The real problem is a lack of centralized mechanisms for verifying the identity and ownership of a website. Nearly all phishing attacks would be rendered useless if a user could click on an icon somewhere within the browser (and not the web page) that would tell you "This site is in fact owned and operated by Central Bank of Manhattan, Inc., whose address is x, phone number is y, and tax id is n" etc.
As phishing scams get more elaborate, even saavy users such as myself have to go through complicated steps just to verify the identity of a website. i.e. whois, verification of SSL certificates, etc. No average user should have to become a detective in order to verify that www.chase.com belongs to the same Chase bank that issues his credit card. Especially when it's an URL such as chasenetaccesss.com or chaseonlinebanking.com, etc.
The point is to make faking or forging the identity of ownership much more difficult than the current state of affairs, which is deciding whether or not to believe that www.ebaysecurityreinstatement.com is a valid eBay website or not.
I swear, if he doesn't stop gritting his teeth at the universe he's gonna wear them down to the nub...
RMS has long since lost his teeth... now he has a bloody mash of gums that have become infected by a strain of parasite-induced dementia, which causes him to label any form of content control as fundamentally oppressive to the human rights of freedom.
I recently overheard him stating that once his crusade against DRM is victorious, he's gonna bear his fleet of space warships against ARM (analog rights management.) First on his list is the Surgeon General warning on packs of cigarettes...
I, for one, can't wait. Google will tell the big telcos to go shaft themselves, will give us all 6MB internet pipes for free, simple for agreeing to use the Google Browser which contains targeted ads. Yes, I would much rather trust my Internet in the hands of Google, than Comcast who is just itching to find a way to increase my monthly cable modem fee 5x the rate of inflation, and ATT whose CEO just want everyone to pay him for everything, regardless of whether he actually deserves it.
This is totally offtopic... but how come slashdot editors seem to love to bask in saying things like "We covered this topic last year", but they don't bask in saying things like "We duped this article last week"?
Gaming has already proved to be a strong application for broadband, so it makes sense that Cisco would want to own a game device to help drive more traffic on its network.
Uhm, yeah. That makes just about as much sense as an asphalt producer buying Ford so that its cars would drive up the demand for pavement.
It's a given that the sophistication behind criminal operations will mature. Right now, only a small percentage of stolen IDs might be put to detrimental use, but similar to the way that marketing firms aggregate, filter, and categorize the viewing/buying/consumption patterns of consumers, you can expect that criminals will do the same. This will lead to a future in which stolen ID aggregators comb through IDs and categorize them into specialized lists, sold to the criminal organizations that could benefit from them the most.
Examples:
Recently the mafia was behind a ring of websites that fraudulently charged viewers of pornographic websites who provided their credit card numbers for "age verification purposes". I could imagine that the mafia would be particularly interested in purchasing stolen IDs of consumers who have previously been charged for pornographic-related purchases, providing them with a much wider base of victims. Similarly, think of how many pyramid schemes could revolve around the criminal use of stolen IDs.
In fact, terrorist or war-related hacking/infrastructural attacks sponsored by governments could very well incorporate the use of stolen IDs. Imagine if the most 500 influential people in America had to clean up the mess that hackers could cause with their stolen IDs.
And remember, this data is infintesimally inexpensive to archive - just because your data isn't used today, doesn't mean it won't be used in 5 years.
I'm pretty certain that your letter didn't have a greater affect because it was so goddamn boring. Do you really need to go into an exposition about your whole life story in order to make a point?
Put up a blog if that's what you're into - keep it out of professional correspondence. I started skimming the first five words of every paragraph just to see whether you would eventually talk about something interesting.
...one more study to show us how much more secure Windows is vs. Linux. Notice how the announcement of those studies never coincides with the announcement of a critical IE or RPC exploit?
When asked if this meant he had no fears about a company claiming that Linux violated some of its patents, Cohen replied: "what was once a fear has now gone".
However, as the alleged 283 patents were never named, it's impossible to say whether they are all included in Patent Commons.
That's an incredibly short-sighted opinion. "Hey, we could potentially have problems, but since no one said anything for a few months, we must be okay. Danger averted!"
...at least until two years from now, when prior to Microsoft releasing Vista, they launch a volley of 500 patent infringement lawsuits in partnership with SCO and other vested interests.
It's interesting whenever I hear publishers crying out about Google's plans to digitize books. Invariably, Google says something like "hey this is good, this can help sell eclectic books!" and then everyone wonders what the fuss is, and why are publishers getting their panties in a bunch?
One important fact that's overlooked, though, is that if Google has digital copies of all those pieces of works, that "digital database" could be stolen or comprimised. If that were to happen, publishers could never totally eradicate all the stolen books that would be floating around on the Internet or dark nets.
Furthermore, it's possible that technical weaknesses in Google's online book search implementation might be used to reconstruct the entire book. For example, search for what you know to be the first sentence in a book. When Google returns an excerpt with the second, third, and fourth sentence, then just do another search for the fourth sentence, and Google will return an excerpt with the fifth, sixth, seventh sentence, etc. I'm not claiming that's how Google's search feature will work; I'm merely presenting the possibility that technical weaknesses might be exploited to the detriment of the publishing industry.
It's true. The government can use any argument it wants to prohibit the "free speech" distribution of code. Look at how the government classified encryption software as "munitions" in order to prevent its export to foreign countries.
This is where Dvorak lost all credibility. He is obviously not qualified to speak on the subject of operating system security.
Oh yeah? Is he approaching this issue from the viewpoint of a security expert? No, he's approaching it from the perspective of a typical person (it might be your mother, or father).
Personally, I could not tolerate any of Dvorak's articles. But I have to admit his recent ones are starting to get much more on-topic (as opposed to his older lunatic rants, proclaiming that Microsoft would go out of business in 10 years, etc.)
It should be pointed out that the consultant lied to police initially, which helped influence the judge's decision to find the consultant guilty. But it's interesting that the article didn't bother to describe the methods by which the consultant "accessed" the site.
Another interesting quote from the article:
"Some of the tests you might instinctively want to run to see if a site is valid may fall foul of a strict interpretation."
Well, I guess it will certainly change one's "instincts" when it comes to using penetration testing tools to determine a site's legitimacy.
I can only speculate whether this particular project will be successful, but I'm glad to see more projects emerging that aim to stretch the limits of our current browser-centric expectations.
AJAX is only such a hot topic because it's a clever new programming scheme that lets us overcome the horrible, decades-old limitations imposed upon us by the web's origins.
The idea of a request/response transaction model may have been cool when people wanted to access relatively static documents or document structures, but the cobwebs on such an architecture are readily apparent. Remember when people thought how cool CGI was because you could do dynamic things such as insert the current time into a document? We're far beyond those modest requirements in terms of usable and functional expectations.
Web services has taken the proper step forward by providing us with a decentralized mechanism for exchanging data; now, we need a presentation component to keep the pace.
Slashdot Mirror
There is no such thing as the next, big, unpatented thing.
As phishing scams get more elaborate, even saavy users such as myself have to go through complicated steps just to verify the identity of a website. i.e. whois, verification of SSL certificates, etc. No average user should have to become a detective in order to verify that www.chase.com belongs to the same Chase bank that issues his credit card. Especially when it's an URL such as chasenetaccesss.com or chaseonlinebanking.com, etc.
The point is to make faking or forging the identity of ownership much more difficult than the current state of affairs, which is deciding whether or not to believe that www.ebaysecurityreinstatement.com is a valid eBay website or not.
Blades, cells, it's getting to be like prison around here.
RMS has long since lost his teeth... now he has a bloody mash of gums that have become infected by a strain of parasite-induced dementia, which causes him to label any form of content control as fundamentally oppressive to the human rights of freedom.
I recently overheard him stating that once his crusade against DRM is victorious, he's gonna bear his fleet of space warships against ARM (analog rights management.) First on his list is the Surgeon General warning on packs of cigarettes...
I, for one, can't wait. Google will tell the big telcos to go shaft themselves, will give us all 6MB internet pipes for free, simple for agreeing to use the Google Browser which contains targeted ads. Yes, I would much rather trust my Internet in the hands of Google, than Comcast who is just itching to find a way to increase my monthly cable modem fee 5x the rate of inflation, and ATT whose CEO just want everyone to pay him for everything, regardless of whether he actually deserves it.
This is totally offtopic... but how come slashdot editors seem to love to bask in saying things like "We covered this topic last year", but they don't bask in saying things like "We duped this article last week"?
Uhm, yeah. That makes just about as much sense as an asphalt producer buying Ford so that its cars would drive up the demand for pavement.
Seems like we're lucky to be alive, considering how a 2 degree climate difference will mean the end of the world.
Remove this story, as it's total b.s. BTW it was posted on digg 3 days ago, by which time it had been identified as b.s. Way to go slashdot!
Examples:
Recently the mafia was behind a ring of websites that fraudulently charged viewers of pornographic websites who provided their credit card numbers for "age verification purposes". I could imagine that the mafia would be particularly interested in purchasing stolen IDs of consumers who have previously been charged for pornographic-related purchases, providing them with a much wider base of victims. Similarly, think of how many pyramid schemes could revolve around the criminal use of stolen IDs.
In fact, terrorist or war-related hacking/infrastructural attacks sponsored by governments could very well incorporate the use of stolen IDs. Imagine if the most 500 influential people in America had to clean up the mess that hackers could cause with their stolen IDs.
And remember, this data is infintesimally inexpensive to archive - just because your data isn't used today, doesn't mean it won't be used in 5 years.
Why do you think that /. never displays the year within the date?
http://www.cnn.com/2004/TECH/11/02/brain.dish/
Put up a blog if that's what you're into - keep it out of professional correspondence. I started skimming the first five words of every paragraph just to see whether you would eventually talk about something interesting.
...one more study to show us how much more secure Windows is vs. Linux. Notice how the announcement of those studies never coincides with the announcement of a critical IE or RPC exploit?
However, as the alleged 283 patents were never named, it's impossible to say whether they are all included in Patent Commons.
That's an incredibly short-sighted opinion. "Hey, we could potentially have problems, but since no one said anything for a few months, we must be okay. Danger averted!"
In fact, I dare say that most console games have a pause feature, specifically to allow players to go make sandwiches.
Thank you, Jeff Bezos.
One important fact that's overlooked, though, is that if Google has digital copies of all those pieces of works, that "digital database" could be stolen or comprimised. If that were to happen, publishers could never totally eradicate all the stolen books that would be floating around on the Internet or dark nets.
Furthermore, it's possible that technical weaknesses in Google's online book search implementation might be used to reconstruct the entire book. For example, search for what you know to be the first sentence in a book. When Google returns an excerpt with the second, third, and fourth sentence, then just do another search for the fourth sentence, and Google will return an excerpt with the fifth, sixth, seventh sentence, etc. I'm not claiming that's how Google's search feature will work; I'm merely presenting the possibility that technical weaknesses might be exploited to the detriment of the publishing industry.
...corporations charge too much for their products.
Yeah, can you imagine what spammers would do if they wouldn't have to contend with the FCC?
It's true. The government can use any argument it wants to prohibit the "free speech" distribution of code. Look at how the government classified encryption software as "munitions" in order to prevent its export to foreign countries.
Or, that's the way that it currently is. Never has government been ideal.
Oh yeah? Is he approaching this issue from the viewpoint of a security expert? No, he's approaching it from the perspective of a typical person (it might be your mother, or father).
Personally, I could not tolerate any of Dvorak's articles. But I have to admit his recent ones are starting to get much more on-topic (as opposed to his older lunatic rants, proclaiming that Microsoft would go out of business in 10 years, etc.)
Another interesting quote from the article:
"Some of the tests you might instinctively want to run to see if a site is valid may fall foul of a strict interpretation."
Well, I guess it will certainly change one's "instincts" when it comes to using penetration testing tools to determine a site's legitimacy.
AJAX is only such a hot topic because it's a clever new programming scheme that lets us overcome the horrible, decades-old limitations imposed upon us by the web's origins.
The idea of a request/response transaction model may have been cool when people wanted to access relatively static documents or document structures, but the cobwebs on such an architecture are readily apparent. Remember when people thought how cool CGI was because you could do dynamic things such as insert the current time into a document? We're far beyond those modest requirements in terms of usable and functional expectations.
Web services has taken the proper step forward by providing us with a decentralized mechanism for exchanging data; now, we need a presentation component to keep the pace.