On Sat, Aug 07, 2010 at 08:42:26AM -0400, Dan Ritter wrote: > Also, we should note that the original post from David indicated > that he was accessing his systems remotely. There's a non-zero > chance that potentially hostile invisible proxies are lurking on > any given open WiFi, hotel network, or net cafe. There's also a non-zero chance that some crazed maniac will attack your physical person and slice open your head in an attempt to extract data directly from your neurons... But that doesn't mean we should spend resources of any kind securing against that possibility. =8^) That's an absurd scenario, but so is a hostile invisible proxy -- not that they can't exist, but I seriously doubt that anyone with the wherewithall to set up such a thing is waiting around Starbucks for David to access his MythTV setup so they can snarf his password and mess with his recording schedule. It's far more likely that someone skilled and hostile is working at a telecom supporting network infrastructure, targeting people's on-line banking accounts from a far-away unseen location. Again, these are sophisticated attacks, and unless you are eager to spend a lot of time learning about computer security (and let's face it, even most of the people on this mailing list really don't fall into that category), you're probably not going to be able to do much to stop the guy behind the curtain. Whether or not you should try is really a question of how much it's worth to you. The point here, again, is that security is about expending resources commensurate with risk. There are virtually no black and white issues in computer security. It's a lot like buying insurance: If the risk is very low and/or you need to spend your resources elsewhere, you don't buy the policy. If you have limitless resources, then yes, you should make efforts to protect yourself from everything imaginable. However, for the overwhelming majority of us, that's not true. So, unless you just happen to go nuts for computer security, I suspect you have better ways to spend your time and money. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.