Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analysis of Passport Flaws

Posted by ryuzaki0 on from the something-to-think-about dept.

An anonymous reader sent us an excellent (and technical) paper describing problems with Passport its not lame anti ms rhetoric, its actually a well written technical assesment of security problems with the unified login that passport aims to achieve. This is a good read.

3 of 174 comments (clear)

  1. Re:What the hell?!?! by Detritus · · Score: 1, Troll
    There are a lot of lame articles on slashdot. Poor spelling, punctuation and grammar are the norm. Not to mention non-existent fact checking.

    Remember, AMD and Linux are good, Intel and Microsoft are bad. Why think when the collective can do it for you?

    --
    Mea navis aericumbens anguillis abundat
  2. Re:Windows users by F_Prefect · · Score: 1, Troll

    I don't get this, they don't force us.

    I don't know if you have read anything about Windows/Office XP. In order to get them to work for more than 30 days, you have to get a passport account. This is so that MS can get the info of what machine (not Processor ID #) but what type of processor, how much ram, type and size of HD's, etc. I will give MS one good statement, they can make an awesome licence agreement, just too bad that they can't make a decent OS.

    --
    You can be replaced by a very small shell script.
  3. Windows users by Cave+Dweller · · Score: 2, Troll

    "The bulk of Passport's flaws arise directly from its reliance on systems
    that are either not trustworthy (such as HTTP referrals and the DNS) or assume
    too much about user awareness (such as SSL). Another flaw arises out of
    interactions with a particular browser (Netscape). Passport's attempt to
    retrofit the complex process of single sign-on to fit the limitations of
    existing browser technology leads to compromises that create real risks."

    Do we really *need* Passport?