PDA

View Full Version : Comprehensive security?



Unknown
11-28-08, 11:10 AM
Hello. I have not posted here before, but it seems like you folks can
probably give good analysis of computer security problems.
If I understand things correctly, the following combinations should
provide good security:

Firewalls and real-time AV programs are the only defense against
unsolicited problems?
Bios password protects against unauthorized access, so long as the
hard drive is in the same computer as it was when the password was
installed.
Whole-drive encryption protects unauthorized access if your drive
is removed and accessed by a third party as an external data storage
device.
Encrypting transmissions across the internet will provide security
if my transmissions are intercepted.
Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
transmissions over the internet.
An anonymizing service can prevent tracking by a local ISP.

Are there any other nodes where security can be compromised? How
can I prevent them from being compromised?
Obviously, my IP address is necessary in order for any other computer
to send me the files I am trying to access. Is there any way to make
my IP address unrecognizable to anyone intercepting a transmission?
I am not concerned about anyone knowing my RL identity, and things
like that, I just don't want anyone to know anything I don't explicitly
put out there.

I am currently running XP, Comodo firewall, and avast! anti-virus.

Sincerely,

DES

Frank Merlott
11-28-08, 01:29 PM
> Firewalls and real-time AV programs are the only defense against
> unsolicited problems?

Common sense helps a lot, I know it sounds obvious but sometimes people
misses the obvious.

> Bios password protects against unauthorized access, so long as the
> hard drive is in the same computer as it was when the password was
> installed.

You can reset the BIOS password opening the case and taking out the
battery, a child's game. In addition some companies have a master
password for the BIOS (i.e backdoor).

> Whole-drive encryption protects unauthorized access if your drive
> is removed and accessed by a third party as an external data storage
> device.

This is the best you can do

> Encrypting transmissions across the internet will provide security
> if my transmissions are intercepted.
> Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
> transmissions over the internet.
> An anonymizing service can prevent tracking by a local ISP.

Yes this is good, your ISP will not be able to log your activities.

>
> Are there any other nodes where security can be compromised? How
> can I prevent them from being compromised?

The obvious thing, if you computer is switched and someone can access
it whole disk encryption will not help you, SSH will not help you,
nothing will help you, make sure your computer is never switched on
when you are not there.

Do not install warez (ie cracked software) in your computer, they may
contain trojans and once a trojan is in your computer they will do
anything they like with it.

> Obviously, my IP address is necessary in order for any other computer
> to send me the files I am trying to access. Is there any way to make
> my IP address unrecognizable to anyone intercepting a transmission?
> I am not concerned about anyone knowing my RL identity, and things
> like that, I just don't want anyone to know anything I don't explicitly
> put out there.
>
> I am currently running XP, Comodo firewall, and avast! anti-virus.

I would add to that JanusVM or Operator and Truecrypt.

--
http://www.privacylover.com

Unknown
11-28-08, 02:29 PM
"Frank Merlott" <no@email.spam> wrote in message
news:2cm6af.um7.17.1@news.alt.net...

>> Bios password protects against unauthorized access, so long as the
>> hard drive is in the same computer as it was when the password was
>> installed.
>
> You can reset the BIOS password opening the case and taking out the
> battery, a child's game. In addition some companies have a master password
> for the BIOS (i.e backdoor).

Yes, I had read that. In this group, it seemed that there was at least some
merit to using it. However, it appears that this is the weak link in
computer
security. Originally I came up with the idea of including password
protection
in the "read" command protocols. If a "read disk" command was issued,
the "read disk" hardware would not implement the "read" before checking
that it had proper permission to do so. But I have not been able to come
up with a way of implementing that kind of programming, either hard or
soft. Further, the password and the protocol would have to be on the
HD, and encrypted, so that the disk address read would always have to be
the same, i.e., preprogrammed. This would allow for anyone reading the
disk as an external device to simply read a given track/sector/etc., get the
password, and go from there. Even if the disk was encrypted, some disk
info would be available, and would probably eventually allow for decryption.

> The obvious thing, if you computer is switched and someone can access it
> whole disk encryption will not help you, SSH will not help you, nothing
> will help you, make sure your computer is never switched on when you are
> not there.

.... because all of these things operate automatically once you are booted
up and logged in. Thus my interest in preventing boot-up.

> Do not install warez (ie cracked software) in your computer, they may
> contain trojans and once a trojan is in your computer they will do
> anything they like with it.

I have seen the term warez, but I have never known what it is. I have
never had anything to do with it. Thanks for the info.

DES

Unknown
11-28-08, 10:19 PM
"Frank Merlott" <no@email.spam> wrote in message
news:2cm6af.um7.17.1@news.alt.net...

> I would add to that JanusVM or Operator and Truecrypt.

Question: Is VMware player or VMware server the better choice? What are
the differences?

Thanks for all your help.

DES

Kayman
11-29-08, 04:15 AM
On Fri, 28 Nov 2008 12:10:21 -0500, Unknown wrote:

> Hello. I have not posted here before, but it seems like you folks can
> probably give good analysis of computer security problems.
> If I understand things correctly, the following combinations should
> provide good security:
>
> Firewalls and real-time AV programs are the only defense against
> unsolicited problems?
> Bios password protects against unauthorized access, so long as the
> hard drive is in the same computer as it was when the password was
> installed.
> Whole-drive encryption protects unauthorized access if your drive
> is removed and accessed by a third party as an external data storage
> device.
> Encrypting transmissions across the internet will provide security
> if my transmissions are intercepted.
> Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
> transmissions over the internet.
> An anonymizing service can prevent tracking by a local ISP.
>
> Are there any other nodes where security can be compromised? How
> can I prevent them from being compromised?
> Obviously, my IP address is necessary in order for any other computer
> to send me the files I am trying to access. Is there any way to make
> my IP address unrecognizable to anyone intercepting a transmission?
> I am not concerned about anyone knowing my RL identity, and things
> like that, I just don't want anyone to know anything I don't explicitly
> put out there.
>
> I am currently running XP, Comodo firewall, and avast! anti-virus.

"*Security is a process not a product*" (Bruce Schneier).

Educational reading:
10 Immutable Laws of Security.
http://technet.microsoft.com/en-us/library/cc722487.aspx

For WinXP the most dependable defenses are:-
1. Do not work as Administrator; For day-to-day work routinely use a
Least-privileged User Account (LUA).
Applying the Principle of Least Privilege to User Accounts on
WindowsXP
http://technet.microsoft.com/en-us/library/bb456992.aspx

2. Secure (Harden) your operating system.
http://www.5starsupport.com/tutorial/hardening-windows.htm

3. Don't expose services to public networks.
Windows XP Service Pack 3 Service Configurations
http://www.blackviper.com/WinXP/servicecfg.htm

4. Keep your operating (OS) system (and all software on it)
updated/patched.
How to configure and use Automatic Updates in Windows XP
http://support.microsoft.com/kb/306525
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us

4a.Got SP3 yet?
Why Service Packs are Better Than Patches.
http://www.microsoft.com/technet/archive/community/columns/security/essays/srvpatch.mspx?mfr=true

5. Reconsider the usage of IE and OE.
Utilizing another browser application and e-mail provider can add to
the overall security of the OS.
Consider: Opera, FireFox or Seamonkey and PegasusMail, Thunderbird,
or WLM.

5a.Secure (Harden) Internet Explorer.
Internet Explorer7 Desktop Security Guide.
http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en

6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* all Anti-WhatEver ware and 3rd party
software personal firewall application (PFW) - the one which
claims: "It can stop/control malicious outbound traffic".

7. If on dial-up Internet connection, activate the build-in firewall.
Windows XP: How to turn on your firewall.
http://www.microsoft.com/protect/computer/firewall/xp.mspx

7a.Configure Windows by using:
Seconfig XP 1.1
http://seconfig.sytes.net/

7b.If on high-speed Internet connection use a Router and
implement Countermeasures against DNSChanger.
http://extremesecurity.blogspot.com/2008/06/use-default-password-get-hijacked.html

7c.And (just in case) Wired Equivalent Privacy (WEP) has been
superseded by Wi-Fi Protected Access (WPA).

8. Utilize one (1) each 'real-time' anti-virus and anti-spy
application.
Consider: Avira AntiVirŪ PersonalEdition Classic - Free
and Windows Defender.

9. Employ back-up application(s).
Windows XP Backup Made Easy
http://www.microsoft.com/windowsxp/using/setup/learnmore/bott_03july14.mspx
Consider: Acronis, Casper or Norton Ghost and ERUNT.

9a.Utilize vital operating system monitor utilities/applications.
Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER, Wireshark,
Port Reporter etc.

10.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

The least preferred defenses are:-
Myriads of popular anti-whatever (*real-time*) applications and staying
ignorant.

FYI:
Avoiding Rootkit Infection.
"The rules to avoid rootkit infection are for the most part the same as
avoiding any malware infection however there are some special
considerations:
Because rootkits meddle with the operating system itself they *require*
full Administrator rights to install. Hence infection can be avoided by
running Windows from an account with *lesser* privileges" (LUA in XP and
UAC in Vista).

Good luck :)

Moe Trin
11-29-08, 10:16 AM
On Fri, 28 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<49f7f$49302601$4fc5b56$15989@ALLTEL.NET>, Unknown wrote:

>Hello. I have not posted here before, but it seems like you folks can
>probably give good analysis of computer security problems.

1. See RFC1855 - you really missed the point.
2. On the 15th of each month, there is a list of the 'big-eight' news
groups posted. You'd have better luck there.

>If I understand things correctly, the following combinations should
>provide good security:

You neglect the most important one - users. No security tool will
protect against you doing st00pid things.

>Firewalls and real-time AV programs are the only defense against
>unsolicited problems?

Installing a recent version of common_sense.exe should prevent programs
from "installing themselves".

"common_sense.exe" isn't installed - it makes it harder to hit the icon
that says "Click Here to get your system screwed", and users get frustrated
when that happens. Microsoft says that would reduce their profits.

>Bios password protects against unauthorized access, so long as the
>hard drive is in the same computer as it was when the password was
>installed.

Physical access beats five aces. BIOS passwords can usually be reset,
even if they don't have well-known back doors or default passwords.

>Whole-drive encryption protects unauthorized access if your drive
>is removed and accessed by a third party as an external data storage
>device.

provided the encryption key (passphrase, or "password") is strong, is
not stored on the computer, or on a sticky-note taped to the display.

>Encrypting transmissions across the internet will provide security
>if my transmissions are intercepted.

Usually - assumes a strong encryption scheme.

>Some sort of tunneling (ssl, ssh, ssd, etc.) can be used to secure
>transmissions over the internet.

Usually - assumes a strong encryption scheme. Note also the function
is to _secure_ the transmissions, not _hide_ them.

>An anonymizing service can prevent tracking by a local ISP.

Usually - but this doesn't protect against Mommy discovering you've
been surfing pr0n sites, nor prevent the ISP (or your local security
officials from knowing you are trying to hide stuff. This also
assumes that the relay sites you are using are completely trustworthy
which is rarely the case.

>Are there any other nodes where security can be compromised?

Yes

>How can I prevent them from being compromised?

Don't use the Internet.

>Obviously, my IP address is necessary in order for any other computer
>to send me the files I am trying to access.

See above

>I am currently running XP, Comodo firewall, and avast! anti-virus.

]X-Newsreader: Microsoft Outlook Express 6.00.2900.5512

<Snickers> Is all of that crap up to date? I doubt it.

Old guy

Unknown
11-29-08, 11:55 AM
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrngj2qnq.eb0.ibuprofin@compton.phx.az.us...

> <Snickers> Is all of that crap up to date? I doubt it.
>
> Old guy

Assuming that your post was intended as flame-bait, I will keep this short.

I don't know how old you are, but I doubt you've been using desk-tops,
the internet, or newsgroups longer than I have. I've been using computers
for longer than any of those things have been around, and certainly since
long before RFC1855 was even a thought. I check for updates daily,
at least. Most of the suggestions given so far I had already implemented
(including all but one of the suggestions given in the websites suggested by
Kayman), but was looking for input from other perspectives, in case I had
missed something. Yours was particularly un-helpful, but will nevertheless
be scrutinized for any bit of information I can glean from it (which might
be more than you think). I've even been reading, but not posting to,
acs. for some time.

DES

Tim Jackson
11-29-08, 03:46 PM
Unknown wrote:
> "Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
> news:slrngj2qnq.eb0.ibuprofin@compton.phx.az.us...
>
>> <Snickers> Is all of that crap up to date? I doubt it.
>>
>> Old guy
>
> Assuming that your post was intended as flame-bait, I will keep this short.
>
> I don't know how old you are, but I doubt you've been using desk-tops,
> the internet, or newsgroups longer than I have. I've been using computers
> for longer than any of those things have been around, and certainly since
> long before RFC1855 was even a thought. I check for updates daily,
> at least. Most of the suggestions given so far I had already implemented
> (including all but one of the suggestions given in the websites suggested by
> Kayman), but was looking for input from other perspectives, in case I had
> missed something. Yours was particularly un-helpful, but will nevertheless
> be scrutinized for any bit of information I can glean from it (which might
> be more than you think). I've even been reading, but not posting to,
> acs. for some time.
>
> DES
>
>
Hey is this an old IT guys convention. Can I join in? I did my time on
card punches.

You know, I may be odd, but I've been using a computer for internet
access running Windows 98 with the same registry file since Windows 98
was new (although all the hardware has changed bit by bit), on broadband
since it became available, with a NAT router and common sense. No
firewall, no running anti-virus program. And in that time I've had
exactly one malware attack, that was through my own stupidity and took a
few hours to clean up by hand. I do do periodic virus scans just to be
sure, and to give confidence to others.

Yes I download and buy stuff off the internet, and I look at 'pron' as
you call it. But I don't expect something for nothing, I never download
anything unless I think I understand the business model of the guy
selling, and mostly from sources I trust.

And I never ever ever open unsolicited email attachments (after that
once), and don't let my browser do it either. I get masses and masses
of spam, but it all gets filtered out by my ISP and by Thunderbird's
message rules, so I never see it.

Oh, and the kids get a nasty bollocking if they go anywhere near my
computer, they can infect their own.

Am I somehow blessed with an attack-free zone, or is there an awful lot
of hype about?


Tim Jackson

Moe Trin
11-29-08, 06:37 PM
On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<b0650$49318230$4832fca$17408@ALLTEL.NET>, Unknown wrote:

>Assuming that your post was intended as flame-bait, I will keep this
>short.

It wasn't - really simple. Most mal-ware infections are the result of
the user doing st00pid things. If you're not aware of that, no
anti-mal-ware is going to help. Tunneling and anonymizing sound
great. Do you know who is operating the service you are using?
Recently, a spammer posted to a number of newsgroups advertising such
services... using servers located in Guangdong province. Trivial to
discover if you have a clue - most people don't.

>I don't know how old you are, but I doubt you've been using desk-tops,
>the internet, or newsgroups longer than I have.

Does a 'bang-path' mean anything to you? Mine was two links beyond Ames.

>I've been using computers for longer than any of those things have been
>around, and certainly since long before RFC1855 was even a thought.

RFC1855 was from 1995. Usenet is about 15 years older than that, and
computer networks go back years before even that. Do you remember the
original 3 MHz Ethernet? It predates the S-100 and Apple I, never mind
the Apple ][ or IBM PC. We finally retired our last 3Base5 subnet about
fifteen years ago.

>I check for updates daily, at least. Most of the suggestions given
>so far I had already implemented (including all but one of the
>suggestions given in the websites suggested by Kayman), but was looking
>for input from other perspectives, in case I had missed something.

and yet you are using Outlook Express on an Internet connection. Why?
In another article here, you state that you have Xnews and alternative
browsers, so it's not as if LookOut is the only application you've
bothered to learn how to use. That application _alone_ has more CERT
advisories than anything else.

>Yours was particularly un-helpful, but will nevertheless be scrutinized
>for any bit of information I can glean from it (which might be more
>than you think).

You may not like the way I wrote it, but the information is useful. Fix
the user problem, and disable the "I'm sure you want this, let me help
you" crap. There really isn't a Mal-ware Fairy that flitters about,
waving a magic wand to infect your systems when you aren't looking.

>I've even been reading, but not posting to, acs. for some time.

On the 15th of each month, there is a posting to the Usenet newsgroups
news.announce.newgroups, news.groups, and news.lists.misc with the
subject "List of Big Eight Newsgroups".

[compton ~]$ grep security big.8.list.11.15.08
comp.lang.java.security Security issues raised by Java.
comp.os.linux.security Security and the GNU/Linux Operating System.
comp.os.ms-windows.nt.admin.security Windows NT Security topics.
comp.os.netware.security Netware Security issues.
comp.security.announce Announcements from the CERT about security. (Moderated)
comp.security.firewalls Anything pertaining to network firewall security.
comp.security.gss-api Generic Security Service Application Program Interface.
comp.security.misc Security issues of computers and networks.
comp.security.pgp.announce New PGP versions, utils and such. (Moderated)
comp.security.pgp.discuss PGP and its implications.
comp.security.pgp.resources PGP related resources, information and more.
comp.security.pgp.tech Use of PGP, bug reports and help.
comp.security.pgp.test Testing signing, encryption and decryption using PGP.
comp.security.ssh SSH secure remote login and tunneling tools.
comp.security.unix Discussion of Unix security.
[compton ~]$

And while we're at it - do you even know what Bugtraq is (besides being a
mailing list that you may find mirrored on your news server)?

Old guy

Moe Trin
11-29-08, 06:40 PM
On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<B7GdnRgx8ZPQJazUnZ2dnUVZ8g6dnZ2d@posted.plusnet>, Tim Jackson wrote:

>Unknown wrote:

>> I don't know how old you are, but I doubt you've been using desk-tops,
>> the internet, or newsgroups longer than I have. I've been using
>> computers for longer than any of those things have been around, and
>> certainly since long before RFC1855 was even a thought.

>Hey is this an old IT guys convention. Can I join in? I did my time on
>card punches.

Lessee, I think we got rid of Hollerith stuff around 1980. I've still
got some card bins though - they make nice storage/carriers.

>You know, I may be odd, but I've been using a computer for internet
>access running Windows 98 with the same registry file since Windows 98
>was new

Eeuuuuuuwwwwwww, newbie!

>on broadband since it became available, with a NAT router and common
>sense.

That's cheating. How is the Mal-ware Service Company supposed to make
money if you're actually using brane cells?

>No firewall, no running anti-virus program. And in that time I've had
>exactly one malware attack, that was through my own stupidity and took
>a few hours to clean up by hand. I do do periodic virus scans just to
>be sure, and to give confidence to others.

[compton ~]$ whatis aide
aide (1) - Advanced Intrusion Detection Environment
[compton ~]$

Don't think that's available for windoze, but similar tools should be.
It's a replacement for 'tripwire' - basically it is used to compare
hashes of how your system looked before, with how it looks now. Smart
users run it on a stand-alone O/S - remember a boot floppy?

>Yes I download and buy stuff off the internet, and I look at 'pron' as
>you call it.

Yeesh, whatta maroon! It's called pr0n.

>And I never ever ever open unsolicited email attachments (after that
>once), and don't let my browser do it either. I get masses and masses
>of spam, but it all gets filtered out by my ISP and by Thunderbird's
>message rules, so I never see it.

Mail with attachments? If it's from an unknown correspondent, I won't
even see the mail. If it's a known source, I may look at it with a hex
editor. Most people know not to send me HTML mail, much less crap with
attachments.

>Oh, and the kids get a nasty bollocking if they go anywhere near my
>computer, they can infect their own.

If you're still using win98, you might want to consider upgrading to
something newer. Modern versions of windoze can be set with multiple
user accounts, NONE OF WHICH NEED TO BE 'ADMINISTRATOR'.

>Am I somehow blessed with an attack-free zone, or is there an awful
>lot of hype about?

Well, either it's a troll-zone, or you've discovered the amazing
usefulness of thinking.

Old guy

Unknown
11-29-08, 10:37 PM
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrngj3o1k.uug.ibuprofin@compton.phx.az.us...
> On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in
> article
> <b0650$49318230$4832fca$17408@ALLTEL.NET>, Unknown wrote:
>
>>Assuming that your post was intended as flame-bait, I will keep this
>>short.
>
> It wasn't - really simple. Most mal-ware infections are the result of
> the user doing st00pid things. If you're not aware of that, no
> anti-mal-ware is going to help. Tunneling and anonymizing sound
> great. Do you know who is operating the service you are using?
> Recently, a spammer posted to a number of newsgroups advertising such
> services... using servers located in Guangdong province. Trivial to
> discover if you have a clue - most people don't.

Actually, my only tunneling experience has been with my brief association
with a news provider other than my ISP. It was configured by that news
provider (funny, I can't remember which news provider it was -- many
of them are offering tunneling as an add-on to the basic subscription.)

>>I don't know how old you are, but I doubt you've been using desk-tops,
>>the internet, or newsgroups longer than I have.
>
> Does a 'bang-path' mean anything to you? Mine was two links beyond Ames.

No, that doesn't mean anything to me. I was never a computer nerd, geek, or
anything else like that. Computers have always been a tool to me.

>>I've been using computers for longer than any of those things have been
>>around, and certainly since long before RFC1855 was even a thought.
>
> RFC1855 was from 1995. Usenet is about 15 years older than that, and
> computer networks go back years before even that. Do you remember the
> original 3 MHz Ethernet?

I remember Ethernet, is there still any of it still around? Couldn't say if
it
was 3MHz or not.

> It predates the S-100 and Apple I, never mind
> the Apple ][ or IBM PC. We finally retired our last 3Base5 subnet about
> fifteen years ago.

The first small "computer" I had was a TI programmable calculator. Since
it was able to save a program it counted as a computer, although I didn't
know that at the time. I briefly had a Commodore 64. My college-level
work was mostly sciences (I graduated with a BS in Combined Sciences
in 1980), but along the way I picked up 2-3 years of computer science
classes as electives. Some of those were basic classes (I've programmed
in IBM 360 assembler language, Fortran, and a few other relatively low-level
languages; have even entered hex code into debug for short programs).
One of those classes was a senior level course in "Microcomputer System
Architecture", in which I wrote operating systems for the "new" desktop
computers that had just recently come out. Actually, my first computer
course was a continuing education class at the local university while I
was still in high school, about 1970 or 71. I graduated high school in
1972.

>>I check for updates daily, at least. Most of the suggestions given
>>so far I had already implemented (including all but one of the
>>suggestions given in the websites suggested by Kayman), but was looking
>>for input from other perspectives, in case I had missed something.
>
> and yet you are using Outlook Express on an Internet connection. Why?
> In another article here, you state that you have Xnews and alternative
> browsers, so it's not as if LookOut is the only application you've
> bothered to learn how to use. That application _alone_ has more CERT
> advisories than anything else.

I don't really know why. Maybe I'm just comfortable with it. Xnews does
seem to have more reliable downloads, though. Fewer come through
uncorrupted.

As to the "big eight" - one of the things that I liked when I saw this
group
was the more relaxed attitudes that I saw here. It's kinda like sitting
around
a pitcher of beer, with no full glasses, each person in turn (or out)
exclaiming
"No ****, there I was..."! I have my own story....

BTW, I do "read" the porn groups, my mommy knows it, and just shakes her
head. Not much she can do about it at my age, and the fact that she doesn't
live with me. But she loves me anyway! Actually, most of my online
activity
is educational... I have special interests in anaerobic digester --> fuel
cell
technologies, biosystematics, cosmology, history, and the history of movies,
newspapers, magazines, radio, and television.

But in fact, I do not limit my browsing in any way. For that reason alone
I am subject to malicious intrusions from both the bad guys and the
(supposed)
good guys (government) who try to censor what I can look at. I suppose the
fact that I once emailed Janet Reno threatening to purchase a gun (legally)
for the first time in my life specifically to protect myself from law
enforcement
agents (of various ilk) doesn't help my situation any. I didn't actually
threaten
to harm anyone, just defend myself, but basically it was saying that the
government was the bad guy, and that doesn't sit well with LE.

DES

Unknown
11-29-08, 10:50 PM
"Tim Jackson" <tim@tim-jackson.co.uk> wrote in message
news:B7GdnRgx8ZPQJazUnZ2dnUVZ8g6dnZ2d@posted.plusnet...

> Hey is this an old IT guys convention. Can I join in? I did my time on
> card punches.

Yeah, even my earliest college-level computer courses used cards...
no such thing as a micro-/mini- computer back then.

So, maybe it is an "old IT guys convention". I have never been a
professional in the field, but many years ago I did a few years
formal study in the field of computers. Some of my courses
bordered on mathematical logic, and I actually do have some
formal work in logic. Courses like "discrete structures" were
taught as both math and computer science courses. "Data Structures"
taught things like stacks, queues, linked lists, and the like (are those
things still used today in "file system" types of software?)

DES

Tim Jackson
11-30-08, 04:20 AM
Moe Trin wrote:
> On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
> <B7GdnRgx8ZPQJazUnZ2dnUVZ8g6dnZ2d@posted.plusnet>, Tim Jackson wrote:
>
>> Unknown wrote:
>
>> Hey is this an old IT guys convention. Can I join in? I did my time on
>> card punches.
>
> Lessee, I think we got rid of Hollerith stuff around 1980. I've still
> got some card bins though - they make nice storage/carriers.
>
I got called out to fix a Hollerith card sorter around the end of the
80's. It must have been one of the last. They were using it for
searching legacy microfiche cards.

>> Yes I download and buy stuff off the internet, and I look at 'pron' as
>> you call it.
>
> Yeesh, whatta maroon! It's called pr0n.
>
Oh, sorreee. I'm obviously not looking at it right. I'll go stand in a
corner for a bit and have a Sherman. Maroon? that's an old French
chestnut that goes bang isn't it?

>> Oh, and the kids get a nasty bollocking if they go anywhere near my
>> computer, they can infect their own.
>
> If you're still using win98, you might want to consider upgrading to
> something newer. Modern versions of windoze can be set with multiple
> user accounts, NONE OF WHICH NEED TO BE 'ADMINISTRATOR'.
>
Yeah, but I could never see the point of paying out for that feature on
my private workstation in my home workshop, surrounded by a defensive
barrier of tools, junk and sharp objects on the floor. Plus gaining
some issues about migrating to new hardware from time to time, and work
to strip out the bloatware. And concern for software installed long ago
for which replacement licenses may no longer be available or the install
CD is lost, etc. If it's not broke don't fix it. A lock for the
workshop door would be cheaper. The local whizz kids can wreck my
daughter's machine trying to over-clock it, but if they touch mine there
will be hell to pay and they know it.

I'd rather have a new laser printer than a new OS. I've got an XP
machine and a Linux machine too, but I don't live there.


Tim

Unknown
11-30-08, 11:58 AM
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrngj3o1k.uug.ibuprofin@compton.phx.az.us...

> It wasn't - really simple. Most mal-ware infections are the result of
> the user doing st00pid things. If you're not aware of that, no
> anti-mal-ware is going to help.

So, let me explain how I see security through software. It has a most
precise analogy with "safety",
as in the workplace, at home, etc.

For 17 years I worked as an industrial pretreatment sampler. My job was to
take samples of
industrial waste water, do some very basic tests such as measuring pH and
such, prepare those
samples for further lab analysis, and clean the equipment. At every stage I
was exposed to
hazardous chemicals, some extremely so. Some of them were common things,
like hydrochloric
acid, sodium hydroxide, etc., but in much higher concentrations than one
might find in most
home or commercial settings. Sometimes I worked with 99.99% concentrations.
HCl could
burn through you on contact. There were also the unknowns. Since we were
testing for
what was in the water, it goes without saying that we really didn't know for
sure what was in
the water.

Doing the job was fairly straightforward. We sucked up water into glass
bottles, poured that
sample into multiple other bottles, put acids and bases into the bottles in
order to "preserve"
what we were going to test for, and apply caps and labels. Cleaning our
equipment was done
with HCl, strong enough to burn skin on contact. During this whole process,
if we were very
careful, there would be no spills, splashes, overflows, etc. But if things
didn't go perfectly
(and of course, nothing's perfect), there were all manner of things that
could go wrong, from
broken glass flying at your head (yes, that actually happened to me) to
splashing acid on your
skin and into your eyes (yes, had both those things happen to me), to
irritations of the skin,
lungs, and digestive tract. Sometimes I took samples from down in the
sewers. We were
always in danger of inhaling and swallowing waterborne pathogens. Since we
tested hospital
waste, we were in danger of coming into contact with improperly (and
illegally) disposed of
syringes, needles, and other medical waste (on several occasions this
happened).

Because of the dangers, we did our job in isolation, setting up a protected
area around
the work site, to exclude the uninformed from doing anything that might be
dangerous,
simply out of ignorance of the situation.

Throughout all the process there were specified personal protective
equipment (PPE). They
might include simple face masks, like you can get in any hardware store;
more complex
cannister-style filter masks; gloves that could withstand high water
temperatures; latex and
other gloves to handle medical dangers; sometimes full body suits; goggles,
and other safety
glasses; etc.

Now, I can get onto the Internet, and use all of the services available, and
do so with ease.
If there are no leaks, spills, overflows, dumps, etc. everything is okay.
But I would really
like my computer to have its own PPE. Thus, encryption, tunneling,
passwords, etc.

All these things are the PPE for my computer, and I wouldn't want to do
anything without
them.

DES

Moe Trin
11-30-08, 03:28 PM
On Sun, 30 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<ZsydnYx-jZyd9K_UnZ2dnUVZ8oGdnZ2d@posted.plusnet>, Tim Jackson wrote:

>Moe Trin wrote:

>> Lessee, I think we got rid of Hollerith stuff around 1980. I've
>> still got some card bins though - they make nice storage/carriers.

>I got called out to fix a Hollerith card sorter around the end of
>the 80's. It must have been one of the last. They were using it for
>searching legacy microfiche cards.

Oh, forgot about that - we've got several vaults full of cabinets of
microfiche (and reels of microfilm) here, but I think we're one of the
last bastions in the company. I think most of it has been duplicated
onto digital media, but it's still part of the old records retention.

>> If you're still using win98, you might want to consider upgrading
>> to something newer. Modern versions of windoze can be set with
>> multiple user accounts, NONE OF WHICH NEED TO BE 'ADMINISTRATOR'.

>Yeah, but I could never see the point of paying out for that feature
>on my private workstation in my home workshop, surrounded by a
>defensive barrier of tools, junk and sharp objects on the floor.

What? No guard dragons?

>Plus gaining some issues about migrating to new hardware from time to
>time, and work to strip out the bloatware. And concern for software
>installed long ago for which replacement licenses may no longer be
>available or the install CD is lost, etc. If it's not broke don't fix
>it.

Valid issues - as long as everything is backed up, and restorable (the
latter usually catches people). The problem is that eventually, that
Seagate ST-251 drive is going to wear out, or the Magic Smoke is going
to escape from that MFM controller. Most everything else is replaceable.

>A lock for the workshop door would be cheaper. The local whizz kids
>can wreck my daughter's machine trying to over-clock it, but if they
>touch mine there will be hell to pay and they know it.

Physical security is the first line of defense. I think all of the
systems I have... at least the ones I can see at the moment - all
have case locks.

Old guy

Moe Trin
11-30-08, 03:31 PM
On Sat, 29 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<ce4bc$493218a7$4fc5f31$9044@ALLTEL.NET>, Unknown wrote:

>"Moe Trin" <ibuprofin@painkiller.example.tld> wrote

>> RFC1855 was from 1995. Usenet is about 15 years older than that,
>> and computer networks go back years before even that. Do you
>> remember the original 3 MHz Ethernet?
>
>I remember Ethernet, is there still any of it still around? Couldn't
>say if it was 3MHz or not.

3 MHz was not very common - 0.4 inch black cable in ceilings or under
the floor - transceivers (about 3 x 3 x 6 inch) directly attached to the
cable, with a 1/3 inch diameter gray cable between the transceiver and
the computer. The far more common variant was regular 10Base5
Ethernet (usually called "thicknet"), that looked physically similar,
except that the black cable was replaced with yellow or orange (jacket
was flame/smoke resistant) and the transceivers were somewhat smaller.
Both were physical nightmares to install, and most facilities went to
the smaller 10Base2 "Thinnet" which used a 1/4 inch black cable that
went to every computer an attached with a 'tee' connector. That also
fell out of fashion, and was replaced with twisted pair cabling, first
10BaseT, and subsequently 100BaseT and 1000BaseT. Ethernet is still
very common, although it's being replaced by fiber in some commercial
and educational venues. Virtually all home networks are Ethernet, even
the short length that connect the computer to the external DSL modem,
router, or similar. The cable/connector looks like what the modern
telephone uses, except that the connector is nearly twice as wide (8
contacts, not 4).

>Actually, my first computer course was a continuing education class at
>the local university while I was still in high school, about 1970 or
>71. I graduated high school in 1972.

about 12 years after I started working with computers.

>> and yet you are using Outlook Express on an Internet connection.
>> Why? In another article here, you state that you have Xnews and
>> alternative browsers, so it's not as if LookOut is the only
>> application you've bothered to learn how to use. That application
>> _alone_ has more CERT advisories than anything else.
>
>I don't really know why. Maybe I'm just comfortable with it.

Consider learning something else. Nearly _anything_ else is going to
be less of a security hole.

>But in fact, I do not limit my browsing in any way.

If you like playing with fire, expect to be burnt now and then, even if
you are wearing an asbestos suit.

Old guy

Anne & Lynn Wheeler
11-30-08, 04:02 PM
ibuprofin@painkiller.example.tld (Moe Trin) writes:
> RFC1855 was from 1995. Usenet is about 15 years older than that, and
> computer networks go back years before even that. Do you remember the
> original 3 MHz Ethernet? It predates the S-100 and Apple I, never mind
> the Apple ][ or IBM PC. We finally retired our last 3Base5 subnet
> about fifteen years ago.

the internal network was larger than the arpanet/internet from just
about the beginning until possibly late '85 or early '86.

from old reference giving network sizes circa '85

BITNET 435
ARPAnet 1155
CSnet 104 (excluding ARPAnet overlap)
VNET 1650
EasyNet 4200
UUCP 6000
USENET 1150 (excluding UUCP nodes)

old announcement for the first gateway between the internal
network and CSnet:
http://www.garlic.com/~lynn/98.html#email821022
in this post
http://www.garlic.com/~lynn/98.html#0

.... BITNET (and EARN) was educational network sponsored by the
corporation using similar technology to that used for the
internal (VNET) network ... misc. past bitnet/earn posts
http://www.garlic.com/~lynn/subnetwork.html#bitnet

misc. past internal network posts
http://www.garic.com/~lynn/subnetwork.html#internalnet

I got blamed for doing computer conferencing on the internal network in
the late 70s and early 80s ... there then followed some number of
investigations into this "new" phenonama. somewhat as a result, a
researcher was paid for nine months to sit in the back of my office for
nine months to take notes on how I communicated; they also got copies of
all my incoming and outgoing email as well as logs of all instant
messages. In addition to (corporate) research report, the material was
also used for a Stanford phd thesis in the mid-80s (joint between
language and AI departments) as well as some number of papers and books.
misc. past posts mentioning computer mediated communication
http://www.garlic.com/~lynn/subnetwork.html#cmc

most of the machines on the internal network ran a virtual machine
operating system ... orginally developed by the science center
in the mid-60s. In the late 60s and early 70s there saw some number
of commercial time-sharing service bureaus formed leveraging
virtual machine operating systems as the base platform ... misc.
past posts
http://www.garlic.com/~lynn/submain.html#timeshare

one such was company called TYMSHARE ... which also developed computer
conferencing facility on their platform. In the mid-70s, TYMSHARE
offered "free" use of the computer conferencing facility to the
vendor customer organization ... website here:
http://www.share.org/

and archive of that computer conferencing starting August 1976 is
archived here:
http://vm.marist.edu/~vmshare/

for related ... this post has some pictures of online home setup in the
late 70s through mid-80s ... which for part of the time, also included a
compact microfiche viewer (at work had access to microfiche printer)
http://www.garlic.com/~lynn/2008m.html#51

this recent post discusses some of the virtual machine platform
characteristics
http://www.garlic.com/~lynn/2008q.html#62

"security" was important issue for the commercial time-sharing service
bureaus ... but also important to some number of gov. agencies that also
used the platform (starting in the 60s & 70s)... minor reference here:
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

for the heck of it, my rfc index
http://www.garlic.com/~lynn/rfcietff.htm

in the "RFCs listed by" section, clicking on the "Date" field ... brings
up frame given RFCs by date.

and for the fun of it, some posts in recent thread from usenet news
a.f.c:
http://www.garlic.com/~lynn/2008r.html#3 What if the computers went back to the '70s too?
http://www.garlic.com/~lynn/2008r.html#5 What if the computers went back to the '70s too?
http://www.garlic.com/~lynn/2008r.html#6 What if the computers went back to the '70s too?

other nostalgia some postings related to Interop '88 held in san jose
http://www.garlic.com/~lynn/subnetwork.html#interop

this was somewhat leading edge of the federal gov. mandates that
required eliminating tcp/ip (internet), replacing it with OSI (gosip
stuff) ... and there were lots of OSI products in the booths that year
at interop.

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Unknown
11-30-08, 04:17 PM
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrngj61i4.kpu.ibuprofin@compton.phx.az.us...

> about 12 years after I started working with computers.

Ah, so you really ARE an old guy! | : > )

>>> and yet you are using Outlook Express on an Internet connection.
>>> Why? In another article here, you state that you have Xnews and
>>> alternative browsers, so it's not as if LookOut is the only
>>> application you've bothered to learn how to use.

Not quite correct. When I first installed those alternatives, I tested them
with email, news, and web browsing. That required that I learn how to
use them.

> Consider learning something else. Nearly _anything_ else is going to
> be less of a security hole.

Suggestions, from a security perspective, are welcome. Saying that OE
is the worst doesn't really say anything about any others.

>>But in fact, I do not limit my browsing in any way.
>
> If you like playing with fire, expect to be burnt now and then, even if
> you are wearing an asbestos suit.

Yep, and people who jump out of airplanes know that someday BOTH
of their chutes might fail. See my other post about working with hazardous
chemicals. I was injured even though I was using all the required PPE.

DES

nemo_outis
11-30-08, 07:56 PM
ibuprofin@painkiller.example.tld (Moe Trin) wrote in
news:slrngj61i4.kpu.ibuprofin@compton.phx.az.us:

>>71. I graduated high school in 1972.
>
> about 12 years after I started working with computers.

That edges me out - I first used a computer in 1962 at McGill University.

Regards,

Leonard Agoado
12-01-08, 12:58 PM
"Tim Jackson" <tim@tim-jackson.co.uk> wrote

> Maroon? that's an old French


Nope, that's Bug Bunny for moron. Look at -

<http://www.dailymotion.com/video/x54uk9_bugs-bunny-buccaneer-bunny_shortfilms>

It comes up at 2:59.


Regards,

Len Agoado
agoado@msn.com

Tim Jackson
12-01-08, 01:44 PM
Leonard Agoado wrote:
> "Tim Jackson" <tim@tim-jackson.co.uk> wrote
>
>> Maroon? that's an old French
>
>
> Nope, that's Bug Bunny for moron. Look at -
>

Get a dictionary.

{Chambers} maroon n. a brownish crimson: a detonating firework. [Fr
/marron/ a chestnut]


Tim

Moe Trin
12-01-08, 02:04 PM
On Sun, 30 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<m3skp8na7g.fsf@garlic.com>, Anne & Lynn Wheeler wrote:

>ibuprofin@painkiller.example.tld (Moe Trin) writes:

>> RFC1855 was from 1995. Usenet is about 15 years older than that, and
>> computer networks go back years before even that.

0089 Some historic moments in networking. R.M. Metcalfe. January 1971.
(Format: TXT=16832 bytes) (Status: UNKNOWN)

For those not aware of it - search for RFC0089

>the internal network was larger than the arpanet/internet from just
>about the beginning until possibly late '85 or early '86.

That's very easy to believe. In 1983, we had about five hundred systems
at the facility I was working at (I'm still under a very strict NDA),
and we had just three systems that had access to [D]ARPAnet. If you
look at the databases from the five RIRs (AfriNic, APNic, ARIN, LACNic
and RIPE), by the end of 1983, there were just 1686 network allocations
and assignments world wide (I'm sure you recall they were handing them
out like water back then), and I think that's actually over-reporting.

>from old reference giving network sizes circa '85

See pages 4-12 of RFC0960

0960 Assigned numbers. J.K. Reynolds, J. Postel. December 1985.
(Format: TXT=125814 bytes) (Obsoletes RFC0943) (Obsoleted by
RFC0990) (Status: HISTORIC)

lists about 400.

>"security" was important issue for the commercial time-sharing service
>bureaus ... but also important to some number of gov. agencies that
>also used the platform (starting in the 60s & 70s)...

I'm still amazed at all of the connectivity that was out there so long
ago, and how trusting we were. Sure, our sensitive stuff was behind an
air-gap, but there was a lot of stuff accessible that would give the
auditors heart attacks today.

Old guy

Moe Trin
12-01-08, 02:05 PM
On Sun, 30 Nov 2008, in the Usenet newsgroup alt.computer.security, in article
<39a60$493310f1$4832870$31598@ALLTEL.NET>, Unknown wrote:

>>>> In another article here, you state that you have Xnews and
>>>> alternative browsers, so it's not as if LookOut is the only
>>>> application you've bothered to learn how to use.
>
>Not quite correct. When I first installed those alternatives, I
>tested them with email, news, and web browsing. That required that I
>learn how to use them.

Many people use the excuse that the alternatives - a dedicated mail
tool, a dedicated news tool, and an alternative browser such as one of
the Mozilla family - are to complicated, and difficult to use. About
half of them also have difficulty figuring out how to work a light
switch, but that's another matter. As for mail and news, some people
get bent out of shape when they see the dedicated mail or news tool
showing them raw HTML, instead of the soft pastel shades of crayon. It
never dawns on them that the HTML and scripting (Java, Active-X,
et.al.) is a major reason why they need the anti-mal-ware, especially
when the browser is configured to automatically load everything that
is presented as a URL, and run any/all scripts that might be present.

>> Consider learning something else. Nearly _anything_ else is going
>> to be less of a security hole.
>
>Suggestions, from a security perspective, are welcome. Saying that OE
>is the worst doesn't really say anything about any others.

Well, it does really. As for specific suggestions, that is out of my
area of expertise - if you look at the headers on this article, you'll
see I'm not even using windoze. There are several reasons for that -
one is that it's what I've been using at work for over twenty five
years. The second reason is that it does the job for free on hardware
that that's underpowered compared to what's needed for windoze, while
a third reason might be the concept of separation of users - something
that was incorporated into later versions of windoze, but is rarely
used because users feel it makes things to hard. The latter is the
reason the 'deloader' worm went through the windoze community like a
dose of salts in 2003 - everyone wants to use the 'Administrator'
account, and chooses a predictable (or no) password for that account.

>>> But in fact, I do not limit my browsing in any way.
>>
>> If you like playing with fire, expect to be burnt now and then, even
>> if you are wearing an asbestos suit.
>
>Yep, and people who jump out of airplanes know that someday BOTH
>of their chutes might fail.

[As a commercial pilot, the idea of jumping out of a perfectly good
airplane is rather strange, but that's another thing entirely.]

People who jump out of airplanes don't tend to do so at random
altitudes from 40 to 45,000 feet using a worn 'chute, nor do they
intentionally jump into rough terrain, cities, or other jungles. They
tend to be aware that a mistake can have fatal consequences, and thus
take reasonable care.

Old guy

Anne & Lynn Wheeler
12-01-08, 02:46 PM
ibuprofin@painkiller.example.tld (Moe Trin) writes:
> That's very easy to believe. In 1983, we had about five hundred systems
> at the facility I was working at (I'm still under a very strict NDA),
> and we had just three systems that had access to [D]ARPAnet. If you
> look at the databases from the five RIRs (AfriNic, APNic, ARIN, LACNic
> and RIPE), by the end of 1983, there were just 1686 network allocations
> and assignments world wide (I'm sure you recall they were handing them
> out like water back then), and I think that's actually over-reporting.

re:
http://www.garlic.com/~lynn/2008r.htmL#9 Comprehensive security?

for other trivia ... the technology for the internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet

also originated at the science center
http://www.garlic.com/~lynn/subtopic.html#4545tech

.... which (as mentioned) originated virtual machine systems starting in
mid-60s.

there was big explosion in number of nodes on the internal network in
the late 70s and early 80s (which went from 300 nodes in '79 to 1000
nodes in '83) ... a large number were virtual machine mid-range 43xx
machines. this period saw big increase in number of mid-range systems
.... DEC sold a lot of vax machines in this market segment ... old post
giving decade of vax numbers, sliced&diced by yr, model, US/non-US
http://www.garlic.com/~lynn/2002f.html#0

a lot of 43xx machines were installed internally ... but even much
larger at customers sites (although not necessarily public network
connected). one of the difference between vax & 43xx ... was quite a few
customers ordered 43xx machines in lots of tens or even hundreds at a
time. various old email with 43xx references:
http://www.garlic.com/~lynn/lhwemail.thml#4341

an example is this old email from marketing rep wanted to bring by
their (large) customer for a visit ... to talk about 20 4341s ...
which turned into an order for 210 4341s (by the following fall):
http://www.garlic.com/~lynn/2001m.html#email790404b

in this post:
http://www.garlic.com/~lynn/2001m.html#15

not long later a customer had a single order for nearly a thousand
4341 machines.

another old email with marketing rep wanting help with large cal.
bank customer with order for sixty 4341s
http://www.garlic.com/~lynn/2006y.html#email800311b

in this post
http://www.garlic.com/~lynn/2006y.html#5

LLNL was talking about similar kind of order.

for other drift ... this was reference to slight difficulty in getting
class A allocation in '88
http://www.garlic.com/~lynn/2006j.html#email881216

in this post
http://www.garlic.com/~lynn/2006j.html#53

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Anne & Lynn Wheeler
12-01-08, 03:33 PM
ibuprofin@painkiller.example.tld (Moe Trin) writes:
> I'm still amazed at all of the connectivity that was out there so long
> ago, and how trusting we were. Sure, our sensitive stuff was behind an
> air-gap, but there was a lot of stuff accessible that would give the
> auditors heart attacks today.

re:
http://www.garlic.com/~lynn/2008r.html#9 Comprehensive security?
http://www.garlic.com/~lynn/2008r.html#17 Comprehensive security?

the counter was science center
http://www.garlic.com/~lynn/subtopic.html#545tech

with its cp67 virtual machine system ... also provided accessed to some
number of students and other non-employees from cambridge area
institutions of higher learning. this required significant security
provisions because of various (corporate) secrets resident on the
system.

two specific scenarios

1) the most senstive of corporate secrets were the detailed information
about all the corporate customers started on the cambridge
system. besides other activities, the science center had ported apl\360
to cp67/cms for cms\apl. As part of doing that moved ... APL workspace
size was increased from typical 16k-32k bytes (in real memory apl\360)
to several megabytes (in cms virtual machine). this also required
redoing apl's storage management to make it more virtual memory
friendly. in addition, functions that could access system services were
added (like read/write files). The net was cms\apl could really be used
for real-world applications. APL had a reputation for use in business
modeling ... but it took drastically increasing the workspace size and
supporting system services to open it to real world problems. The
business planners from corporate hdqtrs in NY started using the system
remotely ... along with having loaded the most sensitive of corporate
business secrets.

2) before 370 was announced (as well as virtual memory support in 370),
cambridge started a joint development project with the endicott
manufacturing facility to create a 370 virtual machine ... running on
360/67 cp67 system. this required a feature option ... and simulating
all the architecture and instruction differences in 370 (from 360).
Before announcement of 370 ... all this information was closely guarded
corporate secret ... but cambridge was regularly running "370s" as
virtual machines on the cambridge cp67/cms service (and kept "hidden"
from non-employees)

note other systems from the era frequently used air-gap for security
(because it otherwise didn't exist in the system). cp67 had a lot of it
built into basic infrastructure.

some of this may have been the area. some number of people that had
worked on CTSS had come over to the science center on the 4th flr of
545tech sq. Some number of other people that worked on CTSS went to
Multics effort on 5th flr of 545tech sq.

Multics also has some security history ... as referenced in
this previously mentioned email, air force data services was
multics installation:
http://www.garlic.com/~lynn/2001m.html#email790404b

and a gateway on the internet was dockmaster, mentioned here:
http://www.multicians.org/site-dockmaster.html

reference to air force multics vulnerability analysis (from 1974):
http://csrc.nist.gov/publications/history/karg74.pdf

and reference to that work ... paper mentioned in this post
http:/www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation

--
40+yrs virtualization experience (since Jan68), online at home since Mar70

Leonard Agoado
12-01-08, 03:51 PM
"Tim Jackson" <tim@tim-jackson.co.uk> wrote in message
news:M_adnWijJog6o6nUnZ2dnUVZ8oSdnZ2d@posted.plusnet...
> Leonard Agoado wrote:
>> "Tim Jackson" <tim@tim-jackson.co.uk> wrote
>>
>>> Maroon? that's an old French
>>
>>
>> Nope, that's Bug Bunny for moron. Look at -
>>
>
> Get a dictionary.
>
> {Chambers} maroon n. a brownish crimson: a detonating firework.
> [Fr /marron/ a chestnut]


Tim,

Thank you for your gracious and polite response.

I do have a dictionary, thank you, and am well aware of those
definitions. I was addressing the usage of the word in the
context of Moe Trin's post.

What a maroon!


Regards,

Len Agoado
agoado@msn.com

Unknown
12-01-08, 10:28 PM
"Moe Trin" <ibuprofin@painkiller.example.tld> wrote in message
news:slrngj8gso.2si.ibuprofin@compton.phx.az.us...

> [As a commercial pilot, the idea of jumping out of a perfectly good
> airplane is rather strange, but that's another thing entirely.]
>
> People who jump out of airplanes don't tend to do so at random
> altitudes from 40 to 45,000 feet using a worn 'chute, nor do they
> intentionally jump into rough terrain, cities, or other jungles. They
> tend to be aware that a mistake can have fatal consequences, and thus
> take reasonable care.

Things happen. HILO jumps leave a LOT of room for changes in
the situation. The fact is that sometimes there are deaths, no matter
how well you prepare. A perfectly good chute and the proper
jump zone can't control shifts in wind direction, or the fact that landing
was off by 20 feet and you got wet when you really shouldn't have.
During Desert Storm, missiles were landing 50 feet from where they
were supposed to. The layman thought that was pretty good. Those
of us keeping a closer eye on things realized that that distance was
likely a result of variations in the speed of Earth's rotation, which
the GPS on-board those missiles failed to take into consideration.

When I was in the Air Force, I volunteered into the AF Pararescue
school. Their job included moving behind enemy lines in order to
extract downed fliers. That training included jump school, as it
should have. Sometimes people do jobs where they are expected
to jump into rough terrain, including jungles. That's what they do.
With proper training, and the right equipment, it can be done.

My life has always been one of exploration. Sometimes I go places
that others wouldn't. That's just me, there is nothing I am unwilling
to explore. But I want to be able to do so with some hope of coming
out alive. I'm willing to play the odds, and that means the odds have
to be in my favor. Whatever I can do to up the odds in my favor
I'd like to be able to do. Personally, I'd probably want oxygen mask
if I were jumping from 45, 000 feet. When I go into a possibly
hazardous web site, I want the parachute, or the electronic equivalent.
Again, with the proper PPE, the proper technique, and experience
in what you're doing, the great majority of the time you can have a
smooth experience.

>
> Old guy

Just for the record, today, December 1, I turned 55 years old.

DES

Tim Jackson
12-02-08, 03:07 AM
Leonard Agoado wrote:
> "Tim Jackson" <tim@tim-jackson.co.uk> wrote in message
> news:M_adnWijJog6o6nUnZ2dnUVZ8oSdnZ2d@posted.plusnet...
>> Leonard Agoado wrote:
>>> "Tim Jackson" <tim@tim-jackson.co.uk> wrote
>>>
>>>> Maroon? that's an old French
>>>
>>> Nope, that's Bug Bunny for moron. Look at -
>>>
>> Get a dictionary.
>>
>> {Chambers} maroon n. a brownish crimson: a detonating firework.
>> [Fr /marron/ a chestnut]
>
>
> Tim,
>
> Thank you for your gracious and polite response.
>
> I do have a dictionary, thank you, and am well aware of those
> definitions. I was addressing the usage of the word in the
> context of Moe Trin's post.
>
> What a maroon!
>
>
> Regards,
>
> Len Agoado
> agoado@msn.com
>

And I was quietly ignoring it.


Marooned.