| Author |
Message
|
| bruce2359 |
 Posted: Tue Jan 14, 2014 10:31 am Post subject: |
 |
|
Poobah
Joined: 05 Jan 2008
Posts: 9471
Location: US: west coast, almost. Otherwise, enroute.
|
| fjb_saper wrote: |
| ...And if you are naiive enough to send company secrets via electronic transmission.... well shame on you.... |
Company secrets like email, customer bills, credit-card transactions, bill-of-material orders..., that kind of stuff?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Tue Jan 14, 2014 10:32 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| fjb_saper wrote: |
Why the h$*! would the competition need to bribe a government employee to get my keys when it is so much easier (in terms of guaranteeing the succes) to bribe the official overseeing the allocation of the contrat. (And maybe even cheaper?)...  |
It's not bribery, it's lobbying. Same as the difference between plagerism and research.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jan 14, 2014 11:20 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| bruce2359 wrote: |
| fjb_saper wrote: |
| ...And if you are naiive enough to send company secrets via electronic transmission.... well shame on you.... |
Company secrets like email, customer bills, credit-card transactions, bill-of-material orders..., that kind of stuff? |
Since when have those ever had any expectation of privacy?
Go buy the results from the big data aggregators...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 14, 2014 11:28 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| fjb_saper wrote: |
| Go buy the results from the big data aggregators... |
Most "direct mail" marketing agencies probably already have most of that laying arround collated for you. Save you some time.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 15, 2014 5:53 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
All arguments are non-technical again... like in previous topic... which still baffles me...
So technically it's OK encryption can be broken and electronic communication is insecure, but that's OK too? 
or did I miss something in the communication here and there?
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Jan 15, 2014 6:25 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Michael Dag wrote: |
All arguments are non-technical again... like in previous topic... which still baffles me...
So technically it's OK encryption can be broken and electronic communication is insecure, but that's OK too?
or did I miss something in the communication here and there? |
It's not OK that encryption can be broken, or that electronic communication is insecure - throw enough resources at something and no matter how good it is, it's only a matter of time. One way to reduce that time is to influence how it's done, in this case by deliberately weakening encryption.
Someone will now come up with a new algorithm and everyone will feel secure - for a while at least - until the next scandal. And of course the conspiracy theorists will no doubt pop up and say that it's already compromised.
And I notice there's an article on the BBC website about how computers that weren't even networked have been snooped on too.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jan 15, 2014 6:25 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| Michael Dag wrote: |
| All arguments are non-technical again... like in previous topic... which still baffles me... |
Why? Privacy is a social issue not a technical one.
| Michael Dag wrote: |
So technically it's OK encryption can be broken and electronic communication is insecure, but that's OK too?
or did I miss something in the communication here and there? |
The point I was attempting to make is that the technology of security is only part of the problem. Even if you have utterly secure, non-crackable encryption all that will happen is the NSA (or company B) will bribe/intimidate/steal whatever artifacts they need to read what they want to read. So if you want encryption not to be broken you need staff who can't be bribed or intimidated, and physical security round the keys and other artifacts.
I'm not saying that's a good thing, I'm saying it's the world we're paid to deal with.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Jan 15, 2014 6:27 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Vitor wrote: |
...So if you want encryption not to be broken you need staff who can't be bribed or intimidated, and physical security round the keys and other artifacts.
I'm not saying that's a good thing, I'm saying it's the world we're paid to deal with. |
Paid by whom? 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jan 15, 2014 6:41 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| exerk wrote: |
| Vitor wrote: |
...So if you want encryption not to be broken you need staff who can't be bribed or intimidated, and physical security round the keys and other artifacts.
I'm not saying that's a good thing, I'm saying it's the world we're paid to deal with. |
Paid by whom? |
Whoever you're giving your invoice too.
War story: Back in the day I was part of a team that set up a system which could produce cheques (or checks for our American cousins). Required a special printer linked to a PC, PC linked to our mainframe by a dedicated line and a special upload utility from the vendor. Picked up the data from a PDS protected by RACF, loaded it into the software which then printed the cheques (signed, dated and ready to be envelope stuffed and posted. Software had a separate logon system separate from the Windows in use at the time which kept it's passwords in a file that (unlike Windows) was really encrypted and from which passwords could not be extracted. The software (unlike Windows) enforced good passwords (10 characters or more, upper and lower case, one special character, etc, etc)
The system was running 2 weeks before the admin user id and the password was found written on a piece of paper taped to the monitor "to make things easier".
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Jan 15, 2014 7:56 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9471
Location: US: west coast, almost. Otherwise, enroute.
|
I am disheartened by the relative complacency of many of my IT colleagues, as it relates to risks of exposing our valuable business and personal data.
Sign up for CRYPTO-GRAM, Bruce Schneier's newsletter. His January 15, 2014, newsletter is painfully enlightening.
You can read this issue on the web at
http://www.schneier.com/crypto-gram-1401.html
For back issues, or to subscribe, visit
http://www.schneier.com/crypto-gram.html
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jan 15, 2014 9:07 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| bruce2359 wrote: |
| I am disheartened by the relative complacency of many of my IT colleagues, as it relates to risks of exposing our valuable business and personal data. |
It's not complacency on my part but pragmatic resignation of the real world.
As your man states here:
| Quote: |
| Fixing this problem is going to be hard |
You're trying to change the learned behaviour of the state, learned over the last few thousand years.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
