On Wed, 2007-01-17 at 00:04 -0800, Les wrote: > Do you know exactly what a Trojan Horse, a Worm, a Virus, a backdoor or > a rootkit actually does? How do each gain access to your system? Which > software techniques can defeat each one? I am not as savvy as I once > was, but the topics of these issues and system security are always on my > mind. Perhaps you sincerely believe that the only option is to "kick > down the door and get it". If so, you are not yet fully conversant with > the extent to which system penetration can affect you. Do you know how > files are erased? Do you use a shredder program? Are any of your > systems fully encrypted? If so, what is the keystream length? How can > you check it? We have all been young once upon a time. I come from a time when people time-shared mainframe computers. I remember when the powers that controlled a particular mainframe came for a visit. We were time-sharing into his mainframe, two hundred fifty miles away. He was trying to make peace with us. He logged in, he showed us a few things. We showed him a few things he didn't know. He hung up the phone. Those were the days of acoustic couplers when one was lucky to have a three hundred baud modem. We screamed telling him not to do that because that is how our phone lines got hung. We blurted out now we would have to crash his system to recover our phone lines. He promised to have the problem fixed and was interested in how we would crash his system. We always had half a dozen ways, at hand, just for emergencies.... Another time the powers that controlled a particular mainframe were bragging how stable and powerful their system was. They said their system could handle 400 simultaneous users, and dared everyone to log in and do their worst. They wanted a test. A teacher asked two friends and me, just before the start of class, to do something so our school could contribute to their test. They wanted 400 users. We started something that gave them 400 simultaneous, simulated users. We also changed a password somewhere, and then we went to class. Their mainframe went down a few minutes later. They called our school twenty minutes later, asking for the password. They could not boot their system without it. They admitted control of their system transferred from them to us that day. Fortunately, they could do nothing to us, though they wanted to, because they asked for it. I wrote programs in hex before I knew how to use the assembler. Those were the days when one had to know what one was doing. Those are the days I can safely talk about. It is not like now. Now, I trace network traffic as part of my job, to debug software, that I have written or ported. Now, outside of work, I occasionally look at html when the web-page writer is inconsiderate enough to make his web-page not work on my Linux system. I shudder when scripts are made available to the script kiddies. I feel disgust when people try to protect systems using threats of incarceration instead of sound technical methods. I warn certain fifteen year old boys about being careful what websites they visit. I warn them, the first time I find their Windows computer, upon which they play their games, infected, is the last time their computer will run Windows. I will wipe the disk and install Linux. This is the world we live in. These are the rules we have to follow. I have learned to live with it. I have learned to follow the rules. Either follow the rules or live with the consequences. I have to follow the rules. I cannot afford the consequences. Someone suggested, support the EFF in its efforts. Go do it. I suggest organizing and getting involved politically. Go try it. This discussion is proceeding along predictable lines. If this discussion is important to people, people should make a plan of action that is feasible, get volunteers, and execute on that plan. Be realistic. Understand what a minority we are. Understand what hoops we must jump through to get change. Do I want change? Yes. Do I think change will happen? Not if you keep the discussion on the Fedora mailing list. Find a forum where you can accomplish change. In the beginning, I asked people to get facts. Now I suggest people collect facts and organize facts in a coherent, convincing way. Assume the audience is not technical. Assume the audience is political. Assume the audience has a bias towards the rights of corporations and the status quo. Otherwise, we are all wasting bandwidth. Bandwidth is easy to waste.
