I hope it isn't another Maunder Minimum. If temperatures level off and we continue to pump out GHG, we could be in for a world of hurt when the minimum passes.
The telcos need to limit the number of boxes. They should star wire fiber to a big common underground vault for the entire neighborhood. This would support faster service in the future and it would allow for better backup power. A single generator trailer could keep up the whole area if an extended outage depleted the batteries.
Not that putting cables under ground is without risk. Last week a team was installing a VRAD cabinet a few blocks from my house. They had three fire trucks and an ambulance. I'm guessing they hit something with the horizontal bore.
A locked door is nearly worthless in an airport. Key control is probably ridiculous. One office, in a major airport, kept a spare key behind a picture in the hall. I was so mad I sent them a realty type lock box for the key. I don't think it was ever used because the door had an "L" ADA type handle and the management wouldn't allow the lock box to be screwed to the wall.
Another airport routinely checked out the wrong key for service. I think security took great pleasure in running people back and forth across multiple concourses like trained rats.
SSNs and birth dates should be encrypted no matter where they are stored.
Having a secure form on an insecure page is worthless given the current DNS problems. The right solution is to have http: tell you to type https: Don't even allow a redirect. My bank redirects https: back to http: with a secure form on an insecure page. I guess they are too cheap to purchase a crypto accelerator. Smart cards are probably the best solution.
I was installing a router in an airport and returning home without ever leaving the airport. If I had checked the crossover, I would have needed to take it back through security anyway. I have also fixed stuff while waiting for a layover. Two trips for the price of one.
It is not just the users. I believe the airports and their security theater is at least somewhat culpable for the $20M in losses a week. I usually carry a lot of special cords and I always have problems. The last troublesome item was two back-to-back modular jacks wire as a T1 crossover. Security handled it like it was a tarantula. After scattering everything all over the place, a supervisor finally let me pass. It is a wonder more stuff isn't lost.
Encrypt everything. I just wish TrueCrypt had a feature that allowed the secret to be split between the user and a company web server.
I once received a parking ticket for not having a permit. The permit was stuck on my windshield in plain sight. The ensuing argument was not fun. The real moneymaker, for the kill switch, will be parking tickets. Who needs a boot when the vehicle can be disable with little effort. Pay the fine after the long holiday weekend and collect a few more tickets while your vehicle is stuck.
Beyond the security risk, the kill feature will be abused. The first time there is a big snowstorm some official will declare the roads are closed and order the kill switch. If you need to go to the hospital call an ambulance. Oh, sorry we stopped them too.
Oh, your jury summons was lost in the mail. Issue a warrant and disable all of your cars. Your taxes are over due or your child support is late and you can't get to work. The abuse will be endless.
We can't even build wind power miles off shore with out lawsuits. They better pick the 45 locations tomorrow if they want to have ground breaking by 2030.
I like ssh on my E61 but I wish certificates could be stored on a third party smart card for a little extra protection going through customs. I hope the E71 has a version without a camera since that is a show stopper. With the added GPS, maybe it won't crash on maps.google.com like my E61.
To save bandwidth, an encrypted cache where the VPN is required to access the local cache might be better. Maybe TrueCrypt could keep the encrypted volume header stuff in a remote store via the VPN. The VPN could be then turned off for a period of time while traveling. The VPN should probably also require a token for access.
If you decide to place a conduit and pull fiber, include an insulated wire in the ditch. Then you can find it with a toner before doing future utility work. My vote is for wireless unless you really think you might want 1000BaseFX in a few years. If you need to cross a public right away, you will need a permit and maybe a bond.
I believe the same problem exists with DVD region codes. If a drive's region code selection is changed too many times it will lock and refuse to update. And now that the Blue-Ray standard has won, we are still stuck with region coding.
It would be nice if TrueCrypt had another password option where the password was split so that the entered password is xored with a password retrieved from a password protected https web page. A form on the web page should allow the user to disable the cached password service for a period of time. Just disable the service for a period of time when travel is expected. This way you can state that it is impossible to decrypt the volume, at this time, and a warrant is probably needed to search the server. Access would require a network connection but bandwidth would no longer be an issue.
A one-time password token is probably one of the better solutions to minimize risk. The problem with tokens is I never found anyone who would sell me just a few tokens. Every vendor wants to sell a complex system that isn't appropriate for an individual or small business. I believe that the SecureID token is proprietary and comes initialized with its shared secret so you are stuck using their client. OATH type tokens use a standard algorithm but again, I've never found a vendor that would just sell one or two with setup instructions. The old DES SNK calculator worked fine but it's probably obsolete. Does anyone know where to buy just one OATH token?
Another less common solution is a bingo type card where the system prompts with random rows and columns and you return the answers from a small index card. The cards should only be used for a limited time and they need to be protected from copying. I've seen some on copy resistant paper. It's probably easier to just implement a one-time password list and carry a copy in a password protected file on a PDA.
Some of my suggestions are relatively simple. Others might be over-kill depending on the application. A procedure to actively clear the key material is needed since non-volatile memory will retain much of its data for a long time. Removing a jumper could trigger this clearing so that the jumper could be replaced with a computer lid switch circuit if additional protection is required. I'm not suggesting that the product have resistive meshes and such but a little care to protect the key material is really needed. Non-imprinting memory can be as simple as relocating or complementing data derived from the key material every few seconds so it won't always be in the same place stressing the memory locations. There are also products that are designed to protect key material (Maxim DS3600, etc.) This part can help clear external SRAM, has tamper inputs, temperature and voltage monitoring. I believe it also non-imprinting key memory.
I wouldn't want to use this drive unless the encrypted data can be read in a raw mode so that the encryption can be verified so that an audit can be performed. I would also want the drive to cache the encryption key in some type of non-imprinting memory. It needs an external tamper input and environmental sensors that clear the key (hi/lo temperature, power out of spec. radiation/x-ray, etc.).
This practice will probably end about the time a major corporation sees an ad for a competitor inserted into a web page.
Purchasing a crypto accelerator and going 100% https seems like the only solution.
Packing the MIME is a good idea. I would still worry about something like a spreadsheet. Keeping a PDF snap shot of the document, as displayed today, might avoid future problems if the application no longer exists, has dynamic content, has DRM, or who knows what trouble in the future. It might even be good to add additional information like links to the real ids of the mail addresses.
Slashdot Mirror
I hope it isn't another Maunder Minimum. If temperatures level off and we continue to pump out GHG, we could be in for a world of hurt when the minimum passes.
The telcos need to limit the number of boxes. They should star wire fiber to a big common underground vault for the entire neighborhood. This would support faster service in the future and it would allow for better backup power. A single generator trailer could keep up the whole area if an extended outage depleted the batteries. Not that putting cables under ground is without risk. Last week a team was installing a VRAD cabinet a few blocks from my house. They had three fire trucks and an ambulance. I'm guessing they hit something with the horizontal bore.
C) doesn't work when the insurance company can negotiate a $2500.00 test down to $150 before anybody pays.
I would imagine that a number of squibs are used by the lander to deploy hardware, close valves, etc. Are the squibs based on perchlorates?
A locked door is nearly worthless in an airport. Key control is probably ridiculous. One office, in a major airport, kept a spare key behind a picture in the hall. I was so mad I sent them a realty type lock box for the key. I don't think it was ever used because the door had an "L" ADA type handle and the management wouldn't allow the lock box to be screwed to the wall. Another airport routinely checked out the wrong key for service. I think security took great pleasure in running people back and forth across multiple concourses like trained rats. SSNs and birth dates should be encrypted no matter where they are stored.
Employers will be adding it to the water cooler.
Having a secure form on an insecure page is worthless given the current DNS problems. The right solution is to have http: tell you to type https: Don't even allow a redirect. My bank redirects https: back to http: with a secure form on an insecure page. I guess they are too cheap to purchase a crypto accelerator. Smart cards are probably the best solution.
I was installing a router in an airport and returning home without ever leaving the airport. If I had checked the crossover, I would have needed to take it back through security anyway. I have also fixed stuff while waiting for a layover. Two trips for the price of one.
It is not just the users. I believe the airports and their security theater is at least somewhat culpable for the $20M in losses a week. I usually carry a lot of special cords and I always have problems. The last troublesome item was two back-to-back modular jacks wire as a T1 crossover. Security handled it like it was a tarantula. After scattering everything all over the place, a supervisor finally let me pass. It is a wonder more stuff isn't lost.
Encrypt everything. I just wish TrueCrypt had a feature that allowed the secret to be split between the user and a company web server.
I once received a parking ticket for not having a permit. The permit was stuck on my windshield in plain sight. The ensuing argument was not fun. The real moneymaker, for the kill switch, will be parking tickets. Who needs a boot when the vehicle can be disable with little effort. Pay the fine after the long holiday weekend and collect a few more tickets while your vehicle is stuck.
Beyond the security risk, the kill feature will be abused. The first time there is a big snowstorm some official will declare the roads are closed and order the kill switch. If you need to go to the hospital call an ambulance. Oh, sorry we stopped them too. Oh, your jury summons was lost in the mail. Issue a warrant and disable all of your cars. Your taxes are over due or your child support is late and you can't get to work. The abuse will be endless.
We can't even build wind power miles off shore with out lawsuits. They better pick the 45 locations tomorrow if they want to have ground breaking by 2030.
On the E61: Ctrl and i will work for a tab in some applications.
Escape isn't nice either Ctrl [ with [ on the chr key.
I like ssh on my E61 but I wish certificates could be stored on a third party smart card for a little extra protection going through customs. I hope the E71 has a version without a camera since that is a show stopper. With the added GPS, maybe it won't crash on maps.google.com like my E61.
They put something on your nose that itches like crazy. If you can't resist touching it, you are disqualified.
To save bandwidth, an encrypted cache where the VPN is required to access the local cache might be better. Maybe TrueCrypt could keep the encrypted volume header stuff in a remote store via the VPN. The VPN could be then turned off for a period of time while traveling. The VPN should probably also require a token for access.
If you decide to place a conduit and pull fiber, include an insulated wire in the ditch. Then you can find it with a toner before doing future utility work. My vote is for wireless unless you really think you might want 1000BaseFX in a few years. If you need to cross a public right away, you will need a permit and maybe a bond.
I would also seed the data with a few extra bogus records so if it ever leaks you will be able to identify the source.
I believe the same problem exists with DVD region codes. If a drive's region code selection is changed too many times it will lock and refuse to update. And now that the Blue-Ray standard has won, we are still stuck with region coding.
It would be nice if TrueCrypt had another password option where the password was split so that the entered password is xored with a password retrieved from a password protected https web page. A form on the web page should allow the user to disable the cached password service for a period of time. Just disable the service for a period of time when travel is expected. This way you can state that it is impossible to decrypt the volume, at this time, and a warrant is probably needed to search the server. Access would require a network connection but bandwidth would no longer be an issue.
A one-time password token is probably one of the better solutions to minimize risk. The problem with tokens is I never found anyone who would sell me just a few tokens. Every vendor wants to sell a complex system that isn't appropriate for an individual or small business. I believe that the SecureID token is proprietary and comes initialized with its shared secret so you are stuck using their client. OATH type tokens use a standard algorithm but again, I've never found a vendor that would just sell one or two with setup instructions. The old DES SNK calculator worked fine but it's probably obsolete. Does anyone know where to buy just one OATH token? Another less common solution is a bingo type card where the system prompts with random rows and columns and you return the answers from a small index card. The cards should only be used for a limited time and they need to be protected from copying. I've seen some on copy resistant paper. It's probably easier to just implement a one-time password list and carry a copy in a password protected file on a PDA.
Some of my suggestions are relatively simple. Others might be over-kill depending on the application. A procedure to actively clear the key material is needed since non-volatile memory will retain much of its data for a long time. Removing a jumper could trigger this clearing so that the jumper could be replaced with a computer lid switch circuit if additional protection is required. I'm not suggesting that the product have resistive meshes and such but a little care to protect the key material is really needed. Non-imprinting memory can be as simple as relocating or complementing data derived from the key material every few seconds so it won't always be in the same place stressing the memory locations. There are also products that are designed to protect key material (Maxim DS3600, etc.) This part can help clear external SRAM, has tamper inputs, temperature and voltage monitoring. I believe it also non-imprinting key memory.
I wouldn't want to use this drive unless the encrypted data can be read in a raw mode so that the encryption can be verified so that an audit can be performed. I would also want the drive to cache the encryption key in some type of non-imprinting memory. It needs an external tamper input and environmental sensors that clear the key (hi/lo temperature, power out of spec. radiation/x-ray, etc.).
This practice will probably end about the time a major corporation sees an ad for a competitor inserted into a web page. Purchasing a crypto accelerator and going 100% https seems like the only solution.
Packing the MIME is a good idea. I would still worry about something like a spreadsheet. Keeping a PDF snap shot of the document, as displayed today, might avoid future problems if the application no longer exists, has dynamic content, has DRM, or who knows what trouble in the future. It might even be good to add additional information like links to the real ids of the mail addresses.