Footnotes on Security
happily, big brother is watching you, and he wears the mask of a clown
Security has its price, and
the price is user-friendlyness. To type a password each time you turn on
your machine is not very pleasant, but the benefit is big. So you have to
decide how much security you want. The following are some guidelines, most
of them are crucial.
- Don’t use Microsoft Explorer. ActiveX-technology permits anyone to
get any file on your computer and maybe even to turn the computer off. - Don’t use DOS nor Windows nor Windows95. These Operating Systems
have completely zero security, and Microsoft is just so fucking
stupid; they have no idea about security. Besides that, 99% of
all virii grow and spread on these systems. Unix knows no virii. - Don’t use any Microsoft program which features a macro-language,
such as Excel and Word. Unless you want virii. - Use a secure operating system such as Unix or VMS. Maybe Windows NT,
But take care on your applications in case of Windows NT… - Netscape or any other browser does not need to transmit information
from you to any other site.. link the cookies to /dev/null or remove
the write-permission. - Use no words as password. Not even words from other languages. No
permutations of your own name too. Use different password for
different machines. If you want to make it perfect, use PGP to
generate passwords. - If you don’t need it, turn it off. If you’re standalone, you presumably
don’t need to run a finger or a telnet or an ftp server. Turn it off. - Watch you traffic. Which program transfers unwanted information from
your machine to elsewhere? Take special care using software to which
you haven’t the sourcecode – e.g. that Microsoft stuff. - Apropos sourcecode: Real security needs the sourcecode. If you don’t
have the sourcecode to a crucial tool – an encryption routine, for
instance – nobody can know if it is secure. If it is secure, knowing
the sourcecode won’t help to decrypt it (take PGP as an example).
Don’t trust an algorithm which is not released publicly. Never. - Encrypt confidential Mail. Use PGP. That may not be 100% secure,
but you’ll need much much time. It’s presumably the most secure
thing we’ve got. - If it’s really secret, you might use steganographic techniques as
well. Hide your encrypted messages in unsuspicios-looking ones. - Make copies, backups, whatever. Most information most people got,
is not as critical that other people do not have to have it, but
you do not want to loose it. Au contraire the army, for
instance: They don’t care if they loose information, as long as
no one else gets it. So make backups – best encrypted. - For data-encryption, you can use low (crypt) middle (des) or high
(pgp) security. These should all be available on a reasonable
operating system by default. - After all, man is the biggest break in security.. people talk too
much, give away their passwords too easily, write their passwords
down, use stupid passwords, use no passwords, use operating systems
with no passwords, and so on and so on and so on.
Okay. Now another thing… What are the threats?
- Brother state might read your data (not very likely)
- Big Brother Bill might use your data for marketing (likely)
- A hacker might (ab)use your machine (unlikely)
- You might get a Virus (likely your problem, get another OS)
- You might loose data (very likely)
- Your system might crash (likely(DOS/Windows95) to unlikely(linux))
- A person you know might mess with you data (very likely)
So you see whats the most crucial point? Make backups. Second is, use
A system which permits the use of a password (NOT Windows95, this is
ridiculous). Third, do not let anyone snoop information from your machine.
The rest is hackers of any colour, including the state and corporations.
And that’s a pretty little threat, according to the probability to happen.
Ehm.. So have a nice night.
An make backups!
Peter Keel,
1996-11