Thread: Idle fun for net hackers..
View Single Post
  #108   Report Post  
Posted to uk.d-i-y
The Natural Philosopher[_2_] The Natural Philosopher[_2_] is offline
external usenet poster
  
Posts: 39,563
Default Idle fun for net hackers..
Tim Watts wrote:
Rod Speed wrote:

Tim Watts wrote
Rod Speed wrote
David WE Roberts wrote
The Natural Philosopher wrote
David WE Roberts wrote
Bernard Peek wrote
The Natural Philosopher wrote
Bernard Peek wrote
The Natural Philosopher wrote
Well thats uyouir knowelege limits and I have mine.
I know.
Let's say that if anyone has broken in they have
left no trace and altered nothing. Or I would *know*.
Which makes it 'not compromised'
Absence of evidence is not evidence of absence.
Hint: there is no such thing as an undetectable change.
I'd like to see evidence for that assertion.
Are you really stupid?
I'm a philosopher. I was hoping that you knew something that I
didn't and I could learn something. It seemed improbable given the
ignorance that you appeared to be displaying but hope springs
eternal.
If a change makes no difference to anything, ipso facto, it is
not a change. All changes therefore must make a difference,
and are therefore detectable.
Yes, but as I pointed out in the post to which you replied absence
of evidence is not evidence of absence. You can know that you
haven't detected a change, but you can't know that there is no
change. Absence of a change is not detectable.
Why don't we ask Schr?dinger's cat?
Damn - it's hiding in its box.
Best you can do is affirm that you have been unable to detect
a significant change in the items you are measuring and this
meets your requirements for assurance and security.
exactly, An undetectable change that results in no detectable
activity by anyone in the whole universe is not a security risk.
Come on, sense of balance ;-)
You are not everyone in the Universe.
There might be someone out there who knows a way to change a system
which is not detectable by the currently publicly available tools.
Nope, not with hashes over the entire storage system there isnt.
What's protecting the hashes?
A system that isnt even net accessible.

More hashes... And what protects them?
A system that isnt even net accessible.

It's a parallel problem to the old: who watches the watchers...
Fraid not.

And the other obvious way to completely protect a system
is to just restore it entirely periodically so that any change
that ever did happen just gets wiped out.
Did they hack your install media?
Not even possible if its read only media.

Replace the disc with the same media brand, forge the handwriting or printed
label, subletly different content. If the forgery were perfect, how would
you know?

Corse that last is only practical for some situations, but would
work fine if say you want a completely secure web browser and
dont want to keep any local record of what you have browsed etc.
One loon I communicate with ocassionally is so mindlessly oaranoid
that he quite literally uses a DOS machine with some utterly obscure
approach to net access to usenet from, so he cant actually use any
links in usenet posts. It would make a hell of a lot more sense to
just restore that machine from an image after every usenet session
instead and do whatever looks useful links wise in that session with
no risk whatever.
I still maintain ZERO risk is impossible
You're wrong on that.


I'm afarid you're wrong.

You are talking in absolutes and as such, zero risk is not possible.

If you wish to rephrase and say the risk can be made insignificant, I would
accept that.


Ok what is the risk that I shoot off your kneecap and you don't notice it?

Given that you took a photo of yourself with it, yesterday, and you are
now looking in a mirror and at the photograph?
Reply With QuoteReply With Quote