 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Aug 4, 2010 at 3:51 PM, Derek Martin <invalid-yPs96gJSFQo51KKgMmcfiw at public.gmane.org> wrote: > On Tue, Aug 03, 2010 at 12:15:33PM -0400, Jarod Wilson wrote: >> Yes, a professional will steal your car no matter what. A dumb kid >> looking for a joyride is slightly more apt to take the car that is >> unlocked with the keys in the ignition than the one that is locked >> with no keys in sight. > > It's amusing to me that you use this example. ?A friend of mine had > his Mustang 5.0 LX stolen right out from under his nose. Heh, that sucks. > He had his > windows up, doors locked, and the car had an alarm, which went off. > After hearing a car alarm, he went to the window to see if it was his, > and arrived just in time to watch the thieves driving his car away... > mere seconds later. ?The cops caught up with the theives (though were > unable to apprehend them) and reported that they were kids out on a > joyride. ?The car was later found abandoned, and quite damaged. So a detail I left out of there was that I was thinking all the cars were more or less the same, none was obviously better than the others, which was the case w/your friend's Mustang. (The thinking being that a hacker has no idea exactly what the computer they're trying to break into actually looks like feature-wise, until they're in). So if all of the cars are Mustangs, the kid takes the one that is unlocked w/the keys in the ignition (i.e., David's computer. :). >> Its not about feeling secure. Its about keeping out stupid idiots. SSL >> + auth keeps stupid idiot vandals out. And to me, that's Good Enough >> for a non-critical system like a mythtv box. The determined will >> always find a way in if they really want to. > > It's probably enough. ?The script kiddies usually don't much care if > they don't get you, because their script is going to get dozens or > hundreds of others. ?They're not going to try very hard, because they > don't need to. ? Having been one myself, I know that security > types tend to get a bit overzealous about security of things that just > don't need it. ?But I also know that non-security types are often > appeased by things that are just not helping... I'm obviously not a security guy, but I'm certainly security-conscious, and aware of the risks, etc. And yes, imo, someone is being a touch overzealous here. :) (And in their opinion, I'm sure I'm probably an idiot when it comes to security. Everyone's entitled to their opinion.) -- Jarod Wilson jarod-ajLrJawYSntWk0Htik3J/w at public.gmane.org
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
