Yea, I don't really follow the MS rules, there are three ways to secure systems 1) The right way, 2) The wrong way, and 3) The Microsoft Way.
I have not seen any issues inside a managed network with Outlook, but, we also filter content of all email, virus check in/outbound email, remove attachments as they ride the SMTP session into the email server, etc...
We also filter all HTTP sessions and don't allow outbound FTP except for a few users, and then we also filter that.
Which is about what I expect from someone that doesn't know how to secure an OS or network.
....the fact that I'm not entirely human?
My version is about half that:
Those who got skillz, use em.
--
Onideus Mad Hatter mhm ¹ x ¹
A cryptographer maybe, given enough time, however I was referring to their magic program. And actually, not even a cryptographer. If I were to use three different encoding schemes let's say and then start reencoding the encoded message over and over again using a random pattern for a random number of times...yeah...not gonna happen, ESPECIALLY if I use three encoding schemes of my own devising...that would pretty much make it impossible to crack unless you first had those three encoding schemes..
FYI - You know the Kryptos sculpture...it's likely that it works in a manner similar to that, the first three encoding schemes are probably used to generate the last puzzle, possibly using a variable combination of the three. ^_^
--
Onideus Mad Hatter mhm ¹ x ¹
Obviously, as you note, it takes proper precleaning by a non-Microsoft product.
No, you are one, too. Why should you be special?
It's only 68K, dude!
I'm fairly sure that procedure would not much stymie a cryptographer, for sufficiently long messages.
Kind of getting off track here a little bit. The original Carnivore thing didn't really work so well, and all that's known about "Enhanced" Carnivore" is that one component of it was some sort of keylogger program and one plan was to try to implant it via a virus. I imagine, though, that a few people here know of other more recent alternative methods to plant a keylogger. One thing about this redacted doc I found interesting,
Now what do you suppose was that redacted part? It's obviously a reference to a Windows version, but references to Windows 2000 and 98 are not redacted. So that leaves only NT and some other version with a 2-letter name. And "will be included" implies a later version. Hmmm.....not to feed any paranoia, what could that possibly mean....?
Carnivore, enhanced or otherwise, the Patriot Act, and such don't seem to have produced a lot of results in any case, and in context of the loss of privacy and the potential for petty abuse, there is no good point to them whatsoever.
And then getting back to the original bit about Homeland Security planning on going all-Microsoft despite Microsoft's wretched security history.... Even though you can install a layers of good non- Microsoft products for protection, and put up strict guidelines and barriers regarding PDA's notebooks, and flash cards, it'll be akin to running a very large prison for escape artists, all of whom have lots of friends on the outside -- you'll need constant vigilance and it will only take the most minor of slip-ups and....
Also I'm not really digging how the main Microsoft point guy for the project use to work for one of the Homeland Security heads. I think there is a term for this that's been apparently banished from official use since Bush became President.
But I'm just a trolling cross-poster, so what do I know?
-BC
Because Microsoft makes a big deal about Windows being an integrated platform.
Exactly. You have to know enough to not depend upon Microsoft.
I'm sure your users enjoy a free exchange of email.
You assume that applying a mere set of "encoding schemes" a few times makes the cracking more difficult than a single encoding pass. It does not necessarily do so. It might well make it easier to decode.
You sound like those guys who create their own random-number generators that turn out to not be very random.
And that would be a problem why? As I said, it's easy enough to run a secure shop, you just have to know how.
We have a lot of MS only shops and some mixed shops where we have MS servers and then Linux workstations with Evolution and CrossOver so that they can run MS Office products, neither type of shop has had any problems once the networks have been secured properly.
No wonder. the other day I watched a docu drama on TV about the dropping of the nuclear bombs on Hiroshima and Nagasaki, and how it came to happen.
President truman receives a letter with a content about a baby being delivered, and the people being very happy about it. He returned a message "congratulations to the doctor and all delivery helpers". Only if you knew, the "doctor" was Edward teller, you could have figured what this mail was about.
This where every text crunching system will eventually fail. How can anybody discern, if a given "package" is really just the "birthday present" which had been referred to in former messages, or if this "present" does contain deadly things like drugs, a bomb, or Anthrax? How can you tell that an "Appointment" is just that, or a conspirational meeting? When someone is talking about his "bride", is this the "bride of the soldier", ie a gun? There are so many ways to escape the supervision.
Gabriele Neukam
snipped-for-privacy@t-online.de
I saw something similar once but the focus was on some of the "contingency plans" in case the scientists couldn't develop the atomic bombs in time. One contingency plan was to actually parachute down large boxes filled with thousands of bats over the target cities. (Bats as in the winged animal from vampire movies.) These bats would be dropped just before dawn and the bats would have small incendiary devices attached to them.
As the daylight approached 10's of thousands of bats would seek shelter in the nooks and crannies all around the city. Then when the small incendiary devices went off the entire city would basically go up in flames all at once.
This is not very well known but there is quite a bit of info on this out on the web.
I like it. >:->
Cheers! Rich
No, it really wouldn't actually. Would you like to test the theory? I bet I can produce a piece of code that you can't crack...ever. ^_^
If I were to create a random number generator it would take random frame captures from random television channels and then take a random sampling of pixels and use the color combinations in an algorithm to generate a final random number...can't get too much more random than that...if you believe in that sort of thing. Personally I don't believe TRULY random numbers exist within the universe, things like the law of gravity just wouldn't work otherwise.
--
Onideus Mad Hatter mhm ¹ x ¹
I'm quite sure that anyone with a few years of programming experience could write some encryption scheme that *most* people couldn't break. But give your cipher-text to a cryptologist who works for the CIA and it would probably be broken very quickly. It's "secure enough" for what you need but nothing that couldn't easily be broken by someone with training, the means and the determination to break the encryption.
"True randomness" is difficult to achieve. Some of the serious generators have special hardware that generates random sequences from "white noise" that's present in the airwaves. I one worked for a security company and we needed a good random generator. You can't simply use some mathematical scheme that multiplies some numbers and returns the modulo result multiplied by something. The reason is that this formula, even if it passes the Knuth test for spectral purity, is repeatable and since it's repeatable isn't random.
The scheme we used created several threads with forced contention between the threads. Each thread had access to a shared "long int" and would set/clear some bits of that variable. The end result is that these threads "randomly" run, collide with each other, and set/clear the bits of this shared variable. You end up with a "random value" that isn't deterministic and is not repeatable.
That's why I still keep a 2 20 sided dice next to my PC
Not a bad way to do it. There is decent seeming randomness all around us in nature. Many other methods should work as well. Decay of radioactive isotopes comes to mind...
That's basic programming 101 knowledge. Even if it starts from a truly random key, what you say above holds true.
I am a Sock Puppet wrote in news: snipped-for-privacy@news.supernews.com:
Brian
Would you like try an impossible one? `, )
--
Onideus Mad Hatter mhm ¹ x ¹
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Decoding time, four minutes[1]:
Zit lnlztd ol ql oftyytezoct ql ngxk qwosozn zg ktqr ziol ltfztfet. The system is as ineffective as your ability to read this sentence.
[1] I'm getting slow in my old age.Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.