- interviewAnonymous
- Part II: Questions Answered About the Book
- Part III: Questions Answered About Computers and Computer Security
- Part IV: More Questions Answered About Computers and Computer Security
Part IV: More Questions Answered About Computers and Computer Security
17. I am a computer and internet novice. What are the 10 golden rules in every day language to avoid most security pitfalls?
1. Stay informed about updates and read security advisories from your vendors 2. Make strong passwords and don't share them 3. Don't store absolutely critical data on computers 4. Backup your data weekly (at least) 5. If you use shareware, make a special drive where you can unpack the files and look at them 6. If you can, use open source software 7. Don't put your system online until you secure it 8. Check file integrity once a month - and not just new files - all of them, including drivers, etc. 9. Don't let anyone else use your system or if so, make them a separate account on a separate share or volume 10. Get a personal firewall and learn how to use it.
18. The protection of personal data is an important political topic here in Germany. Do you feel that the American rules and regulations dealing with the protection of personal data are sufficient?
No, but we're working on it. Our main focus has been medical information, though. As far as selling people's identities and credit histories, that will never change here. The dollar takes precedent over EVERYTHING here, yes?
19. Currently, what are the most common forms of attack seen by you?
Tagging. Attackers exploit holes in php (or put-another-scripting-language-here) and deface web sites.
20. Will IPv6 really provide a security improvement in comparison to IPv4?
I believe it will, if only for the fact that more network programmers will have to address (and become aware about) security. But again, security isn't an end. We'll find holes in 6, too.
21. The signals produced by graphic cards and most monitors can be received through a wall using easily available hardware and converted back into a picture. Has this form of attack become common?
No. But if you're working with sensitive data, shield your equipment.
22. Why is the use of credit cards via the WWW so different to a waiter who takes my card, and comes back three minutes later with my slip? In both cases I lose control of who makes copies of my card numbers.
Because when a server is breached, hundreds of thousands of card numbers are exposed, and from widely disparate sources.
23. Isn't a major hurdle in understanding computer security a language problem? My mother, who is almost 70 years old, bought an iMac not too long ago, and she was slightly freaked by the idea that a computer might prefer to do things in a certain way, i.e. Apple's use of the word preferences did not jive with her understanding of the word.
It's like anything else. Use it a while. You'll get used to it. Once you realize that most software programs work in a similar fashion, you're home free.
24. Is Mac OSX proving to be more vulnerable than MAC OS9 or various flavors of BSD?
I would think that would be true but I haven't hacked it yet. I'm planning to, though. I have some friends that have.
25. Does the use of less common operating systems such as BeOS give me more or less protection in the long run? In other words, when using an OS which most hackers do not know well, does the reduced number of potential attackers really create a more secure situation?
MacOS (the old one) is the safest for the cheapest price. Try breaking a Mac-based web server. Good luck. BeOS, however, doesn't have any security at all or, at least, didn't a couple years ago. No security. None. So, no....that rule doesn't always apply. You want a secure web server? Go Mac (but not OSX).
26. Of what use is Open-BSD to the guy next door? It won't run Word, Excel or Photoshop.
It'll run ABIWord. It will run IMageMagick and (eventually) The Gimp. Most word processors are migrating to XML anyway (even though that's a backstage development), so who needs Word? If you're comfortable with it, use it. OpenBSD is great; we're migrating to it completely.
27. Won't technology such as power line communication or short range wireless networking make network security tremendously difficult? Under which circumstances would you advise the use of such technology?
Engineers are working on that. It won't be long before these types of communication are well encrypted.
28. Will George W. Bush be better for the internet or would Al Gore have been better?
You're talking about apples and oranges. Gore shouldn't even be in politics. You want to know what a candidate will do? Follow his money. Bush's money came from energy sources and Vinson and Elkins. Amricans are quite naive. When we bomb another nation or overthrow its government, it's not for Democracy. We dumped Allende because he wouldn't deal with us to wire Chile's phone system. That's the real truth. Milosevic? You think we dropped those bombs because we love Albanians? There's oil down there (just ask Dick Cheney's people at Haliburton). We're gonna run a pipeline through there. Bush will do precisely what American business needs, no more, no less. Gore, in contrast, is (in some few respects) an idealist. We don't need idealists, we need bloodthirsty administrations that will bomb whomever we have to to make sure we can still buy a Heiniken for a few cents (and not a thousand dollars). Did we really hate Saddam? Or was Zapata Oil Corporation (or rather, its present-day incarnation and its affiliates) at risk after the Kuwait invasion? We didn't bomb Saddam to save Kuwaitis. George W. Bush will be better for America than Albert Gore because Bush is willing to make the Trilateralist dream a reality (just the same was Schroeder will for Germany). For this reason (because folks like Bush push for amalgamation of the European nations), guys like Berlusconi will face an uphill battle (even without Bossi around). Unfortunately, however, where Bush is going (where so many of these fellahs are going) isn't good for the average working stiff. Importing laborers to do what our supposedly privildged classes won't is, in my opinion, a terrible miscalculation. If there's a German job available, find a German to fill it. (If you haven't figured it out yet, I'm a nationalist.)
29. Do most politicians really understand the internet with all of its advantages and jeopardizes?
No. Politicians understand deal-making. Politics is all about finding common ground on bills, measures, resolutions, and so forth. This is a relatively closed world. Only when the public raises hell about an issue do politicians respond, and then they turn to specialists. Politicians work together (both or several parties) and to be honest, so-called "partisanship" doesn't exist in the real world. Politicians are like actors...our Congress, for example, is a big club of privileged individuals. In public, they beat each other up like nobody's business. In private, they quietly work out so-called "equitable deals". You want to know who, in politics, really knows what they're talking about? Senatorial and Congressional staff members, the people who REALLY write those opinions and do the research.
30. Apart from Maximum Security, which books and documents would you consider to be the most important sources of information for the every day small company? Most people will not have the time to read all the sources mentioned in your book.
Spafford's Practical Unix and Internet Security and Hacking Exposed. Surprised I name a competitor? Why not? Their books are great.
31. In the American edition of Maximum Security I find surprisingly fewsecurity consultants based in Europe. Why is this so?
I'm not sure. In the first edition, I put out a general, all-points bulletin for everybody to be listed. Relatively few EU firms responded. I hope that in the future, that will change.
32. I think I have found a major security problem in my company network, but I do not know very much about computers and nobody in the company seems to care - what course of action would you suggest?
Take all you know about it, go to securityfocus.com, and learn. If there's a security problem, you'll find copious info about it there. Learn. Use the Net for what it's really intended for.
33) What would you rather be doing right now?
Making love to the two women I love. But it's been a pleasure.