Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So is there an automatic assumption that i am doing wrong with this knowledge?
I'll try to give a slightly nuanced answer.
In some other recent LQ threads, some posters pointed out that the rules forbid tutoring people in activities such as breaking into computer systems,
There are good reasons (think social engineering) why moderators like unspawn won't simply take your word for it that you are "doing this for a course",
As you apparently already know, conventional wisdom holds that only persons who have worn a black hat (at least, inside a walled garden) can hope to one day wear a white hat,
As Aaron Barr's involvement in NSA ReBl exercises and schemes to "neutralize" lawyer/journalist Glenn Greenwald shows, even adults working inside the surveillance state can and do lose their way, ethically speaking,
As the HBGary scandal shows, there is no functional distinction between American "law enforcement" agencies like the FBI which contract with companies which operate what IMO can only be called criminal enterprises like "Team Themis", and organized crime groups,
It is characteristic of the surveillance state that it considers all citizens to be guilty, and this suspicion persists in the face of all contrary evidence,
It is characteristic of the surveillance state that it particularly suspects its own employees of laziness, incompetence, disloyalty--- often, with good reason.
Quote:
Ok so can we stop getting so damn off topic on this post it isn't even funny?
Which post?
Thank you for reading this thread, by the way. I hope it gave you pause for thought.
# t is characteristic of the surveillance state that it considers all citizens to be guilty, and this suspicion persists in the face of all contrary evidence,
# It is characteristic of the surveillance state that it particularly suspects its own employees of laziness, incompetence, disloyalty--- often, with good reason
Now let me add an interesting point to think about. I recently left private (corporate) employment for public employment by the state. My experience has been that the private / corporate conditions are far more characteristic of "surveillance state" than the state. For example, while working for corporations, the internet access was strictly and tightly controlled to the point it was near impossible to perform job related research. You were assumed to be a guilty slacker, who was up to no good, and needed to get the approval of someone at the VP level to do much more than requisition a pencil. By way of contrast, working for the state, there are two rules of import for using the network / internet: one, don't attempt to crack into other systems, two, don't knowingly download pornography unless it is for a job related function with your supervisor's approval. The attitudes towards IT security are similarly different. In the private sector it was on preventing you, the employee, from mal-action. In the public sector it is on keeping the bad guys out while keeping IT behind the scenes. The private company had security cameras watching your entire comings and goings, along with security guards on patrol. In the public sector, we don't.
People often talk about fearing the big bad govt. Personally, I am much more concerned about the private companies. My concern about the govt is in terms of the politicians that the companies have bought in order to further their agenda.
I completely agree that private companies are a huge threat for many reasons. To name a few:
"sink or swim" capitalism and relentless shareholder pressure constantly impel large corporations to walk very near (and often step well beyond) the boundaries of what is thought to be legal in their jurisdictions,
little effective regulation or outside knowlege of their info ops, internal espionage on their own employees, et ecetera,
American corporate executives are not known for their possession of a reliable moral compass, and an ethically challenged culture encourages all manner of nastiness (toward customers and fellow employees as well as towards competitors and regulators).
I think it is crucial to understand that inside the US (and many of its allies), the distinction between government and private companies, even multinational corporations, has become increasingly blurred. Examples:
Choose an American city, surf to its local government website, and check where the webservers hosting some randomly chosen pages are physically located. You may find that at least some pages which appear to the naive surfer to be local government pages are not even maintained on a server physically located anywhere inside the USA!
Choose almost any city in the world which has a public transit system, and find out who operates the surveillance cameras and who maintains the transit card database. Good chance the answers will be one of three huge multinationals which are subsidiaries of even larger multinational "defense" companies.
Choose almost any US State government, and find out who operates... say... their drivers license database. It is likely that private companies will play crucial roles.
Choose a recent news story suggesting some governmental entity may become the target of a lawsuit. Find out how it is reacting. Almost certainly, by hiring a private company (very possibly a huge multinational) to search their own databases, mail servers, et cetera, for "legal discovery" in anticipation of legal proceedings.
Choose a recent news story suggesting some minor governmental entity is seeking a new executive. Find it how they are doing that. Almost certainly, by hiring a headhunter, possibly another multinational.
Choose a random US state and look at who works as intelligence analysts inside their fusion center(s). Almost certainly, most are contract employees who are actually employed by private spycos.
Who operates the state pension system? Who provides health insurance?
Your mileage may vary, but if at first it seems things are not as I said, dig deeper. For example: if you are told that private companies are not involved in running the drivers license database, who designed that database?
Many of these activities involve vast amounts of information being copied from governmental to corporate databases (and back). All of them tend to raise the "threat profile", including the "insider threat profile".
Quote:
The attitudes towards IT security are similarly different. In the private sector it was on preventing you, the employee, from mal-action. In the public sector it is on keeping the bad guys out while keeping IT behind the scenes. The private company had security cameras watching your entire comings and goings, along with security guards on patrol. In the public sector, we don't.
I assume you are contrasting working for Google (or Microsoft or...) with working for some mayor's office, not working for Google and working for a US entity which requires "security clearances".
Sadly, presence or absence of surveillance cameras in USG settings probably has more to do with current funding issues than with presence or absence of political will to spy on the workplace. You can't waste money if you don't have any to spend. (Unfortunately, you can't invest in things like education or infrastructure improvements either.)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.