Just How Paranoid Are You?

An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"

Yeah, right

[Anonymous Coward]

Like I'm going to discuss that here on Slashdot! You know who might be reading.

Paranoid? Not much...

[grub]

I have OpenBSD on my firewall and main work machine. Encrypted partitions too. GPG everything. My Windows 2000 game machine is locked tight and on a DMZ without IE being used. My monitor is wrapped in tinfoil, naturally, with a small cutout just large enough to have a 640x480 window viewable. I wrapped my mouse in tinfoil but that made it hard to use so I cut a hole in the bottom which allowed the light to hit the desk surface. Problem there was the desk was wrapped in tinfoil, too. So I made my own mousepad because I don't trust the ones made by The Man. It's made from a dead rabbit I found on the street. I flattened it out and dehydrated it. When I need a random number I pinch some fur and pull. however many strands of fur I get in that pull is the random number I use. Of course I need a new mousepad every few weeks as I never reuse the same tuft of fur twice. Never trust the PRNG in any OS, even OpenBSD. Theo is watching. Speaking of that, the other day I was installing OpenBSD 3.6 on a new machine and then I realized... CDs are a form of RFID tag. The unique bit patterns on them can be detected from space. So I wrap my CDs in tinfoil when not in use. Speaking of tinfoil, I find it best to buy the cheapest stuff from dollar stores. They don't usually use the UPC barcoding at those places. Just "$1.. $1.. $1..". Barcode readers don't use OpenBSD but I think Theo is trying to get in there. Speaking of barcodes, the other day I pulled a package of gum from my pocket and the person I was with said "Ohh... Spearmint!" I ran away. He obviously has a remote UPC scanner and knew that I had spearmint gum. He says the wrapper was in plain site but I think that's just an excuse.

Why should I be paranoid?

[Dagny Taggert]

After all, doesn't everyone have my best interests at heart? Why, just the other day, a nice Nigerian man sent me an e-mail about a wonderful offer, and I don't even know him!

Hellooooo, Mr. Government Man!

My computer

[AtariAmarok]

My computer is encased in Carbonite, and it is stored in a file cabinet in the basement with a sign on the door "Beware of Leopard". The password? I tore it to bits, put bacon grease on it, and fed it to the dog. However, these measures are not enough for security: the machine itself happens to be one of those cardboard replica PCs you find on furniture in the back of "Staples". No WAY you gonna hack this sucker!

Simply.....

[Anonymous Coward]

Rename allMyPron.zip to mssys.dat

Re:Paranoid? Not much...

[squidfood]

"Six to base. He picked up the rabbit we left. We have access. Repeat. We have access."

I am so worried....

[jmcmunn]

I run only knoppix Live CD, and I incinerate my RAM after I am done just to be sure there's nothing left on that RamDisk. Kingston loves me now!

Thanks for the info

[yack0]

Thanks for letting us know you have a 30 character password. That'll be much easier to crack than having to deal with 1 - 29 and 31 - infinity length password.

Nerd guards

[kneecarrot]

I keep a bunch of nerds surrounding my house for security. I feed them doritos and keep them motivated by issuing fake Duke Nukem Forever press releases. When I see them becoming too docile, I toss Windows Magazine at them to get them all riled up.

"Just How Paranoid Are You?"

[Wordsmith]

Who wants to know?

Re:Physical access!

[BWJones]

Oh, yeah......and I DO pay attention to my logs, so that dude at 67.13X.XXX.XX in Vancouver Washington who linked to my machine from Slashdot just now and is trying to get access, I am watching you as we speak . A little more work and I can have your GPS coordinates too. :-)

The Easy Way

[Anonymous Coward]

"I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?""

I just crack your system and store my stuff there. :)

Erased my brain

[snuf23]

I made an end run on this whole problem. With some carefully executed electro shock therapy, I erased all of my personal information from my own brain!
Just try your evil identity theft tricks now!

Re:Paranoid? Not much...

[Qzukk]

Thats what They want you to think.

Relocate serve to DMZ

[AtariAmarok]

"Home server(s) on a DMZ"

Never thought of effecting security by relocating my home server to the no-man's-land in the middle of the Korean peninsula. I think you may be on to something. No one would ever think to check there!

Big brother

[martensitic]

At home, I am not nearly as worried about "Big Brother" as I am my actual big brother. Therefore my first line of defense is a "No Big Brothers Allowed" sign on my bedroom door, with some skulls-and-crossbones for added effect.

Physical security is the only important security

[Gordonjcp]

I don't even bother with passwords on most of my machines, not even for root.

Re:Physical access!

[Knights who say 'INT]

Hmmm. You do know that in Windows you can just unplug the network cable and plug it back whenever you want, and things will Just Work -- no need to reach for "ifconfig eth0 up", right?

Firey death to the intruders!

[xtermin8]

I pile my old computer hardware into a wall around the house, and from time to time pour gasoline and light it on fire. A hadware firewall. The neighbors don't appreciate it, but it gives me a lot of security

I'm not paranoid enough....

[Sefert]

My girlfriend read my email recently. Found out I told a friend she was lousy in bed.

Turns out bad sex is better than no sex. I'll have to be more grateful for what I get with the next girlfriend.

I think...

[Short Circuit]

...this is just a trick post to lure me out.

Just how paranoid are you? Translation:

[venom600]

How far will you go to protect your pr0n collection from your wife's prying, suspicious eyes? :)

Re:Fingerprint access.

[ilikedonkeykong]

I have to scan my butt cheeks to gain access to my pr0n collection.

Re:Physical access!

[Anonymous Coward]

Sorry, won't happen again. I mixed it up with a goat-porn link.

Thermite hard-drives.

[Anonymous Coward]

256-bit AES?

That's nothing.

Try a removable HD with a small thermite "charge" inside ignited on removal from the drive bay. Instant HD slush.

Off-site secure storage, of course, but the second the black-ops guys storm the house that HD is gone.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Physical security is the only important securit

[gunnk]

Anyone without a strong root password is likely to have a strong root password provided for them by an "outside consultant". :-)

Thermite

[314m678]

My hard drives are covered with thermite packs set to ignite every day at 1:57pm unless the code is entered. If they capture me, and I cant enter the code, my PC will self-destruct. My case is pressurized; any change in pressure will set off the thermite. My computer room is an access-controlled area patrolled by ninjas and attack dogs. The floor is pressure sensitive and there are cameras. The only possible weak point is the oversized ventilator shaft that goes directly over the room.
But nobody knows about that.

You call *that* secure?

[ukleafer]

I keep my data on a proprietary system of my own devising - the gibbon/pigeonhole arrangement:

Deep inside my personal mountain lair is my own manually operated paperbased datacentre housing a colony of approximately 6,000 intricately trained gibbons who perform the day to day roles of system administration and data archiving.

When I access my partitions from windows in the comfort of my home, I'm not browsing local hard drives, oh no. I have had one of my gibbons integrate his brain into the windows kernel so that he is at one with my filesystems. I call him Ook. When I read/write to the partitions, Ook interprets the commands and passes them on to a waiting messenger gibbon, using a custom developed encrypted adaptation of the gibbon language, unintelligible to other gibbons in case big brother trains some gibbons of his own and infiltrates my workforce.

Anyway, the messenger gibbons (who are hand picked in a rigorous training scheme for their incredible memories) scamper off to my mountain datacentre, passing through retinal, palm, and voice identification scans, before entering a 128bit hexadecimal password (case sensitive) into a keyboard that is not QWERTY in format, but is made up of blocks in the ground which must be jumped on to enter each character. The blocks aren't labelled as such, but are cryptically imprinted with pictorial representations of the alphanumeric characters they represent (eg: picture of toast, rhymes with ghost, ghosts are scary, scary rhymes with hairy, hairy has five letres, thereforce that block represents the number 5, see?).

So anyhow, once the messenger gibbon enters the secure area of my datacentre, he passes the message on to one of the worker gibbons, light in build and superb gymnasts, who moves to the appropriate pigeon hole in a 2D array laid out on a rock wall measuring more or less 1km square in surface area. Each 5cm^2 pigeon hole houses a piece of paper, on which is written a 32bit binary word. The worker gibbons are trained to encrypt and decrypt the binary strings, as the binary is not regular binary, but is instead shuffled according to a complex mathematical hashing algorithm. Once the gibbon has decrypted and either memorised or modified and re-encrypted the binary, he scampers back to the messenger gibbon and using a proprietary gibbon dance, reports either a fail or a sucess in the operation, along with any data requested for a read operation.

This all comes back up the chain to Ook, who has windows tell me that everything is fine.

I'm sure you can't deny that it's as secure as all get out, and it's pretty much transparent apart from the half hour access times, which makes playing counter strike quite the bitch, but for your everyday Word and Email, it's perfect.

Re:Physical access!

[legirons]

Please go back in time and stop yourself from writing that story before I have the chance to read it...

password...

[Black Perl]

My password's set to my dog's name.

My dog's name is currently 4$ter*Zf1, but I change it every 90 days.

Re:Geek Humor

[xtermin8]

"Anyone without a strong root password is likely to have a strong root password provided for them by an 'outside consultant'" That would be funnier if it didn't follow:"Yes, of course it's the right cable [le0: NO CARRIER]" "Outside consultants" usually don't care about machines with no network access- even if they can break in and get it.

Re:Physical access!

[robertjw]

Ohh. wait.. real life doesn't follow movie rules about what "hackers" can do?

Shhhh... don't tell people that!!! I like the all-consuming power I have as a computer geek.

30 characters, omg

[l3v1]

30 character password

Now, that;s not paranoid, just plain stupid. Just imagine, early in the morning, quickly checking mail before tumbling out the door going to work, and I mistype 1 character: bamm, type again, mistype 1 character again: bamm, type again, ... [later:] bamm, fracking puter lands on the sidewalk.

Why would someone do such a thing to oneself, being sane to a very minimal extent ? Buy a darn iris scanner, or fingerprint authentication stuff, whatever floats your boat. But 30 chars to type just to get into your spyware-house ? Get a life.

Regarding the main question, i.e. being paranoid: one can efficiently and effectively protect even a Windows PC without becoming, well, posessed.

Yorkshireman....

[lxt]

"I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"

You call that security? I have my computer rigged up to some C4, that's set to detonate you type in and incorrect password, all of my files are translated into swahili before being encrypted in 512bit encryption, before it's all put onto a hardrive enclosed in tin foil so the commies can't scan it using their radar (cos RADAR KNOWS EVERYTHING, cos I saw some film about it once), and if I ever need to print something out I print it in white ink so nobody can see it, and don't even get me started on software...

Man, you have it easy - call that security?

Re:Firey death to the intruders!

[dabigpaybackski]

Amen to that. Between burns, I've got mine locked down like Fort Knox: software firewall, SSH, hell, I even have a BIOS password.

That's right. The way that works is you have to enter a password when you start the computer or it won't boot into the OS. That means that nobody has a snowball's chance in HELL of getting onto my machine when I'm not around.

That's what I call secure.

HINT:

[dougnaka]

If you're posting details about your "paranoid" security mechanisms, you're not really paranoid.

I wonder?

[Anonymous Coward]

Is there a way to encrypt a filesystem so that it has two different decryption keys. Where one key will hide the real stuff and the other key is a dummy key that will decrypt my stuff to look like an innocent adult porn viewer.

Re:Big Brother...

[IndiJ]

People need to learn, senstive data is only protected in ONE place, inside our minds.
Keep it there and no one can snoop it.

There is some truth in what you say but it is impractical. My mind just doesn't have enough space to store 160gigs of pr0n.

Re:Paranoia quotes

[Anonymous Coward]

"I'm so paranoid, I think the guy in front of me is following me the long way around [the earth]."

Re:Physical access!

[Riddlefox]

Reminds me of a Dilbert comic I read, where a marketing droid in the office was threatening Dilbert.

Dilbert: I'll just reprogram your computer through the LAN so it's radiation will alter your DNA.

Marketing: You can do that?

Dilbert: As far as you know!

Latest corporate directives

[Mantorp]

"Please install these Kensington laptop locks and use them at all times." said the memo to all laptop users.
I google for 2 minutes and find a great instructional video on how to open said laptop lock with a piece of paper and some tape.

A few days go by, a new directive: "Please keep your laptop locked away in a drawer when you leave for the day."

Re:Physical access!

[brunson]

So I have a dual homed laptop that is doing nothing but NAT, port filtering and routing using IPTables under linux. Is that a hardware or a software firewall?

Re:Fingerprint access.

[Anonymous Coward]

I have to scan my butt cheeks to gain access to my pr0n collection.

Either the software you're using for facial recognition sucks, or you are one ugly mofo.

Re:Physical access!

[macdaddy]

Hardware firewall? What, it's built all from gates and has no code on it?

It's funny you should mention that. What you wrote reminded me of something that happened at a previous job. I'd been working there for about a 3 months as the campus netadm. Myself and another coworker had just gotten back from a trip to a peer campus to inspect their network and "get some pointers." (apparently they thought I needed to see how another campus did it so I'd know how...) The network I'd inherited was as flat as a board and had grown well beyond a reasonable means. It was fairly sizeable (seen much bigger networks but this was a nice sized one). Anyhow, my coworker and I were in the conference room getting more or less debriefed by someone that quite frankly had no business involving themself in the matter. This person assumed everyone worked for them which of course we didn't. Nevertheless we were being debriefed. My coworker and I started talking about routing. He wasn't a network guy but he was pretty smart and had a fair grasp of the basics. The other person just sat their and listened as we brain-stormed. As soon as I mentioned routers she butted in and said she knew all about routers and that we were to absolutely not to use software routers but to only use hardware routers. I told her they were basically the same thing when it got down to it. "All routers have software "running" on them," I told her. Oh no. She repeated that none of our routers were going to be running software of any kind, that software routers were junk and that we were supposed to use hardware routers only. So I asked her, "do you mean routers with no software, where you manually configure them with wires, jumpers and dip switches?" She replied that that was right and that's what she wanted (nevermind that she had no say in the matter). My coworker and I just looked at each other, and then moved on. My colleagues and friends that were privy to the story thereafter called her "Dip." Seemed appropriate to us in more ways than one.

Re:Physical access!

[grassy_knoll]

Then you turn off his power, cut his phone line, and cause his gas oven to blow up. Ohh. wait.. real life doesn't follow movie rules about what "hackers" can do?

Quiet you! I'm busily hacking into the orbital defense satellite system to shoot a plasma cannon at the interloper.

No honey, it's not a pr0n site... that's just a slick facade the government uses to hide access to their weapons platform controls... yes, this will take a while...

NB: Not responsible for the reactions of the humor impaired.

Re:Physical access!

[Idarubicin]

Then you turn off his power, cut his phone line, and cause his gas oven to blow up.

Finally, someone explains what .NET is supposed to do.

Re:I'm not paranoid enough....

[Anonymous Coward]

Funny, the friend you e-mailed seems to think I'm pretty good.

-Your ex-girlfriend

I'm Safe, not Paranoid/Insane

[dghcasp]

My computer is a 286 and runs a 1988 version of SCO Xenix. I feel reasonable sure nobody is targeting viruses at me.

When I'm not using my computer, I pour 15,000 lbs of concrete over it. Granted, this makes it hard to just "sit down and hack." Last week, my dad called and said "Read your email, I sent you something important." My stupid upstairs neighbour called the cops over the sound of the jackhammer at 2 AM. Stupid neighbour.

My internet connection is a 110 baud modem. It's not connected to my computer, but rather to a teletype, which prints out the incoming packets. I manually enter the packets using an old morse code key (long=0, short=1). I have the same setup attached to my computer. I am now up to 75 bps in two-handed morse-code-binary transcription.

The password to my computer is set to the winning numbers in next week's lottery. Unfortunately, this means I can only log in within one hour after the lottery draw, because that's the only time I know the pastword. One of my friends suggested I instead use the fact that my computer is predicting the winning numbers to enter the lottery, but that would be revealing my password. Stupid friend.

Re:Physical access!

[akadruid]

The key with evil TLAs is invisibilty, deniability, then security. If they ever see you, you've lost 1 line, so you better be very sure of the second line, because on that 3rd line you are playing a David vs Goliath game.

To keep yourself invisible is easy. Keep your nose clean, and don't do anything to attract attention.

If you must make yourself visible, make sure everything is deniable. Cover your tracks, and put out bait to cover you. For example, encode your sensitive data within borderline pornography pictures, then encrypt those pictures with a massive key. Then hide your server in a hollow tree on public land, powered by solar panels, with Wi-fi access protected by WEP, and lose the key. Of course, none of that will really help you when the TLA comes, because these days, they don't need real evidence.

As for physical security: Buy 5 second hand machines from 5 different locations, and only use one. Pick an absurd key size, double it, then double it again. Encrypt everything, hide the machine inside a metal cage, and never ever connect it to anything. Never store a bit of data you don't have to, and never store anything complete. Fill the disks with plausible fake data, or better still, real data of a less serious nature. Your passwords should be machine generated, one time, and never less than 32 chars. Write your own software, and use your own formats. They'll still get in, but at least you'll have made them work.

I'll write a follow up post after I find out who's banging on my door.

Re:Physical access!

[mcrbids]

Or for something equally cryptic and at least somewhat intelligible, try running "top"...

Then, when they ask, you can talk load averages, memory swap, cpu utilization, blah blah blah.

30 seconds of that will put many people right to sleep...