[Mailman-Users] Security

[Brad Knowles]

At 3:28 PM +0100 2004-08-11, Ian A B Eiloart wrote:

>  I guess you'd still need to ensure the kids used good passwords and
>  didn't share them.

	Then there's the spyware issue.  I mentioned this privately in 
e-mail to Johnathan, but I'll also copy the relevant paragraphs here:


	Recent reports are that the average PC has something like 30 
pieces of spyware on it.  Each piece of spyware can do things like 
sniff every packet coming into or going out of the system, everything 
typed at the keyboard, everything cut-n-pasted through the clipboard, 
etc....

	So, unless you're a computer security expert and you are 
fastidious about keeping your computer 100% totally squeeky clean, 
odds are that there are multiple groups of spyware 
authors/crackers/"skr1pt k1dd13s" out there that have a copy of every 
single password you've ever used -- including the passwords you've 
used to encrypt private documents or communications.

	Which means they probably have full access to your online bank 
account, every private web site you've ever visited, etc....

	This also means that they can probably impersonate you using 
supposedly secure cryptographic means (if they can sniff your 
password, they can also steal your private key files), and 
electronically sign your name to documents which legally bind you to 
whatever contracts they care to sign.  Since it's your electronic 
signature using your private password and your private cryptographic 
key, you're not going to be able to do a whole lot to convince a 
court that it wasn't you who really signed that document.


	As I said, it depends on what you call "secure".

-- 
Brad Knowles, <brad.knowles at skynet.be>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.