DNSSEC is the answer to that.
The article mentions nothing new. It was known for years. As long as you trust a third party to verify "you" are "you", security is lost.
Make your OWN ca private key on a secure smartcard processor. Keep the card offline, sign your server certs and use convergence.io
All the rest is just like building fort/castle from scratch with all the security and then outsourcing the build of the key for the main door!;)
You are better off this way (which I use by the way)
Get some PKI compliant smartcard, compile everything on an offline machine (drivers, pcsc / opensc) and then make the smartcard's crypto engine generate a private key and protect it with a pin. Use the smartcard to hold the keys. Keep the card on you at all times. Cloak it with printing a banklogo on top!
You can make 2 cards, one holding the CA and you can vault that one (it has 3 pin attempts after which the cards data is LOST) and use that card to sign some other certs for your SSH keys and others;)
Its secure and if you modify the DF(filesystem) of the smartcard any non-targetted attack against you, even when you connect it to non-secure machine will fail! Your private key will always stay safe. Y
... they give unmanned vehicles nuclear / ICBM capabilities? How long before we see a takeover by a hostile/terrorist state of such an unmannded carrier and actually resulting in a REAL war.
Computers shouldn't be put in control of heavy weaponry. The good old finger on mechanical trigger should do the job. We here on slashdot should realize the implications of giving computers "control" over WMD (which include ICMB).
Doesn't this worry anybody here on slashdot?
Some of us are capable of finding a buffer-overflows (like you find water in your fridge), analyzing the memory, writing a good payload exploit... This is soo bad.
Besides all this, its easier to make mistakes, hurt innocents when you are not in the line of fire. Its easier to press that enter/execute button and kill people. It takes away a lot of the moral issues. When war becomes a videogame, where is the moral oversight.... sigh..
Slashdot Mirror
If i had points +5 insightful for you!
You buy volume and pay a different price? Basic economics ... how can a company do business otherwise?
Because nobody wants an unstable host system for their VM's. Get over it, windows sucks.
DNSSEC is the answer to that. The article mentions nothing new. It was known for years. As long as you trust a third party to verify "you" are "you", security is lost. Make your OWN ca private key on a secure smartcard processor. Keep the card offline, sign your server certs and use convergence.io All the rest is just like building fort/castle from scratch with all the security and then outsourcing the build of the key for the main door! ;)
You are better off this way (which I use by the way) Get some PKI compliant smartcard, compile everything on an offline machine (drivers, pcsc / opensc) and then make the smartcard's crypto engine generate a private key and protect it with a pin. Use the smartcard to hold the keys. Keep the card on you at all times. Cloak it with printing a banklogo on top! You can make 2 cards, one holding the CA and you can vault that one (it has 3 pin attempts after which the cards data is LOST) and use that card to sign some other certs for your SSH keys and others ;)
Its secure and if you modify the DF(filesystem) of the smartcard any non-targetted attack against you, even when you connect it to non-secure machine will fail! Your private key will always stay safe. Y
... they give unmanned vehicles nuclear / ICBM capabilities? How long before we see a takeover by a hostile/terrorist state of such an unmannded carrier and actually resulting in a REAL war. Computers shouldn't be put in control of heavy weaponry. The good old finger on mechanical trigger should do the job. We here on slashdot should realize the implications of giving computers "control" over WMD (which include ICMB). Doesn't this worry anybody here on slashdot? Some of us are capable of finding a buffer-overflows (like you find water in your fridge), analyzing the memory, writing a good payload exploit... This is soo bad. Besides all this, its easier to make mistakes, hurt innocents when you are not in the line of fire. Its easier to press that enter/execute button and kill people. It takes away a lot of the moral issues. When war becomes a videogame, where is the moral oversight.... sigh..