Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] RMS is at it again...again
- Date: Fri, 03 Oct 2008 15:04:04 +0900
- From: Edward Middleton <emiddleton@example.com>
- Subject: Re: [tlug] RMS is at it again...again
- References: <48E50AAD.3030209@penguincomputing.com> <20081003014833.GB1824@lucky.cynic.net> <f118b8b90810022008i5b153679wcf19c13db27adaa0@mail.gmail.com> <20081003042651.GE3014@lucky.cynic.net> <48E5A214.3000901@bebear.net> <20081003053142.GJ3014@lucky.cynic.net>
- User-agent: Thunderbird 2.0.0.17 (X11/20080929)
Curt Sampson wrote: > On 2008-10-03 13:39 +0900 (Fri), Edward Middleton wrote: > > >> Curt Sampson wrote: >> >> >>> Well, I know that for my more critical data that either they're not >>> modifying it, or my crypto is much weaker than I'd thought. I also >>> strongly suspect that they're not reading it (or my crypto is, etc.), >>> though I have less confidence in that. >>> >> Well as Stephen J. Turnbull pointed out at past Nomi. Do you check the >> source of every piece of source before you compile and run it. Do you >> check it sufficiently to insure a sophisticated organization with plenty >> of resources couldn't insert a Trojan without you finding it. >> > > Nope. Nor do I check the the masks and fabricate my own chips. > > However, the question is rather pointless, because the answer is > *always* "no." Not even the NSA has crypto so good that someone with > sufficient resources couldn't defeat it. As with Churchill, we've > already established that it's not a question of can or can't, it's a > question merely of cost. > > Anybody who implies that you're not secure if you don't carefully check > the source code of your security-related software does not understand > security. In fact, anybody who divides the world into "secure" and "not > secure," rather than a continuum, does not understand security. (Note, > though, that mere use of these terms does not necessarially mean that > the user is not using these as broad, relative points on a continuum in > the context of a particular discussion.) > So the question is where does the data we put on SNS services and Google Mail fit on the security continuum. The two main security issues I see with such services is the potential for the vendor to 1. locking you out of your data. 2. giving access to malicious third parties information gained from aggregating your data. 3. modify your data to misrepresent the situation. 1. can be easily mitigated by duplicating you data. I don't know that there is anything that can effectively combat 3., which basically leaves 2. Edward
- Follow-Ups:
- Re: [tlug] RMS is at it again...again
- From: Curt Sampson
- Re: [tlug] RMS is at it again...again
- References:
- [tlug] RMS is at it again...again
- From: Phillip Tribble
- Re: [tlug] RMS is at it again...again
- From: Curt Sampson
- Re: [tlug] RMS is at it again...again
- From: Keith Bawden
- Re: [tlug] RMS is at it again...again
- From: Curt Sampson
- Re: [tlug] RMS is at it again...again
- From: Edward Middleton
- Re: [tlug] RMS is at it again...again
- From: Curt Sampson
- [tlug] RMS is at it again...again
- Prev by Date: Re: [tlug] RMS is at it again...again
- Next by Date: Re: [tlug] RMS is at it again...again
- Previous by thread: Re: [tlug] RMS is at it again...again
- Next by thread: Re: [tlug] RMS is at it again...again
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |