Slashdot Mirror


Analysis of Passport Flaws

An anonymous reader sent us an excellent (and technical) paper describing problems with Passport its not lame anti ms rhetoric, its actually a well written technical assesment of security problems with the unified login that passport aims to achieve. This is a good read.

5 of 174 comments (clear)

  1. Re:What the hell?!?! by Detritus · · Score: 1, Troll
    There are a lot of lame articles on slashdot. Poor spelling, punctuation and grammar are the norm. Not to mention non-existent fact checking.

    Remember, AMD and Linux are good, Intel and Microsoft are bad. Why think when the collective can do it for you?

    --
    Mea navis aericumbens anguillis abundat
  2. Re:Windows users by F_Prefect · · Score: 1, Troll

    I don't get this, they don't force us.

    I don't know if you have read anything about Windows/Office XP. In order to get them to work for more than 30 days, you have to get a passport account. This is so that MS can get the info of what machine (not Processor ID #) but what type of processor, how much ram, type and size of HD's, etc. I will give MS one good statement, they can make an awesome licence agreement, just too bad that they can't make a decent OS.

    --
    You can be replaced by a very small shell script.
  3. Fuck you spork_testicle. by Anonymous Coward · · Score: -1, Troll

    I hate you, spork_testicle. Fuck you. f u c k y o u ff uu cc kk yy oo uu fff uuu ccc kkk yyy ooo uuu ffff uuuu cccc kkkk yyyy oooo uuuu fffff uuuuu ccccc kkkkk yyyyy ooooo uuuuu

  4. Windows users by Cave+Dweller · · Score: 2, Troll

    "The bulk of Passport's flaws arise directly from its reliance on systems
    that are either not trustworthy (such as HTTP referrals and the DNS) or assume
    too much about user awareness (such as SSL). Another flaw arises out of
    interactions with a particular browser (Netscape). Passport's attempt to
    retrofit the complex process of single sign-on to fit the limitations of
    existing browser technology leads to compromises that create real risks."

    Do we really *need* Passport?

  5. Re:Hailstorm. by philipm · · Score: -1, Troll

    yeah, I hate it when I'm right too. Why are you in pain, my son? Is it your lack of money, skills, or ethics? Did your assets get seized, sweetie? P.S. If I were you I would look into a career change, maybe a violent prison guard, or a drug property seizure expert. "Guilty! Guilty! Guilty!" - the three lizard priests from Anachronox