Just How Paranoid Are You? 931
An anonymous reader writes "We all understand the need for security in a corporate environment. Personal computers, however, typically don't have nearly the amount of sensitive information (or it's at least less damaging if found). How far do you go to protect your computer? I recently went overboard on securing my information (at least as secure as Windows XP can be). I have a hardware firewall (GTA GB500), 30 character password, and all remotely personal information stored on a 256bit AES encrypted volume. How far do you go to protect your information against 'Big Brother' or even your family/friends?"
Just don't use windows encrypted folders.... (Score:2, Interesting)
I use linux (Score:1, Interesting)
This far (Score:5, Interesting)
Big Brother... (Score:5, Interesting)
Another idea is to make sure any sensitive infomation doesn't have any means of escape, hell build a machine with no network, and no floppy drive or cd writer. Take out the usb slots too, then maybe a passer by wont be able to access it.
30char password? Whats the point? I mean you can still brute force it, and even without doing this, theres still methods such as removing the hdd drive, mounting it under anther computer and 99% time, you got instant access to everything.
People need to learn, senstive data is only protected in ONE place, inside our minds.
Keep it there and no one can snoop it.
How much truely private stuff do you have? (Score:5, Interesting)
If someone actually compromised and trashed my PC on the other hand, I'd lose time in rebuilding it. HoweverI do back up my information regularly, so that's no issue either except being annoyed at the loss of time. (If someone made subtle changes to the information I'd still have older backups, so it would be painful but not unrecoverable).
If you truely need a private information store, it may be worth buying a PC that isn't net connected and that is physically secured. For the average person unless you're doing something illegal or have sensitive work material at home (arguably not a good idea anyway), why would you need a super-unbreakable encrypted PC?
Re:Yeah, right (Score:1, Interesting)
Re:Yeah, right (Score:3, Interesting)
Paranoia quotes (Score:5, Interesting)
I was walking home one night and a guy hammering on a roof called me a paranoid little weirdo. In morse code. -Emo Phillips
No matter how paranoid I get, it's never enough to keep up.
The question is not whether I'm paranoid, it's whether I'm paranoid enough.
The truly paraniod are rarely conned.
Doesn't matter if I'm paranoid - they're still after me.
I sincerely believe people talk about me. Mine would be a pretty meaningless existance if they didn't.
Why are some people terrified of "black helicopters" and don't even notice that they are being monitored almost constantly by the whole network of obvious surveilance cameras, credit cards, ATMs, EZpass, company ID/access cards, magazine subscriptions, SSNs, taxes, fees, video rentals, Internet firewall recording, 'cookies',
Paranoia: the belief that someone cares.
Paranoia is the belief in a hidden order behind the visible.
When everyone is out to get you, paranoia is only good thinking.
"Paranoia is knowing all the facts." - Woody Allen
"Paranoia is just another word for longevity." - Laurell K. Hamilton, The Laughing Corpse
"Perfect paranoia is perfect awareness."
"Paranoia is reality seen on a finer scale." - Philo Gant, Strange Days
"The issue is not whether you are paranoid, the issue is whether you are paranoid enough." - Max, Strange Days
"Why are you so paranoid, Mulder?"
"Oh, I don't know. Maybe it's because I find it hard to trust anybody." - Scully & Mulder, The X-Files, "Ascension"
Paranoia strikes deep / Into your life it will creep / It starts when you're / always afraid. You step out / of line, the man come and / take you away.
"I don't agonize over decisions as much these days. The criteria of what's important to me is clear. The insecurity that you feel, and the paranoia that you feel, have been around for a long time -- you know it's a liar because it's been lying to you all along -- every time you start something new. You get used to it, and you sort of go, 'Oh, you're showing up again, well f*** you.'" - John Cusack
Freedom is just a hallucination created by a pathological lack of paranoia.
Paranoia doesn't mean the whole world really isn't out to get you.
If you ever wanted to know what a person with acute paranoia looks like, just keep watching.
I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.
Paranoia is heightened awareness.
Paranoia is a social disease--you get it from screwing other people.
"Paranoia is the delusion that your enemies are organized." - Arthur D. Hlavaty.
"This is the Nineties, Bubba, and there is no such thing as Paranoia. It's all true." - Hunter S Thompson
"There are two kinds of paranoia: Total, and insufficient. I am both, because if you think you are sufficiently paranoid, you're not." - Guildenstern, Rosencrantz and Guildenstern are Dead
"The truly paranoid are clever enough to not *act* paranoid." - Q, Star Trek: The Next Generation
"When everyone _is_ out to get to you, being paranoid isn't going to help." - Q, Star Trek: The Next Generation
"When did you get so paranoid?"
"When they started plotting against me." - The Paper
"Paranoia is only the leading edge of the discovery that everything in the world is connected." - `The Illuminatus Trilogy'
When you've been through everything I have, paranoia is merely a precaution!
Paranoia is not the belief that everybody's out to get you -- they are. Paranoia is the belief that everybody's conspiring to get you.
The greater the concentration of power, the greater the paranoia it generates about its need to destroy everything outside itself.
I love this job. Nothing like paranoia and neurosis. Who needs a Coke habit? I've got journalism!!
There's something inherently American about paranoia. Given the i
Interesting tidbit (Score:2, Interesting)
Re:Physical access! (Score:5, Interesting)
I run both a hardware and a software firewall. If one is compromised the potential intruder finds yet another. My sensitive data is also all encrypted, so even if the intruder breaks the second one he/she isn't likely to get much of value.
Re:I am exceedingly paranoid.. (Score:2, Interesting)
Your information can be too secure (Score:5, Interesting)
You have setup a system that will keep people away from the data unless you and only you try to access this. What happens if something happens to you. Your family might need your account numbers if you die, have a stroke, etc.
If you are protecting your child porn stash, then maybe this is the best solution. For things like credit card numbers, on-line banking, etc. you should "escrow" your passwords somewhere so that others can get to them if needed. This could be as simple as a printout of your passwords/accounts in your safe deposit box to having information kept by your lawyer.
Remember that bad things can happen beyond just hackers trying to get data.
And I am not just trolling for karma. My wife just had a friend die suddenly and one of the first questions from the family was "how do we get his laptops password". My anser was, "it depends, if he really secured it well, you are pretty much out of luck".
Knoppix STD (Score:5, Interesting)
We had a couple people leave work recently and they had some data in the computer that we needed to get ahold of. Since my company requires passwords and restrictive permissions on all Windows systems my team was worried that we might never get the docs off the systems.
A co-worker got out the Knoppix security tools distribution ( http://www.knoppix-std.org/ [knoppix-std.org] ) CD and was able to bypass the Windows passwords very easily. And it read the hard drive ignoring windows permissions.
If someone wanted a secure system. The Knoppix STD CD could be a good tool to use. Try and see if you or a trusted friend could get in to your PC.
- Bruzer (trying to be constructive)
Simple Practices (Score:4, Interesting)
1. Unless currently being used, the computer remains at an "off" state.
2. Change your passwords often - how often is up to you, but be reasonable. I suggest 30 to 60 days for medium/low security, and 7 days for higher security. Remember, however, that any password can be breeched - it's just a matter of time.
3. Segregate your network (if you have one) into zones. For Instance - You should not put your wireless access point straight off your network, instead, come off of your firewall in a new "wireless" zone. Terminate all wireless connection into your firewall via ipsec. Do not rely on WEP/WPA.
4. Block all outbound and inbound ports on your firewall, until you need them. I.E, don't just open up port 80 because you
5. Virus scanner.
6. Password protect
Anyway, these are just some basic concepts that are OS independent, and if your average user followed some of these guidelines, we'd all be in a better position.
Paranoid Vs. Smart. (Score:3, Interesting)
Being Smart:
Being paranoid is making your system as close as unusable as possible because of all the security turned off. This is like living in a fortres with Steal walls, doors, and bars over the windows and every type of lock possible. Going to crazy could lead to a false sience of security. As well as making yourself more of a target for people who see all the security setup and figure if it is that tight something good must be inside. If you are that afraid of hackers turn your computer off unplug it and put in a safe you are probably better off that way.
Re:My security system (Score:2, Interesting)
One gaping hole in your security is lack of obscurity. Security by obscurity is, indeed, bad practice; but the abandonment of obscurity altogether is generally worse. This is a tip that the big government agencies would give you, if they weren't so tight-lipped about their tight-lippedness.
Then again, we're all prone to the occasional brag, it's the best way to social-engineer your way into a good understanding of your mark's system. For myself, I've resisted the temptation to gloat about my awesome system today, in response to this article, but I know I'll give in sometime later.
How secure could windowsXP be... (Score:2, Interesting)
Removable media. (Score:4, Interesting)
The simple solution (for personal computers) is removeable media like a external USB harddrive. Connect it to your PC when you need to access sensitive information. Yes this dosent help if your system is all ready compromised, but if this has all ready happened chances are your fucked either way.
This also works well with portable computers, but using memory sticks. if your in a insecure area (cafe) and need to leave your laptop for a few moments, just take the stick with you.
It sounds like the author focused on securing his data only while hes not accessing it, like the encrypted data and silly long passord, but when hes all ready logged in, and the data is decrypted, your security is lossed. And the fact that most people leave their machines on (while logged in) this dosen't help in anyway.
His computer is only secured while he is logged out, and his computer is turned off, but still not physicaly secure.
Chances are if your in an enviorment that is not secure, this is your first mistake, and really if you have information that is this important, why the hell are you connecting that machine to the internet anyways.
Re:Physical access! (Score:3, Interesting)
The massive encryption key you keep on the flash drive hanging around your neck will be seized when you get hauled in for questioning. The computers you use will be examined, cloned, and examined some more.
What the truly paranoid need is a way to protect data under the assumption that the data storage medium absolutely WILL fall into the wrong hands. It doesn't matter if the data is irretrievably lost, it just needs to stay indecipherable to keep you out of jail.
Any ideas for operating under those assumptions?
Re:This far (Score:2, Interesting)
My wireless network uses WEP.
My access point restricted to particular MACs
Only to keep potential free-loader neighbors off.
- Microsoft firewall: off
- Active spyware checking: not installed
- Threats for using IE instead of Mozila/Firefox
[mozilla.org]:non-existent
I guess I trust my relatives, and I have backups of everything, so have at it.Paranoid?? used to be. (Score:4, Interesting)
All my 'Sploits were on that machine and I never used it or hacked from in the town I lived in.
This was all back when I was a wee one, and is my distant past. but I learned from some of the best (a friend was a 414 member) and one thing that was instilled in me was to be insanely paranoid.
to the point that where I had the laptop stored I had ways of detecting if someone had been there.
if it looked like someone was there abandon it and never EVER return.
His father was Ex-CIA and he was one of the very few that were not nabbed when they took 414 down. no I never knew his real name and no I do not know where he is or have had any contact with him for over 20 years now.
basically his help in telling me to be insanely paranoid kept me out of the law's hands until I finally grew out of it and left the illigitmate stuff for the other newbs. (note social engineering is far more fun and will nab you LEGITIMATE access to things, and it's a key talent that will get you very far in the corperate and business world... the ultimate hack is getting the sysadmin to give you an account.)
things like installing back to back modems in offices you find access to their phone closet, (Man I had to have at least 8 of those around) tapping lines and installing outside line access and YES even making rubber handset couplers to couple a pair of payphones together for some 1200bps goodness that would make tracing you harder than hell. (put the modems in a box make the box cut power to both modems when it is opened so you know when someone discovers your redirect, that is a first warning that they are tracing you, telephone guys are clumsy and will start poking around back then, they never had any FBI agents that were well versed in telephone equipment until recently.. Using a telephone gear box to conceal your modems works best, and makiing it look like 10-11 phone lines enter that box also makes it more tempting to open it first.)
SO basically, acting pretty much like a spy would, expecting danger at every turn and NEVER giving others information, espically not friends that od the same thing, is as paranoid as I was.
it kept me from getting caught and out of Jail. although I never did anything illegal, nothing at all, I was a perfect student that did not even own a computer!
I also have no idea who reprogrammed the Altairs in the computer lab to flash their led's in a cylon eye sweep!
but oh man it looked so fricking cool!
OpenBSD server (Score:4, Interesting)
1. I run OpenBSD and know how to admin it. It runs ONLY SSH and Samba. It's behind a software router, runs pf.
2. Samba will only be accessible on the loopback interface.
3. Connections to the machine are made via SSH, you must have both a password and a PK authentication. The client has to port forward the appropriate ports for Samba to work.
4. Firewall scrubs packets (prevents some potential TCP/IP exploit tricks)and only allows connections to and from my internal network and my machine at work from the outside.
And that's it. I don't think this would work with more than one machine serving files via Samba, because of port forwarding. I haven't gotten the Samba attached to the local interface yet, right now samba is just limited to the single client I access files from via the firewall. I'd be curious if anyone has issues with the security of this setup. Basically, I want Samba, but with the stronger authentication and encryption of SSH.
Re:Physical access! (Score:3, Interesting)
1: I just don't have any data THAT critical on them, and plan to keep it that way.
2: If anyone is attempting to gain physical access to my computers, that means they're IN MY HOUSE, and in that situation, I'm much more concerned about my family. The computers then are simply somewhere in a line of physical possessions I'm less concerned about than my wife and kids.
Perspective. I guess if I kept valuable company data at home, I'd be more concerned.
Re:Paranoia quotes (Score:3, Interesting)
Wow, I would have labeled that as religion.
OpenBSD and encryption of Swap And Temp Files (Score:1, Interesting)
I don't know if I'm supposed to talk about it, but some of the OpenBSD developers have been working on hardware solutions for realtime encryption of data going to and from RAM, anything leaving the on-chip cache would go through an AES chip using a temporary session key.
If your temp files always live on MFS, temporary data will only exist in RAM or in swap, and with the above solution, when the system is shut down the data in those two locations becomes unrecoverable when the sesion keys are flushed.
And I thought I was paranoid!
Re:Physical access! (Score:3, Interesting)
The equivilent of "ifconfig eth0 up" (no IP assigned).
Re:Physical access! (Score:2, Interesting)
dd if=/dev/null of=/dev/hda
At least I think that's how it goes. I'm a linux n00b. That one shouldn't affect your printer much.
Re:Big Brother... (Score:3, Interesting)
The idea is that if you turn the machine off, and move it (and you're not VERY careful moving it), the dice will fall and the password will be lost forever. That oughta show Big Brother when they try take my stuff by force!
Re:Physical access! (Score:1, Interesting)
Don't forget the neighbors... (Score:3, Interesting)
For example, when I bought my house and moved in, every single piece of computer gear was put in an anonymous box without labels before being carried in. The boxes were unpacked out of view of any windows, and I arranged my shelving and desk in such a way that nothing is viewable from a window or door.
I also made sure to warn my neighbors to stay away from my German Shepherd (she's a fantastic watch dog). Not that a dog is foolproof against someone determined to get access, but it doesn't hurt to present as difficult a target as possible.
Keeping your stuff obscure via net access is all well and good, but don't forget about John Q. Public walking by on your street, or a nosy neighbor peeking through your window.
Re:Paranoid?? used to be. (Score:2, Interesting)
I only mentioned things that were known to people at that time who were inside and running the gamut for real, and the fact I was a litle kid at the time absolutely nothing is actionable. There are details that are certianly gone from my memory, and there are locations that I hacked from that do not even exist anymore. There are aspects of the ol' "hacking" craft that most of the newbies miss and the number one aspect is the paranoia, ESPICALLY paranoia of your "friends" because in hacking circles your friends will rat your arse out faster than the feds can say deal. Most "hackers" today (Gawd, I despise that term.), are there for the show, the "peeps" and the "props". They think they become popular, they go to 2600 meetings and brag, they buy the "secrerts of hacking" books and think owning a copy of the "anarchist cookbook" makes you a big gun.(It makes you dead, most of what Is in that is completely wrong) It's an insane joke to those of us from the olden-days.
We never wore all black or dressed "punk", or did anything to bring attention to ourselves. The number one thing you want to do is blend in. If you are able to simply close up your laptop (something that drew gobs of attention then) and turn around and walk away to disappear into the crowd you increase your chances of getting away 100 fold than the kid sitting at the phone booth with flame red hair wearing all black or even worse a stupid trench coat or bondage pants (sorry kids, those existed in the 80's!) looking like a "HERE I AM" beacon. If there is anyone looking for you you will be insanely easy to spot and follow. I learned early, if you look different you are number one suspect. If you look different they assume you are up to no good, and if you look different you can not hide in the shadows or better yet, in plain sight.
I took advantage of that in high school. Every time something went haywire I was never even a suspect. My public persona was the upstanding and respectful honor student.
As for your comment, I though the movie "Hackers" was insanely bad and funny. Absolutely everything was wrong. Most of what they showed was the punk scene from the 80's updated to look hip for the 90's. Pagers were a dead giveaway that you were up to something in the 80's.. yet that movie had them as a prominent piece of "hacker gear".
The rest of that movie was a complete and utter joke, absolutely nothing set in reality. In fact I have never seen the end of it, I left the movie theater 1/2 way through. I couldn't stand any more of it. as a movie it sucked, and it completely butchered the topic.
In reality I did not open my coat, because wearing a coat was a dead giveaway.
Releasing some basic information that has no real inside information is certianly not "opening your coat"...