Archive for November, 1996

Footnotes on Security

Friday, November 1st, 1996

happily, big brother is watching you, and he wears the mask of a clown

Security has its price, and
the price is user-friendlyness. To type a password each time you turn on
your machine is not very pleasant, but the benefit is big. So you have to
decide how much security you want. The following are some guidelines, most
of them are crucial.

  • Don’t use Microsoft Explorer. ActiveX-technology permits anyone to
    get any file on your computer and maybe even to turn the computer off.
  • Don’t use DOS nor Windows nor Windows95. These Operating Systems
    have completely zero security, and Microsoft is just so fucking
    stupid; they have no idea about security. Besides that, 99% of
    all virii grow and spread on these systems. Unix knows no virii.
  • Don’t use any Microsoft program which features a macro-language,
    such as Excel and Word. Unless you want virii.
  • Use a secure operating system such as Unix or VMS. Maybe Windows NT,
    But take care on your applications in case of Windows NT…
  • Netscape or any other browser does not need to transmit information
    from you to any other site.. link the cookies to /dev/null or remove
    the write-permission.
  • Use no words as password. Not even words from other languages. No
    permutations of your own name too. Use different password for
    different machines. If you want to make it perfect, use PGP to
    generate passwords.
  • If you don’t need it, turn it off. If you’re standalone, you presumably
    don’t need to run a finger or a telnet or an ftp server. Turn it off.
  • Watch you traffic. Which program transfers unwanted information from
    your machine to elsewhere? Take special care using software to which
    you haven’t the sourcecode – e.g. that Microsoft stuff.
  • Apropos sourcecode: Real security needs the sourcecode. If you don’t
    have the sourcecode to a crucial tool – an encryption routine, for
    instance – nobody can know if it is secure. If it is secure, knowing
    the sourcecode won’t help to decrypt it (take PGP as an example).
    Don’t trust an algorithm which is not released publicly. Never.
  • Encrypt confidential Mail. Use PGP. That may not be 100% secure,
    but you’ll need much much time. It’s presumably the most secure
    thing we’ve got.
  • If it’s really secret, you might use steganographic techniques as
    well. Hide your encrypted messages in unsuspicios-looking ones.
  • Make copies, backups, whatever. Most information most people got,
    is not as critical that other people do not have to have it, but
    you do not want to loose it. Au contraire the army, for
    instance: They don’t care if they loose information, as long as
    no one else gets it. So make backups – best encrypted.
  • For data-encryption, you can use low (crypt) middle (des) or high
    (pgp) security. These should all be available on a reasonable
    operating system by default.
  • After all, man is the biggest break in security.. people talk too
    much, give away their passwords too easily, write their passwords
    down, use stupid passwords, use no passwords, use operating systems
    with no passwords, and so on and so on and so on.

Okay. Now another thing… What are the threats?

  • Brother state might read your data (not very likely)
  • Big Brother Bill might use your data for marketing (likely)
  • A hacker might (ab)use your machine (unlikely)
  • You might get a Virus (likely your problem, get another OS)
  • You might loose data (very likely)
  • Your system might crash (likely(DOS/Windows95) to unlikely(linux))
  • A person you know might mess with you data (very likely)

So you see whats the most crucial point? Make backups. Second is, use
A system which permits the use of a password (NOT Windows95, this is
ridiculous). Third, do not let anyone snoop information from your machine.
The rest is hackers of any colour, including the state and corporations.
And that’s a pretty little threat, according to the probability to happen.

Ehm.. So have a nice night.

An make backups!

Peter Keel,