[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ::scr tales from the crypto
Those of you for whom this is the second time - sorry about this, folks -
my brane really *is* hurting today.
-----------------------------------
Owwwwwwwwww. My brane hertz. And my eyes, arms and legs.
on 21/4/02 10:29 am, Simon Wistow at simon@xxxxxxxxxxxxxx wrote:
> On Fri, Apr 19, 2002 at 10:39:46AM -0700, matt jones said:
>> For instance, I've read that one of the main problems with crypto in
>> general is that the concepts of how it works can be tricky to grok. I
>> must
>> admit that my grasp of how the key-based system used by P?GPG? actually
>> works is shaky at best
>
> However it is probably worth explaining especially if we're going to be
> having a discussion on this.
[ snip clearest explanation I've had of how public/private keys work ]
That was an "ahhhhhhhhhh!" moment for me </TMWRNJ>. I get it now.
> Recently I stumbled across this gem.
>
> http://peterme.com/archives/00000171.html
"He put faith in things like "single sign-on" and directory services"
Ah, I *knew* there was a starting topic I'd forgotten by the end of the
last post: Identity Theft.
Given that a *lot* of people seem to be touting single sign-on services as
the Way of the Future, what with passport and non-MS equivalents, do you
think that this will lead to a greivous rise in Identity theft? After all,
with a single username and password giving you access to your
subscriptions, your shopping, your finances (both credit cards and bak
accounts), email and other communications, it'll be easier than ever for a
cracker to *completely* fleece you rotten.
In short, is single sign-on *really* a good idea? Are we about to see a
golden age for identity theft and online fraud? Give Microsoft's typical
approach to security and the way they're pushing passport as *the* single
sign-on service, are we going to see huge arrays of personal data
regularly compromised by hordes of skr1p7 k1dd13 bugtraq babies? Are we
about to usher in a cracker's golden age and a privacy dark age? And let's
not forget that it's not just script kiddies who might have an interest in
viewing and tracking all your personal data. Consider: which group have
done the most damage to online privacy and the integrity and protection of
personal data? Is it script kiddies, the gubbermint, or business both on-
and off-line?
Who *really* benefits from single sign on? Surely it's juts a way for you
to make ridiculous and unecessary purchases off amazon and ebay when
you're drunk?
--
matt
our conviction is like an arrow already in flight.
your life will only last until it reaches you