Deutch and Downloading
honig at sprynet.com
Fri Sep 29 10:12:06 EDT 2000
At 07:45 PM 9/27/00 +0800, manuel veloso wrote:
>Yep, one of the flaws in the belief of encryption to secure
>documents...you can just wait until someone opens it up.
Crypto is a necessary but not sufficient part of security. Security
is a system property (the system includes the humans too).
>>can mil-spec-wipe itself into oblivion...
>But that wouldn't make much sense, unless a trojan was looking for a
>specific thing, and nuked itself when it found it. If you penetrated
>the DCI's home computer, you'd want to keep something lying around
>just in case you needed it later.
Unless you valued not getting caught more than having a trojan
in place. After all, if you got the trojan in there once, you can
get it in again, most likely. [Cf. continuing MS-email virii, which
shouldn't recur after the first demo. Are you *positive* you've got
the most recent 'service pack' installed? ] Not getting caught is
a very big deal in intel, no?
>>[*unless* the CIA has had a sniffer on JD's connection all this time...]
>Which realistically, they should do. I'm kind of surprised that home
>computer use isn't part of the program, given the transportable
>nature of information these days.
Heh, various *car companies* give their employees home computers & dialups,
why not the TLAs...
>>[BTW, does JD actually dial in, or does he have a cable/DSL modem?]
>I'd guess that since they didn't find any mp3s on his machine (no
>reports of copyright violations), he's on dialup (mp3 downloading
>would take too long with 56k).
You can't infer this. First, I know of people who have downloaded
gigabytes of mp3s over a 28.8, much to the chagrin of their ISP and local
Second, JD doesn't fit the demographic of your typical napsterite. Finally,
mp3 music files aren't necessarily copyright violations.
>There were reports of a visit to a
>"blue" website, which were assumed to be the result of his son's
>surfing. Weird how this level of detail gets out to the press.
Convenient, that son.
That 'level of detail' isn't just typical American voyeurism into JD's life,
the folks who run those sites are not considered amazingly trustworthy.
Truly intrusive reporting would have reported exactly what kinks the
household is into..
>The original point, which has been somewhat lost in the weeds, is
>that just hooking up a computer to the public net does not mean that
>anyone in the world can grab information off of it,
>From an infosec perspective it does.
>with the caveat
>that it depends on the user not doing anything silly like
>accidentally making the contents of their computer accessible to the
But that's the default for some OS. Convenience >> security.
>or going off to strange websites and downloading random things
>from them (which admittedly is a big caveat).
But that's what modern browsers do!! ['Browsers' can be taken to mean the
software or the person, actually...]
Intelligence Forum (http://www.intelforum.org) is sponsored by Intelligence
and National Security, a Frank Cass journal (http://www.frankcass.com/jnls/ins.htm)
More information about the IntelForum