Forgot your password?
typodupeerror

Comment: Securing cloud data (Score 2) 24

by Tool Man (#47952231) Attached to: Dropbox and Google Want To Make Open Source Security Tools Easy To Use

What they need to do is implement client-side encryption before it gets uploaded. Sure, we can use something like EncFS to let Dropbox host only files I've already encrypted, but other cloud-storage companies like SpiderOak have written themselves out of access to my file contents.

Comment: Yikes. This handles people's money (Score 1) 348

In my humble experience, POS systems are those most forgotten, and least protected once you get on to the network. Few patches if any, and the vendors often squawk about only supporting ancient versions of Windows XP. Yes, the POS systems are probably Windows. Probably no AV either, and quite likely all administered with shared accounts that everybody knows. A firewall is by far the least they should be doing.

Comment: Re:Run it all through Tor? (Score 1) 184

by Tool Man (#47295083) Attached to: EFF To Unveil Open Wireless Router For Open Wireless Movement

Something comprehensive would indeed be much better than solving for one layer. The challenge I find is trying to get people to pay attention to any of it at all, never mind changing everything they do in one fell swoop. For sure, making secure options the default is a huge step, but in this case, we're still relying on whatever compromised client gets allowed on to the wifi.

Comment: Run it all through Tor? (Score 1) 184

by Tool Man (#47294513) Attached to: EFF To Unveil Open Wireless Router For Open Wireless Movement

I've had a FON device, and I think its main protection against malicious (illegal, stupid) use is that other users on the open FON channel are either authenticated FON users roaming to your access point or paid users who again aren't really anonymous.

What I was wondering though is whether each of these openwireless devices could also be set up as a Tor entry node for all of the free traffic going out that way? Think something like the Tails distro, where you don't record anything, and don't really want to either. Keep it somewhat bandwidth-friendly for the rest of your network, and worry less about what some anonymous user does with it.

Comment: Re:What about security? (Score 1) 170

by Tool Man (#46805905) Attached to: Ask Slashdot: Professional Journaling/Notes Software?

What you call "notes", the local prosecutor calls "evidence". Something you write that might seem totally harmless to you - "today I spent three hours daydreaming about putting bleach in my idiot boss's Diet Coke" suddenly becomes damning when presented out of context to a jury, after someone put bleach in your boss's Diet Coke and he wound up in the hospital.

I have been keeping a plain text log for the better part of two decades. They are just individual text files, one for each day, with titles like 2014-04-20_sue_party, a date and a quick description of anything unusual. The encryption mechanism has changed, but right now they are all stored on a Truecrypt volume. A vanilla search only takes a minute at most.

I'll chip in with a combination that works for me. This may or may not overlap with the OP, but YMMV.
Anyway, I want to be able to have access to my data in multiple places, including mobile. On the other hand, I also expect a certain control over my data, including the ability to encrypt (and still have access).

Org-mode has some support for iOS and Android apps, including syncing to a central location via Dropbox or WebDav. Encryption is available too, using the OpenSSL command-line tool IIRC. WebDav is also supported by ownCloud, so the central sync point isn't DropBox and their snoopy new board member, but my own VPS elsewhere. Of course, one of the beauties of org-mode too is that in the end, the data is still plain text once decrypted, so the local copy is never stuck in an opaque format. If I'm concerned about my local copies' security, then that is in an encrypted volume.

Comment: Re:Burn after reading? (Score 1) 222

by Tool Man (#45973067) Attached to: TrueCrypt Master Key Extraction and Volume Identification

The thing with hibernate is that it's capturing an image of memory, and storing on your disk. Handy when you want to wake up from really-powered-off, but also handy for anyone who wants to do a forensic analysis of everything in memory when it went to sleep. Ditto iPhone backups too IIRC, which is why (a) I don't use hibernate, and use sleep unless I'm expecting something invasive like going through US Customs where they apparently have free reign over your constitutional rights, and (b), iPhone backups are set to use encryption.

Powered off with no image written to disk is a good combination.

Comment: Re:Here we go again... (Score 3, Interesting) 170

by Tool Man (#45934855) Attached to: Google Confirms Shut Down of Schemer

Well, unless it's based on a a free, open protocol that you can host yourself if required.

And you can easily get your data out of the system. Because if you cannot get your data, you cannot host it elsewhere.

That part at least is something that Google does put some work into. You can use Google Takeout to get quite a bit back, in a form you may conceivably use elsewhere. Not sure about Schemer specifically though.

Comment: Re:Why are they storing this data anyway? (Score 4, Insightful) 213

by Tool Man (#45801637) Attached to: Encrypted PIN Data Taken In Target Breach

Nope, horse-puckey. This would be the same PIN data that their PCI compliance *cough* would disallow from storing after authorization for a transaction, just like the CVV codes which I think also got nabbed. Now, it is possible that they were all captured "in-flight" and not being stored against the rules, but it is very much verboten to keep even with encryption.

Many people are unenthusiastic about their work.

Working...