Aside from "top quoting" thank you for your thoughtful reply. I thought
about using "security" instead of privacy, but as a "security" expert
you are no doubt aware that the terms are, in many ways synonomous, and
from a security standpoint "privacy" might be considered the bigger
issue since it keeps things away from prying eyes. Are you claiming
that government agencies don't use "malware?" That has recently been
proven to be false - though most savy computer users have accused the
government of using malware and other methods of intrusion for years -
now we know, don't we? I work behind a pretty good firewall and am
always amazed when I read the firewall logs. Software from Microsoft,
Apple, Intuit, Symantec, Adobe - just to name a few, routinely "phones
home" without telling me (I only know because I'm smart enough to watch
- most computer users don't have a clue). You wrote, "Almost all these
attacks end up being financially lucrative to someone." I think you are
being somewhat myopic about what security breaches are all about. No
doubt you are aware that there are many kinds of "capital-" not all of
it is the kind of currency you narrowly refer to, you are no doubt
familiar with the phrase "political capital?" You also implied that
government agencies only focus on server connections and routers -
that's absurd on its face if you are familiar with the software that
your state and municipal police departments are using.
I use Apple OS X, Linux (CentOS primarily) and Windows XP; all are
insecure and so are the latest and greatest mentioned by many in this
thread. The OS you run does little to protect you - if privacy and
security are important computer users would probably be better off
investing in security measures and hiring somebody that understands the
landscape.
later --greg
On 7/17/13 9:05 AM, Arthur Gaer wrote:
> Hi Greg,
>
> Actually, I don't believe I used the word "privacy" at all. That's certainly not what I'm discussing.
>
> As for hackers, I'm not talking at all about data collection by government agencies. I'm discussing automated malware scans, infections and attacks that occur in the hundreds of millions on a daily basis. These attacks are for the purpose of, say, taking over machines for taking over other machines, for chaining those machines together into large botnets that are then rented for the purpose of streaming out spam or creating a Distributed Denial of Service (DDoS) attack or attacking remote servers that contain financial data.
>
> I'm also talking about malware that will search your systems and web browsers for passwords, account numbers, credit card numbers, social security numbers, etc all of which will be sold to others. As well as stealing your contact info so that your name and someone else's address can be used to attempt to spread more malware, etc etc
>
> Almost all these attacks end up being financially lucrative to someone. If they're not directly making use of your data, nor selling your data to someone else, they're selling the illicit use of your machine to someone else. There's a huge financial incentive to getting that malware on your machine, and some smart people can make a lot of money gaining access to your computer and millions of others.
>
> Some of the malware is quite clever: for example, it'll install itself and then *remove* other malware on the system so there won't be slowdowns or system competition from other malware. They'll upgrade antivirus so it works better… except for ignoring the malware that just did the upgrade, etc. etc. It's kind of a game, except it comes with a big pot of money for those who play it well.
>
> Windows XP was notoriously insecure (Windows 7 and 8 are supposed to be much better, though far from perfect). The design of XP and its predecessors was such that internal applications weren't protected from each other or the network. A brand new install of WinXP put on a wide open public network (such as a university or large ISP) would literally be infected by other, hacked systems, within five minutes of being connected to the network… quicker than you could download the patches for the vulnerabilities that the malware was using.
>
> "So I should trust these corporations to protect me? If so, from what?"
>
> From malware infestations on local computers, not from government data collection on remote servers/services and across the Internet. That's an entirely different discussion.
>
> And I don't exactly trust them on the malware level either… but I *know* that unpatched systems *definitely* have known vulnerabilities that malware can exploit. I want those known vulnerabilities closed. It's not just major corporations: Linux is free, open source, and not controlled by any corporation. It also has close to daily updates for security vulnerabilities, including vulnerabilities within security software itself.
>
> Arthur
>
> On Jul 17, 2013, at 3:04 AM, Greg Schmitz<[log in to unmask]> wrote:
>
>> Arthur, your comments about "privacy" and "hackers" are absurd - especially considering the recent revelations about OS providers like Microsoft and Apple<http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data>. So I should trust these corporations to protect me? If so, from what?
>>
>> --greg schmitz
>>
>> --
>> Greg Schmitz
>> Alaska Moving Image Preservation Association (AMIPA)
>> Anchorage, Alaska
>> greg /at/ amipa.org
>>
>> The Alaska Moving Image Preservation Association is a 501(c)(3) non-profit dedicated to media preservation and education to ensure long-term access to Alaska’s moving image heritage.
--
Greg Schmitz
Alaska Moving Image Preservation Association (AMIPA)
Anchorage, Alaska
greg /at/ amipa.org
The Alaska Moving Image Preservation Association is a 501(c)(3) non-profit dedicated to media preservation and education to ensure long-term access to Alaska’s moving image heritage.
|