![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Oct. 7th, 2013
Basically, Russia will be employing a monitoring system akin to PRISM and firewalls akin to China. I think the only difference between Russia now and the USSR at its peak is now they're not quite as aggressive militarily and their borders are a little more open, and perhaps not as many people are being sent off to Siberia, but the full fallout of their anti-gay laws is yet to be seen.
http://yro.slashdot.org/story/13/10/06/1621209/sorm-russia-intends-to-monitor-all-communications-at-sochi-olympics
http://yro.slashdot.org/story/13/10/06/1621209/sorm-russia-intends-to-monitor-all-communications-at-sochi-olympics
Bruce Schneier, as I've written many times before, is quite a practical expert on computer security. He's run an experiment recently where he bought a new computer from a big box store and configured it for no external connections: no internet, no WiFi, very carefully controlled transfers on and off it. And this article offers his opinions on how practical this is.
And that's the nut of the matter: it isn't really practical. We live in a connected society, the last time I worked on a computer in a work situation that wasn't networked was probably around 1985, and we started networking them not long after that. If you absolutely must have security, an air gap is the only way to go, but then you have to worry about the physical security of such a system and other spying techniques such as recording your keystrokes from your smart phone sitting on the same desk or an electronic technique whose name I can't remember that can read your monitor remotely.
Schneier also points out that the Iranian nuclear program that was compromised by Stuxnet was airgapped, as was the American military computers that were compromised by a worm that was believed to be Chinese in origin.
http://www.wired.com/opinion/2013/10/149481/
And that's the nut of the matter: it isn't really practical. We live in a connected society, the last time I worked on a computer in a work situation that wasn't networked was probably around 1985, and we started networking them not long after that. If you absolutely must have security, an air gap is the only way to go, but then you have to worry about the physical security of such a system and other spying techniques such as recording your keystrokes from your smart phone sitting on the same desk or an electronic technique whose name I can't remember that can read your monitor remotely.
Schneier also points out that the Iranian nuclear program that was compromised by Stuxnet was airgapped, as was the American military computers that were compromised by a worm that was believed to be Chinese in origin.
http://www.wired.com/opinion/2013/10/149481/
The NSA, PRISM, and trying to keep your information private and secure
This is a whole bunch of links that I've been accumulating that talks about a lot of different facets of what's been going on since Edward Snowden blew the lid off of the PRISM spying and what the NSA and federal government has been doing.
First up, my fav security guy, Bruce Schneier. In this article “How to Remain Secure Against the NSA”, Bruce talks about precautions that you can take to improve your security, while acknowledging that if the NSA et al wants information about you, there's precious little that you can do about it.
https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html
Here we have a story by a man who was Microsoft's privacy chief from 2002 to 2011 who says he no longer trusts the company since the existence of PRISM was revealed. ”In the two years since leaving Microsoft, Bowden has ceased carrying a cell phone and become a staunch open source user, claiming that he no longer trusts a program unless he can see the source.”
There's only one problem with that: 99%+ of people can't read source code or really have the expertise to understand it and to also understand all of the other source code that it ties in to, as you have to evaluate every single part of the system to know whether or not it's secure. So we have to rely on others to tell us that this code is secure. Linux is probably secure, but lots of its code that relates to cryptography and communications is being reevaluated to look for back doors and a lot of the crypto code is being replaced with code that is more public and not backed by NIST.
http://hothardware.com/News/Former-Microsoft-Privacy-Chief-Says-He-No-Longer-Trusts-The-Company/
MUCH more under the cut
( Read more... )
This is a whole bunch of links that I've been accumulating that talks about a lot of different facets of what's been going on since Edward Snowden blew the lid off of the PRISM spying and what the NSA and federal government has been doing.
First up, my fav security guy, Bruce Schneier. In this article “How to Remain Secure Against the NSA”, Bruce talks about precautions that you can take to improve your security, while acknowledging that if the NSA et al wants information about you, there's precious little that you can do about it.
https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html
Here we have a story by a man who was Microsoft's privacy chief from 2002 to 2011 who says he no longer trusts the company since the existence of PRISM was revealed. ”In the two years since leaving Microsoft, Bowden has ceased carrying a cell phone and become a staunch open source user, claiming that he no longer trusts a program unless he can see the source.”
There's only one problem with that: 99%+ of people can't read source code or really have the expertise to understand it and to also understand all of the other source code that it ties in to, as you have to evaluate every single part of the system to know whether or not it's secure. So we have to rely on others to tell us that this code is secure. Linux is probably secure, but lots of its code that relates to cryptography and communications is being reevaluated to look for back doors and a lot of the crypto code is being replaced with code that is more public and not backed by NIST.
http://hothardware.com/News/Former-Microsoft-Privacy-Chief-Says-He-No-Longer-Trusts-The-Company/
MUCH more under the cut
( Read more... )