At 02:20 PM 4/25/03 -0400, someone claiming to be Patrick Chkoreff wrote: I was mistakenly thinking that because my sacred code did not

in fact record any IP-based transmission logs, users were safe as far as anonymity and privacy were concerned. What I missed was that if someone put a gun to my head

From this you can derive a spec. Often threats *not* considered provide easy attacks simply because the design didn't consider them. You will always find some attacks

Generally in security analysis you want to list threat models and how you resist (or not) them. that will work, but are expensive for the adversary. Checked your keyboard for keystroke loggers recently, Mr. Scarfo? Swept your room for video bugs? Got a guy with a gun and a dog watching what gets pressed against the fingerprint scanner? And how much does he get paid? (CIA CI chief Aldritch was under $2e6, FBI CI mole Hanssen was cheaper, but his wife wasn't included in the deal, though his stripper got some.) This leads to the conclusion that security is economics + physics. The goal is to make attacks more expensive to your adversary, at "reasonable" cost to you. Subpeonas are cheap to some. ------ _Enemy of the State_ Easter Eggs: * In EotS, the birthdate of the evil spook (Thomas Reynolds, played by Jon Voight) is 9-11-40. (The movie was released in 1998.) * EotS was produced by "No Such Productions" * The screenwriter's surname is Marconi.