Tag: security

Kingdom of the Blind Giant

matera

A Parable of Privacy and Security

Once upon a time there was a a country ruled by a blind giant. In the beginning, he seemed to be a kind ruler. His subjects were contented and happy. Neighboring kingdoms readily allied with his.

Since most of the people thought that he had their best interests at heart, few objected when he asked them all to wear bells. It was for their own good, after all. A blind king must have some way to know where people were.

The bells gave the blind giant more freedom to move. He persuaded other kingdoms to merge with his, and their people wore bells too.

There were still some people who didn’t like wearing bells. And, of course, there were many more who would forget to put their bells on when they went out. People without bells were apt to get hurt if they got in the giant’s way. At first, no one paid much attention to their cries of pain. The king said that it was sad that anyone was harmed, but had he not given them bells? Surely it was no his fault if anyone was not using them.

After a while, the people who tended to forget their bells started to wear them all the time. It became a common custom for everyone to have their bells on at all times. Despite the inconvenience, they felt safer with the bells.

Those who disagreed strongly with bell-wearing were alarmed by the nearly universal acceptance. They would ask their friends, “Why do you wear your bells all day, even at home? What are you afraid of?”

The answer was always, “No, no, I’m not afraid! The bells are for my protection. The king is good, bells are good.”

But the anti-bell faction continued speak out against bells, insisting that they were unnecessary. If people accepted personal responsibility and kept out of the blind giant’s way, they would never get stepped on, they said. “Watch out for yourselves,” they repeated. “The king gives you bells so that he can avoid blame. The bells are for his convenience, not yours.” In fact, the constant jangling of bells had begun to negate their supposed purpose. In the cacophonous confusion, people who wore bells suffered injury more than those who kept their eyes open and kept out of harm’s way.

The king denied this, of course. Being blind, he knew only what his advisers told him, and he chose his advisers carefully. All of them had well-tuned bells. They never got stepped on or knocked over, which proved to them — and the giant — that bells were completely effective. If people got hurt, it was their own fault.

Life was getting harder for the anti-bell people. They were often denied access to basic public services because they had no bells. It often took them several times as long to get anything done because of bell discrimination. But there was no where they could go to escape the tyranny of the bell cult, since the giant had taken over nearly all the adjacent kingdoms, and most of the territories that still claimed to be independent had adopted their own system of bells.

The giant’s name was Google.

SSL – One Moment of Security

matera

SSL, Secure Sockets Layer, keeps data sent between two points from being intercepted and misused by a third party. This means that your password, credit card info, Social Security card number, or the name of your girlfriend’s dog will be safely transmitted when you click the DoIt button.

But that is all it does.

Once that information has been stored by the website, it is only as safe as the website itself. SSL does not make a website secure; it only makes communication with it secure.

Every recent huge data breach has released personal information from sites “protected” by SSL. So think twice or more before letting https// www Big Business keep your payment information. Or your birth date, mother’s maiden name, pet’s name, or anything else that can contribute to the cause of identity theft.

There are two reasons I’m not seduced by any temptations to enroll in autopay: One, I might not have any money in the bank tomorrow. Two, the reason I don’t have any money in the bank tomorrow could be that the site I gave my banking info to has been hacked.

Absurdity of Spam

mustclickspam

If you really have to follow a link in spam, if you just can’t help it, totally can’t control yourself, must do it, will die of stupidcuriosity if you don’t, SLAP YOUR HAND. Then, carefully move the cursor to the Delete button and annihilate the temptation.

Your computer will now have a slightly better chance of survival if the purpose of that linked page is to launch a hidden malware attack.

This post was inspired by a spam email from “Alaska Appellate Court” with a Japanese return address and a link to a page in a German gaming forum. I can hardly imagine a less likely mixture. Yet there must be people who will blindly bite on something this idiotic, or the crap would stop happening. Parasites can’t survive without a host.

Oh — how did I know where the link went? I copied it and pasted it into a text editor. Then I copied the part from “http” to “/com”, leaving out all the gibberish after, and pasted it into my browser. See, I’m curious. Just not curious enough to be a dead cat.

My MSE Security Flaw (not?)

I’ve been using Microsoft Security Essentials for a couple of weeks. It has not buggered up my resources (mind you, SilentBob has 4GB RAM and a decent processor) nor destroyed anything essential (unlike McAfee). I can heartily reccommend it for normal lusers users.

With one reservation.

I am using a third-party software firewall. Comodo Internet Security is the only option I had for x64 that was free. It’s quite effective — just DON’T install the antivirus! DON’T! The firewall is great; the antivirus is a millstone. Normally I use ClamWin, a modest scan-on-demand open source AV. My scans are always boring. They’ve been less boring with MSE, which has picked on a number of things that weren’t causing any trouble…souvenirs that I kept quarantined in my own way…but as I said, it hasn’t really hurt anything. The pickiness is very good for the normally unaware user.

But when it updates…. Now I realize that the weird and sneaky way it updates is a good security measure. The problem is, every time it creates its new updater file in a directory with a new name, the firewall sends up a warning. Do I want to let this new EXE run? Both proggies are just doing their job, and I just click the button.

This is where the problem bites. Today, I caught myself clicking the button without reading the message. BAD! Any warning related to an action that I did not initiate must be examined. However, MSE’s daily update makes the “Okay, let it do its thing” reaction habitual for a warning that occurs soon after startup. What if it was something MSE missed? It could. Nothing’s perfect. I don’t trust anything.

There is no way I can tell Comodo to lay off MPMiniSigStub.exe because it is never the same. Names don’t count in the security game, and even if they did, it’s a different folder name each time. I am stuck with this daily warning about something that is there to do good; and if I’m busy, groggy, on the phone — no kidding, the first time, it interrupted a long-distance phone call — I either stop everything and squint hard at the tiny message font or take a chance. I may be fearless, but I’m not much of a gambler.

To flaw is human. *rolls eyes*

May 16 — the daily warning has stopped. Perhaps my firewall has “learned” that the daily odd file is OK. Or maybe it reads my blog.

BTW, MSE is a right beyotch when it comes to irregularities in Windwoes registration. It may pass your Winderz as legal when it installs only to nail you on the first scan. It also likes to turn on automatic updates, apparently. I had some fun recently when I installed it in a more experienced computer. Rolled back to the previous AV and retweaked Windwoes. But as long as your OS is legal and up to date, it is still one of the better free alternatives. Probably the best ever to replace the foistware you get stuck with in a new machine.