Re: FTP Client With File Encryption For Remote Backup?
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 22 Feb 2006 18:21:43 -0600
"Tom" <Tom@xxxxxxxxxx> writes:
I never said it was top secret files, just personal files like bank
statements which I don't want my ISP staff to look at.
FYI, the software is not cuban, but written by a Swedish
citizen. Secondly, how it is going to send anything to a site, apart
from the FTP I have designated, based on my firewall rules? If the
software was trying to contact a site outside the FTP, I would see
it. In the same way, I would see on my web/FTP site traffic on the
log files.
We're beating a dead horse to some degree, and far be it from me to
talk you out of using the cool program you found that has the exact
functionality you seek. But since this is a security newsgroup, and
we tend to be a paranoid lot, possibilities include:
The application could--unbeknownst to you--generate an http
POST or GET request to port 80 to a web site under the authors
control for capture, encoding the data in POST variables or in
the GET request URI itself. Your firewall rules more than
likely allow such outbound traffic. Only a manual analysis of
the logfile would reveal it happened. And if the get request
were itself encoded even remedially, glancing at logs wouldn't
necessarily be telling you clearly that it happened and that
this app was responsible (unless you were looking at your logs
at the time of the first use of the program).
Hopefully though, the Softpedia "certification" of it being spyware-
free involved some technically astute analysis of the program for such
things.
Also, I might as well trust software written by an individual to be
as secured as software written by, say, Microsoft, which could have
some backdoors...
It's usally at this point in the discusion we have to turn to this
classic paper:
Trusting Trust by Ken Thompson
http://www.acm.org/classics/sep95/
the payoff is:
"The moral is obvious. You can't trust code that you did not
totally create yourself."
Another useful and interesting bit is why the Zimmerman, the author of
PGP, was so intent to defy the US Government's attempt to prevent it
from publishing its source code, and why PGP was so stalwart in the
importance of encryption software being not only open source, but
widely widely peer reviewed:
http://www.philzimmermann.com/EN/findpgp/findpgp.html
More here including history:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Security
Zimmerman spoke at defcon a few years ago and had interesting talk
about it all. I especially liked the bit where he had the source code
published in a book complete with optical marks to facilitate OCR
scanning of the book into machine readable form. This was a way
around the government's attempts to enforce a different first
ammendment standard on strong encryption software than print books
enjoyed.
Since you seem to have an answer to everything, what is your
suggestion then to the original question? All I see from you is
contributions with little or no value.
With regard to D Specer Hines contributions, I agree. Even by the
bottom-feeder standard of usenet contrarians (who can only manage to
be right only by pointing out minutiae that is wrong), he seems
hopelessly impaired.
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- References:
- FTP client with file encryption for remote backup?
- From: Tom
- Re: FTP client with file encryption for remote backup?
- From: Tom
- Re: FTP client with file encryption for remote backup?
- From: Todd H.
- Re: FTP Client With File Encryption For Remote Backup?
- From: D. Spencer Hines
- Re: FTP Client With File Encryption For Remote Backup?
- From: Tom
- FTP client with file encryption for remote backup?
- Prev by Date: Re: DesktopX, Windows Blinds Froze XP
- Next by Date: Re: DesktopX, Windows Blinds Froze XP
- Previous by thread: Re: FTP Client With File Encryption For Remote Backup?
- Next by thread: Re: FTP Client With File Encryption For Remote Backup?
- Index(es):
Relevant Pages
|
