Lavabit and End-point Security
Andy Isaacson
adi at hexapodia.org
Sun Aug 11 08:55:42 PDT 2013
On Sun, Aug 11, 2013 at 10:39:55AM -0400, Sean Alexandre wrote:
> your more typical sys admin could find
> and use. They might not have everything, but enough to make their services
> 99.99% secure. Those that provide the info would probably still have some
> things to their own and be 99.9999% secure.
Security doesn't work that way. Keeping your system secure is like
walking a tightrope across a gorge filled with ravenous tigers every
morning. There are a billion ways to fuck up and get owned/eaten by the
tigers, and asking someone who's successfully walked the tightrope every
day for 40 years "tell me your secret?" completely misses the point.
The expert can share advice and point out when you're about to step off
the tightrope, but no kind of advice can substitute for your own caution
and experience. Pretending that a magic balance bar, or a magic
technique that can be applied without careful thought, or a magic shoe
that will make you stick to the rope, will save you is the kind of thing
that works in a fairy tale but not in real life.
The analogy breaks down, though, because in fact you can get totally
owned, through and through; exfiltrated, impersonated, and strung up
by a prosecutor before a secret grand jury before you even learn that
your security has failed. At least the tiger has the courtesy of giving
you pain when you fail.
-andy
More information about the cypherpunks
mailing list