Difference between revisions of "Security"

From Organic Design wiki
(Related news: The 773 Million Record "Collection #1" Data Breach)
(Security news: BootHole UEFI hack via GRUB2 buffer overrun)
 
(13 intermediate revisions by the same user not shown)
Line 13: Line 13:
 
Security starts with keeping the peace. While this might sound obvious it is nevertheless often forgotten. Keeping the peace means that one is active in not starting trouble and to stay out of harmʼs way before a conflict can start or escalate. We must refrain from provoking others to attack us by the behavior we display. It starts with not employing violence ourselves unless it happens in self-defense, not defrauding others, not breaking agreements, not bragging and challenging. Quietness, integrity and honesty combined with confidence reduces the risk of conflict greatly.
 
Security starts with keeping the peace. While this might sound obvious it is nevertheless often forgotten. Keeping the peace means that one is active in not starting trouble and to stay out of harmʼs way before a conflict can start or escalate. We must refrain from provoking others to attack us by the behavior we display. It starts with not employing violence ourselves unless it happens in self-defense, not defrauding others, not breaking agreements, not bragging and challenging. Quietness, integrity and honesty combined with confidence reduces the risk of conflict greatly.
  
== Related news ==
+
== Security news ==
 +
*2020-07-30: [https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/ BootHole UEFI hack via GRUB2 buffer overrun]
 +
*2020-06-20: [https://awakesecurity.com/blog/the-internets-new-arms-dealers-malicious-domain-registrars/ The Internet’s New Arms Dealers: Malicious Domain Registrars]
 +
*2020-04-22: [https://nakedsecurity.sophos.com/2020/03/02/siri-and-google-assistant-hacked-in-new-ultrasonic-attack/amp/ Voice assistants hacked via ultrasonic waves]
 +
*2020-04-15: [https://mashable.com/article/zoom-500000-accounts-dark-web/ 500K Zoom accounts being sold on the darkweb]
 +
*2020-03-06: [https://flatkill.org/ Flatpak - a security nightmare]
 +
*2020-01-31: [https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/ Kraken identifies critical flaw in Trezor hardware wallets]
 +
*2019-12-09: [https://arstechnica.com/gadgets/2019/12/wireguard-vpn-is-a-step-closer-to-mainstream-adoption/ Wireguard to be shipped in Linux kernel 5.6 in 2020]
 +
*2019-12-04: [https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ Two malicious Python libraries caught stealing SSH and GPG keys] ''- one library was available for only two days, but the second was live for nearly a year''
 +
*2019-09-07: [https://arstechnica.com/information-technology/2019/08/skype-slack-other-electron-based-apps-can-be-easily-backdoored/ Skype, Slack, other Electron-based apps can be easily backdoored]
 +
*2019-01-22: [https://justi.cz/security/2019/01/22/apt-rce.html Remote Code Execution in apt/apt-get]
 
*2019-01-17: [https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ The 773 Million Record "Collection #1" Data Breach]
 
*2019-01-17: [https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/ The 773 Million Record "Collection #1" Data Breach]
 
*2018-11-26: [https://www.zdnet.com/article/hacker-backdoors-popular-javascript-library-to-steal-bitcoin-funds/ Event-stream js library hacked by new "maintainer"]
 
*2018-11-26: [https://www.zdnet.com/article/hacker-backdoors-popular-javascript-library-to-steal-bitcoin-funds/ Event-stream js library hacked by new "maintainer"]
Line 71: Line 81:
 
*[https://www.eff.org/deeplinks/2018/10/there-are-many-problems-mobile-privacy-presidential-alert-isnt-one-them There are Many Problems With Mobile Privacy but the Presidential Alert Isn’t One of Them]
 
*[https://www.eff.org/deeplinks/2018/10/there-are-many-problems-mobile-privacy-presidential-alert-isnt-one-them There are Many Problems With Mobile Privacy but the Presidential Alert Isn’t One of Them]
 
*[https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ Should we change our RSA keys to ed25519?]
 
*[https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ Should we change our RSA keys to ed25519?]
 +
*[https://nullsweep.com/http-security-headers-a-complete-guide/ HTTP Security Headers - A Complete Guide]
 +
*[https://lwn.net/Articles/531114/ All about Linux namespaces]
 +
*[http://loup-vaillant.fr/tutorials/128-bits-of-security Discussion about the meaning of 128 bits in various contexts]
 +
*[https://forums.whonix.org/t/fixing-the-desktop-linux-security-model/9172/21 Discussion on isolation applications in desktop environments on Linux and Android] ''- scroll down to SokPuppettes comments''

Latest revision as of 01:15, 31 July 2020

Glossary.svg This page describes a concept which is part of our glossary

This few paragraphs from Bastiat's The Law is a good introduction to personal security; What, then, is law? It is the collective organization of the individual right to lawful defence.

Each of us has a natural right — from God — to defend his person, his liberty, and his property. These are the three basic requirements of life, and the preservation of any one of them is completely dependent upon the preservation of the other two. For what are our faculties but the extension of our individuality? And what is property but an extension of our faculties?

If every person has the right to defend — even by force — his person, his liberty, and his property, then it follows that a group of men have the right to organize and support a common force to protect these rights constantly. Thus the principle of collective right — its reason for existing, its lawfulness — is based on individual right. And the common force that protects this collective right cannot logically have any other purpose or any other mission than that for which it acts as a substitute. Thus, since an individual cannot lawfully use force against the person, liberty, or property of another individual, then the common force — for the same reason — cannot lawfully be used to destroy the person, liberty, or property of individuals or groups.

The assurance of physical security can be provided to members of a social mechanism in the same way as other aspects of the common vision are achieved - using a trust group based assurance system to avoid the need for a centralised institution. Members behave together as a group in alignment with the common vision to ensure fundamental shared values are maintained such as protecting them against harm and preventing them from harming others.

Informational security

Another important aspect of security concerns the assurance that our data is private and distributed. A huge population of people around the world are now realising the need to work together in alignment with the common vision, and realise that to do this we need to have full control over our information in our own hands, but at the same time we also need to take advantage of distributed storage. The only answer to really achieving this is peer-to-peer networks. The so called "cloud" services offered by centralised corporations are unable to offer true security or privacy.

Second Realm statement on Security

Security starts with keeping the peace. While this might sound obvious it is nevertheless often forgotten. Keeping the peace means that one is active in not starting trouble and to stay out of harmʼs way before a conflict can start or escalate. We must refrain from provoking others to attack us by the behavior we display. It starts with not employing violence ourselves unless it happens in self-defense, not defrauding others, not breaking agreements, not bragging and challenging. Quietness, integrity and honesty combined with confidence reduces the risk of conflict greatly.

Security news

See also