Computer Security (was Re: Osama, I thought I knew ye.

John K. Taber jktaber at tacni.net
Sun Sep 30 15:27:03 PDT 2001


Zak McGregor <zak at mighty.co.za> wrote:

<<<<<<<<<<<<<<< Doug Henwood <dhenwood at panix.com> wrote:


> Zak McGregor wrote:
>
> >So, yes, especially if you're using Windows 95, 98 or ME you should
> be
> >ultra-paranoid.
>
> And how about Mac OS's 9.1 and X?
>
I have no first-hand experience of any Macs. OS X should be pretty good, based as it is on a Un*x-like system. It may also be that the Mac's relative rarity makes it a less worthwhile target for script-kiddies or crackers. _No_ system is perfect, certainly not crack-proof; but it does make sense to avoid those which make little effort security-wise.

Cheers

Zak
>>>>>>>>>>>>>>>>>

Damn. I hate getting mixed up in this.

1st my qualifications. Very little. At one time I was knowledgeable in cryptography, more so in amateur cryptanalysis. I had a good understanding of DES and RSA. My interest in cryptology (the inclusive word for both cryptography and cryptanalysis) dates to boyhood. I solved puzzle ciphers for fun in the 7th grade.

My interests led to a little familiarity with the broader issue of computer security.

But, alas, since my retirement, I am hopelessly out of date. In the late 50s, I knew almost everything there was to know, there just wasn't that much. Today there are volumes of papers on cryptography alone every month, never mind computer security, more than I could ever keep up with, and way beyond my math.

Now then. For you and me there is NO computer security, regardless of machine type or operating system, if anybody is really determined and has the means to find out what you are doing. You should consider EVERY use of your computer to be an act in public. If nobody is interested in you now, somebody might be later.

You are vulnerable to TEMPEST attacks if nothing else.

There is nothing to stop a patriotic ISP from copying your packets and surreptitiously turning them over to the police.

For me that's not a restriction. Despite my lifelong interest in secret codes, I personally have no use for it because everything I want to say, I want to be heard by the public, not an esoteric group. I can't think of one damn thing I want to say that I want nobody to hear. What the hell is the purpose of speaking if not to be heard? Harry Bridges used to write poems, then tear them up before throwing them into the waste basket. He did it just to harass the poor FBI agent who had to anagram the shreds and read his poems. Heh, heh, now that's punishment. His poems might never have been read otherwise.

I feel that Chip Berlet assumes paranoia a little too easily. But I completely agree with him that you cannot let fear of surveillance cripple you. If I have to go to prison for what I think and say, so be it.

As for Doug's question: Using a Mac you are not vulnerable to Windows based hacks, and since Windows is dominant most hacks are Windows hacks. But you are vulnerable to Mac hacks, and in the general case, no, you have no security.

Unix is far from secure. It is a better operating system than Windows, but it is *not* secure. IBM's mainframe MVS operating system is fairly secure from hacks, more so than Unix, but it only meets DoD's minimum security level.

That doesn't mean you shouldn't try to secure your machine. Within reason. I thoroughly recommend a firewall (I prefer ZoneAlarm) and a virus checker that you religiously keep up to date. Also, go to http://www.grc.com and find the paper there on how to unbind the protocols on your machine. This means disconnecting NETBIOS from TCP/IP. Don't do this without the instructions!

Also, find the instructions at the same site for turning off file sharing.

(Mac users, you are on your own.)

I recommend *not* using anonymizer web sites because you have no way of vetting them. The site might be run by a fanatic libertarian who will go to jail rather than turn over the logs. On the other hand, the site might be run by your local police department. You cannot use the internet in a plain brown wrapper.

Apologies if this is too much off topic.

-- John K. Taber



More information about the lbo-talk mailing list