[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 494: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 113: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5312: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3925)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5312: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3925)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 5312: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3925)
Safe Computing Practices (aka How Not To Get Viruses, Hacks, - Page 2 - Clan YaWA - You and Whose Army

Safe Computing Practices (aka How Not To Get Viruses, Hacks,

Computers, Gadgets and other Cool Shit

Moderator: Demon Hunters

User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#16 » Wed Jan 21, 2009 11:52 am



User avatar
Gnomerman
Posts: 1814

Post#17 » Wed Jan 21, 2009 12:16 pm




There is more to life than pew pew you know, like staying out of the fire so you can live to pew pew another day

User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#18 » Wed Jan 21, 2009 12:31 pm




70
Ecnailla
Posts: 3624

Post#19 » Wed Jan 21, 2009 12:46 pm

I think local security for bussiness should go the way of id cards. I swipe my card to get access to the building, so why not swipe the same card to log in? I think that is where it will end up, they just haven't gotten there yet.

User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#20 » Wed Jan 21, 2009 12:52 pm

So, if someone gets your ID card, they can log in as you without any other authentication factors? I'd still use two-factor for serious physical security: a card plus a fingerprint/password is more effective than either alone.

Physical and online security are dramatically different things - most businesses (except those with a need to handle private or classified data) don't generally have to worry about someone walking into their IT room and making off with the company payroll database. They do have to worry about someone cracking or keylogging their staff's passwords, something completely unrelated to physical security.

Of course, laptops are a different story, and many businesses have found out the hard way that leaving private data on unsecured laptops leads to costly consequences. Still, ID card authentication alone is not much stronger than passwords, and potentially weaker if the ID card is stolen along with the laptop.



70
Ecnailla
Posts: 3624

Post#21 » Wed Jan 21, 2009 1:11 pm

Oh, I just assume passwords will always be in place - I mean on top of that.

User avatar
Gnomerman
Posts: 1814

Post#22 » Wed Jan 21, 2009 1:30 pm

card and a password over here. and lealla, the us government uses some kind of system with the card. i can log into any dod computer than my level of security is allowed to with the card and pin/password i have. however, they have a lot of recources and a single data center dealing with the thousands (i would say millions is closer) of dod personel.

granted, if someone had my card, and it logged into the system, they would know in a matter of secconds exactly where the card was. i don't particularly like the idea of the government knowing where i am at any given time, however, im not too upset about it, its not like i use the card everywhere.

however down the line if their was one happy centralized data center, then the us government (you know they would have their fingers in it) coud acess your entire lifes money history. from where you buy gas on any given day, to what your favorite place to get food from, your grocery store of choice, what you got your mom for her birthday, what your favorite brand of beer is, your favorite brand of condoms, how healthy do you eat, what you like to do for fun.

granted right now the government can find that out relativly quickly, with the proper warrants (or if there is any reason at all they think you may be involved an anything they deem terrorism, imagine if they determined wow is a form of terrorism).

having all this data on a centralized system means they have this information in less than a seccond. if their ever becomes a ban on paper currency, or keeping gold bars in your personal possession, im moving the hell out of the country, cuz that is scary shit, that is like one minute your free, the next minute the whole country is imprisoned in their own lives, and you can't do anythnig to get away cuz you lost control of your money.






There is more to life than pew pew you know, like staying out of the fire so you can live to pew pew another day

User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#23 » Wed Jan 21, 2009 2:10 pm

Gnomer, if I may be allowed to pursue my concept, the idea isn't for the centralized database to store all of that information. Its main purpose would simply be to verify that you are you. In essence, instead of having separate logins and passwords to every resource, you'd log into a single system which would then share that authentication with any other site you visit that uses the protocol.

The authentication system itself wouldn't need to store much information - if I were running it I'd mainly have it store data that's common to the accounts you set up with any other site, such as name, email address(es), mailing/billing/shipping address, phone #s, etc. You would have the option to store credit card and bank account information for payment purposes, but it wouldn't be required.

The system would then allow you to choose the data elements you want to share with any site you're attempting to log into. Example: for a web forum, you mainly just need your email address and an alias. So, when you go to that forum, you click on the "authenticate me" button, and you get a popup saying, "Okay, you want to create an account on this site. Please provide a desired handle, and check off the things you want to share. X and Y items are mandatory. This site has a privacy policy with the following items...". Once you're done, that information would be stored permanently and used whenever you connect to the site.

You could set up preferences for whether you want to use a single login cookie for an entire browsing session or have to authenticate to each site separately, or even have individual profiles for each site. You'd also have a master control panel that you could use to review each site's profile and modify, discontinue, or even block access.

You could add all kinds of services to this basic system. Examples that I can think of off the top of my head include:
* A feedback/profiling system that alerts you to a site's reputation and alerts of reported scams, sort of like a BBB rating.
* You could link multiple accounts within a family and set up a "parental" or supervisory account that lets you set parental controls, browsing times, track logins to sites, etc.
* Businesses could provide additional services based on the voluntarily shared contents of your profile. This would work by having a "public" authentication layer where sites can share specific data with each other based on your profile without being able to impersonate you. As an example, you could let Amazon and Barnes & Noble share your book and music ratings to give improved recommendations.

The cost of the system could be easily absorbed by (a) charging users a small fee for universal access, (b) charging businesses a fee based on usage - for example, a forum wouldn't need anything more than basic access and would pay little or nothing, while an online store might pay 0.5% of sales or a fixed rate per user or something. This is almost certainly less than these businesses already spend on password security.

The weakness of this system, of course, is that if your universal authentication is compromised, someone could access everything, not just an isolated subset of your data. To offset that, two-factor authentication would be much easier to manage (and indeed, market) if it's associated with a single site instead of dozens or hundreds. Identity theft would become obsolete overnight if the hackers had to get physical possession of a SecurID or similar dongle to access your accounts.

On the privacy side, the government could indeed exercise power to access everything you do online. Hell, they can do that now; it would just become a lot easier. The trick is to remember that the government must ultimately be responsible to the people, and if things get to the point where you have to hide everything you do from Big Brother, it's no longer a democratic country. In other words, you have to trust them at least to a certain point, and if you don't, well - you might as well move or shoot yourself or go hide in a cellar in Montana or something.



User avatar
IMajorSmall
Posts: 108

Post#24 » Wed Jan 21, 2009 2:25 pm


User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#25 » Wed Jan 21, 2009 2:36 pm

You are not going to get every Internet user in the country to use PGP signatures or encryption. Unless it's changed a lot from when I first saw it, it requires a lot of effort to set up and maintain, and compatible email software to boot. I'm not going to download a separate piece of software just to verify that you're actually the one writing that post - it's stupid.

Besides, I'm not talking about emails alone. I'm talking about Amazon.com. Or your bank. Or your state's tax system. You still need a trusted third party to handle authentication, and if you're going to go that route, why not have the third party store all the necessary data? If it's compromised, it's compromised - but the good part is that it would be the only point of attack and therefore much easier to protect than ten thousand individual companies who care more about sales than they do about security.

Edit: you mentioned anonymity. That's going to be a necessary sacrifice in the future. Why? Two reasons. First, the Internet is getting to the point where you have to identify yourself in order to receive goods and services, and that puts your information out there whether you like it or not. Second, some form of upstream authentication is going to have to be implemented in order to put an end to spam and botnets once and for all.

If you think you can surf the digital world in this day and age without leaving tracks, you're delusional. Besides, do you really think your privacy is safer in the hands of thousands of individual companies than one service specifically chartered to protect it?

There will always be sites and services that reject mainstream authentication so that the warez dudez and tinfoil hat crowd can go play in their little sandboxes, but those are going to be increasingly marginalized and irrelevant to business as time goes on.



User avatar
IMajorSmall
Posts: 108

Post#26 » Wed Jan 21, 2009 3:06 pm


User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#27 » Wed Jan 21, 2009 3:31 pm




User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#28 » Wed Jan 21, 2009 3:50 pm




User avatar
IMajorSmall
Posts: 108

Post#29 » Wed Jan 21, 2009 3:53 pm


User avatar
100
Lealla
Class Leader
Posts: 3797
Contact:

Post#30 » Wed Jan 21, 2009 4:14 pm

Tying the physical authentication component to a state-issued ID is a great idea and would neatly solve the problem of how you get it into people's hands. I like that. And you're right that you would only need to use it for the authentication component itself, and leave all the rest up to the user. I could certainly foresee value-added services, though, like the ones I mentioned above: cross-business communication, universal profiles, site access management, parental controls, unified payment, etc.

As for ISP controls, I'm talking about the problem of verifying that the sender of an email (or more generally, a data packet) is actually the person/system claiming to have sent it. Specifically, when a computer becomes part of a botnet, it is generally used to (a) send spam, (b) host illegal websites, (c) conduct denial of service attacks, (d) attack security exploits in other computers, (e) distribute botnet software. It is nearly impossible to identify and shut down infected computers because the bots universally spoof the headers of the packets they send out.

Upstream authentication is simply that if your ISP detects you sending packets with forged headers, it shuts you down until you fix the problem. If your ISP is itself complicit or compromised, its ISP will cut it off, and so forth. If the botnets can't send data from their bots, the whole scheme unravels. If they instead send data with authentic headers, it's easy to isolate and notify the owner of the infected machine.

For people who are from through their wireless routers, it will still be possible to use anonymizing services set up by a third party. What this will prevent is computers being used to distribute traffic without their owners' knowledge or consent.



Return to “Technical Discussion”

Who is online

Users browsing this forum: No registered users and 1 guest

cron