 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>> Worrying fact: 50% of the population has below-average intelligence.
>>> (!!!)
>
> So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
> (1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
> (who, if he existed, would be over 6 times as intelligent as the dumpest
> one).
Sure. And nobody actually has 4.2 children. But that doesn't mean it's
not a meaningful concept.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Jim Henderson" <nos### [at] nospam com> wrote in message
news:486deaf7$1@news.povray.org...
> On Fri, 04 Jul 2008 09:03:49 +0100, Invisible wrote:
>
> > Er... like, WTF?
>
> That said, there are ways, for example, to prevent a sysadmin from seeing
> files in a filesystem.
And there are ways (at least in SQL Server) to keep the windows sysadmins
out of a database, however you can't stop them shutting down the service and
taking the data files or changing the passwords of the accounts that do have
sysadmin rights.
We've done that as a standard across the organisation, along with ensuring
that the database administrators don't have administrative rights to the OS.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw wrote:
> I was in a training course once with a whole bunch of sysadmins (windows
> server 2003) and while the instructor was out of the room, one was boasting
> that he could surf any website regardless of the company's internet usage
> policy and he would never get caught.
Whereas the response in one company I was at towards the sysadmin was
"if you're going to surf porn at work, either face the door or close the
door. Otherwise we get complaints." :-)
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> What I suspect happens is that it's actually asymmetrically encrypted,
> and the decryption key is encrypted with your login password. That means
> if you change your login password, you gotta change one thing - the
> encrypted decryption key - and all your stuff is still accessible.
Yes.
>> Even if the admin can remotely log in, they won't be able to read your
>> encrypted files unless they somehow get your password.
Or they set up an escrow key.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 12:03:55 +0100, Invisible wrote:
>
>>>> a kernel-level debugger can see every octet of data in the machine's
>>>> main RAM and swap file.
>>> Hmmm, so you've reversed your opinion on whether or not a memory dump
>>> is useful? ;-) <scnr>
>> Useful for trying to grab somebody's credit card number? Absolutely!
>
> And how exactly do you propose to do that?
It's pretty trivial, really. Scan thru memory looking for 16 digits
that match the LUHN 10 algorithm. That's what CardShark (FV's sample
"encryption isn't good enough" program) did, in essence.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> If the built-in encryption keys off the login password only (ie, the
> login password just unlocks the encryption key), then as an admin, you
> just have to change the user's password.
If you change the password without knowing the old password, you can't
decrypt the private key that encrypts the shared secret. So, basically,
you lose access to the encrypted files.
Each file is encrypted with a random symetric key. That symetric key is
encrypted with the (same) user's private key. The private key is
encrypted with the login password. If you change the login password
without knowing the old one, you can no longer decrypt the private key.
If you change your private key, the old one is kept around until you run
cipher /u, which scans the entire drive and updates the symetric keys to
be encrypted with the new private key. But you don't normally do such a
thing unless you're doing something like adding an escrow key, joining a
domain, or something like that.
> the login password, so if you root my machine and change my login
> password, you're still not getting at the encrypted files.
Neither on Windows.
>> Or just zip things up with a password.
>
> That's a pain to use, though
Plus it's trivially easy to crack. Even long passwords hash down to 8
characters or something. There are plenty of free programs that'll crack
a zip archive in a matter of minutes or hours just with brute force.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
>> Especially when some stupid system forces you to change it every month.
> ....and this is bad because...?
Because if any break-in of importance is going to be revealed anyway,
you don't need to change passwords. Changing passwords regularly is only
useful if you're not going to detect that someone has stolen the password.
This is why renewal credit cards have the same numbers as the previous
credit card. If someone steals your credit card number, it's going to
get reported on the next bill. For example.
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>>> Even if the admin can remotely log in, they won't be able to read
>>> your encrypted files unless they somehow get your password.
>
> Or they set up an escrow key.
Or they modified the OS to not actually "encrypt" the data at all...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>>> Or just zip things up with a password.
>>
>> That's a pain to use, though
>
> Plus it's trivially easy to crack. Even long passwords hash down to 8
> characters or something. There are plenty of free programs that'll crack
> a zip archive in a matter of minutes or hours just with brute force.
...and today I learned something useful...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Eero Ahonen wrote:
> Jim Henderson wrote:
>> On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>>
>>> Worrying fact: 50% of the population has below-average intelligence.
>>> (!!!)
>
> So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
> (1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
> (who, if he existed, would be over 6 times as intelligent as the dumpest
> one).
>
We were talking about a population, unless you can come up with a very
good reason why certain extreme intelligences are more likely than
others you may assume the distribution is gaussian
(http://en.wikipedia.org/wiki/Central_limit_theorem).
For a counter example: as part of an introduction to databases and
statistics we used to measure height and weight of all first year
medical students to let them work with their own data. (getting some
girls to stand on scales was an interesting exercise). Often the
distribution of their heights was camel shaped.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
