What kind of security matters

[James A. Donald]

On 02/16/2017 07:47 PM, James A. Donald wrote:
>> I remarked earlier that several security proposals would not in practice
>> be useful because Hillary's main security concern was not the Russians
>> stealing her emails, not Wikileaks stealing her emails, not the Chans
>> stealing her emails, but Obama stealing her emails.

On 2/18/2017 1:46 PM, Marina Brown wrote:
> Are you daft ? Obama had more important things than to go through
> Hillary's emails. He already knew all about her and her failure as
> Secretary of state.

Illegally employing her own email server was an anti Obama security 
measure, not an anti Wikileaks or anti Chan measure.  She would have 
been more secure against Wikileaks, the Chans, and the Russians, had she 
done the legal thing and used the official government (aka Obama) 
controlled mail server.

Similarly, Google ratting out Petraeus to Obama has caused a sudden and 
striking disinclination to use Gmail among persons of interest.

On 02/16/2017 07:47 PM, James A. Donald wrote:
>> Similarly, it is clear that if Trump had a chat with Assad of Syria
>> clearing a bombing run Isis in Syria, his target list would appear in
>> the New York Times, as he bitterly complained in his latest press
>> conference.

On 2/18/2017 1:46 PM, Marina Brown wrote:
> Again - are you Daft ? Assad is in a bitter fight with Isis - he would
> not leak that info.

Of course Assad would not - but the State Department is supporting Isis, 
and would.  And someone in the government, probably the CIA or the State 
Department did leak the equivalent info about the raid in Yemen to Al 
Qaeda, resulting in many injuries and a death.

> ...Not that i support that horrid dictator. I did
> work on the Streisand effect for Assad's regime.

I totally support Assad.  He stands between the US State Department, and 
the genocide of all Alawites, Christians, and all Shiites of Palestinian 
descent in Syria.  The State Department aims to do to Alawites in Syria 
what it did to Tutsis in the Congo, and a side effect that they do not 
much care about or rather like is that Christians in Syria would get 
genocided also.

> Nonsense. Trump did not get the right info - he did not know how well
> defended the site was.

Al Qaeda tells us that they knew what was coming.  So chances are that 
the site *became* well defended shortly after the decision to attack it 
was made.

There is a tendency to analyze security as if your home computer was 
secure, which it is not. But the error of analyzing security as if your 
organization was secure and cohesive is a greater error.  Trump is at 
far greater risk of being spied on by the CIA and the State Department 
than the Russians, and the consequences of that spying are more severe. 
Similarly, Hillary was primarily concerned about Obama spying on her, 
and was right to be concerned.  Petraeus should have been similarly 
concerned.

So security really has to be in the hands of the end user, rather than 
the organization.  Trump, Hillary, Podesta, Petraeus, and the Chairman 
of the Board are never going to use PGP, or even correctly use browser 
Certification Authorities.  Podesta and Hillary's information technology 
guy did not seem to know what a website certificate is, or how it works.