I CAN DANCE ALL DAY! I CAN DANCE ALL DAY!! BOOM HEADSHOT!!
Seriously, I will pwn anyone who uses a "touchscreen" to play a FPS game, while I am using a mouse.:)
I'll let the market dictate the price. As time goes on and more competition comes into being, the price will drop.
But, if the fundamental costs for the companies remain high due to huge downloads (in bytes), the market price will inherently be higher - b/c the companies simply cannot absorb that cost.
For example, as cheap as DVD players are these days from pretty much every company, if the cost of some fundamental part goes up in price, the whole market price of DVD players will increase.
I am all of it. Like it or not, data costs money. I don't want to continuously support people who download more stuff than me.
The people that download the most (in terms of bytes) are the people that steal movies and music. I buy my movies, and I buy music; and use the internet for sharing of information and gaming.
The problem will only get worse when HD movies get on P2P networks. So, good luck to these guys.
Well, the address and other domain/company specific information of the company is ALSO part of the certificate. A certificate authority will/should only sign certificates once it establishes that the signing request comes from a valid representative of the company.
Assuming the latter is true, no one ELSE can really be "in control" of the certficate. I mean how can they? Only the company has the private key. The company doesn't even need to give the private key to the CA when they get their certificate signed.
The actual certificate is useless to an attacker without the private key. If the attacker wants to create a new certificate with the company's name, then they would somehow need to convince the CA by offline means (phone, fax, in person, letter, etc.) that they are a valid representative of the company and that the CA should sign the new certificate - which the attacker can now use to fool consumers. I think Microsoft revoked a couple of certificates a few years back b/c of this exact problem. Haven't heard issues like this in a while.
From the consumers side, it is simply not enough to check that the "yellow padlock" is present in your browser. Go in to the certificate and check if it corresponds to the company that you are trying to do business with!
Now to answer the original question, I hate self-signed certificates. When I download Firefox or IE, I am making the assumption that the pre-installed CA certificates are valid. Once you accept the risks involved with downloading a browser from a non-secure site, you really don't want to be exposed to it every time you visit a new site!
An attacker can easily make you accept their unsigned certificate over some other unsigned certificate. Especially, with mismatched domains its very difficult to tell. I know companies do that. But, those companies usually have IT staff that have absolutely no education in security.
Slashdot Mirror
I can dance all day! I can dance all day! BOOM HEADSHOT!!
I CAN DANCE ALL DAY! I CAN DANCE ALL DAY!! BOOM HEADSHOT!! Seriously, I will pwn anyone who uses a "touchscreen" to play a FPS game, while I am using a mouse. :)
I'll let the market dictate the price. As time goes on and more competition comes into being, the price will drop. But, if the fundamental costs for the companies remain high due to huge downloads (in bytes), the market price will inherently be higher - b/c the companies simply cannot absorb that cost. For example, as cheap as DVD players are these days from pretty much every company, if the cost of some fundamental part goes up in price, the whole market price of DVD players will increase.
I am all of it. Like it or not, data costs money. I don't want to continuously support people who download more stuff than me. The people that download the most (in terms of bytes) are the people that steal movies and music. I buy my movies, and I buy music; and use the internet for sharing of information and gaming. The problem will only get worse when HD movies get on P2P networks. So, good luck to these guys.
Well, the address and other domain/company specific information of the company is ALSO part of the certificate. A certificate authority will/should only sign certificates once it establishes that the signing request comes from a valid representative of the company. Assuming the latter is true, no one ELSE can really be "in control" of the certficate. I mean how can they? Only the company has the private key. The company doesn't even need to give the private key to the CA when they get their certificate signed. The actual certificate is useless to an attacker without the private key. If the attacker wants to create a new certificate with the company's name, then they would somehow need to convince the CA by offline means (phone, fax, in person, letter, etc.) that they are a valid representative of the company and that the CA should sign the new certificate - which the attacker can now use to fool consumers. I think Microsoft revoked a couple of certificates a few years back b/c of this exact problem. Haven't heard issues like this in a while. From the consumers side, it is simply not enough to check that the "yellow padlock" is present in your browser. Go in to the certificate and check if it corresponds to the company that you are trying to do business with! Now to answer the original question, I hate self-signed certificates. When I download Firefox or IE, I am making the assumption that the pre-installed CA certificates are valid. Once you accept the risks involved with downloading a browser from a non-secure site, you really don't want to be exposed to it every time you visit a new site! An attacker can easily make you accept their unsigned certificate over some other unsigned certificate. Especially, with mismatched domains its very difficult to tell. I know companies do that. But, those companies usually have IT staff that have absolutely no education in security.