On Thu, Nov 13, 2014 at 4:16 PM, Ralf Mardorf <ralf.mardorf@xxxxxxxxxxxxxx> wrote: > On Thu, 13 Nov 2014 21:31:40 +0100 > Ralf Mardorf <ralf.mardorf@xxxxxxxxxxxxxx> wrote: > > > On Thu, 13 Nov 2014 15:02:58 -0500 > > Sean Greenslade <sean@xxxxxxxxxxxxxxxxxx> wrote: > > > > > On Thu, Nov 13, 2014 at 06:55:51AM +0100, Ralf Mardorf wrote: > > > > Sean, actually you tells us that we should care about security > > > > holes in Mutt/1.5.23 to attack you ;) and since you're replying to > > > > Arch general email, you're likely using Arch Linux. This likely is > > > > a trick, you're running Alpin on openSUSE? ;) > > > > > > Ha hah! I'm running LFS and using telnet as my mail client! > > > > > > I kid, I kid. And I actually did have that thought as I was writing > > > that mail. So, uh...do as I say, not as I do, etc. etc. I really > > > won't claim that my setup is anywhere near hardened. > > > > :) > > > > Another point of view is, that if we mention Arch Linux in a header, > > we also point out, that our OS is upgraded with current security > > patches from upstream. IOW it's easier for you, to attack somebody > > using another Linux distro. OTOH the latest bash issue was fixed by > > FreeBSD and all Linux distros I watch very soon and much more people > > use Apple, Windows and Android (pseudo-Linux) operating systems. I > > like to show that I'm using a MUA running on Arch Linux. Assumed I > > should need security, then I would use two additional computers to > > provide that. One for absolutely anonymous Internet usage and another > > computer that is completely decoupled from the Internet. > > Assumed we want to share data between the anonymous Interne > computer and the computer without an Internat connection, e.g. by a > "brand new tidied up" USB stick, we should consider to use a third > computer before we transfer the data. With the computer in the > middle, we should check if the USB stick is "clean". The computer in the > middle should be rebuild several times a day, using different hardware > combinations. > But perhaps that would be too much hassle. Maybe the computer in the middle should be a live-ISO chosen at random by the offline computer, which would have been pre-loaded with all the necessary verification tools. -- - Toyam
