Https only helps a little. Let's say you need to see a medical specialist. The first thing you need to do is go to the doctor's web site and fill out a new patient form. It's easy for a ISP to see where you connected and that you pushed a block of data (filled out a form). Therefore you must have what ever problem the specialist treats. So much for HIPAA and other privacy protections.
I'm not suggesting that anyone start lying. If security is important, just take the extra steps and get hardware that protects the keys and contracts to divide the access.
The right answer is Sorry the keys are stored in tamper resistant hardware modules and can't be extracted or duplicated without the cooperation of 3 of 5 individuals located in different countries.
I was in the Kona, HI airport yesterday and someone had a mosquito net over his head. It wasn't to protect him from mosquitoes, it was to protect the local mosquitoes from him. I believe he had just been released from a hospital after arriving from South America.
I've seen detectors mounted on trees in a nearby wooded state park. They appear to be shoulder high beam break type detectors with transmitters. I suspect it's to catch people after the park is closed but who knows.
Sorry for the poor wording. Secondary protectors are placed near the equipment to be protected to suppress over voltages and only if there is a primary protector where the wiring enters the building. The secondary protector might be exposed to a power cross that gets past the primary. As such, the current must be limited to what the inside wiring can safely manage. This is usually done with some type of fuse or current limiting device. This limits current to ground for voltages that exceed the clamping voltage of the surge protection. Typically, this will open the input signal leads to stop the current to ground and take the device out of service. There may be some type of indicator to show a fault is present. Once open, if the power cross is still present, the input wiring might still be at a dangerous potential. Compliance with wiring insulation and clearance standards hopefully prevents contact. The fusing should keep the inside wire from burning and isolate the equipment.
You can put a PoE power injector and fiber adapter in a NEMA box next to the WiFi. That would require AC power at or near the antenna (more money) but it keeps the surge out of the data side.
BTW, We had a lightning hit that split a big tree maybe 30m from the building. I just about jumped out of my shoes. The VoIP phones rebooted but the switch supplying PoE took the hit without a reboot. I'm glad there was secondary protection on the POTS gateway.
You can install secondary protectors near the equipment. These usually have a fused ground connection. This is to stop currents that might exceed the inside wiring limits if the fault passes the primary protector. Otherwise the inside wiring might start a fire. It's still best to go with fiber for external devices like a roof mounted WiFi adapter.
If you can't turn it off, user your own WiFi router and enclose theirs in a large metal box so it doesn't use up spectrum. Verify there is enough shielded vents so it doesn't run hot.
It would seem like a CAC card and an email client with S/MIME would be and easy road to doing the encryption. Unless the message is such that the possible existence of a key pair escrow somewhere makes use of a CAC card dangerous to ones career.
Some things will never change. We won't renumber street addresses or move survey markers. Others things could change over night. If there was an additional 1% federal tax on gasoline sold by the gallon, people would be tripping over each other setting pumps to Liters. It's all about finding a reason for the average person to care.
Maybe it's time for the operators to be licensed with mandatory education (it is a transmitter after all). The device shouldn't operate unless the operator enters their license number and the court document number authorizing the interception. A third party should audit the operational log.
I had a high end system with lots of keypads and dimmer switches. I removed it after finding out that the dimmer switches didn't get along with any LED bulbs. The only feature I really was happy with was "all lights on" triggered by the fire alarm. The furnace blower rotor locked at 2AM on a cold New Years day. It was nice to have all the lights on when I started searching for the source of the smoke.
The moat would need to be heated to keep the alligators happy.
Actually, mag-locks on the doors that get engaged on reports of someone on the grounds would cost a lot less.
Mail servers can be configured to not offer login unless starttls is used. That should prevent a plain text connection. That still leaves open the issue of mitm with certificates that the client shouldn't trust. Are there any email clients that lock starttls to a specific certificate or warn that the certificate suddenly changed?
If plankton was taken to the ISS via an updraft and it's viable (survived the delta V of impact). It would seem likely that impacts with passing objects that are above escape velocity could also occur. If that's true, plankton might be found all over the solar system.
Do chip and pin cards even work in the US? I've tried at Home Depot, Staples, Walmart, USPS, and even a small haircut place and the cards don't work. One place even yelled at me for trying to use the chip slot.
Citi sent me a chip card on request. I don't know if it's configured for chip/pin or signature. I've tried readers that have chip slots but I have yet to find one in the US that works. One company asked their supplier and was told the card slots were disabled.
My laptop can read the chip id but I don't want to try anything else since it might lock the card.
A good start would be a list of hardware vendors that sell equipment that have hardware jumpers or switches that write protect the BIOS and other flash devices.
I asked Chase and they didn't seem to know what I was talking about. Citi was able to replace my card with a chip/pin card. Get one before you travel or you might need to leave your stuff a a restaurant while going to an ATM.
Slashdot Mirror
Good luck keeping a part time job if you are disabled and can only work a few hour with the help of a sympathetic employer.
He called me too. Caller id said his name was "ILLEGAL SCAM". A very odd name for his parents to pick.
Https only helps a little. Let's say you need to see a medical specialist. The first thing you need to do is go to the doctor's web site and fill out a new patient form. It's easy for a ISP to see where you connected and that you pushed a block of data (filled out a form). Therefore you must have what ever problem the specialist treats. So much for HIPAA and other privacy protections.
Feed the printer from a print server and put the printer on its own VLAN.
I'm not suggesting that anyone start lying. If security is important, just take the extra steps and get hardware that protects the keys and contracts to divide the access.
The right answer is Sorry the keys are stored in tamper resistant hardware modules and can't be extracted or duplicated without the cooperation of 3 of 5 individuals located in different countries.
I was in the Kona, HI airport yesterday and someone had a mosquito net over his head. It wasn't to protect him from mosquitoes, it was to protect the local mosquitoes from him. I believe he had just been released from a hospital after arriving from South America.
I've seen detectors mounted on trees in a nearby wooded state park. They appear to be shoulder high beam break type detectors with transmitters. I suspect it's to catch people after the park is closed but who knows.
Sorry for the poor wording. Secondary protectors are placed near the equipment to be protected to suppress over voltages and only if there is a primary protector where the wiring enters the building. The secondary protector might be exposed to a power cross that gets past the primary. As such, the current must be limited to what the inside wiring can safely manage. This is usually done with some type of fuse or current limiting device. This limits current to ground for voltages that exceed the clamping voltage of the surge protection. Typically, this will open the input signal leads to stop the current to ground and take the device out of service. There may be some type of indicator to show a fault is present. Once open, if the power cross is still present, the input wiring might still be at a dangerous potential. Compliance with wiring insulation and clearance standards hopefully prevents contact. The fusing should keep the inside wire from burning and isolate the equipment.
You can put a PoE power injector and fiber adapter in a NEMA box next to the WiFi. That would require AC power at or near the antenna (more money) but it keeps the surge out of the data side.
BTW, We had a lightning hit that split a big tree maybe 30m from the building. I just about jumped out of my shoes. The VoIP phones rebooted but the switch supplying PoE took the hit without a reboot. I'm glad there was secondary protection on the POTS gateway.
You can install secondary protectors near the equipment. These usually have a fused ground connection. This is to stop currents that might exceed the inside wiring limits if the fault passes the primary protector. Otherwise the inside wiring might start a fire. It's still best to go with fiber for external devices like a roof mounted WiFi adapter.
If you can't turn it off, user your own WiFi router and enclose theirs in a large metal box so it doesn't use up spectrum. Verify there is enough shielded vents so it doesn't run hot.
It would seem like a CAC card and an email client with S/MIME would be and easy road to doing the encryption. Unless the message is such that the possible existence of a key pair escrow somewhere makes use of a CAC card dangerous to ones career.
Some things will never change. We won't renumber street addresses or move survey markers. Others things could change over night. If there was an additional 1% federal tax on gasoline sold by the gallon, people would be tripping over each other setting pumps to Liters. It's all about finding a reason for the average person to care.
Maybe it's time for the operators to be licensed with mandatory education (it is a transmitter after all). The device shouldn't operate unless the operator enters their license number and the court document number authorizing the interception. A third party should audit the operational log.
I had a high end system with lots of keypads and dimmer switches. I removed it after finding out that the dimmer switches didn't get along with any LED bulbs. The only feature I really was happy with was "all lights on" triggered by the fire alarm. The furnace blower rotor locked at 2AM on a cold New Years day. It was nice to have all the lights on when I started searching for the source of the smoke.
The moat would need to be heated to keep the alligators happy. Actually, mag-locks on the doors that get engaged on reports of someone on the grounds would cost a lot less.
Mail servers can be configured to not offer login unless starttls is used. That should prevent a plain text connection. That still leaves open the issue of mitm with certificates that the client shouldn't trust. Are there any email clients that lock starttls to a specific certificate or warn that the certificate suddenly changed?
The chip and pin readers at Home Depot are not enabled. I had to swipe a card that had a chip. Maybe they will install the right software.
If plankton was taken to the ISS via an updraft and it's viable (survived the delta V of impact). It would seem likely that impacts with passing objects that are above escape velocity could also occur. If that's true, plankton might be found all over the solar system.
Do chip and pin cards even work in the US? I've tried at Home Depot, Staples, Walmart, USPS, and even a small haircut place and the cards don't work. One place even yelled at me for trying to use the chip slot.
Watch out for Ethernet over HDMI bridging one device that has network access to another that you think doesn't have access.
Citi sent me a chip card on request. I don't know if it's configured for chip/pin or signature. I've tried readers that have chip slots but I have yet to find one in the US that works. One company asked their supplier and was told the card slots were disabled.
My laptop can read the chip id but I don't want to try anything else since it might lock the card.
A good start would be a list of hardware vendors that sell equipment that have hardware jumpers or switches that write protect the BIOS and other flash devices.
I asked Chase and they didn't seem to know what I was talking about. Citi was able to replace my card with a chip/pin card. Get one before you travel or you might need to leave your stuff a a restaurant while going to an ATM.