l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Nov 24 05:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] User with root privileges
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] User with root privileges



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 24 November 2003 02:22 am, Michael Wenk wenk-at-praxis.homedns.org 
|lugod| wrote:
> On Sunday 23 November 2003 01:20 am, Mark K. Kim wrote:
> > On Sun, 23 Nov 2003, Michael Wenk wrote:
> > > Ya know, there's one thing that always makes me laugh, and that's when
> > > a non professional gets all anal about their home system.  Get a grip,
> > > the absolute worst thing that can happen is you have to spend an hr or
> > > two reloading your system.   Its one thing to expend the level of
> > > effort to learn about something, another thing to just do it cuz you're
> > > afraid of being hacked.

No, the worst thing that can happen is they can set up shop, and start using 
your box to distribute spam and kiddie porn, getting you in a nice mess with 
the feds, and getting you branded a pervert even if you DO get let off.

And do you ever log in to machines at work from home? What if someone 
installs a password logger? They run wild your boxes at work too. Not good.

> > Well... I have large archives of files that date back to my junior high
> > school days... including homeworks, project files from various projects I
> > undertook, all my diaries, and photos from many of my trips and my past
> > that's utterly priceless and irriplaceable once gone.  Those are more
> > important to me than any expensive tech gadgets or collectables in my
> > possession.  In such case I'm sure you understand how one administers the
> > computer system can be important to certain people.
>
> Accept yes.  Understand no.  I don't understand why methodolgy is important
> on a home system.  Yes, the stuff on there may be important to you, but why
> the hell would anyone else want to get it?  and if so, and if data and
> system security are that important, what about physical security?  If
> someone really wanted my data, they'd just break in, yank my box, and run. 
> So you work yer ass off for something, and 9 chances out of ten, you're
> leaving yourself open to the lowest level of attack.  That I don't
> understand, and it makes me laugh.   Personally, I do the 10% that keeps
> out 75% of the people.  and when I did this for a living, I did the
> additionaly 80% that kept out 20% in addition to...

$ mount | grep /home
/dev/hda2 on /home type ext3 (rw,encrypted,loop=/dev/loop0,encryption=AES128)

(my swap partition is encrypted as well, initialized at boot with a random 
key)

Steal my box, spend the next few decades cracking the the encryption (or get 
me to cough up the passphrase). I even keep encrypted backups at another 
location.

- -- 
PGP/GPG Fingerprint: 3B30 C6BE B1C6 9526 7A90  34E7 11DF 44F3 7217 7BC7
On pgp.mit.edu, import with `gpg --keyserver pgp.mit.edu --recv-key 72177BC7`
Also available at http://www.cal.net/~ryan/ryan_at_mother_dot_com.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/weO3Ed9E83IXe8cRAia6AJ4lmV2gC/xTQHrjY2IGM6xVBS+/xgCgts3t
368OicFkW7+YgFSSjHuiDUI=
=XeBO
-----END PGP SIGNATURE-----
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.