I am a normal non-business customer of a bank in the UK and I have a reader supplied by the bank that generates either a one time code for identity, or a code based upon an account number used for securing money transfers (so you can tell that you are not being phished). In both cases, the chip card and pin are required in combination with the reader, making it a rather secure system.
Update: a bug has been opened to handle this incident. It seems the offending company was spamming, and nowhere did they state that they were a reseller for Comodo, nor were there any ownership checks done before issuing the certificate.
When I visit the SSL server with the "compromised" certificate at 192.116.242.23, Firefox tells me:-
Secure Connection Failed
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
Unfortunately, a lot of applications do not check for revocation by default, and there are even some CA's who do not provide an online certificate revocation service, which is another weak link.
"Trujillo's final dramatic quote to the analysts was "Nothing Stops Telstra"." (Business Spectator)
The man reeks of arrogance. Nothing good can come of letting the incumbant monopoly. I hope that Australia ends up with the network it really needs, rather than the one that Telstra has given them.
This/was/ being done until recently by a security firm, until it was decided that they could not afford to keep registering lots of domains for the sake of keeping the botnet offline. Had it not been for them, the botnet would have been online a lot sooner after McColo was shut down.
I beg to differ. Back in the days of dial-up, just for the heck of it I tried connecting to a chargen server, and was pleasantly surprised to see speeds in excess of 500kb/s out of a plain old pots modem.
I am a registered voter in M.P. and Home Secretary Jacqui Smith's constituency. I just hope I can persuade enough other voters to vote for someone else at the next election.
There is already an agreed specification for OpenID 2.0 that includes use of the lesser known i-name and i-number identifiers, and XRI resolution, which is far more robust and solves the OpenID recycling problem.
Then there are the privacy issues -- DHCP IPv4 provides some masking, while IPv6 provides none whatsoever and likely gets archived.
This is FUD. IPv6 has privacy extensions for stateless autoconfiguration that specifically address this problem. Please read RFC 3041. It has been around since 2001.
It occurred to me that one could use Creative Commons in conjunction with XMP (metadata tagging) to construct a peer-to-peer network for easier sharing of legitimate files combined with attribution.
A&A are not asking for anything unusual. All they want is for BTW to deliver the service as specified. The problem is a well known bug in the IOS image that BT has installed on some BRAS, which has been demonstrated to also affect certain IPv4 packets, making the IPv6 argument completely spurious.
If you want a laugh at their incompetence, have a gander at the following:-
Try and get your hands on a copy of TinyXP Rev05. It is the smallest XP re-spin I have found. It uses no more than 45MB RAM after boot-up, leaving plenty of space for your applications.
For a while, Google Groups used to be a good way to search usenet. Since they allowed anyone to create a group on Google Groups, it is now completely riddled with spam and next to useless.
That said, I wish more web forums would provide a nntp front-end (gmane is a great example - although it is oriented towards mailing lists). It is far easier to follow discussions when you use the same interface throughout. If a feature is missing, you can always code it yourself. With web forums, you are limited to the server software.
You can mount NTFS/ext2 in DOS using Paragon IFSDRV. There are probably drivers for other filesystems available if one looks around. A quick google reveals a long list of DOS software at www.unet.univie.ac.at.
I am British and I certainly consider myself European. However, I currently live overseas, so perhaps I am more inclined to take a more wordly view. Most Brits I have met seem to be quite happy that they are isolated from other European countries.
I agree. "Some cert" is harmful since the user may assume that their session is secure when it could be subject to an attack. A user browing a SSL-secured website is more likely to disclose personal information and data such as account details.
When there is no certificate, the user has no expectation of security and may adjust their behaviour accordingly by witholding their personal data.
I believe that extended verification certification goes someway to addressing the identity problem, but until users are aware of the difference, it is a non-starter.
Slashdot Mirror
I am a normal non-business customer of a bank in the UK and I have a reader supplied by the bank that generates either a one time code for identity, or a code based upon an account number used for securing money transfers (so you can tell that you are not being phished). In both cases, the chip card and pin are required in combination with the reader, making it a rather secure system.
There was also a Pac Man version of Tetris called Pac Attack. It had a really funky soundtrack that I thought sounded better on SNES than MegaDrive.
Perhaps it is just a stealth policy to tackle rising unemployment by creating jobs for looking at websites all day.
Update: a bug has been opened to handle this incident. It seems the offending company was spamming, and nowhere did they state that they were a reseller for Comodo, nor were there any ownership checks done before issuing the certificate.
When I visit the SSL server with the "compromised" certificate at 192.116.242.23, Firefox tells me:-
Secure Connection Failed
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
Unfortunately, a lot of applications do not check for revocation by default, and there are even some CA's who do not provide an online certificate revocation service, which is another weak link.
"Trujillo's final dramatic quote to the analysts was "Nothing Stops Telstra"." (Business Spectator)
The man reeks of arrogance. Nothing good can come of letting the incumbant monopoly. I hope that Australia ends up with the network it really needs, rather than the one that Telstra has given them.
This /was/ being done until recently by a security firm, until it was decided that they could not afford to keep registering lots of domains for the sake of keeping the botnet offline. Had it not been for them, the botnet would have been online a lot sooner after McColo was shut down.
I was about to be really impressed, but their website shows hardware doing 20Gb/sec, not GB/sec. Did you really mean that?
I beg to differ. Back in the days of dial-up, just for the heck of it I tried connecting to a chargen server, and was pleasantly surprised to see speeds in excess of 500kb/s out of a plain old pots modem.
I am a registered voter in M.P. and Home Secretary Jacqui Smith's constituency. I just hope I can persuade enough other voters to vote for someone else at the next election.
Since Windows even now only recognizes the Master Boot Record (MBR) format
This is untrue. 64bit versions of Windows support GPT, as do versions newer than Vista.
Also, I don't have a problem using a swapfile. I see no performance difference at all.
ESL has been replaced by ESOL (English for Speakers of Other Languages), since English is often a third, fourth of fifth language to some people.
There is already an agreed specification for OpenID 2.0 that includes use of the lesser known i-name and i-number identifiers, and XRI resolution, which is far more robust and solves the OpenID recycling problem.
Then there are the privacy issues -- DHCP IPv4 provides some masking, while IPv6 provides none whatsoever and likely gets archived.
This is FUD. IPv6 has privacy extensions for stateless autoconfiguration that specifically address this problem. Please read RFC 3041. It has been around since 2001.
It occurred to me that one could use Creative Commons in conjunction with XMP (metadata tagging) to construct a peer-to-peer network for easier sharing of legitimate files combined with attribution.
More information about XMP and CC:-
http://wiki.creativecommons.org/XMP
A&A are not asking for anything unusual. All they want is for BTW to deliver the service as specified. The problem is a well known bug in the IOS image that BT has installed on some BRAS, which has been demonstrated to also affect certain IPv4 packets, making the IPv6 argument completely spurious.
If you want a laugh at their incompetence, have a gander at the following:-
http://david.woodhou.se/bt-clueless-1.html
http://david.woodhou.se/bt-clueless-2.html
You mean like Parrot?
Try and get your hands on a copy of TinyXP Rev05. It is the smallest XP re-spin I have found. It uses no more than 45MB RAM after boot-up, leaving plenty of space for your applications.
For a while, Google Groups used to be a good way to search usenet. Since they allowed anyone to create a group on Google Groups, it is now completely riddled with spam and next to useless.
That said, I wish more web forums would provide a nntp front-end (gmane is a great example - although it is oriented towards mailing lists). It is far easier to follow discussions when you use the same interface throughout. If a feature is missing, you can always code it yourself. With web forums, you are limited to the server software.
You can mount NTFS/ext2 in DOS using Paragon IFSDRV. There are probably drivers for other filesystems available if one looks around. A quick google reveals a long list of DOS software at www.unet.univie.ac.at.
I am British and I certainly consider myself European. However, I currently live overseas, so perhaps I am more inclined to take a more wordly view. Most Brits I have met seem to be quite happy that they are isolated from other European countries.
For "extended verification" read "extended validation". Oops.
I agree. "Some cert" is harmful since the user may assume that their session is secure when it could be subject to an attack. A user browing a SSL-secured website is more likely to disclose personal information and data such as account details.
When there is no certificate, the user has no expectation of security and may adjust their behaviour accordingly by witholding their personal data.
I believe that extended verification certification goes someway to addressing the identity problem, but until users are aware of the difference, it is a non-starter.
If you read the paper you will see that it is the same researchers!
Obligatory link to the youtube video (not a rickroll, I promise!)
Thanks, Network Mirror!