[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Way Way OT] Re: How NSA access was built into Windows



On Wed, 2007-01-17 at 00:04 -0800, Les wrote:

> 	Do you know exactly what a Trojan Horse, a Worm, a Virus, a backdoor or
> a rootkit actually does?  How do each gain access to your system?  Which
> software techniques can defeat each one?  I am not as savvy as I once
> was, but the topics of these issues and system security are always on my
> mind.  Perhaps you sincerely believe that the only option is to "kick
> down the door and get it".  If so, you are not yet fully conversant with
> the extent to which system penetration can affect you.  Do you know how
> files are erased?  Do you use a shredder program?  Are any of your
> systems fully encrypted?  If so, what is the keystream length?  How can
> you check it?

We have all been young once upon a time.  

I come from a time when people time-shared mainframe computers.

I remember when the powers that controlled a particular mainframe came
for a visit.  We were time-sharing into his mainframe, two hundred fifty
miles away.  He was trying to make peace with us.  He logged in, he
showed us a few things.  We showed him a few things he didn't know.  He
hung up the phone.  Those were the days of acoustic couplers when one
was lucky to have a three hundred baud modem.  We screamed telling him
not to do that because that is how our phone lines got hung.  We blurted
out now we would have to crash his system to recover our phone lines.
He promised to have the problem fixed and was interested in how we would
crash his system.  We always had half a dozen ways, at hand, just for
emergencies....

Another time the powers that controlled a particular mainframe were
bragging how stable and powerful their system was.  They said their
system could handle 400 simultaneous users, and dared everyone to log in
and do their worst.  They wanted a test.  A teacher asked two friends
and me, just before the start of class, to do something so our school
could contribute to their test.  They wanted 400 users.  We started
something that gave them 400 simultaneous, simulated users.  We also
changed a password somewhere, and then we went to class.  Their
mainframe went down a few minutes later.  They called our school twenty
minutes later, asking for the password.  They could not boot their
system without it.  They admitted control of their system transferred
from them to us that day.  Fortunately, they could do nothing to us,
though they wanted to, because they asked for it.

I wrote programs in hex before I knew how to use the assembler.

Those were the days when one had to know what one was doing.  
Those are the days I can safely talk about.

It is not like now.  Now, I trace network traffic as part of my job, to
debug software, that I have written or ported.  Now, outside of work, I
occasionally look at html when the web-page writer is inconsiderate
enough to make his web-page not work on my Linux system.

I shudder when scripts are made available to the script kiddies.   

I feel disgust when people try to protect systems using threats of
incarceration instead of sound technical methods.

I warn certain fifteen year old boys about being careful what websites
they visit.  I warn them, the first time I find their Windows computer,
upon which they play their games, infected, is the last time their
computer will run Windows.  I will wipe the disk and install Linux.

This is the world we live in.  These are the rules we have to follow.

I have learned to live with it.  I have learned to follow the rules.

Either follow the rules or live with the consequences.

I have to follow the rules.  I cannot afford the consequences.

Someone suggested, support the EFF in its efforts.  Go do it.
I suggest organizing and getting involved politically.  Go try it.

This discussion is proceeding along predictable lines.

If this discussion is important to people, people should make a plan of
action that is feasible, get volunteers, and execute on that plan.

Be realistic.  Understand what a minority we are.  Understand what hoops
we must jump through to get change.  

Do I want change?  Yes.

Do I think change will happen?  Not if you keep the discussion on the
Fedora mailing list.  Find a forum where you can accomplish change.

In the beginning, I asked people to get facts.  Now I suggest people
collect facts and organize facts in a coherent, convincing way.  Assume
the audience is not technical.  Assume the audience is political.
Assume the audience has a bias towards the rights of corporations and
the status quo.

Otherwise, we are all wasting bandwidth.  Bandwidth is easy to waste.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]