It's also "trivially" easy to boot from a CD and change the Administrator password. But only your dedicated hacker has such a CD. Security doesn't need to be air tight (which is good, as that is not possible), it only needs to be reasonable for the task at hand.
*wry grin* Authenticated? Authenticated by whom? Who gets to determine who has the authority to send messages and who doesn't. I run my own mail server, therefore I, and anyone else I permit, can send mail through it. Are you suggesting that I shouldn't be allowed to run something as simple and utilitarian as a mail server?
Now granted, adding authentication to SMTP in the beginning would have been nice, and useful, but it wouldn't have prevented, and it won't now solve, the spam problem.
We produce BAD ozone...
on
Humans Make Ozone
·
· Score: 4, Informative
Ozone is ozone, but we only like it when it's it the upper atmosphere where it can block UV radiation. Down here it is a poison.
I can't imagine there are many/.ers running XP Home!;-)
However, I've approached this from every angle I can and I'm still not seeing any way to save the credentials. Even if you tell it to always run as user X it will prompt for user X's password every time. Even saving the credentials would be more safe than what I'm currently doing. Can you illustrate how you did that?
Well, there is certainly a level of ease-of-use necessary for any general access system, there is not a direct correlation between features and complexity. It just happens to work out that way a lot because more features require a whole lot more work to render easily usable.
I'm going to bring the other flame magnet into the discussion here and present MacOS X as an example of a system that is very easy to use, but has a lot of functionality that can be unlocked if you want/need it. In fact, if I could afford a new toy right now, it would be a mac laptop of some flavor just 'cause I'm so enamored with BSD...er, OS X.:-)
Amazingly enough, that's the exact title that promped my most recent ire. You see I, like many a fellow geek, serve as my family's network/computer administrator. I have a young brother. My young brother likes to get into things he shouldn't. Thus we have blocking software, because my mom wants it. Okay whatever. However, in order to let him play that stupid (Microsoft!) game, I had to give his account administrative access. Not only does this permit him to accidently fuck something up, but eventually he will figure out how to kill the blocking software. Mmmrmph!!! This makes me a frustrated geek.
One thing that would be nice would be some sort of suid functionality, so I could tag a file to always run as a certain user no matter who it was executed by. That way I could selectively trust certain applications. It would also be a useful way to lower a program's permissions, if you usually run as Administrator, but a particular untrusted program has no need to do so.
Hmm. I wonder how hard this would be to implement. *goes off to ponder code*
This piece deserves a companion article: what Microsoft did wrong. It is utterly impracticle to use anything other than an Administrator account when running windows (despite the vulnerabilities this leaves you open to) because over half of the useful programs out there, including many titles by Microsoft itself, require Administrative access unnecessarily. The breakdown of privledges is much more distinct in the *nix world. Windows has a long way to go.
The idea that the customer will still be paying only 50 cents (or whatever) is what makes the randomization seem unnecessary. The added cost per transaction is something imposed by the credit card companies. Once you set up an intermediary to take the hit of the multiple transactions there's no true cost anymore. They can charge as much (or as little) as the market will bear for the service they're providing.
This article doesn't do a sufficient job explaining what exactly the problem is that this randomization is supposed to solve.
Clear Channel (owner of every radio station in America)
LMAO!
This sounds like a great money making scheme... making the RIAA likely to fight it tooth and nail. Just like they did with radio, and tapes, and cds, and now digital music on the 'net. Yup. And in 10 years they'll wonder how they every got by without it.
Slashdot Mirror
-1 Troll :-P
It's also "trivially" easy to boot from a CD and change the Administrator password. But only your dedicated hacker has such a CD. Security doesn't need to be air tight (which is good, as that is not possible), it only needs to be reasonable for the task at hand.
*laugh* What, you don't recall that they fought the battle of Helm's Deep with handguns and shotguns? Where were you? ;-)
*wry grin*
Authenticated? Authenticated by whom? Who gets to determine who has the authority to send messages and who doesn't. I run my own mail server, therefore I, and anyone else I permit, can send mail through it. Are you suggesting that I shouldn't be allowed to run something as simple and utilitarian as a mail server?
Now granted, adding authentication to SMTP in the beginning would have been nice, and useful, but it wouldn't have prevented, and it won't now solve, the spam problem.
Ozone is ozone, but we only like it when it's it the upper atmosphere where it can block UV radiation. Down here it is a poison.
I can't imagine there are many /.ers running XP Home! ;-)
However, I've approached this from every angle I can and I'm still not seeing any way to save the credentials. Even if you tell it to always run as user X it will prompt for user X's password every time. Even saving the credentials would be more safe than what I'm currently doing. Can you illustrate how you did that?
I've tried that but it wants the password every time. If you've done this, can you provide more details on exactly what I might be doing wrong?
Well, there is certainly a level of ease-of-use necessary for any general access system, there is not a direct correlation between features and complexity. It just happens to work out that way a lot because more features require a whole lot more work to render easily usable.
:-)
I'm going to bring the other flame magnet into the discussion here and present MacOS X as an example of a system that is very easy to use, but has a lot of functionality that can be unlocked if you want/need it. In fact, if I could afford a new toy right now, it would be a mac laptop of some flavor just 'cause I'm so enamored with BSD...er, OS X.
Amazingly enough, that's the exact title that promped my most recent ire. You see I, like many a fellow geek, serve as my family's network/computer administrator. I have a young brother. My young brother likes to get into things he shouldn't. Thus we have blocking software, because my mom wants it. Okay whatever. However, in order to let him play that stupid (Microsoft!) game, I had to give his account administrative access. Not only does this permit him to accidently fuck something up, but eventually he will figure out how to kill the blocking software. Mmmrmph!!! This makes me a frustrated geek. One thing that would be nice would be some sort of suid functionality, so I could tag a file to always run as a certain user no matter who it was executed by. That way I could selectively trust certain applications. It would also be a useful way to lower a program's permissions, if you usually run as Administrator, but a particular untrusted program has no need to do so. Hmm. I wonder how hard this would be to implement. *goes off to ponder code*
This piece deserves a companion article: what Microsoft did wrong. It is utterly impracticle to use anything other than an Administrator account when running windows (despite the vulnerabilities this leaves you open to) because over half of the useful programs out there, including many titles by Microsoft itself, require Administrative access unnecessarily. The breakdown of privledges is much more distinct in the *nix world. Windows has a long way to go.
The idea that the customer will still be paying only 50 cents (or whatever) is what makes the randomization seem unnecessary. The added cost per transaction is something imposed by the credit card companies. Once you set up an intermediary to take the hit of the multiple transactions there's no true cost anymore. They can charge as much (or as little) as the market will bear for the service they're providing. This article doesn't do a sufficient job explaining what exactly the problem is that this randomization is supposed to solve.
"And in other news, Slashdot managed to bring down the entire IPv6 network today..."
Clear Channel (owner of every radio station in America)
LMAO!
This sounds like a great money making scheme... making the RIAA likely to fight it tooth and nail. Just like they did with radio, and tapes, and cds, and now digital music on the 'net. Yup. And in 10 years they'll wonder how they every got by without it.