Seriously. Do it.
Archive for the 'Privacy' Category
Mirth of a Nation: How Bill Clinton learned to tell jokes on himself--and get the last laugh.
I liked this article fairly well: It had stories I'd never heard, and interesting insights into things it had never even occurred to me to think about.
With a whisper, not a bang: Bush signs parts of Patriot Act II into law -- stealthily
Honestly, my quick news.google attempt to to verify this didn't turn up anything about this except for this article, but if this is true, then this is no good at all. If I had more time, I'd actually try to verify this, but I need to pack, etc... Worth a read, if just so you're aware of what might be going on with your privacy.
On the one hand, this story about implanting ID chips in people gives me the willies and makes me want to run for the hills.
On the other hand, these two paragraphs had me dying laughing:
Theologian and author Terry Cook said he worries the identification chip could be the "mark of the beast," an identifying mark that all people will be forced to wear just before the end times, according to the Bible.
Applied Digital has consulted theologians and appeared on the religious television program the "700 Club" to assure viewers the chip didn't fit the biblical description of the mark because it is under the skin and hidden from view.
You know you're in trouble when Religious Zealots turn out to be on your side. And be sure to check out the article, it's definitely something to be aware of.
I've been eagerly reading previews of Mac OS X 10.1, and reading comments in forums by users who "acquired" a copy of a beta build, and I've noticed this really annoying bit of security folk wisdom that has now engrained itself in the mac community. (I'd link to examples, but it's not worth it -- if you read Mac news sites at all, you've seen what I'm talking about)
The story goes something like this: "The new login screen, which optionally displays a list of users on the system, reduces the security of the system by an exponential factor, because instead of having to guess a login and password, a cracker only has to guess a password thanks to this list of user names."
Hooey! For starters, <deadpan>Microsoft is doing the same sort of login welcome screen in Windows XP, and Microsoft knows how to make a secure operating system.<deadpan>
But seriously, this isn't a "gaping security flaw that must be addressed before 10.1 ships," as so many wanna-be security experts like to tell naive readers to make themselves sound smarter in the eyes of untrained Mac users. The first reason is simply that it's a necessarilly optional feature, as it would be inefficient for a computer lab with hundreds or thousands of users to have an list of users. So if you're that worried about it, turn it off, and then nothing I say below applies anyway.
In such a multi-user lab environment is exactly where a list of logins might be a security problem. But in that environment, most would-be attackers will already have an account, and a would be attacker will have one of two targets -- either the system, or another user's private files. Taking the system automatically gets him another user's data, but it's also more likely to be noticed, and will probably be harder. So as far as getting private data (or gaining access to another account as the launching point of another attack, or what have you) -- well, if he's got an account on the system, it's trivially easy for the attacker to find out the names other accounts on the system. Further, if he's after someone's private files, he probably has a specific target in mind, in which case he already knows the target login.
And so the one case in which an attacker might use the login list (aka, the "security hole") to crack a system is when the attacker does not already have an account. And in that case, trying to brute force passwords is not the most effective way of gaining access, mainly because brute forcing passwords will almost certainly be noticed (assuming attentive admins). A determined attacker in a multi-user lab environment is going to be able to get access to an account with a trivial amount of social hacking, because users are dumb.
Admittedly, if users weren't stupid, the social hacking wouldn't procure an account as easilly. But of course, if users weren't stupid, they would have better passwords in the first place, and brute forcing a password would be harder, and the utility of a list of logins would go back down just as quickly as it went up.
Why did I focus so much on the case of the multi-user lab environment? Because to see the list of logins, an attacker will need to physically see the machine. And it's mostly beside the point, but most remote system exploits don't even need to know about any particular user other than root, or otherwise default logins, and so the login-screen serves no utility to a remote-attacker.
So the more subtle reason that the login screen listing account names isn't actually a showstopping security flaw is becuase to see the list of logins, an attacker need to be physically in front of the machine, and once an attacker has got physical access to a machine, the show's over and the monkey's dead.
If you're concerned about the privacy of the email you send, then GPG (The Gnu Privacy Guard) is your answer. This site contains a nice explanation of basic GPG use and management and how to configure pine to use gpg.