Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Mon, Aug 05, 2013 at 02:49:32PM -0400, Richard Pieri wrote: > Kent Borg wrote: > >Requiring them to take active measures in advance of the communication > >(MitM attacks) or even afterwards (human intervention) harms their > >economics *enormously*. Orders of magnitude. > > What harm? The NSA has an effectively unlimited budget. The only > real cost is time and that's short-circuited by knowing precisely > where the weaknesses are in commercial-grade ciphers like RSA and > AES. If your enemy is the NSA and you are not a crime syndicate with the deep pockets and motivation to fight them (and even then, maybe), you loose. But then, most of us aren't even on the NSA's radar. It's much more likely your foe is some Russian kid trying to steal your credit cards (for example, not to pick on Russians in particular). [Don't get me wrong, I'm deeply disturbed by the level of surveillance perpetrated by law enforcement and intelligence agencies in this country. But in practice I'm quite sure I have not ever nor will I ever give them any reason to care about me... And at such time as the political climate changes to make that more likely, I will move to a country that's more free, like China or Russia. =8^) ] Of course, the banks are clueless about application security, so even the crypto they use is useless; your data is not attacked in transit, it's collected wholesale after the fact right out of the database. > >Let's make it harder. Yes, a web of trusted certificates is hard to > >make air tight. Not harder than a blanket of untrusted certificates... A security blanket, if you will. ;-) > Okay, don't insist it be air tight. If end-to-end > >encryption started to became common, even on a hodge-podge of > >self-signed certificates, the howls of protest from the spies would > >become deafening: because it would make their task much, much harder. > > Y'know... this was me 25 years ago. I was dismissed as a crackpot. This was a lot of us 25 years ago. Or 15, or 10, at least. But it's still just techies talking. You can't get "normals" to care about this, because it's hard. They don't understand how it works, and they can't comprehend any of the risks, so they can't imagine why they should care. It's someone else's problem. And these days, with changes to banking regulations and practices, to a large extent, it really is someone else's problem. Unless you're a terrorist, or know someone who might be. Fortunately I'm not in that category... so it really isn't worth my while. I tried to get people to use encryption when they sent me stuff, but I couldn't get anyone but eccentric nerds like me to do it. But the banks have begun taking responsibility for fraud and identity theft (as they should, it's entirely their fault it's so easy), they've all put my financial information in their on-line databases despite the fact that I never enrolled in on-line banking (or whatever), and I don't use electronic communications for making plans (so attackers can't, say, find out where I'm going to be this Saturday night by reading my e-mail). So what's the point? There aren't enough people who understand, never mind care, and I no longer have the energy to preach, even to the choir, so I give up and give in. Which is of course what "they" want... =8^) And while I love the notion of individual liberties -- and I really hesitate to say this -- we may need to face the possibility that high-tech villains eventually make it virutally impossible for us to ever enjoy those again. And such villains aren't always obvious, or even intentionally evil. Most of you currently PAY to have a variety of corporations spy on you. Google and Facebook probably know more about you than your own mother does... possibly even if you don't use them yourself, if enough people you know do. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |