- What to do the next time government gives you nutrition advice.
- This is some pretty darned despicable advice, too. But a great attitude if you want to live comfortably in a police state.
- “Daddy, did you save the razorback sucker?” (What you’re not going to hear an Obama daughter (allegedly) say.)
- “It’s time to build the private web.” Tone’s a bit statist. Concept is right on.
- John Mackey of Whole Foods on why intellectuals hate free markets.
- Windows 10 is spyware pure and simple — even when you think you’ve turned off some of its most intrusive features. Here’s another recommendation for Linux Mint that actually makes “going Linux” seem simple. (And that’s because, generally, it is when you choose Mint.)
- Here’s a amazing WWII dog story. And here’s the rest of her life’s tale.
- Snitches may get some well-deserved stitches. But you’re gonna love this snitch anyhow.
Being nice to dangerous farm animals can sometimes help, but consenting to a search of your trunk? Never.
Adobe has also changed its protocols to match Win 10, as have DEll and HP computers (and no doubt others), to be cloud-structured and compatible with MS.
The sell about privacy-in-the-cloud is all the more strange given that the more information ‘flying about in space,’ the easier it becomes accessible to theft. It seems to me businesses could figure this out pretty quickly, so why they would believe the hype is a mystery. (And why they would trust MS after its recent blatant change in Privacy Terms is another mystery.)
Pat: “It seems to me businesses could figure this out pretty quickly”
In corporate America, the profit margin and the security level are seen as inversely proportional, and profit is far more important than security. Even the companies’ own security.
I worked at one of the locations of a very large computer company, as a private security officer. Every night, I’d go though three buildings and attempt to secure all the supposedly locked exterior doors that employees and mangers routinely propped open. Some I’d wedged closed every night because the locks didn’t work. Weekly, I ran alarm tests on every wired door in the entire facility. On a good day, only 20% of the alarms failed. But sometimes as much as 85% of the alarms failed to activate. That included special high security areas where .gov work was being conducted.
The computer security used for logs started running slow, bogging down. Despite multiple reports, it continued that way for months, until it reached the point where typing a single text character could take a couple of minutes. At last, the IT folks looked at it. As I recall, they found over a 120 assorted viruses, trojans, and spambots running. For once, that scared them enough that they did a network scan. Supposedly, compared to most of the thousands of computers, our security computer was pretty clean. One tech estimated that that one company location may have been responsible for half the spam hitting the US Internet.
Because not a single company computer at the big computer manufacturing company had and AV or malware scanning. No firewall was configured to block ‘unauthorized’ outgoing traffic.
Because security is expensive and might have cut into a Prez-candidate-to-be’s outgoing payoff to go away.
Bear – Does this include those companies set up with an intranet/https? Is someone able to get through that barrier, and if so, how easily?
I ask because the last hospital I worked was very sure of their security. Employees had to jump through hoops to get to our own records (but of course we weren’t trying to break through security, either). But I often wondered how tight security was through their intranet. (With the mis-handling of medical databases these days, I’m not sure security in a hospital means anything, anyway.)
OTOH, I (for a short time only) had a computer bank account which was supposed to be secure – until I realized that *intentionally* the only secure part was the bank’s affairs, not the customers’ accounts. That’s when I dropped the computer idea, and have kept my account on paper thereafter. Now I wonder how secure was the bank’s finances.
Pat- Yes, it includes those. HTTPS, whether connecting to a Internet web server or a local intranet server, only sets up an encrypted connection between you and that server for that session (I won’t go into man in the middle attacks just yet, which can crack even that). That means, in theory, no outside party can see the details of that transaction/session. HTTPS does not protect a network connected to the Internet from some hacker determined to get into a machine. Not the server, not some worker’s desktop on the LAN/intranet.
For the latter, you need a properly configured firewall between the outside Internet and the LAN/intranet, as well as a properly credentialed login system. You also need malware and virus scanners to catch stuff coming in through email, which once run can make it’s own outgoing connections through a poorly set up firewall. That’s what happened in the company screwup I described above. It also happened to a defense contractor I worked for: someone — probably several someones — opened up the “I Love You” trojan.
Now- strictly on an internal company intranet, security tends to be lousy because the company figures they can trust their own workers. You might not be able to log in to your own hospital records, but I wouldn’t be terribly surprised if you could sit at your company desktop and Telnet into the machine that hosts that record… and browse everyone’s stuff. (Don’t ask how I know. [grin])
A telecom company I worked for connected all their phone switches, muxes, DCS, SONET… everything… to their intranet. And used the factory default passwords. From a network operations perspective, that makes a certain kind of sense. More secure would be to put all those machines on a second intranet with access restricted to NOC personnel and engineers who need to be there, and unique, new, and rotated passwords for each machine. What you don’t do is put everything on one system, then hookup a dialup modem with no password to the same intranet. If I’d been so inclined, I could have sat at home, dialed into their network and turned off every switch and carrier system in the company. Done right, I could have killed a quarter of the long distance service in the country, and crippled most of the Internet (someone managed the latter, accidentally. Come to think of it, at another company, some managed the former, too; that was an exciting day.).
I still have that phone number.
Bear – Thanks for the info. It’s kind of what I suspected, but I appreciate the details.
It makes it easier to be sure which direction to lean when making decisions.
(It also helps to know how secure – or not – a site such as StartMail is.)
Pat- StartMail should be a slightly different case.
[yet another lecture]
Internet email by design is open. By it’s very nature, the recipient and sender are visible, as is the routing from you to the receiver. It has to be that way for much the same reason that plain postal mail has addresses and cancellation marks. In snail mail the envelope gives you some privacy.
In plain email, there is no envelope; you’re sending post cards. Personally, I make email ‘envelopes’ by using GPG (PGP, the commercial version)to encrypt the contents of email. This is addition to the HTTPS discussed earlier.
Webmail like Gmail (ick, ack, aargh) isn’t encrypted. BY DESIGN, Google wants to see WHAT you’re writing, so they can store information about you, and send you ads (someone did a test of Gmail- mention ‘pregnancy’ in a message; almost immediately everything he did with Google thereafter presented him with baby junk, women’s health products, baby shower plans, etc).
StartMail actually lets you encrypt your email even as webmail. The site says they use PGP, so in theory, even if someone hacked their system, they still couldn’t read your emails. Only someone with your key can do that. That’s you. (How well they implemented PGP is important; it shouldn’t involve storing your private key on their machine, for example. And how good the commercial PGP is these days is sometimes debated. I haven’t kept up with that.)
If StartMail is built as well as they claim, it’s about as secure as you’re going to get with electronic messaging over the Internet without TEMPEST machines. [grin]
Hah! A privacy-oriented article, recommending Chrome as a web browser? Oy.
Thanks again, Bear. You answered another question I had.
Keep those “lectures” coming. 🙂 I’m learning.
I definitely appreciate them, too.
[OT]
Just saw the PIX of your place in this issue of “”Backwoods Home””. Good job Claire!
D.
R.L. Wurdack — Oh, cool! I was wondering when that article would come out. Didn’t know it was already here.
The sell about privacy-in-the-cloud is all the more strange…
Even stranger is the sell about “Store your data in the cloud so you can keep your business running during a disaster.” I think their definition of “disaster” doesn’t include everyone losing electrical power. (Of course I anticipate my business, teaching people to shoot, will be quite active.)
The “despicable” article did make some good points about listening to officers and following instructions. (Not including voluntarily opening your trunk.)
If a bear is raiding your campsite either speak softly and let him, or pull a gun and kill him. Poking him with a stick is both useless and very dangerous.
IMHO protesting police brutality to police is also useless and dangerous. It’s useless because if you want to change the way laws are enforced you need to change the government that gives cops their marching orders.
[StartMail actually lets you encrypt your email even as webmail.]
It sounds somewhat like Protonmail, although that allows only access through webmail. I’ve been pretty happy with them so far.
It’s not too hard to protect against unauthorized outgoing traffic with a decent firewall. I did that with pfsense on our retail store network. You just keep trying your authorized applications and opening up holes for each of them until they work (viewing the logs to see the accesses). However I haven’t tried it on the home network because I don’t need the familial strife. 🙂
I believe people will never get serious about security until they have experienced a loss.
“There are three kinds of men. The one that learns by reading. The few who learn by observation. The rest of them have to pee on the electric fence for themselves.”
— Will Rogers
It may interest you to know that SWAT is on the stand at every PX I’ve ever been in over the last decade. Sometimes next to a copy or two of the prior month’s issue as they don’t send ’em back. Prior to walking out, I insure they are front and center of the rack. The same “guerrilla marketing” strategy is used elsewhere with BHM.
I’ll still do it, even though the sole reason for me purchasing SWAT no longer exists.
Sorry. It’s been a long, hot day. And it’s going to be another twenty or so till I’m back in the ac with the woman I love.
I usually read your SWAT article and then skim the rest before giving an issue to my nephew.
Goodnight