Get a low cost email certificate, create a self signed root certificate authority (best done on a smart card or other protected hardware) and distribute your root certificate via signed email.
Many appliances don't have an API for anything except an internally self signed certificate. So in many cases you will be stuck with the warnings.
Assuming safe key distribution, security comes down to whether or not the phone (or server) has an API that exposes the shared secret. I'm guessing that there will be (or is) a command to dump the key.
There might be problems with using a personal CC in the near future. I believe you will be required to give every vendor a 1099 for business purchases over $600/yr. The record keeping will be a lot of trouble. I'm sure it's only the first step to a VAT.
I would be happy if there was a ban on the import of keyboards, laptops and cellphones without an integrated smart card slot. If readers were common the market would probably workout the details with federated cards or cards issued by companies for specific purposes. I already use smart cards for ssh and other purposes. I am using external readers, PCMCIA readers, and even a Dell keyboard with a slot. One cellphone already has a reader but it's only sold to approved users or I would use it too. Malware won't be able to extract the private key and if the device dies, the card will be usable elsewhere.
I'm happy with my HP printer with one exception: The web interface won't allow me to lock the printer keypad and the cat won't stop printing test pages.
The best preparation: A government that isn't in debt so we can better weather the resulting economic down turn and people who help each other instead of standing around waiting.
It won't be secure unless the hardware, software and distribution are controlled, tracked and audited. Prove there isn't a hidden API in the RF modem that will dump RAM and the keys on command.
A cellphone software developer once told me that poor encryption was used because if they did better, it would never be allowed to be exported. I've always thought that the encryption was pointless, anyway, since the phone can be told to turn it off. Maybe by a third party micro cell site.
JavaScript in PDFs has always been trouble. I use forms that auto complete, add columns, etc. A compromise might be a default of prompt before running scripts with a recommend/default of "no". I'd always click "no" unless I trusted the source. Since that would marginalize the product it will probably never happen. I wish I had never upgraded from 4.
Open a tunnel with a version of Putty that can work with pc/sc smart cards. Generate and keep your ssh private key on a card where it can't be extracted without physically messing with the card. This will keep your key from being taken. The draw back is you will need a keyboard with a smart card slot or a usb or pcmcia card reader. I think general security would be improved if we had a law prohibiting the import of keyboards without smart card readers. Banks and other would start using smart cards if they knew everybody had a reader. A reader slot would probably be a good idea for cellphones too. Today, I think the only phone with a reader is the Sectera Edge. I guess I can dream but there are too many people that don't want good security.
One thing that might help would be to ban the import of desktop and laptop computers without smart card reader slots. Spyware can't take PKI data off of a smart card and there is only a small cost to add a chip to a bank card. If all computers had readers, banks would have a difficult time explaining why they don't use smart cards. My Dell keyboard has a reader and it works fine with PC/SC when I ssh to a remote computer. It also works fine to sign email, etc. This would limit the risk to an active exploit when the card is in the slot and a pin has been entered.
Assuming the cell phone stays in your possession, why are phones so insecure that the software can be modified presumably through the network? If all phones are so bad, there must be state sponsored hooks to do anything to the phone. Do any cell phones support secure firmware loads? I guess the Sectera Edge is out of the question for your average traveler.
No more book burning when the political winds change. They can just reach out and books no longer exist. This is a good example for why DRM should be avoided.
1) Scrap the moon missions. 2) Eliminate the bureaucrats at NASA and trust the employees to actually do the work with jobs based on meeting objectives 3) Install laser based deep space communications platforms at Lagrange points (think Gbps to Pluto) 4) Send a small habitat to orbit Mars with lots of supplies 5) Send 4 rovers and sample-return ascent vehicles to Mars and control them from the habitat to reduce control latency. The return samples can be isolated and studied in the habitat. 6) Do a human visit to Phobos from the habitat 7) Do an automated sample return from an active ridge/volcano on two outer moons. 8) Build a planet finder to analyze exo-planet atmospheres 9) Replace congress with people that can manage finances and long-term goals
I suspect that only #1 will occur during the lifetime of anyone alive today.
Adoption is more of a political problem. We probably could convert electronic gasoline pumps to SI and most people probably wouldn't care as long as the cost to fill up the tank didn't change. When fuel passed $1/gal. would have been a good time. Some stations did go to liters but rules and competitors forced them back to gallons. If there was a slight reduction in federal tax, if the pump was in liters, the signs would change over night. Other areas are harder. In the mid 70's an old timer at NASA told me that they couldn't afford to adopt SI because every contractor would pad their bids with the entire cost of retooling.
For web servers, I've always generated my own key pair and submitted the only the public key for a certificate signing request. If the email key pair is generated by a third party, the whole procedure is bogus. Last time I looked at SMIME, the sign up processed caused the browser to generate the key pair so the private key was never sent. If this is no longer the case, the whole concept needs to be redone and the "trusted third parties" should be ashamed.
Just how can a CA get my private key that is stored and generated on a smart card? I could imagine that a certificate-signing key could be taken from a provider via a National Security Letter or other means but this wouldn't give access to a users private key. It might allow a man-in-the-middle attack on https via a forged certificate. Browsers probably should cache public keys and warn if they change before expiration. An attack on SMIME might allow for forged email but it would be difficult to access existing correspondence (ignoring the obvious problems with the entire PC platform starting with the OS and extending to every application and virus protection provider).
What will the locals do for revenue? I can't drive through a nearby school zone, between 10 and 2, without being followed and timed. I wonder how long before someone sells a GPS transmitter kit so the car thinks it's on a unlimited highway.
An active switch that could select a drive and optionally block write commands would even be better. Then you could make an image and turn on write protection.
Slashdot Mirror
Get a low cost email certificate, create a self signed root certificate authority (best done on a smart card or other protected hardware) and distribute your root certificate via signed email.
Many appliances don't have an API for anything except an internally self signed certificate. So in many cases you will be stuck with the warnings.
The encryption might be secure but it sounds like Customs has started filling free space to destroy hidden volumes.
Assuming safe key distribution, security comes down to whether or not the phone (or server) has an API that exposes the shared secret. I'm guessing that there will be (or is) a command to dump the key.
Make no dealer logos a condition of the purchase. It usually works until you bring it back for a service appointment and they fix the missing logos.
There might be problems with using a personal CC in the near future. I believe you will be required to give every vendor a 1099 for business purchases over $600/yr. The record keeping will be a lot of trouble. I'm sure it's only the first step to a VAT.
I would be happy if there was a ban on the import of keyboards, laptops and cellphones without an integrated smart card slot. If readers were common the market would probably workout the details with federated cards or cards issued by companies for specific purposes. I already use smart cards for ssh and other purposes. I am using external readers, PCMCIA readers, and even a Dell keyboard with a slot. One cellphone already has a reader but it's only sold to approved users or I would use it too. Malware won't be able to extract the private key and if the device dies, the card will be usable elsewhere.
I'm happy with my HP printer with one exception: The web interface won't allow me to lock the printer keypad and the cat won't stop printing test pages.
The best preparation: A government that isn't in debt so we can better weather the resulting economic down turn and people who help each other instead of standing around waiting.
It won't be secure unless the hardware, software and distribution are controlled, tracked and audited. Prove there isn't a hidden API in the RF modem that will dump RAM and the keys on command.
A cellphone software developer once told me that poor encryption was used because if they did better, it would never be allowed to be exported. I've always thought that the encryption was pointless, anyway, since the phone can be told to turn it off. Maybe by a third party micro cell site.
JavaScript in PDFs has always been trouble. I use forms that auto complete, add columns, etc. A compromise might be a default of prompt before running scripts with a recommend/default of "no". I'd always click "no" unless I trusted the source. Since that would marginalize the product it will probably never happen. I wish I had never upgraded from 4.
I'd much rather see them ban region coding so I can purchase disks anywhere.
The pager data was released long after 9/11. Did the interceptor wait for the expiration of some statute of limitations?
Open a tunnel with a version of Putty that can work with pc/sc smart cards. Generate and keep your ssh private key on a card where it can't be extracted without physically messing with the card. This will keep your key from being taken. The draw back is you will need a keyboard with a smart card slot or a usb or pcmcia card reader. I think general security would be improved if we had a law prohibiting the import of keyboards without smart card readers. Banks and other would start using smart cards if they knew everybody had a reader. A reader slot would probably be a good idea for cellphones too. Today, I think the only phone with a reader is the Sectera Edge. I guess I can dream but there are too many people that don't want good security.
What do you do if your company policy doesn't allow a laptop to be left in a car or hotel room?
One thing that might help would be to ban the import of desktop and laptop computers without smart card reader slots. Spyware can't take PKI data off of a smart card and there is only a small cost to add a chip to a bank card. If all computers had readers, banks would have a difficult time explaining why they don't use smart cards. My Dell keyboard has a reader and it works fine with PC/SC when I ssh to a remote computer. It also works fine to sign email, etc. This would limit the risk to an active exploit when the card is in the slot and a pin has been entered.
Assuming the cell phone stays in your possession, why are phones so insecure that the software can be modified presumably through the network? If all phones are so bad, there must be state sponsored hooks to do anything to the phone. Do any cell phones support secure firmware loads? I guess the Sectera Edge is out of the question for your average traveler.
No more book burning when the political winds change. They can just reach out and books no longer exist. This is a good example for why DRM should be avoided.
1) Scrap the moon missions.
2) Eliminate the bureaucrats at NASA and trust the employees to actually do the work with jobs based on meeting objectives
3) Install laser based deep space communications platforms at Lagrange points (think Gbps to Pluto)
4) Send a small habitat to orbit Mars with lots of supplies
5) Send 4 rovers and sample-return ascent vehicles to Mars and control them from the habitat to reduce control latency. The return samples can be isolated and studied in the habitat.
6) Do a human visit to Phobos from the habitat
7) Do an automated sample return from an active ridge/volcano on two outer moons.
8) Build a planet finder to analyze exo-planet atmospheres
9) Replace congress with people that can manage finances and long-term goals
I suspect that only #1 will occur during the lifetime of anyone alive today.
Adoption is more of a political problem. We probably could convert electronic gasoline pumps to SI and most people probably wouldn't care as long as the cost to fill up the tank didn't change. When fuel passed $1/gal. would have been a good time. Some stations did go to liters but rules and competitors forced them back to gallons. If there was a slight reduction in federal tax, if the pump was in liters, the signs would change over night. Other areas are harder. In the mid 70's an old timer at NASA told me that they couldn't afford to adopt SI because every contractor would pad their bids with the entire cost of retooling.
For web servers, I've always generated my own key pair and submitted the only the public key for a certificate signing request. If the email key pair is generated by a third party, the whole procedure is bogus. Last time I looked at SMIME, the sign up processed caused the browser to generate the key pair so the private key was never sent. If this is no longer the case, the whole concept needs to be redone and the "trusted third parties" should be ashamed.
Just how can a CA get my private key that is stored and generated on a smart card? I could imagine that a certificate-signing key could be taken from a provider via a National Security Letter or other means but this wouldn't give access to a users private key. It might allow a man-in-the-middle attack on https via a forged certificate. Browsers probably should cache public keys and warn if they change before expiration. An attack on SMIME might allow for forged email but it would be difficult to access existing correspondence (ignoring the obvious problems with the entire PC platform starting with the OS and extending to every application and virus protection provider).
What will the locals do for revenue? I can't drive through a nearby school zone, between 10 and 2, without being followed and timed. I wonder how long before someone sells a GPS transmitter kit so the car thinks it's on a unlimited highway.
The real question is why the boards no longer have BIOS write protect jumpers given that infections are only getting worse.
An active switch that could select a drive and optionally block write commands would even be better. Then you could make an image and turn on write protection.