Slashdot Mirror
Slashback: Quinn, InfoCards, McKinnon
Globe's Ombudsman silent no longer. Andy Updegrove writes "For two months, the ombudsman of the Boston Globe has been silent on the reporting that helped bring about Massachusetts CIO Peter Quinn's resignation. Last night, in response to an entry pointing out that silence at the Standards Blog, ombudsman Richard Chacon at last responded, admitting to "lingering questions over why the [Quinn travel investigation] story was allowed to run without comment from Eric Kriss," but standing by "the initial reasons for looking into the story." Chacon also promises to report back with further observations after contacting Peter Quinn."
Microsoft continues push for 'InfoCards'. FrankieBoy writes "Bill Gate kicked off the RSA computer conference in San Jose, CA by unveiling a few more details about their new 'InfoCard' system in the upcoming IE7. With InfoCards people could save personal information on virtual cards on their computers which websites would recognize removing the need for many different internet passwords."
Gary McKinnon extradition hearing reopened. earthlingpink writes "BBC News is reporting that the extradition hearing has reopened for Briton Gary McKinnon who is accused by the US of hacking into military computers. The damages he has caused is estimated at £370,000 (about $640,000 today) and he is said to face more than 45 years in prison. The original story and audio interview were both covered by Slashdot in June of last year."
Bugs to help kick oil addiction. Mr. Ghost writes "Bugs such as certain species of termites and fungi such as Trichoderma reesei may be the key to effectively and cheaply generate ethanol from cellulose. Small companies like Iogen and large international energy companies like Royal Dutch Shell are putting more and more money into this research. This type of technology may even be a way for the American automobile industry to gain back market share from its competitors."
No. You are talking about PIN/Password caching, in an encrypted store. Think Mac keychain.
This is an identity system, that supports federation, incorporates policy negotiation and can establish reputation with third-parties.
It is Passport, without the central identity repository - similar to Liberty Alliances' SAML work, but in the WS-Security framework, and with extended user functionality.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
It's interesting to see how far we've come from Passport, yet how little we've moved. At least we no longer are asked to ship our credit card data to Microsoft for "safekeeping", the InfoCard data resides on our own computers (for better or worse).
I noticed that there seems to be confusion about a meta-identity system (one system spanning identities) vs an identity meta-system (one identity spanning systems). Will InfoCard really be a meta-system? Googling, I'm not seeing much for implementing MS Passport authentication outside of Microsoft products, so my hopes aren't too high for being told how to receive customer InfoCards if I'm writing a commerce site in PHP, Perl, or Java (I found an MSDN site that looked hopeful, but after a chapter on authenticating users in JSP, there was a short paragraph that basically read "Or... you could use Microsoft Passport for authentication. Check MSDN for articles on authenticating with MS Passport in ASP.NET").
effectively and cheaply generate ethanol from cellulose
I wonder does anyone know how much land this would take up?
A. What's the richest source of cellulose
B. Based on the energy value of the ethanol produced from say 1 tonne of the crop, how much land is going to be needed to replace the oil consumtion in private cars in the USA?
I bet it's not a small amount...
When fingerprint scanners become more common in laptops and smartcard readers more common in keyboards, I believe Infocards will be a serious advantage over the current method of data protection. Given the relative costs of both of those devices, I think you'll see them pop up on most hardware in the near future.
Make no mistake, no security scheme (at least that is feasible for average use) will ever be perfectly secure. But when saying "all that does is identify the machine, not the user" you must consider "what does the current system (passwords) identify?".
The answer is nothing. Passwords are probably just about the worst security method you could imagine (besides no security at all)! They just happen to be the easiest method, so they became default.
If you spend some times actually researching InfoCard, you'll see it is at minimum a very interesting idea. Do I think it is the ultimate correct answer to security? No. However, its the most promising proposal I've seen in some time that can both provide pretty solid security and be easy enough for joe sixpack to put in wide use. Eventually, I'm sure better things will come along (or things similar to InfoCard will evolve and improve) but for the time being InfoCard is probably the best idea out there right now considering security offered, ease of use, expandibility, etc.
The point is passwords have well outlived thier usefulness in computer security and ideas like InfoCard are promising ideas which could well be the answer (at least for now).
"reality has a well-known liberal bias" - Steven Colbert
IE has password memory. So does Mozilla / Firefox, Opera, Safari, and a host of other browsers. It's a feature to make it easier to access sites, but users with high authentication should know that that ease comes at a cost of security. Admittedly many non-IE browsers have a "master password" structure whereby you type one password for it to remember all of your passwords on demand (as mentioned by a sibling post about Safari), but said poster also recognized that most of these systems ship with the feature off by default, and even if it is on, you're still doing a balancing act with security and ease -- if a cracker finds your master password, they've found ALL your passwords.
And I believe you're referring to FindFast, Microsoft's indexing tool that they shipped with Office. As I remember it, FindFast indexed documents (i.e. Microsoft Word, Excel, etc. files) so they could be found easier later, as well as have quicker in-file searching (i.e. searching for a word inside all your documents). It never stored your domain passwords or any such security-related tokens. Once again, though, you're only screwed if you put your password inside a Word file in your system... and why the hell would you do that if you're concerned about security? (P.S.: Anyone who had even a bit of technical acument would turn FindFast off back in the time when it was used, as it made your system horribly slow when it was indexing and tended to do so at inopportune times.)
Passport only works on sites that explicitly choose to support it, and generally only if you register yourself that way: most will give you an option for a registration in their site database only (eBay did this previously if I remember correctly). Several alternatives have been attempted at Passport-like solutions as well, to be fair, including some open source options. Once again, Microsoft isn't forcing you to use their solution, and I doubt a lot of systems use Passport authentication for high-level access anyway.
Normally I wouldn't be so argumentative, but you made a sweeping generalization when you said that "non Microsoft tools have taken local and remote attack into consideration". You made your bias quite clear in that statement. Next time you want to post attacks, at least back them up with some proof or evidence.
Anyway, I have yet to form an opinion on this InfoCard thing, but seeing as how it'll likely be Microsoft-proprietary and they'll probably have something to gain from it, I doubt I'll be either signing up for one (unless I have to in order to access a system, and even then I'll resist quite vocally) or deploying it on my own login systems.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs