[CentOS] Another security question

Thu Dec 25 14:49:54 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

Lanny Marcus wrote:
> On Wed, Dec 24, 2008 at 9:46 AM, Anne Wilson <cannewilson at googlemail.com> wrote:
>   
>> I would like to be able to check my bank account while we are on holiday.  I
>> know the bank's site is encrypted from the start - the login page is https and
>> Verisign-trust encrypted - but is there any risk in using public wireless
>> networks for jobs like this?  It sounds secure enough, but maybe I'm
>> paranoid....
>>     
>
> I would not consider using a Public terminal, without booting from my
> own Live CD. If you are bringing your Laptop, use as much encryption
> as is possible. There is risk and others have and will comment on
> that.

"as much encryption as is possible" Just strikes me all wrong.

"Use the RIGHT amount of intelligence."

I have pointed out a MITM attack where no amount of encryption is a 
protection, as you are social engineered to allow for a MITM listener.

My boss, Peter Tippet (author of the first antivirus tool), has long 
pointed out that your security cost is a product of a number of factors. 
If any of these factors are zero, your cost is zero. Your goal is thus 
to make one of the factgors you can control zero instead of running 
around trying to address every little security event.


ARGH, I am rambling here.....