[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ::scr tales from the crypto

To: senior common room <scr@xxxxxxxxxxxxxx>
Subject: Re: ::scr tales from the crypto
From: jonah <jonah@xxxxxxxxxxx>
Date: Mon, 22 Apr 2002 04:01:15 -0700 (PDT)
List-archive: <http://thegestalt.org/pipermail/scr/>
List-help: <mailto:scr-request@thegestalt.org?subject=help>
List-id: just zis list, ya know? <scr.thegestalt.org>
List-post: <mailto:scr@thegestalt.org>
List-subscribe: <http://thegestalt.org/mailman/listinfo/scr>, <mailto:scr-request@thegestalt.org?subject=subscribe>
List-unsubscribe: <http://thegestalt.org/mailman/listinfo/scr>, <mailto:scr-request@thegestalt.org?subject=unsubscribe>
Reply-to: scr@xxxxxxxxxxxxxx
Sender: scr-admin@xxxxxxxxxxxxxx

Those of you for whom this is the second time - sorry about this, folks -
my brane really *is* hurting today.
-----------------------------------
Owwwwwwwwww. My brane hertz. And my eyes, arms and legs.

on 21/4/02 10:29 am, Simon Wistow at simon@xxxxxxxxxxxxxx wrote:
> On Fri, Apr 19, 2002 at 10:39:46AM -0700, matt jones said:
>> For instance, I've read that one of the main problems with crypto in
>> general is that the concepts of how it works can be tricky to grok. I
>> must
>> admit that my grasp of how the key-based system used by P?GPG? actually
>> works is shaky at best
> 
> However it is probably worth explaining especially if we're going to be
> having a discussion on this. 

[ snip clearest explanation I've had of how public/private keys work ]
That was an "ahhhhhhhhhh!" moment for me </TMWRNJ>. I get it now.

> Recently I stumbled across this gem.
> 
> http://peterme.com/archives/00000171.html
"He put faith in things like "single sign-on" and directory services"

Ah, I *knew* there was a starting topic I'd forgotten by the end of the
last post: Identity Theft.

Given that a *lot* of people seem to be touting single sign-on services as
the Way of the Future, what with passport and non-MS equivalents, do you
think that this will lead to a greivous rise in Identity theft? After all,
with a single username and password giving you access to your
subscriptions, your shopping, your finances (both credit cards and bak
accounts), email and other communications, it'll be easier than ever for a
cracker to *completely* fleece you rotten. 

In short, is single sign-on *really* a good idea? Are we about to see a
golden age for identity theft and online fraud? Give Microsoft's typical
approach to security and the way they're pushing passport as *the* single
sign-on service, are we going to see huge arrays of personal data
regularly compromised by hordes of skr1p7 k1dd13 bugtraq babies? Are we
about to usher in a cracker's golden age and a privacy dark age? And let's
not forget that it's not just script kiddies who might have an interest in
viewing and tracking all your personal data. Consider: which group have
done the most damage to online privacy and the integrity and protection of
personal data? Is it script kiddies, the gubbermint, or business both on-
and off-line?

Who *really* benefits from single sign on? Surely it's juts a way for you
to make ridiculous and unecessary purchases off amazon and ebay when
you're drunk?

-- 
matt
our conviction is like an arrow already in flight. 
your life will only last until it reaches you

Prev by Date: Re: ::scr tales from the crypto
Next by Date: Re: ::scr tales from the crypto
Previous by thread: RE: ::scr tales from the crypto
Next by thread: Re: ::scr tales from the crypto
Index(es):
- Date
- Thread