Slashdot Mirror
Dan Geer On Trusting PCs In Botnets
walk*bound writes "In an essay published by ZDNet, security scientist Dan Geer has an interesting proposal for e-commerce sites to evaluate the trustworthiness of clients that try to connect. Assume that end users either always say 'Yes' or always say 'No' to security dialog boxes. Then make the decision one of two ways: 'When the user connects, ask whether they would like to use your extra special secure connection. If they say "Yes," then you presume that they always say "Yes" and thus they are so likely to be infected that you must not shake hands with them without some latex between you and them. In other words, you should immediately 0wn their machine for the duration of the transaction — by, say, stealing their keyboard away from their OS and attaching it to a special encrypting network stack all of which you make possible by sending a small, use-once rootkit down the wire at login time, just after they say "Yes."'"
This is me trying out less formal 'internet speak'. Apparently one should be casual when talking to the internet. I'm not quite sure why, as we haven't all been formally introduced yet, but I do like to comply with convention. Simon, my tech guy, gave me a dictionary to help me translate, but some of the words are very rude and I can't immagine myself ever using them. Except maybe to June Dawkins if she cheats at the sponge cake competition again this year. I don't care if she is reading this, damson jam was banned for a reason!
Yours,
Mildred
This Internet 2.1 blog for user Mildred is powered by The Cheapest Blog Host On The Internet! , the revolutionary web 2.0 metalayer. Get yours now! blog navigation | previous post | first post a link to the next post will be in a comment to this post
This Internet 2.1 blog for user Mildred is powered by The Cheapest Blog Host On The Internet! , the revolutionary web 2.0 metalayer. Get yours now!