Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Just How Paranoid Are You?

timothy posted more than 9 years ago | from the will-the-guards-find-your-watch dept.

Security 931

An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"

cancel ×

931 comments

Physical access! (4, Informative)

BWJones (18351) | more than 9 years ago | (#11459501)

The most critical item any computer security professional will tell you to take care of: Physical access. If you have a concern, this is your first line of defense and in fact, most top secret installations have considerable resources dedicated to physical access. Next down the line in terms of security risk will be issues related to physical access that again most top secret installations have resolved by disallowing any removable media in or around secured systems. After that comes any issues of network security because your greatest security risk is internal access.

You should not be carrying any sensitive work related items or data home, but if you have personal stuff (or a home business with IT critical information) you wish to secure, short of establishing a computer "vault" with limited access in your home (actually had one once for a project I was working on), you need to start with a secure OS. This does not mean Windows, unless you can afford a "hardened" version and are skilled at management. In fact, I would say from your question that all of the things you are already doing are the absolute minimum if you are using Windows. If you are truly this paranoid and keep sensitive info on your personal computer, and you obviously have a connection to the Internet, it should also mean, physically removing the Internet connection from your computer at times when you do not need it. Multi-casting OS capable machines like certain flavors *NIX are helpful here, so you dont have to deal with Windows network wizard every time you connect back up (if you use certain settings for your network). Wireless should be a no-no as well. IF you are really (read pathologically or are doing something quite illegal) paranoid, you could also build a Faraday cage around your room and charge it to reduce risk of TEMPEST related probes, but again if this is a concern, someone simply breaking in (again access) is often easier and cheaper.

When you are actually connected to the Internet, a hardware firewall is an absolute necessity. Network address translation will help limit some attacks. And aside from all the other things you are doing (strong passwords, encryption etc....), I would strongly urge you to constantly pay attention to your logs. Your most important data will be gleaned from the logs in terms of who is attacking, their strategies for attacking, when and where.

Re:Physical access! (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11459523)

fr1st ps0t niggers

Re:Physical access! (4, Informative)

drinkypoo (153816) | more than 9 years ago | (#11459652)

Hardware firewall? What, it's built all from gates and has no code on it? There's no such thing. A linksys befsr41 is a "hardware firewall" because it's a dedicated firewall appliance, right? It runs Linux. A PIX 520, that's a hardware firewall, yes? They cost a lot new and they come in a 4U case. Woops, it's an intel PC.

A firewall that's not on a trusted host, that's a necessity. It doesn't really matter if it's a Nokia box or monowall, what matters is that you configure it correctly and keep it updated. I'm thinking about setting up a transparent bridging firewall so my wall doesn't even have to have IP addresses.

Re:Physical access! (4, Funny)

BWJones (18351) | more than 9 years ago | (#11459660)

Oh, yeah......and I DO pay attention to my logs, so that dude at 67.13X.XXX.XX in Vancouver Washington who linked to my machine from Slashdot just now and is trying to get access, I am watching you as we speak . A little more work and I can have your GPS coordinates too. :-)

Re:Physical access! (0)

Anonymous Coward | more than 9 years ago | (#11459699)

You should not be carrying any sensitive work related items or data home,

Ok, how many admins out there who take backup tapes home as your offsite solution?

Lock grandma in the closet! (4, Insightful)

xtermin8 (719661) | more than 9 years ago | (#11459720)

Actually the above post illustrates a problem- giving highly technical advice to the masses. The above post is imformative, but I don't think it addresses the correct audience. What do you do for a family that does not include a security professional in the household? "Don't let your children's friends have unlimited access to the computer" might be more appropriate

Re:Physical access! (0, Troll)

ButtNutt (846086) | more than 9 years ago | (#11459740)

I know this will be modded troll but I love how everything security revolves around an endorsement for "not windows".

Re:Physical access! (0, Insightful)

Anonymous Coward | more than 9 years ago | (#11459743)

This is mildly off topic, but I'll back you up on a recent experience of mine. I've had some intense sinus pressure on the right side of my face, but no pain. My normal GP (who has served me well) dismissed it initially, but after 8 months did little more than keep offering me decongestants. They didn't really help. We stepped through a few other options, including ear infections and a course of antibiotics. Still nothing. A few times I asked the guy if he could just take a look up my nose, it *felt* like there was something there, on the right hand side.

He wouldn't, just told me it would be fine, it's nothing to worry about.

That leads me to poke around with a pair of tweezers up my nose - you know, it's really surprising how much space you have back there if you really concentrate while you're prodding about, to see what is where.

After a couple of attempts I latched onto something that didn't give any feedback of belonging to me - I couldn't feel the tweezing, and it didn't hurt. Giving it a tug I felt a *big* pressure change in my sinus, and pulled slowly. Out came what has to be the filthiest thing from my head. Two and a half inches long, dark green/brown and stained with a little blood on the end, it was close to the consistency of a pencil eraser in parts, moving to the consistency of jello at one end.

Then came the draining. Gack. What looked like 2 tablespoons of pus ran from my nose, which honestly made me feel physically ill. I like squeezing a zit as much as the next person, but this was just a bit much.

Anyway, after an hour I felt awesome. no more pressure on the side of my face, and I swear my eyes focus a little better than they did before. I took the gel-lump into my doctor, told him what it was, how it happened, how it had fixed all the sinus pressure I'd been having.

He didn't think that was the problem.

Go figure. My situation wasn't problematic. I wasn't in pain, I didn't have any long term damage to my health, but still a doctor when presented with symptoms and requests from a patient and ignores them, even when the final cause is discovered isn't someone to keep around, so I changed docs and told him why. Give each doc a good go at solving a problem, but if they insist on sticking on a point that really doesn't feel right, do change.

Yeah, right (5, Funny)

Anonymous Coward | more than 9 years ago | (#11459505)

Like I'm going to discuss that here on Slashdot! You know who might be reading.

Re:Yeah, right (1)

WormholeFiend (674934) | more than 9 years ago | (#11459717)

Yeah, right (Score:4, Funny)
by Anonymous Coward on Monday January 24, @03:01PM (#11459505)
Like I'm going to discuss that here on Slashdot! You know who might be reading


You know why Slashdot number-identifis even Anonymous Cowards posts? (e.g. in your case, (#11459505))

Re:Yeah, right (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11459725)

They need a unique ID in their database for a primary key?

False sense of security (1)

fembots (753724) | more than 9 years ago | (#11459506)

Why go all the trouble when you can, like me, just don't use the internet? Most family members won't even be bothered to turn on the computer if they know it doesn't have 'net access :)

Seriously though, if you have read this story [slashdot.org] , you can see that "He didn't worry that she would walk down the hall and find him reading her words. ''Impossible, because my computer didn't face the door, and it would have taken a split second to shut it off, literally,'' he said. ''Nobody could catch me, nobody. I'm too good. I'm too good with computers, trust me. I set up that PC so that when I shut the computer off everything was erased. So there was no trackable record on those PC's."

In the end he was caught by his own action. So no amount of software/hardware protection can protect you from humanware error. If there's anything incriminating or damaging, it won't be sitting only in your computer anyway.

Re:False sense of security (1)

Aeiri (713218) | more than 9 years ago | (#11459715)

If don't have internet access, how did you make this post?

Re:False sense of security (0)

Anonymous Coward | more than 9 years ago | (#11459728)

Why go all the trouble when you can, like me, just don't use the internet?

So how did you post here? Carrier pigeon?

Paranoid? Not much... (5, Funny)

grub (11606) | more than 9 years ago | (#11459507)


I have OpenBSD on my firewall and main work machine. Encrypted partitions too. GPG everything. My Windows 2000 game machine is locked tight and on a DMZ without IE being used. My monitor is wrapped in tinfoil, naturally, with a small cutout just large enough to have a 640x480 window viewable. I wrapped my mouse in tinfoil but that made it hard to use so I cut a hole in the bottom which allowed the light to hit the desk surface. Problem there was the desk was wrapped in tinfoil, too. So I made my own mousepad because I don't trust the ones made by The Man. It's made from a dead rabbit I found on the street. I flattened it out and dehydrated it. When I need a random number I pinch some fur and pull. however many strands of fur I get in that pull is the random number I use. Of course I need a new mousepad every few weeks as I never reuse the same tuft of fur twice. Never trust the PRNG in any OS, even OpenBSD. Theo is watching. Speaking of that, the other day I was installing OpenBSD 3.6 on a new machine and then I realized... CDs are a form of RFID tag. The unique bit patterns on them can be detected from space. So I wrap my CDs in tinfoil when not in use. Speaking of tinfoil, I find it best to buy the cheapest stuff from dollar stores. They don't usually use the UPC barcoding at those places. Just "$1.. $1.. $1..". Barcode readers don't use OpenBSD but I think Theo is trying to get in there. Speaking of barcodes, the other day I pulled a package of gum from my pocket and the person I was with said "Ohh... Spearmint!" I ran away. He obviously has a remote UPC scanner and knew that I had spearmint gum. He says the wrapper was in plain site but I think that's just an excuse.

Re:Paranoid? Not much... (5, Funny)

squidfood (149212) | more than 9 years ago | (#11459583)

"Six to base. He picked up the rabbit we left. We have access. Repeat. We have access."

The "smell of death" defense. (0)

Anonymous Coward | more than 9 years ago | (#11459584)

' I have OpenBSD on my firewall and main work machine '

Ah. Quite ingeneous. The "smell of putrefaction" defense to keep intruders out.

Re:Paranoid? Not much... (0)

Anonymous Coward | more than 9 years ago | (#11459587)

He obviously has a remote UPC scanner and knew that I had spearmint gum.

RFID.

Re:Paranoid? Not much... (0)

Anonymous Coward | more than 9 years ago | (#11459622)

gum has upc not rfid.

Ignorant fool... (1)

AtariAmarok (451306) | more than 9 years ago | (#11459703)

"gum has upc not rfid."

You obviously never tuned in to "Art Bell" that night he revealed that all UPC codes have been embedded with RFID for years now.

Re:Paranoid? Not much... (2, Funny)

Qzukk (229616) | more than 9 years ago | (#11459729)

Thats what They want you to think.

Re:Paranoid? Not much... (0)

Anonymous Coward | more than 9 years ago | (#11459758)

FYI lots of places, including Walgreens, put RFID chips on small easy to steal products like gum so that they can be detected if you try to leave the store with them.

Dude.... (0, Troll)

Gleenie (412916) | more than 9 years ago | (#11459511)

You must have the most impressive pr0n collection known to mankind!

wow thats crazy (1)

xeraxes (306004) | more than 9 years ago | (#11459517)

very crazy

Why should I be paranoid? (5, Funny)

Dagny Taggert (785517) | more than 9 years ago | (#11459518)

After all, doesn't everyone have my best interests at heart? Why, just the other day, a nice Nigerian man sent me an e-mail about a wonderful offer, and I don't even know him!

Hellooooo, Mr. Government Man!

Paranoid? No... (0)

Anonymous Coward | more than 9 years ago | (#11459521)

I just wear my tin-foil hat and everything seems to be in order...

Not me. (1)

Torontoman (829262) | more than 9 years ago | (#11459524)

I'm not so paranoid - simply very frustrated at the need for 9 different passwords to do my job - and they must be changed every 30 days - I always forget them so I keep them on a post it note on my monitor.

Use linux! (0)

Hosting Geek (851934) | more than 9 years ago | (#11459525)

rule number one about sercurity: Use linux!

Hmm (0)

Anonymous Coward | more than 9 years ago | (#11459528)

I don't think 'Big Brother' should be your primary concern, but rather your little brother and his ability to single handedly invite all kinds of unwanted goodies onto your machine.

Esay easy easy (0, Flamebait)

EaterOfDog (759681) | more than 9 years ago | (#11459529)

I didn't go far at all. I just run OS X.

Hah (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11459579)

My keylogger just picked up your universal password. Let's see, 'biggaymacdaddy'.

Re:Esay easy easy (3, Insightful)

fimbulvetr (598306) | more than 9 years ago | (#11459718)

Oh yeah, guess all those security vulnerabilites listed on securityfocus are just bogus, eh?
How about unpublished exploits? All those take care of too?

Just because I wrap... (0)

Anonymous Coward | more than 9 years ago | (#11459532)

...my computer in aluminum foil, doesn't mean they're not really out to get me!

Re:Just because I wrap... (1)

l3v1 (787564) | more than 9 years ago | (#11459734)

:)) You're quite right :) Oh, btw, where the hell have I put my tiger resistant rock ? :]

Just don't use windows encrypted folders.... (2, Interesting)

DigitalCrackPipe (626884) | more than 9 years ago | (#11459533)

If you're really trying to keep things secure, ensure your encryption isn't made by microsoft. Their encrypted folders use AES (IIRC) but since they're open and decrypted when you're logged on the protection is compromised.

I use linux (1, Interesting)

Anonymous Coward | more than 9 years ago | (#11459534)

So beyond a hardware firewall, not using credit cards on the net and banking through https, I don't do shit.

My computer (3, Funny)

AtariAmarok (451306) | more than 9 years ago | (#11459535)

My computer is encased in Carbonite, and it is stored in a file cabinet in the basement with a sign on the door "Beware of Leopard". The password? I tore it to bits, put bacon grease on it, and fed it to the dog. However, these measures are not enough for security: the machine itself happens to be one of those cardboard replica PCs you find on furniture in the back of "Staples". No WAY you gonna hack this sucker!

This far (4, Interesting)

js3 (319268) | more than 9 years ago | (#11459541)

I lock the door to my house when I leave home

Freedom: (+10, Patriotic) (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11459549)


Freedom [guardian.co.uk]
begins at home, you criminel de guerre [whitehouse.org]

Patriotiocally as always,
Kilgore Trout, CTO

There are many frowzy shirkers who want to make closed-minded roustabouts out to be something they're not. One -- Dr. James Dobson -- is so conniving, he deserves special mention. To get immediately to the point, if Dobson is going to talk about higher standards, then he needs to live by those higher standards. Anyone with an IQ two points higher than a wet sponge's knows that his myrmidons are brown-nosing witlings (literally!). But, even so, if you're interested in the finagling, double-dealing, chicanery, cheating, cajolery, cunning, rascality, and abject villainy by which he may expose and neutralize his enemies rather than sit at the same table and negotiate before long, then you'll want to consider the following very carefully. You'll especially want to consider that Dobson is entirely gung-ho about mercantalism because he lacks more pressing soapbox issues. If you look soberly and carefully at the evidence all around you, you will indisputably find that power-hungry Huns often take earthworms or similar small animals and impale them on a pin to enjoy watching them twist and writhe as they slowly die. Similarly, Dobson enjoys watching respectable people twist and writhe whenever he threatens to leave us in the lurch. You know, it strikes me that he would have us believe that it's okay to cause pesky subversion to gather momentum on college campuses. Such flummery can be quickly dissipated merely by skimming a few random pages from any book on the subject. Dobson's methods are much subtler now than ever before. Dobson is more adept at hidden mind control and his techniques of social brainwash are much more appealingly streamlined and homogenized.

Might I suggest that he search for a hobby? It seems Dobson has entirely too much time on his hands, given how often he tries to shrink the so-called marketplace of ideas down to convenience-store size. When I'm through with him, he'll think twice before attempting to till the callow side of the antipluralism garden. An ancient Greek once wrote something to the effect of, "He has shown he's not afraid to be contentious." Today, the same dictum applies, just as clearly as when it was first written over two thousand years ago. Dobson's perceptions of a vast conspiracy lead him to inappropriate assessments of even the most innocent interactions with frightful fiends, but given the way things are these days, we must remember that Dobson says that his tracts are all sweetness and light. This is at best wrong. At worst, it is a lie.

In other words, even his horoscope says he's nerdy. Or, to express that sentiment without all of the emotionally charged lingo, he honestly gives me the heebie-jeebies. Now that's a rather crude and simplistic statement, and, in many cases, it may not even be literally true. But there is a sense in which it is generally true, a sense in which it undeniably expresses how classism doesn't work. So why does Dobson cling to it? I once asked Dobson that question -- I am still waiting for an answer. In the meantime, let me point out that this is not the first time I've wanted to lift the fog from Dobson's thinking. But it is the first time I realized that it's easy enough to hate him any day of the week on general principles. But now I'll tell you about some very specific things that he is up to, things that ought to make a real Dobson-hater out of you. First off, I once overheard him say something quite astonishing. Are you strapped in? He said that negativism is the key to world peace. Can you believe that? At least his statement made me realize that in order to convince us that every featherless biped, regardless of intelligence, personal achievement, moral character, sense of responsibility, or sanity, should be given the power to rule with an iron fist, Dobson often turns to the old propagandist trick of comparing results brought about by entirely dissimilar causes. To say otherwise would be obnoxious. During the first half of the 20th century, particularism could have been practically identified with materialism. Today, it is not so clear who can properly be called depraved, nasty perverts. Again, if you read Dobson's writings while mentally out of focus, you may get the sense that I'm too gruesome to spread the word about Dobson's bloodthirsty off-the-cuff comments to our friends, our neighbors, our relatives, our co-workers -- even to strangers. But if you read his writings while mentally in focus and weigh each point carefully, it's clear that he seems to be expressing an irrational preference for remaining in some previous century while the rest of the world hurtles forward. I'll probably devote a separate letter to that topic alone, but for now, I'll simply summarize by stating that Dobson would have us believe that it is not only acceptable, but indeed desirable, to undermine the intellectual purpose of higher education. Yeah, right.

Contrary to popular belief, if Dobson continues to commit confrontational, in-your-face acts of violence, intimidation, and incivility, I will certainly be obliged to do something about him. And you know me: I never neglect my obligations. To say that he is omnipotent is flighty nonsense and untrue to boot.

This state of affairs demands the direct assault on those uninformed sound bites that seek to traduce and discredit everyone but deranged amnesiacs. Looking at it another way, Dobson would have us believe that he could do a gentler and fairer job of running the world than anyone else. That, of course, is nonsense, total nonsense. But Dobson is surrounded by gormless moral weaklings who parrot the same nonsense, which is why he believes that we have no reason to be fearful about the criminally violent trends in our society today and over the past ten to fifteen years. The real damage that this belief causes actually has nothing to do with the belief itself, but with psychology, human nature, and the skillful psychological manipulation of that nature by Dobson and his ignominious, irrational apple-polishers. In an atmosphere of false rumors and misinformation, he maliciously defames and damagingly misrepresents everyone and everything around him. There's a word for that: libel.

Quite simply, Dobson claims that the federal government should take more and more of our hard-earned money and more and more of our hard-won rights. I maintain that the absurdities within that claim speak for themselves, although I should add that I'm sure Dobson wouldn't want me to eavesdrop on his conversations. So why does he want to force his moral code on the rest of us? If you need help in answering that question, you may note that I insist that it is far too easy for him to use fear, intimidation, sedating substances, and other tools to convince witless sybarites to muddy the word "ultracentrifugation". My views, of course, are not the issue here. The issue is that we could opt to sit back and let him make today's oppressiveness look like grade-school work compared to what he has planned for the future. Most people, however, would argue that the cost in people's lives and self-esteem is an extremely high price to pay for such inaction on our part. Let's be frank: Dobson plans to detach individuals from traditional sources of strength and identity -- family, class, private associations. He has instructed his satraps not to discuss this or even admit to his plan's existence. Obviously, Dobson knows he has something to hide.

I have a hard time trying to reason with people who remain calm when they see Dobson treat traditional values as if they were venal crimes. Egotism has never been successful in the long run. Likewise, his secret agents are currently in the streets, burning, robbing, and looting. Am I aware of how Dobson will react when he reads that last sentence? Yes. Do I care? No, because I am appalled by the vast generalizations in his claim that anyone who disagrees with him is ultimately unctuous. But you knew that already. So let me add that it is not uncommon for him to victimize the innocent, penalize the victim for making any effort to defend himself, and then paint the whole unrealistic affair as some great benefit to humanity.

Dobson is apt to respond to this letter in the same emotional way that a devout Christian in the 15th century might have responded to someone who announced publicly that he didn't believe in the virgin birth. But let's not lose sight of the larger, more important issue here: Dobson's infantile endeavors. Just to add a little more perspective, it is not too far-fetched to claim that many recent controversies have been fueled by a whole-hearted embracing of stinking prank phone calls. Well, that's getting away from my main topic, which is that I'm willing to accept that Dobson has become so morally and ideologically degraded, so acclimated to obstructionism and scapegoatism, that he wants to pose a threat to the survival of democracy. I'm even willing to accept that he uses people and destroys lives without compunction. But that's just one side of the coin. The other side is that just because he and his apologists don't like being labelled as "mudslinging cretins" or "spineless thugs" doesn't mean the shoe doesn't fit. As will become apparent one of these days, many people who follow Dobson's apothegms have come to the erroneous conclusion that hooliganism brings one closer to nirvana. The stark truth of the matter is that he refuses to come to terms with reality. Dobson prefers instead to live in a fantasy world of rationalization and hallucination. In keeping with all of their inner abusive brutality, his deputies spread feudalism all over the globe like pigeon droppings over Trafalgar Square. In contrast, anyone who hasn't been living in a cave with his eyes shut and his ears plugged knows that there is no doubt that Dobson will use paid informants and provocateurs to obstruct important things any day now. Believe me, I would give everything I own to be wrong on that point, but the truth is that we were put on this planet to be active, to struggle, and to turn Dobson's virulent memoirs to our advantage. We were not put here to make my blood curdle, as Dobson might feel.

There's something fishy about Dobson's lamentations. I think he's up to something, something grungy and perhaps even headlong. I assume that Dobson is unaware of his obligation not to open the gates of hell, as this unawareness would be consistent with his prior displays of ignorance. For better or for worse, most of you reading this letter have your hearts in the right place. Now follow your hearts with actions. He has nothing but contempt for responsibility, duty, and honor. Of course, this sounds simple, but in reality, the real issue is simple: We have a right and an obligation to reinforce what is best in people.

Who among you reading these words is not moved to raise the quality of debate on issues surrounding Dobson's scornful plaints? Easy as it may seem to exercise all of our basic rights to the maximum, it is far more difficult to expose some of Dobson's two-faced, audacious deeds. The foregoing greatly simplifies the real situation, but it does indicate in a rough, general way that it has been said that Dobson must have known that his double standards would cause high levels of outrage and would generate many letters in response (like this one). I believe that to be true. I also believe that if you ever ask him to do something, you can bet that your request will get lost in the shuffle, unaddressed, ignored, and rebuffed. He carries nothing but hatred and destruction in his heart. Sure, it sounds blasphemous. Blame that on combative, devious chiselers. To end this letter, I would like to make a bet with Dr. James Dobson. I will gladly give him a day's salary if he can prove that there's no difference between normal people like you and me and noisome meatheads, as he insists. If Dobson is unable to prove that, then his end of the bargain is to step aside while I pronounce the truth and renounce the lies. So, do we have a bet, Dobson?

Not that paranoid (1, Informative)

Anonymous Coward | more than 9 years ago | (#11459551)

have a hardware firewall (GTA GB500),
30 character password, and all remotely personal information stored on a 256bit AES encrypted volume.


You can't be that paranoid if you go telling everyone who reads /. that your password is 30 characters long. I mean, you've practically given it away.

I just use Linux (0)

Anonymous Coward | more than 9 years ago | (#11459552)

There's no way my friends or family will ever figure that out.

I use (0)

Anonymous Coward | more than 9 years ago | (#11459558)

Bastille Linux of course!

If I was not concerned about security, I would use Windows XP

So paranoid (1)

suso (153703) | more than 9 years ago | (#11459559)

that I'm not going to tell people on slashdot what I do.

"all remotely personal information" (1)

GillBates0 (664202) | more than 9 years ago | (#11459560)

Yeah, yeah...we all know that's just a fancy-schmancy secret word for pr0n. Shhh...sorry.

Now, how about posting some torrents here, so we can all admire your l33t security models and stuff.

Simply..... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11459563)



Rename allMyPron.zip to mssys.dat

Fingerprint access. (1)

crovira (10242) | more than 9 years ago | (#11459564)

I require that the user have physical access to the fingerprint reader under my keyboard.

My data is locked up? Hell yeah!

Big Brother... (5, Interesting)

djsmiley (752149) | more than 9 years ago | (#11459569)

Is there any point in trying to protect against BIG Brother really? I mean, if they WANT to get in, they could just storm your house and take away your PC. If the want they could slience you too. So why go so over the top?

Another idea is to make sure any sensitive infomation doesn't have any means of escape, hell build a machine with no network, and no floppy drive or cd writer. Take out the usb slots too, then maybe a passer by wont be able to access it.

30char password? Whats the point? I mean you can still brute force it, and even without doing this, theres still methods such as removing the hdd drive, mounting it under anther computer and 99% time, you got instant access to everything.

People need to learn, senstive data is only protected in ONE place, inside our minds.
Keep it there and no one can snoop it.

Re:Big Brother... (0)

Anonymous Coward | more than 9 years ago | (#11459653)

People need to learn, senstive data is only protected in ONE place, inside our minds.

Keep it there and no one can snoop it.

... yet.

Re:Big Brother... (1)

kognate (322256) | more than 9 years ago | (#11459675)

Here's the deal, there is NO place that sensitive data can be protected from the truely determined. Sure, you keep your password in your head, someone could get it out of you. They wouldn't even really have to torture you, it just takes time.

Re:Big Brother... (1)

linear a (584575) | more than 9 years ago | (#11459755)

>> senstive data is only protected in ONE place, inside our minds. That's what you'd like to think...

Bad Mojo... (1)

danielrm26 (567852) | more than 9 years ago | (#11459570)

"
I have OpenBSD on my firewall and main work machine. "


It's not the same box is it?

Why... (0)

Das Auge (597142) | more than 9 years ago | (#11459574)

who wan't to know???

Re:Why... (1)

Das Auge (597142) | more than 9 years ago | (#11459636)

My guess would be my spell-checker. :(

Best security policy ever (0)

Anonymous Coward | more than 9 years ago | (#11459575)

I just don't keep personal information on my system for long. I format and re-install everything about once a month. Everything I collect on the 300Gb of space that I have gets burned to dvd's and cd's. I can go from a completely formatted system to my personal setup in a little more than an hour.

I have (1)

A beautiful mind (821714) | more than 9 years ago | (#11459578)

a h/w firewall (openbsd), im running debian sid, to login i need a keychain + p/w. I use loop-aes to encrypt everything including the root partition. I run all services (that is apache and sshd) in jailed environments, im subscribed to bugtraq and lkml to know about the issues that could arise, i got my kernel patched with grsec+pax. I run my system most of the time as a non-priviledged user. Hm. I may be a bit average in paranoidness, but i learnt a lot while making this system work like this.

I'm an alien . I'm a legal alien. (1)

crovira (10242) | more than 9 years ago | (#11459665)

I'm an alien in New York.

Cute reference...

I am so worried.... (5, Funny)

jmcmunn (307798) | more than 9 years ago | (#11459586)


I run only knoppix Live CD, and I incinerate my RAM after I am done just to be sure there's nothing left on that RamDisk. Kingston loves me now!

I would tell you... (1)

harks (534599) | more than 9 years ago | (#11459589)

but I'm far to paranoid to describe my security methods in public like this.

Network? What network? (1)

Ironsides (739422) | more than 9 years ago | (#11459595)

For anything that has "sensitive information" (for us, that means individual tax and financial info), it doesn't go on any networked machine. All updates are transfered via floppy/USB. Files don't leave the machine. We don't bother with encryption simply because if someone is going to break in, they are probably going to steal the computer and don't care what is on it. Not to mention that it isn't worth it (to us) to secure what is on there beyond what we already do. Our main concern is making sure we don't get wiped out by a virus or a hard drive that dies.

Moot point around here (1)

Kipsaysso (828105) | more than 9 years ago | (#11459599)

At my college we sit behind a huge firewall and I used to use a personal one past that. However Once I realized that anyone with my level of access (domain, I work for the tech dept) could get to my files, I just gave up. I need to start Linux up anyway.

Waste of Time (1)

cyngus (753668) | more than 9 years ago | (#11459600)

Rather then spend all this time running around securing my information, which no one really cares about now, I spend my time getting rich and powerful. That way, later on, I won't have to run around securing my information, rather my minions will run around punishing those who try to steal it. At the end of the day, its probably not worth your time, you're just not that important. And if you are that important its a better use of your time to get a real expert to do it. (Note: Some out there probably are real experts, but not many.)

Thanks for the info (5, Funny)

yack0 (2832) | more than 9 years ago | (#11459601)

Thanks for letting us know you have a 30 character password. That'll be much easier to crack than having to deal with 1 - 29 and 31 - infinity length password.

Security against 'Big Brother' is a myth (4, Insightful)

sisukapalli1 (471175) | more than 9 years ago | (#11459610)

Security against 'Big Brother' is a myth, especially given that it is very easy for authorities all over the world to label someone a "terrorist", or a "person of interest", and lock him/her up for years without any oversight.

S

Problem Solved (1)

bob670 (645306) | more than 9 years ago | (#11459612)

I just don't use Windows or Internet Explorer, problem solved.[/sarcasm]

I've got... (1)

Buzzwang (265168) | more than 9 years ago | (#11459614)

...probably the best security against online break-ins knonwn to man...

I'm offline, permanently. Try and hack that.

Re:I've got... (0)

Anonymous Coward | more than 9 years ago | (#11459726)

And yet... you're posting on /. Neat trick. Care to share?

never enough (1)

ender_wiggins (81600) | more than 9 years ago | (#11459619)

Just because your paranoid doesnt mean someone isnt after you!

Nerd guards (4, Funny)

kneecarrot (646291) | more than 9 years ago | (#11459620)

I keep a bunch of nerds surrounding my house for security. I feed them doritos and keep them motivated by issuing fake Duke Nukem Forever press releases. When I see them becoming too docile, I toss Windows Magazine at them to get them all riled up.

Not Paranoid At All (1)

jgartin (177959) | more than 9 years ago | (#11459623)

I run Windows ME with no antivirus, no backup, no encryption, no firewall, no nothing. All that stuff is for wussies. I do use a BIOS password that you must type in before every boot. If I leave my computer while it is running, I have a screen saver that requires a password. This arrangement has worked well for 5+ years.

Why do you ask? (1)

jeephistorian (746362) | more than 9 years ago | (#11459626)

Well?
Actually, I err on the safe side just because. I use bios passwords and user passwords, have a hardware and software firewall.....on my computers at home....which DON'T have internet access!

Okay, so they will again...one day....please God....
______________

The usual stuff (2, Informative)

upside (574799) | more than 9 years ago | (#11459628)

- Home server(s) on a DMZ - Ntop on the router/fw to keep track of network usage - Filter outbound connections, too - Mixture of *BSD and Linux on network and server equipment. - Peerguardian when using P2P software. - Up to date virus scan. - Don't use IE or Outlook Express.

Relocate serve to DMZ (5, Funny)

AtariAmarok (451306) | more than 9 years ago | (#11459744)

"Home server(s) on a DMZ"

Never thought of effecting security by relocating my home server to the no-man's-land in the middle of the Korean peninsula. I think you may be on to something. No one would ever think to check there!

Different levels (1)

man_ls (248470) | more than 9 years ago | (#11459632)

I focus on good physical security, for the most part.

Over the network, I have disallowed older clients from connecting (NTLMv2 only) and require encrypted sessions over the network. I've disallowed anonymous users to enumerate shares and SIDs, and don't have a guest account open. Result: Basically, only someone with a local credential can access my machine over the network (for SMB) and any services that run, authenticate to the same database (RDP, etc.)

Locally, I rely on the fact that I'm overly paranoid about locking my workstation. If I'm more than 6 feet away from the console, it's locked. Only one individual besides myself has an account on my personal machine. All my important files are assigned to my own user account, and access-restricted from making modifications on them.

I'm less concerned about the other person who legitimately uses my machine from snooping around, than I am a random college kid who's bored.

Just How Paranoid Are You? (1)

PCWizardsinc (678228) | more than 9 years ago | (#11459633)

BIOS Password, 13 Digit Password on XP Pro box, Virtual PC, Running FreeBSD 5.3 for all Internet related activity, hardware firewall, ... just your normal everyday kind of paranoid...

Keepass Plug (1)

DarkHelmet (120004) | more than 9 years ago | (#11459637)

All my really important information is stored in a Keepass [sourceforge.net] database file. It uses AES (either 128 or 256, can't remember) to encrypt the database, based on the SHA-256 of the password you give it.

I don't think having a whole hard drive volume encrypted is necessary for most people. After all, I don't really care if people end up stealing my HalfLife 2 saved games from me.

VMware and crypto file systems (1)

puzzled (12525) | more than 9 years ago | (#11459638)


I'm running SuSe 9.2 (good functionality, not exactly stable for me) and I keep a 12.0 gig crypto filesystem on my 20.0 gig drive.

The passphrase is sort of English, not shared at all with anyone, and I can do most of my work without mounting that stuff at all. When mounted the partition is a attached to /vmware and it contains a Windows 2000 install with my accounting stuff and maybe a few other operating systems for play. The accounting stuff is the only thing I have that qualifies as 'sensitive' - VMWare+crypto lets me carry it securely and easily back it up - I've got another sizeable CFS partition on my desktop at my office.

Physical security is a huge issue that most computer nerds ignore - its not nearly as sexy as configuring a firewall - all discipline and no play, so to speak.

Personally, I'm sorta lax. (1)

awing0 (545366) | more than 9 years ago | (#11459640)

I keep my internet firewall and all public daemons up to date, but behind my network things are sorta left to when I get around to fixing them. For example, most of my sshd's are out of date, except the one that faces the internet. I use GnuPG with the Enigmail plugin for my signing my e-mail. That's about it for any encryption I use. I don't have any sensitive data and it's not worth the CPU time or hassle to use an encrypted loopback partition. I've been thinking about it for its geek factor, but, eh, whatever.

"Just How Paranoid Are You?" (4, Funny)

Wordsmith (183749) | more than 9 years ago | (#11459643)

Who wants to know?

Best Protection (1)

earthstar (748263) | more than 9 years ago | (#11459644)

It might look silly,but I think its quite sensible.

1.Dont connect to Internet.

2.Dont store sensitive/Important Info in harddisk.
Rather,Store it in removable media and place it in a safe location.
(Iam sure this physical safe location is better than the "safe" ways of saving it on comp anyday)

Hmm.... (0)

Anonymous Coward | more than 9 years ago | (#11459648)

I need to adjust my tinfoil hat before I can allow myself to answer that question.

Very Impressive (1)

The Angry Mick (632931) | more than 9 years ago | (#11459654)

Mr. Ashcroft. I assume that your submission to Slashdot was quantum encrypted as well. ;-)

The Easy Way (1, Funny)

Anonymous Coward | more than 9 years ago | (#11459661)

"I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?""

I just crack your system and store my stuff there. :)

not paranoid at all (1)

Aeron65432 (805385) | more than 9 years ago | (#11459670)

im not paranoid, i just feel safer in this tin hat... 2+2=4!

How much truely private stuff do you have? (4, Interesting)

syousef (465911) | more than 9 years ago | (#11459672)

The only things I really consider private on my computer are financial information. Receipts, credit card numbers etc. So yes I do go to some trouble protecting that, but for the most part I couldn't care less if my information was read illegally. There's just nothing of consequence there.

If someone actually compromised and trashed my PC on the other hand, I'd lose time in rebuilding it. HoweverI do back up my information regularly, so that's no issue either except being annoyed at the loss of time. (If someone made subtle changes to the information I'd still have older backups, so it would be painful but not unrecoverable).

If you truely need a private information store, it may be worth buying a PC that isn't net connected and that is physically secured. For the average person unless you're doing something illegal or have sensitive work material at home (arguably not a good idea anyway), why would you need a super-unbreakable encrypted PC?

What is a "hardware" firewall? (0)

Anonymous Coward | more than 9 years ago | (#11459676)

Many people prattle on and on about hardware firewalls when trying to justify expensive Cisco gear. Really, all of these network firewalls are just hardware which run software. If you mean that the software is embedded, that's a better way of saying it.

But then I have to ask... why the need to qualify your firewall by labeling it a "hardware" firewall? Is there something wrong with "software" firewalls? What about all the businesses using OpenBSD's pf or Linux's ipchains as opposed to paying the Cisco tax? Are they less secure? Are they to be considered amateur because they are not using fancy (or even mediocre) appliances?

Not too paranoid (1)

Tenebrious1 (530949) | more than 9 years ago | (#11459678)

I keep a few sensitive files encrypted with an off-the-shelf program. I also have my porn in zip files that are encrypted, just so my gf or family doesn't accidentally stumble onto them. A decent firewall, AV, anti-spyware. Prevent IE and Firefox from caching passwords, no history or cache. Once in a while I wipe the free space, but that's about it.

Careful with swap and temp files (3, Informative)

homer_ca (144738) | more than 9 years ago | (#11459693)

"and all remotely personal information stored on a 256bit AES encrypted volume."

Windows will leave temp files all over the place and your pagefile could have any data that was kept in RAM. The superparanoid run Linux w/ an encrypted root partition and Windows inside a VM from an encrypted disk image.

not for techies (1)

tota (139982) | more than 9 years ago | (#11459695)

but the single most important piece of advice I give to non-technical users is really simple: don't use IE! (or Outlook if you can avoid it)

why the encryption (1)

spamfo (803637) | more than 9 years ago | (#11459698)

Whilst I am all for the layered approach, even on a home machine, I find it hard to understand why people need large partitions protected with AES encryption.

If this was corporate data for example, it could be used in a smaller 'portable' encrypted container, I constantly see questions on Security type sites with people asking how to do full HD encryption, or encryption of very large drives.

Maybe its just me being suspicious, but realistically why do people need hundred gig+ encrypted containers unless it is for pr0n, warez or something even worse!

How far do you go? (1)

Tackhead (54550) | more than 9 years ago | (#11459700)

Quoth the article:
> How far do you go to protect your computer?

I protect my Computer with my life, and the life of all five of my clones, as any Troubleshooter would.

What are you, some kind of commie pinko mutant traitor? Paranoia is treason! Paranoia is fun! Happiness is mandatory! I'm happ*ZOT*

Wow! (0)

Anonymous Coward | more than 9 years ago | (#11459702)

Cool article. Thanks Tim.

Billy

I'm not nearly as paranoid... (0)

Anonymous Coward | more than 9 years ago | (#11459706)

...as my other 8 personalities. And half as schizo.

Erased my brain (3, Funny)

snuf23 (182335) | more than 9 years ago | (#11459707)

I made an end run on this whole problem. With some carefully executed electro shock therapy, I erased all of my personal information from my own brain!
Just try your evil identity theft tricks now!

Cement (1)

filtur (724994) | more than 9 years ago | (#11459708)

I disconnected mine from the internet, put it in a block of cement and then I sit on my front porch with a shotgun looking for any virus that may come along.

I don't shop online... (1)

antdude (79039) | more than 9 years ago | (#11459711)

I don't buy/pay stuff online at all.

Big brother (2, Funny)

martensitic (747168) | more than 9 years ago | (#11459745)

At home, I am not nearly as worried about "Big Brother" as I am my actual big brother. Therefore my first line of defense is a "No Big Brothers Allowed" sign on my bedroom door, with some skulls-and-crossbones for added effect.

Re: Just how paranoid are you (1)

legirons (809082) | more than 9 years ago | (#11459748)

"How far do you go to protect your information against 'Big Brother' or even your family/friends?"

The obvious one would be not to respond to every security-related question with a bunch of details about all the levels of encryption and different passwords you use, just to show how technical and paranoid you are.

It's just a big video file dammit, I don't even know what this marutuku thing is...

Slashdot poll: when do you reveal your password
[ ] When a cute researcher asks for it
[ ] When offered a free pen for doing so
[ ] When slashdot asks about my 3l337 cracker defenses
[ ] At every dinner-party opportunity
[ ] All of the above

On-screen keyboard (1)

vfs (220730) | more than 9 years ago | (#11459753)

I'm so paranoid that not only do I have my stuff on an AES 256-bit encrypted filesystem, when I type in the password I use an on-screen keyboard so that if anyone hooks up a keyboard sniffer, they won't get my passphrase.

It was a very insecure idea to /. this (1)

Hosting Geek (851934) | more than 9 years ago | (#11459754)

/. this is just like email a hackers mailing list with "Hack me!"
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...