practicle internet security question

Given that I have ascertained absolute privacy is impractical and every
advance in mal-tactics results from the challenge of defeating security
hardening improvements: There must be a pragmatic way to design a
worldwide web that is inherently safe no?

Would it, or is it, possible to have various levels of security like the
trusted zones our browsers allow? I understand the ultimate
determinations of 'undesirable practices' would be subjective but; For
EG; countries with lax legal systems could be placed in an echelon
selectable for access but shielded from self determined 'safer' zones.
Moderation of newsgroups is an example on a content basis, physical
access by backbone telecom providers to other jurisdictions must surely
be selectable because the systems are designed to make billing and usage
assessment a fundamental property no?

I also understand MSoft would be the first to be culled for providing
the back doors in the OS most often used at the user level.

IOW, if forced to start from scratch, _could_ a more workable system of
WWWeb be designed with consumer interest paramount? _Would_ is a whole
other topic.

warf.

Re: practicle internet security question

Post removed (X-No-Archive: yes)

Re: practicle internet security question

"warf" wrote in message
news:gGdgh.74832$hn.64998@edtnps82...
> Given that I have ascertained absolute privacy is impractical and every
> advance in mal-tactics results from the challenge of defeating security
> hardening improvements: There must be a pragmatic way to design a
> worldwide web that is inherently safe no?

It's called EDI, and it predated the web by a long way.

The reason the web is so useful is that pretty much anything is possible.
That is exactly the reason it is so difficult to secure.

...

Re: practicle internet security question

xpyttl wrote:

> "warf" wrote in message
> news:gGdgh.74832$hn.64998@edtnps82...
>
>>Given that I have ascertained absolute privacy is impractical and every
>>advance in mal-tactics results from the challenge of defeating security
>>hardening improvements: There must be a pragmatic way to design a
>>worldwide web that is inherently safe no?
>
>
> It's called EDI, and it predated the web by a long way.
>
> The reason the web is so useful is that pretty much anything is possible.
> That is exactly the reason it is so difficult to secure.
>
> ..
>
>
Well, I'd like to meet this Edi..th and find out why she is letting
herself be overrun by Web.
Is EDI too restrictive or too secure? The question is valid since a lot
of what motivates a 'means' is the ends...and the end is nearly always
money gained via advantage over competition.
The 'means' in this instance is the 'means whereby consumer
[CONs U & ME] is directly connected AND available [accessible].

Re: practicle internet security question

> IOW, if forced to start from scratch, _could_ a more workable system of
> WWWeb be designed with consumer interest paramount? _Would_ is a whole
> other topic.
>
> warf.

If every computer were a "trusted computer", ie it would only boot, run
or install specially signed executables from a very limited number of
vendors. Where you could not build a working computer from parts, or
reuse decomissioned computers. When you install a program, you must not
only buy it from an authoried vendor, you must have approval to use it
for an authorized reason. Where system administrators have only user
accounts, no root. Opening a case of a computer would be a felony.

If every network device, routers, lans, switches, etc had all ports and
all features disabled. You could only enable ports and features via one
of a small number of authorized vendors, and only if you had a good
reason. Where every packet was archived. Where network administrators
had only user accounts, no root. Unplugging a network or console cable
would be a felony. Pluging a cable into an unathorized port would be
your "third strike" and get you life in prison.

If every user had a device implanted in their body, perhaps in their
brain or between their heart and spine, so to access it in anyway would
be difficult and life threatening, that would authenticate them on the
1 or 2 computers that they are authorized to use. All keystrokes, mouse
movements, etc would be saved. All services, programs, websites viewed,
etc would also be archived. There would be no such thing as removable
media. No ipods, cell phones, etc that would connect to the computer or
be allowed to tunnel through the network in any way. No DVD burners.
Access to printers would be strictly limited by 24-hour security
guards.

If the workforce of the CIA, FBI, the police etc were multiplied by
2048, and they were tasked with monitoring you and the network. If
there were no form of privacy, no warrants needed, etc. If all of the
content of all phone calls, emails, SMS, etc were all archived and were
searchable.

If all computer and electronic education was strickly limited. If you
had to have a security clearence just to change a toner cartidge.

THEN, THEN, THEN.....

.......MAYBE the internet would be secure.

Except for the goverment, powerful corporations, former KGB officers,
to organized crime, rich people in general.....

....... no not really, it just would make it very hard, and only really
dedicated or well connected people would be able to do it..... but man
what they could do!!!!!! Ha ha fuck you average joes over big time!
Make 2004 and the S&L Fiasco look like a robbing a convience store!

Re: practicle internet security question

Post removed (X-No-Archive: yes)

Re: practicle internet security question

OpCguy wrote:

>>IOW, if forced to start from scratch, _could_ a more workable system of
>>WWWeb be designed with consumer interest paramount? _Would_ is a whole
>>other topic.
>>
>>warf.
>
>
> If every computer were a "trusted computer", ie it would only boot, run
> or install specially signed executables from a very limited number of
> vendors. Where you could not build a working computer from parts, or
> reuse decomissioned computers. When you install a program, you must not
> only buy it from an authoried vendor, you must have approval to use it
> for an authorized reason. Where system administrators have only user
> accounts, no root. Opening a case of a computer would be a felony.
>
> If every network device, routers, lans, switches, etc had all ports and
> all features disabled. You could only enable ports and features via one
> of a small number of authorized vendors, and only if you had a good
> reason. Where every packet was archived. Where network administrators
> had only user accounts, no root. Unplugging a network or console cable
> would be a felony. Pluging a cable into an unathorized port would be
> your "third strike" and get you life in prison.
>
> If every user had a device implanted in their body, perhaps in their
> brain or between their heart and spine, so to access it in anyway would
> be difficult and life threatening, that would authenticate them on the
> 1 or 2 computers that they are authorized to use. All keystrokes, mouse
> movements, etc would be saved. All services, programs, websites viewed,
> etc would also be archived. There would be no such thing as removable
> media. No ipods, cell phones, etc that would connect to the computer or
> be allowed to tunnel through the network in any way. No DVD burners.
> Access to printers would be strictly limited by 24-hour security
> guards.
>
> If the workforce of the CIA, FBI, the police etc were multiplied by
> 2048, and they were tasked with monitoring you and the network. If
> there were no form of privacy, no warrants needed, etc. If all of the
> content of all phone calls, emails, SMS, etc were all archived and were
> searchable.
>
> If all computer and electronic education was strickly limited. If you
> had to have a security clearence just to change a toner cartidge.
>
> THEN, THEN, THEN.....
>
> ......MAYBE the internet would be secure.
>
> Except for the goverment, powerful corporations, former KGB officers,
> to organized crime, rich people in general.....
>
> ...... no not really, it just would make it very hard, and only really
> dedicated or well connected people would be able to do it..... but man
> what they could do!!!!!! Ha ha fuck you average joes over big time!
> Make 2004 and the S&L Fiasco look like a robbing a convience store!
>

Oh, so your question to my other post wherein you besmirch my motive for
wanting a measure of control over the data leaving computer was really
was a taunt, not a question right?
BTW, your address and phone number are not on that reply...what do you
have to hide? [purely an instructional not interrogative query]

As regards you reply to this query, I agree with many of the technical
assertions you make.....you do however digress towards a pinko freedom
of speech 'da man out to get us' mode [big wide grin]. Ultimately though
history has proven that for the most part personal gain trumps trust
....it's hardwired in us.
So a 'secure' network is dependent on calling the variables in
accordance with risk tolerance, political climate and morality dictates
i guess.

Ultimately i suspect the idea of layered security relative to security
requirements...or even parallel systems, again relative to need, may be
the most pragmatic solution? Not unlike the way it appears to moving no?
In the meantime, I have this HP laptop that....
Warf.

Re: practicle internet security question

Sebastian Gottschalk wrote:

> OpCguy wrote:
>
>
>>>IOW, if forced to start from scratch, _could_ a more workable system of
>>>WWWeb be designed with consumer interest paramount? _Would_ is a whole
>>>other topic.
>>>
>>>warf.
>>
>>If every computer were a "trusted computer", ie it would only boot, run
>>or install specially signed executables from a very limited number of
>>vendors. Where you could not build a working computer from parts, or
>>reuse decomissioned computers. When you install a program, you must not
>>only buy it from an authoried vendor, you must have approval to use it
>>for an authorized reason. Where system administrators have only user
>>accounts, no root. Opening a case of a computer would be a felony.
>>
>>If every network device, routers, lans, switches, etc had all ports and
>>all features disabled. You could only enable ports and features via one
>>of a small number of authorized vendors, and only if you had a good
>>reason. Where every packet was archived. Where network administrators
>>had only user accounts, no root. Unplugging a network or console cable
>>would be a felony. Pluging a cable into an unathorized port would be
>>your "third strike" and get you life in prison.
>
>
> I can write this entire paragraph with three letter: TCG (formerly known as
> TCPA)

What is that Seb~? Would I enjoy the ride? Does it taste good? Can I
shoot it?
Warf....googling as we wait.

Re: practicle internet security question

warf wrote:
> Given that I have ascertained absolute privacy is impractical and every
> advance in mal-tactics results from the challenge of defeating security
> hardening improvements: There must be a pragmatic way to design a
> worldwide web that is inherently safe no?
>
Aaah, but you forget to include the key detail...Safe from what? You
can measure secure unless you set the standards that define it. And
what would you want as a service level from that network.

> Would it, or is it, possible to have various levels of security like the
> trusted zones our browsers allow? I understand the ultimate
> determinations of 'undesirable practices' would be subjective but; For
> EG; countries with lax legal systems could be placed in an echelon
> selectable for access but shielded from self determined 'safer' zones.
> Moderation of newsgroups is an example on a content basis, physical
> access by backbone telecom providers to other jurisdictions must surely
> be selectable because the systems are designed to make billing and usage
> assessment a fundamental property no?

The determination of origin by country is very difficult. You can't
rely on domain names, since the registries are open and commercial.
Routing information isn't reliable for country of origin. So trusted
domains are a difficult thing to establish. Someone already said EDI.
That would help to know who your exchanging data with, but the question
of trust is bigger and harder to answer.

>
> I also understand MSoft would be the first to be culled for providing
> the back doors in the OS most often used at the user level.
Intentional back doors? I think we call them features and capabilities :)

As for unintentional back doors, all software is vulnerable. The more
complex it has, the more holes it has, and security software is likely
to have security holes. If you want a safe internet experience break
out with lynx or another text browser, and then make sure that all the
extensions are disabled, so that you end up with the ability to get text
and display it. It's still likely to have problems, but a lot fewer
then what your used to.

>
> IOW, if forced to start from scratch, _could_ a more workable system of
> WWWeb be designed with consumer interest paramount? _Would_ is a whole
> other topic.
>
> warf.

Starting from scratch, we could build a lot of things different. Many
technologies were designed early on with security and trust concepts
considered. But concessions were made for functionality and
performance, and if they weren't then the potential of the Net may never
have been realized and it would have languished as a geek tool for
colleges and researchers.

Right or wrong, I think evidence shows that consumers will happily
accept risk for more. We are a world of excess, super-size me to the
Gut Buster whether I need it or not. It's more so it's better. Given
the choice of 24 oz. of lap burning piping hot coffee in a flimsy to go
cup or 16 oz. in an extra reinforced insulated spill-proof travel mug,
most people will take the risk and get more coffee. We make the same
choices with our technology.

dMn