Times to move to Linux

Paul Mooring paul at opscode.com
Wed Jun 26 09:19:24 MST 2013 

Matt,

There couldn't be a saner point to add to this conversation.  I'm frequently surprised at how even people who understand computers and networking treat security as some sort of dark magic.  If you have a fully patched Linux desktop with no externally listening services, no one (not even the NSA) can get in without going to extreme lengths.  People are so frightened by the PRISM controversy that they aren't acknowledging that it's great insight into how the government really does gather data, they ask for it while holding a really big gun.  There was no crazy backdoors or complex exploits involved, they just told companies that had data to give it to them and the companies complied.  The lesson we should be learning from this is that data you put on the Internet is not private, ever.

Paul Mooring
Operations Engineer
www.opscode.com

________________________________________
From: plug-discuss-bounces at lists.phxlinux.org on behalf of Matt Graham
Sent: Tuesday, June 25, 2013 10:09 AM
To: Main PLUG discussion list
Subject: Re: Times to move to Linux

From: Lisa Kachold
> It's trivial to send you a PDF or Javascript Browser Exploitation BEef
> hook and walk through your systems

How do NoScript and using evince/kpdf instead of Acrobrat Reader affect those
trivial exploits?

> agents that can be delivered via email (Kaseya or LivePerson) and J2EE
> exploits that can be launched easily = opening you wide.

Of course, if you're using a mail client that executes things found in
attachments, you'll get pwn3d quickly.  Are there any mail clients that do
those things in this day and age?  I thought they'd even partially fixed
Outhouse in that respect.  J2EE?  Who has all the components of J2EE installed
(besides Java developers)?  In the last 5 years, I've seen exactly 2 Java
applets in the wild.  Client-side Java is *uncommon* in the modern WWW AFAICT;
the things people used to use Java for have been taken over by Flash/JS.

> Surveillance technology continues from all your expenditures, all your
> travel (license plate readers), and your phone behaviors, and can include
> remote viewing (without camera technology you would recognize).

I can see how it'd be easy to track credit card transactions (bank records)
and car movements (via traffic cameras).  Could you explain "remote viewing
without camera technology" more clearly?

--
Matt G / Dances With Crows
The Crow202 Blog:  http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list