How secure is one's computer?
in [Cryptography]
|
From: adacrypt on 12 Jul 2010 02:52 On Jul 12, 7:49 am, adacrypt <austin.oby...(a)hotmail.com> wrote: > On Jul 11, 7:46 pm, WTShaw <lure...(a)gmail.com> wrote: > > > > > > > On Jul 11, 11:37 am, amzoti <amz...(a)gmail.com> wrote: > > > > On Jul 11, 2:51 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > > > > > The race between producers of malware and producers of anti-malware is > > > > well-known. It is IMHO natural to assume that the former, being the > > > > 'active' partner, have some advantages in this race and so the computer > > > > of an average user has always a very real chance of being infected > > > > without detection, no matter how much money he invests in purchasing > > > > software to protect his computer and how careful and disciplined he > > > > does his work. > > > > > I think it even may not be entirely foolish to question the (aboslute) > > > > safety of protection software themselves, for these are as a rule > > > > trusted based on the market reputation of the producers only, if I > > > > don't err. > > > > > I remember the time of the first PC that I used, where a few colleagues > > > > of mine were regularly reading and adapting some parts of the operating > > > > system (CP/M), apparently with ease. Nowadays, who among the users of > > > > computers have competent knowledge (and means) to understand some > > > > details of an OS, let alone checking and modifing them? And the previous > > > > question certainly applies here as well. > > > > > Without saying, all other foreign software downloaded are in principle > > > > (maybe more) questionable. > > > > > BTW, a recent article on cyber warfare could serve also for looking at > > > > the matter from a different standpoint: > > > > > http://www.economist.com/node/16478792 > > > > > M. K. Shen > > > > Why would you think there is only one attack profile from > > > <who_cares_***>_ware? > > > > For example, look at:http://www.eskimo.com/~joelm/tempest.html > > > > If it is electronic (or otherwise), it is vulnerable as the number of > > > attack profiles is limitless and one only needs to get passed the > > > weakest link. > > > > Forgive my theft of Einstein's quote with a slight modification. > > > > "It's not only worse than you imagine, it's worse than you can > > > imagine! " > > > > Cyber warfare can be equated to the war on drugs - what a joke - but > > > it makes for great articles, journal and research papers. > > > There are simple strategies that work. Bad design can be countered > > with good protocols to isolate the weaknesses, not talking about > > endless patches but the absurd use of common sense to do the obvious. > > "The path to ruin is well trodden."- Hide quoted text - > > > - Show quoted text - > > Hi W.T, > > This topic is outside of my remit and indeed my knowledge in the > context of mutual database cryptography - however, I have in mind a > free standing computer at Bob's end i.e. not connected to the internet > - the ciphertext is transmitted via a properly connected computer and > then relayed internally by Bob to this freestanding computer where it > is decrypted - a cyber attack on the freestanding computer is > impossible ? - adacrypt- Hide quoted text - > > - Show quoted text - PS - forgot to say the obvious - Bob's database resides on the freestanding computer only - adacrypt
From: Mok-Kong Shen on 12 Jul 2010 05:15 adacrypt wrote: >> - a cyber attack on the freestanding computer is >> impossible ? Long time ago yes, but no longer. Look with the key phrase "electromagnetic emanation". There are also techniques to disrupt the proper functioning of a computer. M. K. Shen
From: adacrypt on 12 Jul 2010 06:09 On Jul 12, 10:15 am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: > adacrypt wrote: > >> - a cyber attack on the freestanding computer is > >> impossible ? > > Long time ago yes, but no longer. Look with the key phrase > "electromagnetic emanation". There are also techniques to > disrupt the proper functioning of a computer. > > M. K. Shen OK I'll rephrase my statement - an inverting cryptanalytic attack on intercepted ciphertext is impossible without access to the related database that is contained on a free-standing computer - your'e a bit OTT - adacrypt
From: Mok-Kong Shen on 12 Jul 2010 10:08 adacrypt wrote: >> adacrypt wrote: >>>> - a cyber attack on the freestanding computer is >>>> impossible ? >> >> Long time ago yes, but no longer. Look with the key phrase >> "electromagnetic emanation". There are also techniques to >> disrupt the proper functioning of a computer. > OK I'll rephrase my statement - an inverting cryptanalytic attack on > intercepted ciphertext is impossible without access to the related > database that is contained on a free-standing computer - your'e a bit > OTT - adacrypt That's a different sentence. I am incapable of commenting on that, since I don't understand what you have described about your algorithm in your posts to the group todate and have the (maybe wrong) impression that few have understood that. IMHO it would be of value to you to once 'concisely' and 'clearly' formulate your algorithm in a thread, using, where required, conventional math formalism and standard terminologies in a neat way (and avoid terminologies of your own) so that people would easily capture the underlying ideas. Otherwise others would for time reasons not take the effort to closely examine your stuff, I am afraid. M. K. Shen
From: unruh on 12 Jul 2010 12:54
On 2010-07-12, adacrypt <austin.obyrne(a)hotmail.com> wrote: > On Jul 11, 7:46?pm, WTShaw <lure...(a)gmail.com> wrote: >> On Jul 11, 11:37?am, amzoti <amz...(a)gmail.com> wrote: >> >> >> >> >> >> > On Jul 11, 2:51?am, Mok-Kong Shen <mok-kong.s...(a)t-online.de> wrote: >> >> > > The race between producers of malware and producers of anti-malware is >> > > well-known. It is IMHO natural to assume that the former, being the >> > > 'active' partner, have some advantages in this race and so the computer >> > > of an average user has always a very real chance of being infected >> > > without detection, no matter how much money he invests in purchasing >> > > software to protect his computer and how careful and disciplined he >> > > does his work. >> >> > > I think it even may not be entirely foolish to question the (aboslute) >> > > safety of protection software themselves, for these are as a rule >> > > trusted based on the market reputation of the producers only, if I >> > > don't err. >> >> > > I remember the time of the first PC that I used, where a few colleagues >> > > of mine were regularly reading and adapting some parts of the operating >> > > system (CP/M), apparently with ease. Nowadays, who among the users of >> > > computers have competent knowledge (and means) to understand some >> > > details of an OS, let alone checking and modifing them? And the previous >> > > question certainly applies here as well. >> >> > > Without saying, all other foreign software downloaded are in principle >> > > (maybe more) questionable. >> >> > > BTW, a recent article on cyber warfare could serve also for looking at >> > > the matter from a different standpoint: >> >> > > ? ?http://www.economist.com/node/16478792 >> >> > > M. K. Shen >> >> > Why would you think there is only one attack profile from >> > <who_cares_***>_ware? >> >> > For example, look at:http://www.eskimo.com/~joelm/tempest.html >> >> > If it is electronic (or otherwise), it is vulnerable as the number of >> > attack profiles is limitless and one only needs to get passed the >> > weakest link. >> >> > Forgive my theft of Einstein's quote with a slight modification. >> >> > "It's not only worse than you imagine, it's worse than you can >> > imagine! " >> >> > Cyber warfare can be equated to the war on drugs - what a joke - but >> > it makes for great articles, journal and research papers. >> >> There are simple strategies that work. ?Bad design can be countered >> with good protocols to isolate the weaknesses, not talking about >> endless patches but the absurd use of common sense to do the obvious. >> "The path to ruin is well trodden."- Hide quoted text - >> >> - Show quoted text - > > Hi W.T, > > This topic is outside of my remit and indeed my knowledge in the > context of mutual database cryptography - however, I have in mind a > free standing computer at Bob's end i.e. not connected to the internet > - the ciphertext is transmitted via a properly connected computer and > then relayed internally by Bob to this freestanding computer where it > is decrypted - a cyber attack on the freestanding computer is > impossible ? - adacrypt What does "relayed internally" mean? An attack is possible via that "internal relay". Also trojan, virus, ... attacks are all possible via that "internal relay" |