Ask a REAL data security expert, copy how NSA does it, or give up, go home

a reply to: charlyv

Since when did defense contractors become the gold standard of IT security?
Didn't Boeing get 50 TB egressed without them knowing??? Whoops!1!

The reason they use Windows is the same reason everyone else does:...it was already installed when the current IT senior got appointed!

There are no examples of perfect security (including Linux) because it doesn't exist and if it ever did- it could only be temporary.

originally posted by: AnonyMason
a reply to: Op3nM1nd3d

Well in the case of my VPN company not logging, i can promise you thats a 100% fact... Its my company

So far we generate about 15,000 penetration attempts per day. Haven't been hacked yet.

Skiddies will be skiddies.

I'm not sure how your VPN is set up, but the concern I've seen expressed with some VPNs is that they are hosted in data centers, so even if the VPN service doesn't keep any logs, a subpoena to the data center may reveal logs kept by the data center that the VPN service didn't even know about (Even if the VPN was truthful that they kept no logs). So at least with some VPN services, just because the VPN service doesn't keep any logs doesn't necessarily mean there aren't any.

If there are no logs anywhere then I suppose the question would be how are abusive attacks dealt with? It seems like some kind of logs might be needed to track down what's happening in a DDOS attack and that's one reason the data centers keep them.

torrentfreak.com...

1. EarthVPN does NOT log any VPN usage or user activity. Neither us nor third parties are technically possible to match an IP address to an account.

Maybe there are logs they didn't even know about, either that or they are lying if they did know about the logs:

“No logs” EarthVPN user arrested after police finds logs

On EarthVPN defence, a representative claimed in the lowendtalk forums that although they do not keep logs, Dutch police had seized one of their servers with a court order and they suspected that the datacenter was keeping IP transfer logs to protect against Distributed Denial Of Service attacks which is how they managed to track down this person.

Even when a VPN provider claims there aren't any logs, you have to view that claim skeptically as this example shows.

a reply to: Arbitrageur

Even when a VPN provider claims there aren't any logs, you have to view that claim skeptically as this example shows.

The logs are really irrelevant when you consider that the gov't could legally force the business owner to secretly capture the data they require without notifying the user base.

Lavabit was an example where the owner apparently had some b@lls and resources to legally fight the gov't. He spent some serious money , delt with serious intimidation, and stress in choosing to shutdown his business, versus comply or assist to provide data on its customers.

IMO with VPN security it boils down to having faith on the owner of the hosted system and their desire to take on big gov't.

a reply to: interupt42
That's a valid point. I remember reading about the trials and tribulations of lavabit, that took some guts to stand up to the oppression and not everybody has guts like that. Even lavabit couldn't hold out forever as you say.

Thanks to..

Vizzle and Op3nM1nd3d for your advice

a reply to: Algorithm

Thats it! I knew somebody would remember thanks for refreshing my brain, that it was the first time I'd heard the term, it was the high strangeness of the article that stuck with me.

a reply to: Vizzle

Sorry viz I should have been more specific he was on point tho, the other attacks came after and didn't have the same spooky ghost in the machine vibe. Didn't one of those come out like a month later at defcon? The mirage of data security right?

a reply to: bobs_uruncle


Sounds simple enough! Without a Faraday Cage, I could probably make a fluorescent bulb glow bright just by holding it. The pulses are pretty intense here, during the day. I've got the NSA cooties. Damned hard to get rid of - even with your expert advice.


Sort of waiting for Satan to come by and pick up these guys. It's been fun - thanks for the memories, ATS...

a reply to: Aliensun

Honestly, nothing

The only solace you can take is that you are probably not showing up on government radar by not protesting, not visiting anti government sites, not asking difficult questions etc.

a reply to: LanceCorvette

You would probably be surprised that one third of my clients get security upgrades just because they can afford it

Others however have genuine need for it. Financial organisations such as hedge funds are worried about government agencies feeding of their market positions as well as stealing trading algorithms. Software companies are also worried that larger software giants like Microsoft will steal their code etc

a reply to: Vizzle

I am very sorry but you must be 20 something and not a day over 30

XP has been EOL'd

That is one of the reasons I am using it, you should trust Microsoft as much as you should trust CIA

Why use windows, did it ever occur to you that my clients want familiarity.

Windows XP for example is a broken down into pieces completely understood OS, all the backdoors plug-able.

Why use limited RAM capacity.

Maybe I'd tell you if you asked nicely and showed some respect in your post.

About your hidden camera, what good is video footage after your data and premise is compromised

Think it through

a reply to: Jukiodone

Already answered

a reply to: Algorithm

I didn't mention hardware backdoors because I didn't want a forever post.

If you want to solve complex problems you have to think completely outside the box, KISS is key, keep it simple stupid

Offline PC deals with data processing and encryption, online PC gets only something that is already encrypted.

a reply to: AnonyMason

PGP by the way has been broken by NSA, it is still usable if you know how

a reply to: pl3bscheese

You can't trust VPNs

Some VPN are run by NSA for Christ's sake

You can only trust proper encryption

VPN encryption you get from paid service is a joke.

a reply to: DarkvsLight29

I already told you that mobiles and other smart devices will not provide privacy or security

But as you wrote, you think you shouldn't listen to me.

Ok, you go ahead and listen to whoever you want.

a reply to: cavtrooper7

Can you rephrase your question ?

a reply to: charlyv

You understand exactly what I am talking about, bravo.

Not that I like Microsoft, I hate the bastards, but yes XP can be buttoned up.

Win 7 can as well with a whole lot of effort, a lot of effort.

It takes me 3 days working 4 hours a day to prepare a single win 7 OS for usage

I can cut that down with DVD imaging but sometimes clients want to see you sweat LOL

Funny how government wants your life on a silver platter, but completely values its own privacy and secrets.

Funny how that works.

I'll suck your blood, but you can't have a drop of my blood.

Yeah, seems fair.

a reply to: DannyBoy555

Where do most of the cutouts come from?