[wplug] Google proxy server
Alexandros Papadopoulos
apapadop at cmu.edu
Wed Mar 12 11:12:49 EST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Interesting thread! Here's a chunk out of an email I sent a while ago to
a CMU professor who noticed I was sort of a security junkie, and was
curious about it.
> After our short discussion yesterday, I started wondering just how
> many security precautions I use to make me feel relatively safe when
> connected to the Internet. Here's a list that covers the most
> important steps:
>
> [0] Running the most secure OS widely available today - i.e.GNU/Linux.
>
> [1] Making sure that my box is as invisible as possible to the outside
> world, which is achieved by:
>
> [1a] Having no external listening ports (an impossibility for Windows
> boxes)
>
> [1b] Dropping any traffic not initiated by me at the firewall.
>
> [2] Dropping all traffic but the one I need at the firewall. (this
> includes filtering outgoing traffic, to make sure that any security
> breach cannot propagate or report back to the attacker easily)
>
> [3] Running safe (i.e. non-M$) applications with extremely small
> response time delays when it comes to security patches, an example of
> which is:
>
> [4] Surfing the web with Mozilla, a browser that enjoys none of IE's
> vulnerabilities and annoyances.
>
> [5] Using an anonymizing proxy (privoxy) for all web surfing. This
> eliminates javascript applets that I don't deliberately execute, any
> malicious code that tries to run locally, all pop-ups, most ads, most
> cookies.
>
> [6] Using the security features of Mozilla - per domain cookie
> management, cookie expiry at end of session, SSL certificates
> validation, password database encryption, per domain image management.
>
> [7] Using a secure email client (KMail) - does not render HTML mail,
> does not allow web bugs to "call home", does not allow execution of
> code, automatically encrypts and/or digitally signs outgoing mail with
> OpenPGP keys, manages keyrings, does not auto-send read confirmations,
> offers the capability to "bounce" a received spam message and thus
> fool the spammer into removing your address from their lists, encrypts
> all communications with the servers and ensures safety of my
> credentials.
>
> [8] Never, ever using cleartext protocols for anything requiring
> authentication with valuable tokens - i.e. using ssh to access my CMU
> Unix account, scp to update my website, etc.
>
> [9] Oh, and not having any personal information stored in the browser
> (except for the encrypted passwords), as long as sending erroneous
> email headers to short-circuit Carnivore-like systems into collecting
> garbage.
>
> [10] Last but not least, never ever giving personal information for
> any registration/new account on the web.
>
> Oh, and I don't have a cell phone, and as long as it's my decision to
> make, I won't ever have one. (I'll buy a real GPS if I need one,
> thanks FCC).
>
> These measures (leaving aside the local security measures I employ)
> make it difficult for someone to track me / impersonate me /
> attack me on the network. As part of this thinking, allowing web
> pop-ups would involve lowering my defenses, and I would never do that.
Slightly related is also this page (on email security, but pertains to
privacy issues)
http://andrew.cmu.edu/~apapadop/security/email_security.html
Cheers
- -A
- --
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F D78C 8260 0CC1 0B75 8265
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+b1yHgmAMwQt1gmURAtzIAJ9adFqPbM365twEeAHWb9lvhOXj7ACggTRc
7TT3vZNoEmgcm2RIzlV27xI=
=m9NE
-----END PGP SIGNATURE-----
More information about the wplug
mailing list