"Criminal: A person with predatory instincts who has not sufficient capital to form a corporation." - Howard Scott
***
Someone: *** related a story about why you can't kayak near the merlion
a bunch of trainers organised a trip to marina bay
they were playing at the merlion sprout
then this security guard comes over and tells them to "go away! go away! merlion only for tourists!"
Me: wonderful
2nd class citizens
Someone else: i HATE how guys turn so much colder when they find out im attached
maybe i should purport to be single just to make use of them
maybe it is a type of feminism too
Me: yeah you've said that before
how do you want to make use of them
Someone else: for whatever lah
carry my bags
give me tips
things that men do just to get pussy
Me: ...
dont you feel that is exploiting them
and that you are equally reprehensible
Someone else: they do that for me anyway, BEFORE they find out im attached
all im doing is taking my time to let them know i am
Me: ...
Someone else: it's like going for free drinks on ladies night lah
lol
Someone: from an old post: "I talked to someone who'd studied in Japan for 9 months, and he said when you first meet Jap girls they talk in a high voice, but later when you know them better and you're at the bar they will talk in their natural voice." this is so true!
actually, it's high and sort of breathless
someone i know does this.. totally irritates me
esp when she suddenly switches to her natural voice
Someone else: studying in an all-girls' school taught me a few things
1) when girls talk among themselves they talk dirtier than guys do
2) some girls are not shy about teaching one another how to use tampons
Me: was it CHIJ
if so it's a biased sample
Someone else: no no no
no i came from ***
i believe such observations can be made in any girls' school lah
Someone: wah i din noe u r into law as well
Me: I'm a man of many talents and interests
Someone else on sending me a file on YouSendIt: i'm gg to encrypt it with a password
Me: ... why're you so paranoid
at the most they will delete it tomorrow
Someone else: sorry i'm in the bizness
heh
Me: this is called paranoia
since you're in the business are you scared of DNS poisoning
I can destroy your modem for you
do you check keyboards for hardware keyloggers
do you know that people can detect your password by the sound of your typing?
or there're keyloggers that can detect onscreen keyboards also
rootkits that you will never detect
so you should never use an unsecured computer
do you use bitlocker on your laptop
Someone else: i noe all of this
duhz
Me: yes
so do you do all those things
Someone else: i'm pretty lax already
u shld see my friend
Me: they have better things to do than trace the IPs of people who upload vaguely naughty videos
and report them to their ISPs for copyright infringement
when the copyright holder is someone chinese company they have never even heard of
Someone else: he runs all his programs in a vm
and resets e image everyday
Me: this reminds me of audiophiles
Someone else: sorry lar
u cant blame us
we've in this line
so we noe
Me: you know all the possible things that can go wrong
you don't know a reasonable way to calibrate what you do
remember to physically destroy hard disks after you use them
otherwise people can read the data
even if you write the bits 255 times
or cut up the platters
Someone else: yes physical destruction is e only way to be absolutely safe
Me: doesn't mean everyone should do that
Someone else: most pple dun
Me: most people shouldn't
it's not worth the bother
so what do you think will happen if you don't encrypt the file with a password
the only reason people normally do that is so the file isn't detected as illegal and deleted
e.g. when you're sharing warez
however in this case it's a one-time send to me
and I won't download it again
Someone else: its a public server
after all
i dun want the admins to probe it
Me: so what if they probe it
Someone else: nah i'm just not comfortable with it
anyway it isnt very troublesome
to just encrypt it with a password
no computer is totally secure
but trying to minimize e potential areas of attack
my browser is encapsulated inside a sandbox
so there's no way web exploits can jump out of e sandbox
Me: using google chrome?
Someone else: firefox
Me: what if no browser has that function
would you set up a VM just to browse?
Someone else: YES
Me: can you cut and paste to/from VMs?
the clipboard should be secured to prevent clipboard exploits right
Someone else: not saying using a VM is 100% safe
but if e attacker is able to jump out of e VM, he's probably so highly skilled
tt its a targeted attack
and dun bother to defend it in tt case then
Me: see
this is where you are using some form of discretion
I bet there're ways to make it even more secure than a VM
Someone else: but it shld keep 99% of e attacks out
Me: do you bother to use other terminals
since you can't be sure if there're keyloggers on them
when you go overseas do you check your email
Someone else: we always change our passwords
when we go overseas
for msn, emails
and then change back
when we get back
and no, we dun use public terminals to check mail
Me: yes you can change your password
but they can hack in before you return home
and your account will be gone
Someone else: NEVER
if i have to check mail
Me: so you always bring your laptop overseas
Someone else: yes
Me: right
so if you have no laptop
or it spoils
will you check your mail
Someone else: u will nv find me logging in a public terminal to check my email
i wun
Me: ok
Someone else: ok lar i noe this sounds a bit extreme to u
trust me
u haven seen e really extreme ones in my office
Me: no
not checking email on public pcs is not that extreme
err
if people cut off their arms it doesn't mean cutting off your hand is ok
Someone else: another way
is to relay forward all ur email
received
to a temporary email account
while overseas
and check from tt account
and delete e mails after viewing
if u for some reason decides to join IT security one day
perhaps u'll understand better why IT security r so paranoid
Me: it's because they are not able to calibrate the cost-benefit matrix
Someone else: not true
*** configures some hot keys
to disable his network adapter
whenever he's not at his pc physically
THAT extreme
Me: so do you think companies are justified in blocking MSN, gchat, gmail, twitter, facebook etc
Someone else: tt's from a biz perspective
its rather to restrain colleagues from wasting time on these
rather than for security
Me: it's also called paranoia
the official justification is to prevent the leaking of business secrets also
Someone else: rubbish lar
do u see me being blocked from ms, etc
Me: that's because they're not being dumb about it
how about the SAF
are they justified in banning CD-Rs for 'security'?
Someone else: e company is just lazy to do a proper audit
if it blocks all e msn etc
RW YES
justfiied
R...no
Me: I said CD-R
Someone else: i think they no longer ban cd-r
Me: they do
Someone else: but yah its SAF
they r well known for being a f**ked up org
Me: so if someone from the SAF talked to you about "security"
and justified all those measures
what would you say
Someone else: we as the solution providers provide recommendations
the clients , whether they want to follow
is their own business