You are right, I hadn't thought of differing envelope addresses in my first reply.
But (and that is something I've already said) the whole situation is in no way different from any other authentication scheme. If someone gets a copy of your password/certifikate/thumb print/whatever and starts sending e-mails using smtp-auth and an empty envelope-from, you will never find this out too.
Sure, one can use different envelope and header From-addresses. But spammers could use different adresses now and still I get bounces from spams which use a forged address from my domain.
As for the stolen key: you need to protect it the same way you protect any authentication tokens today. If you suspect it got compromised, simply generate a new pair and be done with it.
No idea, but one question that springs to mind is how do software companies in Germany operate - do software developers employed by companies still retain the copyright to what they write?
Yes they do, but in German Law (actually a variant of the droit d'auteur) there is a difference between Author's Rights and Usage Rights. So the developers can keep their Author's Rights (e.g. to be known as the author) and the company gets the Usage Rights (and can do what ever they will with the software).
So, for instance, if your database passwords are in a php script, or a file that a your php script reads, the webserver must have read access to that data in order for it to work. Since everyone else's scripts also run with the webserver uid/gid, they also have read access to your database username/password info, and can therefore connect to your database, and do all the damage they want.
Ever heard of safe_mode or open_basedir in php?
Try to get your facts straight, before you post such rubbish.
Yes, but the URL I provided wasn't the one I was looking for. I was looking for a URL that might have had the original document as a PDF or a scan.
The third link from this search will give you a page with two scanned pages from the original ad. It took me about 1 minute to refine the search and find the scan.
Check your facts before ranting...
What is the difference between an source of random seed and your afformentioned transistors? Just imagine I would construct a chip with a random gathering devic on board, will that be an internal resource? I could setup a hardware register, which will return a true random value every time you read it
Slashdot Mirror
Finally an RFC defining some common emoticons. :-D
and when the notes have RFID chips in them???
Use coins.
Hmm... "Zorn." Where have I heard that before?
It means "rage" in german.
CU Micha
You are right, I hadn't thought of differing envelope addresses in my first reply.
But (and that is something I've already said) the whole situation is in no way different from any other authentication scheme. If someone gets a copy of your password/certifikate/thumb print/whatever and starts sending e-mails using smtp-auth and an empty envelope-from, you will never find this out too.
Sure, one can use different envelope and header From-addresses. But spammers could use different adresses now and still I get bounces from spams which use a forged address from my domain.
As for the stolen key: you need to protect it the same way you protect any authentication tokens today. If you suspect it got compromised, simply generate a new pair and be done with it.
I wonder how long it will take for people to realise that their private key has been stolen and is being used to sign spam ?
A very short time, since the bounces will start rolling in in no time.
CU Micha
No idea, but one question that springs to mind is how do software companies in Germany operate - do software developers employed by companies still retain the copyright to what they write?
Yes they do, but in German Law (actually a variant of the droit d'auteur) there is a difference between Author's Rights and Usage Rights. So the developers can keep their Author's Rights (e.g. to be known as the author) and the company gets the Usage Rights (and can do what ever they will with the software).
I can't think of anything I can do with a Bourne shell (admittedly a limited example) that I can't do with M$.
Oh, that's easy: functions.
Try to build a loop calling a function with parameters. You will need to write external batch-files to do the job.
CU Micha
> read as octal, gives 1889
Definitely not.
> or for you tcsh-challenged people
> setenv EDITOR=pico
Errm, I think you mean
setenv EDITOR pico
So, for instance, if your database passwords are in a php script, or a file that a your php script reads, the webserver must have read access to that data in order for it to work. Since everyone else's scripts also run with the webserver uid/gid, they also have read access to your database username/password info, and can therefore connect to your database, and do all the damage they want.
Ever heard of safe_mode or open_basedir in php?
Try to get your facts straight, before you post such rubbish.
CU Micha
NIS???
Maybe it will solve the single logon problem, but it's a nightmare from a security POV.
Type "ypcat passwd" on a NIS enabled box, you will see what I mean...
CU Micha
Yes, but the URL I provided wasn't the one I was looking for. I was looking for a URL that might have had the original document as a PDF or a scan.
The third link from this search will give you a page with two scanned pages from the original ad. It took me about 1 minute to refine the search and find the scan.
Check your facts before ranting...
What is the difference between an source of random seed and your afformentioned transistors? Just imagine I would construct a chip with a random gathering devic on board, will that be an internal resource? I could setup a hardware register, which will return a true random value every time you read it