RefControl is a bit primitive, but if it grows up to be as useful as "Request Policy" and "No Script", it'll be very worthwhile. I've added it.

Thanks for mentioning it!

Every phone has a unique IMEI that is broadcast along with the SIM card number. If they've done their homework, then they're tracking the IMEI as well as the SIM card.

But even if one or two people did as you did, it would be meaningless noise in the sea of data.

There are RFCs that cover the transmission of syslog messages in a secure fashion. 5424, 5425, etc.

There are tools that store syslog messages - in plain text - in a secure fashion.

syslog-ng is just one of them.

This post is "old" and nothing more than a group of people reinventing the wheel.

The *only* way to solve tampering with log data is to store it on another machine and hope hackers don't get to that.

If a hacker gains access to a system with log files on it, the best you can do is make the logging tamper-evident. This means that if the hacker modifies the data, in any way, it can be detected. This includes hash recalculation.

Making the system tamper-evident with hashes simply means that all hashes require a secret input and that the input is only ever stored on the system for the next entry. If you know the secret input for hash#0, then you can calculate the secret input for hash#n, but knowing the secret input for hash#n does not tell you what it was for hash#(n-1). Similarly, the secret input for hash#0 is not stored on the system.

The full transcript of the PBS interview with Julian Assange is online at:

http://wikileaks.ch/WikiSecrets-Julian-Assange-Full.html

If you watch the PBS interview then read the transcript of the interview to see what was really said and in what context.

PBS is alleged to have used and cut the interview to present Assange in an anti-American perspective.

This is not as stupid as it sounds, hence the reason that newer filesystems (such as ZFS) calculate checksums for all data independent of those used by the hardware. Similarly, people use RAID in hardware not only to mitigate hardware failure but data corruption. To a certain extent, storing data in formats such as ZIP/RAR offers you the ability to be aware of data being corrupted through the use of checksums but alas recovery is limited. If/when storage devices have an error rate of 0, then the parent to this is a joke.

If I connect my laptop to your Wifi network because you do not have a password, is that connection authorised without you saying I can do it?

If I connect my laptop to your Wifi network because I know your network password (lets say I guess it), is that connection authorised without you saying I can do it?

If I create a "guest" login on a web server that has no password and someone logs into it without my authorisiation, is that against the law or not?

If that "guest" login also has "guest" as a password and a hacker guesses both and logs in without my authorisation, is that against the law or not?

The correct answer to all four of these questions is "no." Accessing a private resource that you have not been given prior authorisation to access is effectively trespassing. Think of it like someone walking onto your property because you don't have a fence. Whilst it maybe careless and inviting trouble, in no instance does that recklessness on the part of the owner give others the right to do what they choose.

Just because the radio data is being broadcast and you can receive it, you are not automatically entitled to access or use hardware that is transmitting it or connected to the transmitter. Consider that when you connect to a wireless network that you are communicating with a wireless access point, not just receiving its data, and thereafter sending data to that network.

It has already been admitted by Google that they received data from wireless networks that in turn required them to actually connect to those wireless networks.

In actual fact, there is only one possible outcome in every case where a government is investigating at that is for Google to be found guilty. If anything else happens then it could be argued that not even encrypted data is private. The question isn't about what form the data takes but whether a 3rd party has a right to access it without authorisation.

Lets say that I collect a month of your encrypted wifi data and then break all of your encryption keys. I then post it all over the web. The data was broadcast over the airwaves, therefore it was public. That it was encrypted was just you believing, foolishly, that the data was private and therefore unable to be accessed by others. How would you feel about that? Whether or not the data is encrypted is beside the point - you're broadcasting it to everyone within about 100', so why should you have any right to privacy as a result of that broadcasting? If you want your encrypted data to be private then data that is not encrypted must also be private. Electromagnetic waves have no specific property that says "I'm private" or "I'm encrypted". The presence (or lack thereof) of encryption is not a representation of whether or not something is or should be private. Start by accepting that all privately transmitted radio data is private unless you're specifically broadcasting for public benefit.