be scripted to take the drudge out. Set it up so when/if the system alarms it automatically takes itself off the network. It works for me, not that I do anything interesting - I'm just paranoid. YMMV
Gee - so what happens if a disgruntled/bored INS worker updates a photo/print record to indicate that personal friends of is on the watch list?
Somehow I don't think that Heinrich Pierer (CEO of Siemens) will enjoy the anal probes during his "interview".
Then of course you also have the consideration of the INS employee with three ex-wives and a gambling problem who is asked to "do a favour" for someone.
Just wondering.
fu-fme.com
I've been working in IT for about 15 years. During this time I've spent, on average, over $1,000/yr on books (I've got 3 book cases filled).
I'd really like to see non-trivial language and environment tutorials in hard copy, the kind of books that lay flat so you can actually read them.
Here's an example of something I'm currently looking for:
Programming with KDevelop 2.0.x, KDE 2.2.x + QT 2.3.x
I'd like the book to start with, gasp, a SRD and proceed through the GUI design, Object design and finally a complete implementation.
Too many books have near useless "toy" examples that break down as soon as you try and do anything interesting with the technology.
On the other hand, having loads of reference documentation available via CDROM is invaluable. I travel 100K+ miles each year, Airlines won't let me bring my library with me:)
I usually buy books from O'Reilly, Prentice Hall, Macmillan and Addison-Wesley on "spec". Other publishers don't rate quite as high and I like to leaf through their books before paying for them.
Actually... it depends on where you are.
In some places you only need the consent of one of the participants. Some jurisdictions you need the consent of all participants and some places you're not allowed to do it at all.
What makes this really interesting is when you do a telephone interview/contract neg. over the phone internationally - then who's law applies?
This would be a fun toy to use in attacking RC5. I wonder if the NSA already has one (or a whole room full)?