When they come for you... you either need a gun, because they have fully mutated into the KGB, or they just want to intimidate you by spreading nasty lies. You will get accustomed to your neighbours being unfriendly to you. You will know what "free world" really means. False Flag warmakers and people who toy with "mad nuclear strategies" will be respected persons, while you will be labelled a communist, terrorist or something. But you will get over it. You will say "lalalala" to all the media whores who cooperate with this nasty stuff.

I forgot to mention that you can also block URL patterns with Squid. Whitelisting and blacklisting.

The Linux machine runs the squid proxy and the client machine can't get into the internet except through the proxy. This also means you can monitor all the nasty spy traffic from facebook, google and a bazillion of "trackers". Very interesting.

I am running OpenOffice and I don't have Java. Works excellently.

..and you should deinstall it as soon as possible. All the theoretical security advantags of Java pale in the face of the shoddy VM and infrastructure (Java Webstart and so on implementation. Next to Adove products, Java is the biggest security risk on the average PC.

"military P code is encrypted and the US protects it heavily" As a crypto-nazi comment, there is only proper crypto and your-sister-cannot-break crypto. "heavily" is a stupid word next to "encrypted". Also, I recall people stating that only the "precision bits" are encoded, but the "coarse" bits are in the plain. Also, all of it does not seem to be crypto-checksummed. Can someone explain ?

The "crashed" drone looked quite perfect. How do you explain this, and how do you actually know ? Because you are in the All American Rah Rah Club ?

..take some press releases metaphorically. If you can't decipher the metaphorical message, forget it. By default, forget gobbermint propaganda immediately. Helps a lot.

..all the things the gobbermint tells you. Even if gobbermint talks to you in the name of NASA.

First, Unix came with C as a twin.

Secondly OO programming is now heavily used and it is a cornerstone of current software engineering. Even parts of the Unix kernel were done in an OO-style (device drivers a similar to virtual function calls). But OO programming is not a Silver Bullet. It solves many problems, but certainly not the worst ones, which are created by intellectual laziness, bad management and tough new problems.

Did Torx Screws fix all the problems of house-building ? No, but they are heavily used for good reasons (unrivalled, reliable torque+electric screw drivers). OO programming is similar.

If a corporation cannot look into encrypted data streams going in and out of their corporate network, they cannot properly discover malware intrusions (such as spearphishing and data exfiltration). So this is not optional - it is a necessity if a corporation values the data inside their corporate network.

...that it is NOT *.exe attachments. These days are long over. Attackers use PDF or MS Office documents attached to emails. So you are Wally Blacksmith of Killcorp Inc. Your job entails developing novel radar systems. One nice, sunny morning you get a nicely worded email about "Innovations in low-observable Radar" and it writes about a conference in Napes, Italy. The sender appears to be james.smith@britishradar.com. So you can't wait to see that the brits are up to an you click on that PDF. Acrobat Reader opens, displays some more bogus Radar stuff (culled from public sources) and then it also starts a process which will nicely index all the files on your harddrive and all mounted SMB shares. Then it does the same thing for all ODBC connections it can open. As an added bonus, it will look into Wally's internet history for local websites and index them also.

The index will be sent via Gmail to an account controlled by the attacker. Based on the index, the juicy files of Mr Blacksmith (and Killcorp) will be identified and uploaded to Gmail. All nicely SSL encrypted, so that the admins of the Killcorp firewall can't look into it. (don't tell me Killcorp does not allow for that).

Attackers could possibly also use exploits in web browsers and send HTML emails, so that Wally doesn't even have to click an attachment.

Before I am going to elaborate, yes - technology will be only part of the fix. But technology will be a major part of better security ! Here is my list of security technologies:

Sandboxing:Google Chrome's Sandbox is an excellent example of how to limit damage from faulty code. Much more could be done by using this approach in many other file formats and use cases. Other interesting approaches are AppArmor, SE Linux and Linux Security Modules in general.

Formal Proofs:The problem with sandboxes and operating systems is of course their correctness. If the sandbox has exploitable bugs, it is obviously of little use. It would make a lot of sense for governments to pay for formally verified operating systems,VMs, sandboxes and compilers. And of course for research towards cost reductions in formal verification, as it is currently extremely time-consuming, difficult and expensive.

Memory Safe Programming Languages:The best part of all security issues can be directly blamed to the insecure-by-default approach of C/C++. Buffer overruns, uninitialized pointers accessed, freed pointers accessed, pointers doubly freed and similar issues are responsible for the majority of exploits. Just using memory-safe programming languages such as Spark Ada, Perl, C#, Java or Sappeur (created by myself, see http://sourceforge.net/projects/sappeurcompiler/) would immediately reduce the number of exploitable bugs by at least 60%.

In many application fields you cannot use sandboxes. Think of indexing engines that index the web - by definition a hostile place. It is quite inefficient to start a new indexing process for each and every document crawled.

Virtualization:If you have a properly (ie. no exploitable bugs) implemented virtual machine, this could act like a Sandbox on the operating system level. Unfortunately, as the HB Gary hacks have exposed, current virtual machine technology is not safe enough. Governments could possibly finance verification efforts here, too. (Private companies don't really have a strong incentive to do that from a money-point-of-view)

Research:Clearly, extensive research into security technologies and their application in real-world-scenarios is required. Security technologies must be nicely enmeshed into user's business processes. Overly restrictive or overly time-consuming technologies/approaches will be circumvented by users. A lot of work in how to make security tech actually ergonomic has yet to be done.

I think that would be the proper label for "Flame". Some middle east nation choked their opposing nation's weapons procurement official to death in Dubai, recently. They got his travel details from a recce virus in the guys computer. You "betcha" it was Flame or Brethren Of Flame. So the malware did not kill immediately, nut facilitated the killing.
The nation in question also disabled some russian-made airdefence system in a bombing raid on enemy territory (to take out a suspected reactor) and the rumor mill says the radar operators saw nothing. It is entirely plausible that they did this by some means of malware. I have no secret sources, but enough layman's knowledge to think of at least two major ways of doing it (networked or by directly sending a proper pulse sequence into the enemy radar system and telling it to go to sleep for the next few hours, essentially). Don't tell me russian radar software is flawless.

Your nasty few words nicely display why half the world hates Americans - you are saying that soldiers can kill criminals just like the KGB eliminated their (real or perceived) opponents.