NSA wiretap, Friday night - Security

This is a discussion on NSA wiretap, Friday night - Security ; Kevin the Drummer wrote: [...] >> > Should their be any detection of client machine components to see if >> > they are have vulnerabilities? For example, if someone is running a >> > really bad version of IE or ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 25 of 25

Thread: NSA wiretap, Friday night

  1. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    Kevin the Drummer wrote:

    [...]

    >> > Should their be any detection of client machine components to see if
    >> > they are have vulnerabilities? For example, if someone is running a
    >> > really bad version of IE or Exchange, should the user be alerted by
    >> > email that their service will be restricted (brown out or disconnect)
    >> > after some number of minutes or days?

    >>
    >> No, I would not think so. The criterion should be that if a connected
    >> machine is compromised, it should be disconnected. Nothing more is
    >> needed or justified.

    >
    > I think at least an email is needed. Otherwise the ISP is just letting
    > the time bomb tick.


    I thought I addressed that adequately several times earlier in the thread.
    Agreed that in the event their box(en) are compromised, the customer
    notification and understanding of the requirements are essential. What OS
    or software they are running is their choice alone, and it is nobody
    else's business to dictate or try to dictate anything different.

    > So, have you written to any members of Congress in your area? Have you
    > contacted any universities? Maybe you should? How about an RFC?


    I am in fairly regular contact with Congressional aides. But I do not
    want to annoy them unnecessarily.

    My most recent contacts were in response to appeals here by "imhotep"
    relating to "net neutrality". I also had related correspondence about
    that issue with some fairly well connected network security specialists.
    Those specialists expressed fairly strong objections to the "net
    neutrality" initiative. They did not convince me of the merits of their
    arguments, but this is an indication of fairly strong opposition in the
    field.

    My Congressional sources are pretty frank that there is no realistic
    chance that any "net neutrality" initiative will come to a vote in either
    House of this Congress, let alone pass either House. I do regret that,
    but I have to accept reality.

    As a motivated individual, I do try to follow up on all the issues that I
    think are convincingly worth pursuing, up to and including lobbying for
    specific legislation. There is only so much that any one person can do.
    In an informed electorate, it is fair to assume that any worthy initiative
    will be able to demonstrate a substantial basis of support in that
    electorate.

    Not every supported initiative is necessarily worthy. Not every worthy
    initiative is necessarily supported. But every successful initiative is
    supported.

    On Wednesday you posed the question.

    > So, what can WE do?


    I wrote many lines to you in response, and you were a good "devil's
    advocate". And it seemed we were on the same note in many ways, Drummer.

    But _I_ cannot do it alone, and _YOU_ cannot do it alone, and You and I
    cannot do it together, the two of us. What we, the two of us can do if we
    want is to try to involve others in developing an initiative that will
    inevitably include the input of all those others.

    If you really want to know what _WE_ can do, first ask what _YOU_ can do.
    If that is acceptable to you, then do it and come back with some results.
    I will certainly support you in this.

    I would think that before contacting a Congressman or University, it would
    be better to privately contact your own ISP and ask for their views.

    Your ISP is Time-Warner Telecom and their e-mail address is
    abuse@twtelecom.net. I would be interested to know what they say.

    I hope that answers your questions.

    > Cheers...


    Thanks.

  2. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    Barton L. Phillips wrote:

    > responder wrote:
    >> Kevin the Drummer wrote:
    >>
    >>> responder wrote lots of good observations about
    >>> unconstitional and illegal NSA wiretaping which is one form of computer
    >>> insecurity.
    >>>
    >>> One thing that the US administration has been very lax in is improving
    >>> cyber security. With so much relying on a working Internet, we need to
    >>> keep it working. What can we do, as people who presumably care about
    >>> this stuff enough to read this newsgroup? I don't think we have the
    >>> luxury of waiting for someone else to do it for us. Maybe they don't
    >>> even want to do it for us? If the Internet were more hardened against
    >>> cyber terrorists, maybe the same hardening would lessen their ability
    >>> to do their own spying?
    >>>
    >>> So, what can WE do?

    >>
    >> I'm glad you asked.

    > I personally like your idea. I have advocated something like that for
    > quite a while. I actually think that the ISP should be happy that bogus
    > traffic that is hurting everyone is removed from the net (but then again I
    > may be way too naive).
    >
    > The biggest problem with your suggestion is the "new law" part of it. I
    > don't think lawmakers can 1) grasp the issue and 2) create a law sans all
    > the obvious political baggage. At the end the law would probably be
    > counter productive and cause more problems than it fixes (but then again I
    > have very little respect for our current croup of lawmakers).
    >
    > It seems to me that at the ISP level it should be pretty easy to identify
    > and enforce "good behavior". The economic implications are enormous and
    > should help to make ISP's more interested. I for one would be willing to
    > pay a small fee for the extra service, after all I have to buy anti-virus,
    > anti-spyware software now which ends up costing about $100 per year. The
    > current spyware/virus protection software is just working at the wrong
    > place and is therefore not very effective.
    >
    > I am sure there will be those that think your idea is way way to invasive
    > but then the problem is very invasive too.


    Thanks for writing so kindly and supportively. Please read my other
    messages.

    I am going to take a short break. Everything you wrote is intelligent and
    correct, and I agree with it. I would prefer to literally support and
    re-enforce each and all of the perspectives that you have advanced. They
    are all good perspectives. But it all deserves a response that I cannot
    write now. Please excuse and forgive.

    If I can come back in a reasonable time, I will be very pleased and proud
    to try to answer properly. Your good thoughts and considerations deserve
    that. I wanted to convey my appreciation.

    Thanks again.

  3. Re: NSA wiretap, Friday night


    "Jay C. James" wrote in message
    news:edq30m$oo1$1@home.itg.ti.com...
    >
    > "Kevin the Drummer" wrote in message
    > news:slrnefto6c.t1m.nobody@lwe125529.cse.tek.com.. .
    >> So, what can we do to keep our information out of the hands of anyone,
    >> including the gov't, that we don't trust with that knowledge? Now that
    >> we know that they're going to spy on us, or at least someone is going to
    >> spy on us.
    >>

    > Move to a backwards country that has a lack of technology.
    >


    snipped

    > If using technology, encrypt.
    > If your technology does not support it, dont use it.
    >
    >
    >
    > jcj
    >
    >
    >



    To 'responder' --

    Apologies for responding to my own post, but viewing this newsgroup
    in another newsreader (trying out "pan" if you are interested -- updated
    today via freshmeat.net) I noticed a response claiming that a quote or
    idea was stolen. Since the poster has been plonked by me for some time
    via the mutually agreed crappy Outlook newsreader, theres no possible
    way I could have nicked the idea. Regardless, its not an original idea
    anyway.

    Its merely common sense. Just encrypt whenever you can, mmmkay?

    Dude, please put me on -your- ignore list so we can both sleep better at
    night. Me for the safety of my family, and you so you can concentrate
    your efforts on someone else more deserving, and not someone who
    has a pedigree in this industry likely 5 or 6 times that of yours.
    Yes, that includes Linux. That includes the BSD's, most of the commercial
    Unixes and guaranteeing 1 or 2 you have never heard of as well.
    This also includes source code contribution to open source projects,
    alongside material and financial support too, and efforts on a handful of
    closed technical mailing lists you have no access to.

    I mean, for someone so adamantly against this grand Microsoft juggernaut,
    you should have ignored me with flair when you first saw the header info.
    What kind of elitist are you, anyway?! Why, in the old days not only did
    we ignore anyone who posted anything from a Windows box, but we
    blacklisted the entire Class C, I tell you! :P What the heck has happened to
    this generation, anyway?


    jcj -
    not a republican, democrat, moderate or anything political, period, so if
    you are going to refer to me in the future, please do not attempt categorize
    me politically. You dont have access to my voting records or personal
    feelings on anything even remotely political.

    Seriously, I apologize if you think I nicked your idea after reading it
    here.
    Thats an impossibility, you were plonked until today when I fired up the
    new version of pan.

    Look, can we just agree to disagree and ignore the other into hopeful
    obscurity?

    Feel free to have the last word in case you need to clarify something,
    correct me, agree to disagree or whatever.

    *big hug*





  4. Re: NSA wiretap, Friday night

    -- for jcj:

    In my opinion, you have not written anything constructive or helpful. You
    have only attacked, belittled and/or ridiculed what others have written.
    Usenet has always been a kind of "wild west show", where people can claim
    to be anyone they want and write almost anything they want. But you can
    be assured that regular readers make their own judgments about who is
    writing and what they might potentially have to contribute. You have not
    yet contributed anything useful, in my opinion.

    Hey there jcj, this is the same "responder" whom you know and love. I
    changed my nick for this message so that your "mutually agreed crappy
    Outlook newsreader", == but wait, it was not Outlook, but the (even more)
    wonderful, *free* Microsoft Outlook Express 6.00.2900.2180 that you are
    using == but so it wouldn't prevent you from seeing this. You do know of
    course, that it wasn't your newsreader that (supposedly) "plonked" my
    messages, but you. So your apologies are again hollow, and your message is
    again insincere and untruthful.

    Your last message was in response to Kevin, and you claimed to have not
    seen mine. Yet you wrote:

    > ... as some will obsess upon ad nauseum here, I will finally bring this
    > thread to some semblance of on-topicness:


    Kevin was not by any means "obsess[-ing] upon [anything] ad nauseum here".
    I can't see how your attack on _his_ message was at all justified.

    On Mon, 11 Sep 2006 15:28:30 -0700, Jay C. James wrote:

    > "Jay C. James" wrote in message
    > news:edq30m$oo1$1@home.itg.ti.com...
    >>
    >> "Kevin the Drummer" wrote in message
    >> news:slrnefto6c.t1m.nobody@lwe125529.cse.tek.com.. .
    >>> So, what can we do to keep our information out of the hands of anyone,
    >>> including the gov't, that we don't trust with that knowledge? Now
    >>> that we know that they're going to spy on us, or at least someone is
    >>> going to spy on us.
    >>>

    >> Move to a backwards country that has a lack of technology.
    >>

    > snipped


    [... but previously answered properly.]

    >> If using technology, encrypt.
    >> If your technology does not support it, dont use it.

    >
    >> jcj



    > To 'responder' --
    >
    > Apologies for responding to my own post, but viewing this newsgroup in
    > another newsreader (trying out "pan" if you are interested -- updated
    > today via freshmeat.net)


    Super! pan is a good newsreader, though many prefer others. And
    freshmeat is really cutting edge. But it's not your software to be
    faulted so much as your lame brain and what you write.

    > I noticed a response claiming that a quote or idea was stolen. Since the
    > poster has been plonked by me


    - by you, not your newsreader -

    > for some time
    > via the mutually agreed crappy Outlook newsreader, theres


    Ahh, theres [or there is, or there's] the lame brain, again.

    > no possible
    > way I could have nicked the idea. Regardless, its not an original idea
    > anyway.
    >
    > Its merely common sense. Just encrypt whenever you can, mmmkay?


    As I said, it's good advice. Repeat it as often as you like, no charge.
    But if you chose to "plonk" the poster, or otherwise not read the thread,
    do expect to not be picked up on it.

    > Dude, please put me on -your- ignore list so we can both sleep better at
    > night. Me for the safety of my family,


    That is a really rude implication. -- *YOU* "for the safety of your
    family" ... Just where the hell do you get off, jcj. And I am not your
    dude.

    > and you so you can concentrate
    > your efforts on someone else more deserving, and not someone who has a
    > pedigree


    Maybe your father or mother was smart and respectful, but you have
    certainly not shown that. Respect is not hereditary, but rather earned.
    Until now you have not written anything to earn you respect.

    > in this industry


    And what "industry is that supposed to be?

    > likely 5 or 6 times that of yours.


    Google Groups goes back many years now. It shows messages from you this
    year. They are all apparently useless and derogatory. Apparently.

    > Yes, that
    > includes Linux. That includes the BSD's, most of the commercial Unixes
    > and guaranteeing 1 or 2 you have never heard of as well.


    Would that be like *secret* distros, failed distros, or maybe even
    immaginary distros that never even existed outside of your immagination?
    I am definitely impressed [NOT].

    > This also
    > includes source code contribution to open source projects, alongside
    > material and financial support too, and efforts on a handful of closed
    > technical mailing lists you have no access to.


    So, those would be, ["like"] *"secret"* ? And how did you know that I,
    particularly, had no access to them. Are you talking about "warez"?

    > I mean, for someone so adamantly against this grand Microsoft
    > juggernaut, you should have ignored me with flair when you first saw the
    > header info. What kind of elitist are you, anyway?! Why, in the old
    > days not only did we ignore anyone who posted anything from a Windows
    > box, but we blacklisted the entire Class C, I tell you! :P What the heck
    > has happened to this generation, anyway?


    Oh, yes. "The old days." Like from maybe April or May of this year? [ :P
    back at you. ] Again, which generation are we asking about here, please?
    Your references are very obscure and difficult to follow. Please try to
    be clear in your writing for me and for other readers.

    My message to you, that you made an excuse to not answer directly, was
    that your *claim* to be the only one on topic in the thread -- was
    entirely a figment of you imagination. You are the off-topic,
    non-contributory poster. It was not Kevin and it was not me. It was you
    that posted irrelevant text.

    > jcj -
    > not a republican, democrat, moderate or anything political, period, so
    > if you are going to refer to me in the future, please do not attempt
    > categorize me politically. You dont have access to my voting records or
    > personal feelings on anything even remotely political.


    If you are posting disruptive and off-topic, irrelevant attacks upon
    people writing in a thread about NSA wiretaps, then you should expect to
    be classified as a Rovian Republican. Else stop posting irrelevant text.
    In my opinion, you are probably, actually a precocious child, with no
    sense of history or politics or the consequences of where this country and
    world might be headed, or what it might mean to your own life.

    > Seriously, I apologize if you think I nicked your idea after reading it
    > here.


    Post it often. Post it clearly. Post it emphatically. Post it clearly,
    helpfully and emphatically. I endorse it. But if you think it gets you
    any *points* to post someone else's suggestions as your own, while
    attacking them, then saying you didn't see it because you had them
    "plonked", and blaming (of all things) your "mutually agreed crappy
    Outlook newsreader" (which was in itself inaccurate), don't expect
    respect. You only get respect back from people to whom you have already
    shown respect. It is a life's lesson. Learn it.

    Your apology is senseless and useless.

    > Thats an impossibility, you were plonked until today when I fired up the
    > new version of pan.


    I'll help you by posting my responses under a new nick each time you
    write. Any human will immediately know, but a machine never will. Plonk
    me every time; if you post irrelevant, disrespectful messages in my thread
    I'll make sure you have no excuse to say you don't see my response. Boy.

    > Look, can we just agree to disagree and ignore the other into hopeful
    > obscurity?


    You are darn right that we will disagree, at least until you learn the
    value of being constructive, at least until you learn the value of being
    respectful. And there is no obscurity for rudeness. Listen, read and
    learn. Swallow hard. Keep your words soft and palatable, because you
    never know when you might have to eat them.

    Alan Connor had some words for you on Fri, 19 May 2006 8:37 pm. If you go
    to this web link and scroll up a message or three, you can read them all
    again.

    http://groups.google.com/group/comp....5a1f361d3396d9

    > Feel free to have the last word in case you need to clarify something,
    > correct me, agree to disagree or whatever.
    >
    > *big hug*


    As if I wanted physical contact from you. Don't be gross.

    You are getting a rep, boy. ... Not a good thing.

    This message and this thread will be archived in google groups forever.
    Hope you like it.

    [:P]


  5. Re: Cyberterrorism [was: Re: NSA wiretap, Friday night]

    Nathanael Hoyle wrote:

    [... very irreverent but not disrespectful to snip all this good stuff.
    ... Please read the preceding message(s)]

    > I s'pose I've rambled enough.
    >
    > Nathanael Hoyle


    Dear Respected Nathanael Hoyle,

    You should "ramble" some more. Everything you wrote made sense.
    Everything you wrote was completely on topic. I appreciate every word of
    it, even if I can't now respond to each thought. In fact, I believe we
    are in agreement on almost everything.

    I think you believe that ISP's should not be subjected to statutory
    requirements re: disconnecting compromised hosts. I think that if every
    ISP upheld the standards that you have outlined, that statutory
    requirements would indeed be completely unnecessary. I think that this
    view might be a little bit of a 'Utopisn' view. I think that I know that
    my ISP does not hold to those high standards. I think that I know that
    Verizon would be more than happy to scarf up any users who they (my ISP)
    disconnected. And while I am no shareholder of this ISP, and in fact have
    my own issues with them, I do support diversity.

    I do not support a 'unitary executive' in the US Administration, and I do
    not support a 'unitary ISP'. (...if I said that correctly...) The
    standards should be clear and universally applicable. To wit:

    If a connected computer is compromised, it should be disconnected.

    Your high ISP (expressed) connection standards are admirable and very much
    acceptable. They should be universal. When one ISP in any area offers
    less stringent standards, they become a vector for compromise for the
    entire network. That is why I advocated for a statutory standard. And
    the statutory standard for which I advocated would pay the ('good') ISP's
    for what they are doing now for free.

    Please 'ramble" some more (in this thread or another) in the same
    intelligent manner as you have. We have a long, long way to go to ensure
    security in this 21st century world.
    ... And lots more issues to overcome before we can start to feel safe,
    again (if we ever could, or can ever again.)

    Rational discussion and intelligent consideration of issues is essential.
    Please write again. Thanks for writing this time.

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2