[RndTbl] wireshark warning

Adam Thompson athompso at athompso.net
Fri Jan 17 09:36:05 CST 2014


On 14-01-17 08:36 AM, Sean Walberg wrote:
> If you still like reading, 
> https://research.microsoft.com/en-us/people/mickens/thisworldofours.pdf is 
> actually pretty funny. There are a few themes, but the relevant one is 
> "your security measures depends on your adversary. If the Mossad wants 
> your data, there's nothing you can do. A good password is enough to 
> keep your ex-boyfriend out of your computer though"

Thank you for that link, the reading of which made me snort a carbonated 
beverage out through my nose!

If you are reading this message in the first place, you are not the 
majority.  You are not a significant minority.  You are not a visible 
minority.  You are not the 1%.  You are not the 0.1%.  You are probably 
not even the 0.01%, you're more likely [collectively part of the tier 
that is] 0.001% of the world's population.

If you have everything triple-encrypted, you're defending against 0.1% 
of the 0.001% - someone who simultaneously has the skills to defeat 
ordinary passwords and good computing hygiene *and* cares about your 
data *and* is willing to do illegal things to access it. In other words, 
you're spending a measurable portion of your day defending against, 
roughly, one or two other persons in the world, and you don't even know 
who they are.

If you don't have an alarm system, a fog system, exploding dye packets 
scattered randomly throughout your belongings, several guard dogs, bars 
on your windows, and 24x7 CCTV coverage of your entire property to 
prevent any and all unwanted intrusions to your home... then you're not 
defending against 0.1% of the other 99.999%, which is a much more common 
and likely threat than the Mossad wanting your data.  We now know the 
NSA does want your data, but mostly in a very impersonal way - kind of 
like an obsessive collector, they simply feel the need to have 
everything for the sake of having it.  I'm unsure if the Mossad wants 
everyone's data in the same way, but both organizations are perfectly 
capable of hiring some local criminal (that's the 0.1%) to break into 
your house and steal your computer.

On the other hand, the "organized crime" threat category is, IMHO, a bit 
more dangerous than the author posits - that's not a huge bin of people, 
but they do cast a very wide net, and you're now relying on 99% of the 
0.001% to apply common sense when building and configuring *their* 
servers, and we know that simply doesn't happen consistently.

Ultimately, I configure my systems correctly, I assume the vendors I 
rely on aren't complete idiots (until proven otherwise), I don't 
(usually) do blatantly stupid things online (usually, I said), and 
beyond that, I *choose* to Not Worry About It, and I spend my life doing 
more interesting, entertaining and pleasurable things.

Or, in reference to what James Mickens wrote:  "what he said".  :-)

-- 
-Adam Thompson
  athompso at athompso.net
  Cell: +1 204 291-7950
  Fax: +1 204 489-6515



More information about the Roundtable mailing list