[vox] OT: Paranoid geek

ME vox@lists.lugod.org
Thu, 23 Oct 2003 11:42:37 -0700 (PDT) 

When you find people who suffer from paranoia, you can sometimes try to
make them worry more:

Are you running a Linux kernel that is patched against buffer overruns as
well as off other other security enhancements? (Limited proc, disallowed
overwiring of files that symlinks point to unless owners are the same,
restricted /tmp, etc.)

Are you using an Encrypted filesystem for sensitive or private data?

Have you examined the setuid root (and setuid other) programs that exist
on your computer to minimize their existence?

Have you only ssh to your box from trusted machines?

Do you keep up to date with all of the security lists and also keep your
system up-to-date with new package fixes?

If you have multiple users, do you only offer them chrooted env or env
where they have a virtualized machine?

If you have users are you running a crack lib to ensure easy passwords are
not used by users?

Have you wonder what that faint clicking sound is on the phone when you
dial phone numbers?

Have you checked to see if you phone is tapped?

Have you done like me, and constructed aluminum foil hats so the aliens
cant send you secret messages? ;-)

Have you done like me and then filled that hat with macaroni salad so that
the governments can't read your mind? :-)

Are you planning a trip to area 51 to see what the government did to my
aunt and uncle?  :-D

Is your system secure against Elvis' ghost!?!?

Heh hehhe hehe hehe he...

Yes, security and paranoia can help get us to do things to better insulate
us from the world and ourselves...

.. Just don't get carried away or else *they* will come to get *you*! ;-)

-ME


Ken Bloom said:
> I remember a Microsoft Tech Talk (I think it was two years ago)
> introducing .NET, and I remember the presenter making a statement about
> how .NET is good for everyone, even for the paranoid geek who doesn't
> trust the corporate big guys. (He can run his own .NET server) At the
> time, I laughed because there's now way *I'd* ever trust the corporate
> guys that little.
>
> Now, with fetchmail/procmail running every 5 minutes by cron, so I can
> spamassassin my email before I read it, always ssh-ing to my computer
> to get stuff done, and bind9 running on my own machine as my DNS (I did
> it to work around verisign, and don't feel like undoing it just yet), I
> think I now qualify as a paranoid geek, running everything off my own
> Linux box.
>
> Just an interesting thought.
>
> (BTW, would those people who said they'd sign my GPG key please send it
> to me if they haven't done so already?)
>
> --
> I usually have a GPG digital signature included as an attachment.
> See http://www.gnupg.org/ for info about these digital signatures.
> My key was last signed 10/14/2003. If you use GPG *please* see me about
> signing the key. ***** My computer can't give you viruses by email. ***
>