It has been quite some time since I felt the need to comment on a newspaper article but I can't let a thing like this pass uncriticized. SvD writes today as a part of an article on terrorism (translated from Swedish).
"Yesterday in the papers pop singer Dilba was complaining about how she was treated after making a "joke" about blowing up airplanes at Arlanda airport. She had been treated "like a terrorist" and been told that she was not allowed to board her aircraft to the US. Instead she should be thankful that society is taking terrorism seriously. The anti terrorist measures she is complaining about is working."
Then the article proceeds to other matters. Let me first say, what a load of complete crap! Does anyone believe that following up on every clue no matter how trivial, will make us safer? Terrorists are not likely to go up to security guards and tell them that they are carrying a bomb. Let us look at the two parties in this story. Why does Dilba joke about blowing up airplane? She is clearly sarcastic about it. This is probably since she as a customer is annoyed to be searched and thinks that the whole procedure is ridiculous. She is therefore "complaining" in her own way, although it's is a stupid move. The staff on the other hand are acting all jumpy, they hear the word bomb and goes nuts. They know what they are looking for and better safe than sorry right? But acting like this is not to take the threats seriously. It's to take things out of proportion and go paranoid. The companies clearly don't mind security at all, they only care about looking secure. So that they can point out that in fact they are doing something. Real security would involve calm and reasonable employees who upon Dilbas remark says "Really? Well, cut the crap. What are you really going to do on your stay in the US? Did we check her bag?". We should praise real work to prevent terrorism, not silly security acts. Real terrorists are smarter than Dilba and therefore the security staff should be smarter as well.
Link to the article (in Swedish).
Link to the article about Dilba (in Swedish).
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Wednesday, 4 July 2007
Monday, 30 April 2007
Crimes commited using public computers
Earlier today the Swedish newspaper Svenska Dagbladet, SvD for short. Published an article about cyber crimes being committed using public computers at libraries and internet cafes. The police, of course, are not happy about this, most libraries in Sweden don't have user accounts but simply lend their computers to anyone. There are how ever good examples of libraries that enforce user accounts. Most crimes commited are related to personal affairs, such as slander, insults and threats. It seems that our youth has understood the importance of covering your tracks. This I consider to be a good thing, because when they grow up they will not offer access to anybody without ensuring that they will be able to trace him or her later on. In a best case scenario this will lead to all libraries having user accounts, and in a worst case scenario the libraries ending up logging everything, which is unnecessary and will only invade on the users privacy. All the necessary logs are kept (or at least should be kept) by the accessed host.
But what about all other points of access? Cafes? WiFi? Schools? Especially in the WiFi case I doubt that the police will have much to go on. We could of course charge the owner, but if a Swedish court rules in favor of full responsibility for your internet connection people will get afraid and WiFi sales plummet. Since this is not clear from a juridical point of view, this is the very reason that I will not use WiFi at home. I simply don't want anyone breaching security and possibly leaving me responsible with what ever crime they want to commit.
I am looking forward to seeing how our courts will handle this and how our laws will change.
Article number one in SvD (In Swedish)
Article number two in SvD, a response from the public library of Stockholm (In Swedish)
But what about all other points of access? Cafes? WiFi? Schools? Especially in the WiFi case I doubt that the police will have much to go on. We could of course charge the owner, but if a Swedish court rules in favor of full responsibility for your internet connection people will get afraid and WiFi sales plummet. Since this is not clear from a juridical point of view, this is the very reason that I will not use WiFi at home. I simply don't want anyone breaching security and possibly leaving me responsible with what ever crime they want to commit.
I am looking forward to seeing how our courts will handle this and how our laws will change.
Article number one in SvD (In Swedish)
Article number two in SvD, a response from the public library of Stockholm (In Swedish)
Passwords
E24 has published an article about common passwords, in Swedish of course and in my opinion it's not really worth reading. It contains barely no substance and no analysis at all. Passwords that are simple to crack is nothing new and it's a fact that most users don't even bother thinking twice before selecting "carla" as a password. After all, how can the attacker know that I fancy that girl? If you have read a bit about password security however you realize that an attacker won't make any guesses but will fire an arsenal of dictionary words. Against this, poor carla won't stand a chance.
Administrators such as myself try to force the users to use decent passwords, such as enforcing policies of mixed case, alphanumerical mixing and so on. Does this work? Not really, users usually just make a quick workaround and we are back at square one. Some good reading on the subject is Schneiers analysis of the cracked MySpace passwords.
For more critical services such as SSH the best option is likely to be to abandon passwords altogether, they do more harm than good. A good alternative are cryptographic keys, they will allow you easy and secure access. At the cost of slightly more trouble when setting them up. I guess that rules them out as an option for everyday users at MySpace though...
Administrators such as myself try to force the users to use decent passwords, such as enforcing policies of mixed case, alphanumerical mixing and so on. Does this work? Not really, users usually just make a quick workaround and we are back at square one. Some good reading on the subject is Schneiers analysis of the cracked MySpace passwords.
For more critical services such as SSH the best option is likely to be to abandon passwords altogether, they do more harm than good. A good alternative are cryptographic keys, they will allow you easy and secure access. At the cost of slightly more trouble when setting them up. I guess that rules them out as an option for everyday users at MySpace though...
Thursday, 11 January 2007
Enforcing the use of more secure passwords under FreeBSD
Usually I am a very nice guy when it comes to handing out shell accounts, but when it comes to users using dictionary words as passwords I draw a line. In order to at least force them to do some thinking before choosing "password" as a password I do the following.
Add these two lines to your /etc/login.conf
:mixpasswordcase:\
:minpasswordlen=8:\
This will enforce a minimum length of eight characters and force them to mix case. And don't forget to rebuild the database, in case you didn't notice the comment in login.conf.
# cap_mkdb /etc/login.conf
Now, you have a standard for passwords. Even though it's fairly weak, it's better than nothing.
Add these two lines to your /etc/login.conf
:mixpasswordcase:\
:minpasswordlen=8:\
This will enforce a minimum length of eight characters and force them to mix case. And don't forget to rebuild the database, in case you didn't notice the comment in login.conf.
# cap_mkdb /etc/login.conf
Now, you have a standard for passwords. Even though it's fairly weak, it's better than nothing.
Wednesday, 3 January 2007
Setting up a OpenVPN client with bridging using OpenBSD
Here's my first try at writing a how-to, I set up OpenVPN under OpenBSD recently and it was quite a challenge since there were close to no guides on the subject. Therefore I decided to write my own, since it's optimized for 80 chars width I will post a link to the file.
I hope it helps you in some way.
http://www.d.kth.se/~ninjin/texts/cs/obsdvpntut.txt
I hope it helps you in some way.
http://www.d.kth.se/~ninjin/texts/cs/obsdvpntut.txt
Subscribe to:
Posts (Atom)
