Announcement

Collapse
No announcement yet.

General Paranoia

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by J3di

    And I asked you to back up your idea. I already pointed out why I felt this was a technical discussion. besides, don't take the question about facts personally, like questioning your manhood or something. it was a question of facts and I was hoping someone could chime for the details. Cool?
    You obviously missed the point that everyone else seemed to grasp - that statement was a general one, not about details. No matter what method you use, once it has left your hands, you can not guarantee its security. Some methods are more secure than others; most are 10x more than you'll ever need for securing transmissions about your Aunt Judy's nail fungus. The point, though, was that nothing is secure enough to become complacent over.
    the fresh princess of 1338

    What did I do to make you think I give a shit?

    Comment


    • #17
      Originally posted by che
      Do you have any good links you would like to share for free or pay SSL web proxies & IRC servers? I know of Anonymizer
      and Church of the Swimming Elephant , but does anyone have any suggestions for other good ones from a personal use standpoint?
      anonymizer rules in almost every way.. the F-secure software they offer with their subscription is pretty decent. (though it isn't required to use)

      JAP is decent and free : http://anon.inf.tu-dresden.de/index_en.html

      [c]... another neat tool to use in conjunction with surfing for windows is Proxomitron: http://www.proxomitron.org/

      Comment


      • #18
        Originally posted by blackwave
        [c]... another neat tool to use in conjunction with surfing for windows is Proxomitron: http://www.proxomitron.org/
        The nice thing about proxomitron is you can put it on a spare windoze box that you never use, and let it be a crap-filter for your *NIX boxen that you surf with also. Too bad there is not a linux version of it..
        Happiness is a belt-fed weapon.

        Comment


        • #19
          Originally posted by J3di
          And yes, I have read up on the subject, keeping up with current discussions among different technical groups and publications, including books discussing analysis and attack methods. I am by no means an expert nor do I consider myself compentent, thus my question towards you about the facts.
          Well, great. Since we've both admitted that we've got a fairly rudimentary understanding of the topic at hand, let's drop that part of the equation. Let's focus instead on the lack of tact on your behalf that got us to this point. I don't parrticularly appreciate having someone making what seem like snide replies to a comment I post in reply to someone else.

          [/B]Yes, and the boogie man is out there in the dark to get you. Let's come back to reality here.[/B]
          Well, if there's nothing to fear, I'm sure you won't mind posting your full name, home address, any telephone numbers you may have, your social security number (or equivalent), and the numbers of any major credit cards you may hold along with their expiry dates. Personally, my evidently-overwhelming sense of paranoia unreasonably keeps me from doing things like this, but seeing as how I'm just unreasonably cautious, you'll be just dandy with showing me how wrong I am.

          [Allow me to spell it out: MODERATION.]


          And I asked you to back up your idea. I already pointed out why I felt this was a technical discussion. besides, don't take the question about facts personally, like questioning your manhood or something. it was a question of facts and I was hoping someone could chime for the details. Cool?
          As I said before in a rather more roundabout manner: the question wasn't the problem, the tone was. Further, it seems odd that *none* of the other people participating in this thread - regardless of the technical merit of their answers or otherwise - received the reaction I did from you. Odd, that. Made me wonder somewhat how serious you really were.

          listen 'dad', it was a request. i'm not telling you what to do. I'm asking for answers to fill in blanks, which is what I thought a technical discussion among like-minded folk. again, I have done the research and am always looking for more data.
          Fair enough. Hard to tell that until you mention it, though.

          now, please stop the diatribe. this is a discussion about encryption and the possibility that there is no relevent use for it these days. Can you dig that?6
          Hey, you drop it as well and use more tact in the future and I'll do you the same courtesy.

          Comment


          • #20
            Originally posted by octalpussy
            You obviously missed the point that everyone else seemed to grasp - that statement was a general one, not about details. No matter what method you use, once it has left your hands, you can not guarantee its security. Some methods are more secure than others; most are 10x more than you'll ever need for securing transmissions about your Aunt Judy's nail fungus. The point, though, was that nothing is secure enough to become complacent over.
            no, I didn't miss the point. I agree, there is no assurance once it leaves you and there is no tool that allows you to be complacent enough to not worry. my point is that I don't agree that a generalized statement can sum up reasons why a tool is useless, just because the statement says so. and that is why I asked for more data from the person who made the statement.

            I have no beef with skroo and this is not a pissing contest. maybe the question I should have asked to him should have been: why do you believe that 'it's already broken'.
            Last edited by J3di; January 19, 2003, 17:22.
            -- jedi

            Comment


            • #21
              Originally posted by skroo
              Well, great. Since we've both admitted that we've got a fairly rudimentary understanding of the topic at hand, let's drop that part of the equation. Let's focus instead on the lack of tact on your behalf that got us to this point. I don't parrticularly appreciate having someone making what seem like snide replies to a comment I post in reply to someone else.
              I agree that my original statement had no tact and might have come off snide. I have tried to correct that by being thorough and direct in my response. I have a lot of respect for you (thought the talk you and grifter gave at dc10 was cool) and did not mean to get into it with you. but I suspect your response to the other comment was alot like mine: quick, off the cuff and not complete thought out.



              Well, if there's nothing to fear, I'm sure you won't mind posting your full name, home address, any telephone numbers you may have, your social security number (or equivalent), and the numbers of any major credit cards you may hold along with their expiry dates. Personally, my evidently-overwhelming sense of paranoia unreasonably keeps me from doing things like this, but seeing as how I'm just unreasonably cautious, you'll be just dandy with showing me how wrong I am.

              [Allow me to spell it out: MODERATION.]
              again, I am not disagreeing with you. But healthy paranoia is something that you deal with in MODERATION, tempered with some common sense and experience.



              As I said before in a rather more roundabout manner: the question wasn't the problem, the tone was. Further, it seems odd that *none* of the other people participating in this thread - regardless of the technical merit of their answers or otherwise - received the reaction I did from you. Odd, that. Made me wonder somewhat how serious you really were.
              as I said before, the original tone of my response was not as it was meant. I will admit that it frustrates me when people put off the cuff answers that generalize issues that aren't that clear. hence my curiousity.


              Fair enough. Hard to tell that until you mention it, though.

              Hey, you drop it as well and use more tact in the future and I'll do you the same courtesy.
              ok, I'm cool with that, on 2 conditions: first, can you explain why you believe crypto in general is broken and second, you let me buy you a couple beers at dc11 to make it all good. either that, or a warp core breach at Quarks.
              -- jedi

              Comment


              • #22
                Originally posted by J3di
                I agree that my original statement had no tact and might have come off snide. I have tried to correct that by being thorough and direct in my response. I have a lot of respect for you (thought the talk you and grifter gave at dc10 was cool) and did not mean to get into it with you. but I suspect your response to the other comment was alot like mine: quick, off the cuff and not complete thought out.
                Glad you liked the talk. And no, I was not being considered in my reply, simply reacting to what I saw. Either way, let's just dump it and move on.


                [/B]ok, I'm cool with that, on 2 conditions: first, can you explain why you believe crypto in general is broken and second, you let me buy you a couple beers at dc11 to make it all good. either that, or a warp core breach at Quarks. [/B]
                I'll answer this in reverse: yes, thanks, either one works :)

                As for the first part: by 'broken' I didn't mean non-functional, but rather already cracked. My personal theory, based on what I've read and heard, is that pretty much all crypto we currently use is fine for keeping the casual shithead out of your business, but under a government/military level of scrutiny, it's pretty well useless.

                My reasoning for this is based on a couple of things. And again, I'm not a cryptographer by any means, so if I'm off-base on any of this I'd like to know.

                Most hardcore cryptographic algorithms rely on factoring large primes and processing the results of those factors. This is all well and good, but if the algorithm itself is flawed, the encryption scheme is as well. Granted, it'll take time to find where the breakage is, but there's a number of ways to do that: code review, pattern analysis, and, as always, brute force.

                Of course, that assumes that it's necessary to undertake any of these steps to begin with in order to derive the unencrypted data. Heavy encryption (at least in this country) is classified as a munition for good reason: it can be brought under government and military control *before* its release into the wild. In fact, there is a legal requirement for software companies to submit code dealing with heavy crypto for examination prior to an export licence being granted. And given the nature of software transfer, not having that licence is not worth the potential penalties if testing is skipped.

                In addition, we have an historical precendent for consumer-grade crypto products being backdoored. Remember the fuss over the Clipper chip? Privacy until, say, Law Enforcement wants to listen in on your calls. Same thing with the 'secure' fax machines that had to be so severely hobbled as to be useless in terms of truly protecting information.

                One other recent thing that's bothered me: for a few days last year, I heard reports on the radio of an Indian mathematics professor who may have found a shortcut to deriving large primes - meaning that all current crypto would be instantly rendered useless. It was all over the news, and then... Nothing. Yeah, it could've been that that was all there was to it and that the hype was unjustified, or it could be that the guy is now living a very comfortable life figuring out better ways of obviating private communications.

                So, while I don't consider crypto pointless, I feel that much of the sense of security it gives is just that - a feeling of well-being that it's being used, but not as much in the way of actual protection as one might think. Useful for keeping the neighbours from snooping your cordless traffic, but otherwise not so great if they *really* wanna know what you're up to.

                Comment


                • #23
                  Very well articulated skroo.

                  Not being a part of the government(s) myself, I can only imagine that a lot of things become "not important and worthless" with the right persuation and cash flow... or maybe we really do spend $500 a pop on toilet seats

                  While crypto is cool and all to keep fuckwads from viewing information certain information I care a little about... I personally don't put a lot of faith in it, nor any of the leading crypto freaks... for all I know, Zimmerman's role is a total charade
                  if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                  Comment


                  • #24
                    Originally posted by c0nv3r9
                    Very well articulated skroo.

                    Not being a part of the government(s) myself, I can only imagine that a lot of things become "not important and worthless" with the right persuation and cash flow... or maybe we really do spend $500 a pop on toilet seats

                    While crypto is cool and all to keep fuckwads from viewing information certain information I care a little about... I personally don't put a lot of faith in it, nor any of the leading crypto freaks... for all I know, Zimmerman's role is a total charade
                    From a purely commercial perspective, I *CAN* say that encrypted disk technology is a must for anyone doing security assessments for organizations. I'm simply not comfortable leaving confidential or hazardous information about network vulnerabilities on a drive that isn't encrypted. I've heard too many stories about people losing their laptop or having it stolen. That doesn't generate loads of customer trust.

                    Comment

                    Working...
                    X