From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.swapon.de!newsfeed.fsmpi.rwth-aachen.de!reality.xs3.de!news.jacob-sparre.dk!loke.jacob-sparre.dk!pnx.dk!.POSTED!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: library/binding for sftp? Date: Thu, 8 Aug 2013 14:18:09 -0500 Organization: Jacob Sparre Andersen Research & Innovation Message-ID: References: <85li4gmhrt.fsf@stephe-leake.org><2wgl8bcmdsu0$.1rs1604fzwufv.dlg@40tude.net><85vc3jfias.fsf@stephe-leake.org><1gwg87tgm2bo7$.ae7440ka6kmc.dlg@40tude.net><85bo59g6h7.fsf@stephe-leake.org><5987935c-dbce-4602-b0e6-2bb85513588b@googlegroups.com><9oo34px7j5ko$.1j7bcnxwzgcxe.dlg@40tude.net><20130808111404.5fc6ce14@hactar.xn--rombobjrn-67a.se><1nfcrgjw8vkrb.1aukq12ys882l$.dlg@40tude.net> <20130808133709.09dfef98@hactar.xn--rombobjrn-67a.se> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: loke.gir.dk 1375989490 6907 69.95.181.76 (8 Aug 2013 19:18:10 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Thu, 8 Aug 2013 19:18:10 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.5931 X-RFC2646: Format=Flowed; Original X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157 Xref: news.eternal-september.org comp.lang.ada:16707 Date: 2013-08-08T14:18:09-05:00 List-Id: "Björn Persson" wrote in message news:20130808133709.09dfef98@hactar.xn--rombobjrn-67a.se... Dmitry A. Kazakov wrote: >> Firstly, there is no protection against targeted attack. Secondly, >> regarding spies, they aren't any good in programming. Obscuring is >> the best method against unfocused surveillance which works only with >> known protocols. > >Four false statements in a row. There are only three here, and the first is generally accepted as true (see below). >Dmitry isn't going to change his mind so I won't debate this with him >further, but to everybody else: Don't listen to Dmitry. He doesn't >understand basic information security and is giving dangerous advice. Then you better debate it with me, because at least part of Dmitry's advice matches what I would give. Everything I read about security says that there is "no practical defense against a determined attacker". That's a bit more nuanced than Dmitry's statement, but it's repeated all of the time by the security experts I read. You might be able to stop such an attack by unplugging all of your internet connections and shutting down all of your computers, but even that isn't certain. And who can do that for long? And Dmitry's point about spies (like the NSA) using "known protocols" is certainly true. They are much less likely to generally monitor what they don't know about. Of course, if they are targetting you directly, see statement 1. Honestly, your attitude is dangerously naive. Probably the best strategy of all is to have no secrets that need protecting, as in today's environment you should assume all information is being read (or could be read) by someone. When RRS was doing business with the NSA back in the 1980s, we used to occassionally talk to the light fixtures to remind ourselves of the possibility of survialence. We thought it was reasonably likely that we were spied upon even then, and it's 100 times easier today (we didn't have a network - we used sneaker-net - and weren't connected to any public network until we started working on Ada 9x). Randy.