Oh, look! Mudge is back!
If you search Google for "BEGIN DSA PRIVATE KEY", you can easily find private SSH keys.
I find Bruce Schneier to be a very curious individual. As much as his understanding of security issues and abilities to explain these to lay folks should be admired, just as much can he come up with some really braindead comments and misunderstood points.
Example: His recent mention of port knocking made me cringe. This is plain text passwords reinvented by violating IP.
Who wants to give me 3000 euro? I want to go to Blackhat Europe at the end of May.
Two bad things have happend.
1) I started reading the Microsoft newsgroups on msnews.microsoft.com yesterday, and 2) today I handed in my worst written work since the third grade: a draft policy covering patch management for my employer. It is exactly not vague enough to make enforcement and auditing impossible, but vague enough to not ensure that implementations are really useful.
I feel dirty.
I prefer to write useful policies rather than pointless ones, but the current environment leaves me with little choice.
Grrr! Roar! ARRRR! Cast your eyes upon this snippet of traceroute(8) output and growl with me.
1 192.168.10.1 (192.168.10.1) 3.342 ms 4.8 ms 2.358 ms 2 atm2-0-5389.kd4nxx9.ip.tele.dk (80.160.149.61) 261.734 ms 255.172 ms 244.479 ms
Or this mtr(8) output:
Hostname %Loss Rcv Snt Last Best Avg Worst 1. 192.168.10.1 0% 63 63 3 2 4 10 2. atm2-0-5389.kd4nxx9.ip.tele.dk 0% 63 63 17 15 39 513 3. ge7-0-3.1000M.kd4nxg2.ip.tele.dk 0% 63 63 36 16 29 182 4. pos2-0.2488M.hcnxg1.ip.tele.dk 0% 63 63 21 19 29 157
I hate my ISP.
What is the point of online, fully automated banks that close? Is it that hard to build transaction systems that do live backups?
I would think not.