Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Slashback: Quinn, InfoCards, McKinnon

ScuttleMonkey posted more than 8 years ago | from the extradition-not-to-include-unjust-imprisonment dept.

Slashback 103

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including The Boston Globe's Ombudsman speaks on Peter Quinn story, Microsoft continues to push their password-less approach to web browsing, Gary McKinnon extradition reopened, and more news on the organic car fuel front -- Read on for details.

Globe's Ombudsman silent no longer. Andy Updegrove writes "For two months, the ombudsman of the Boston Globe has been silent on the reporting that helped bring about Massachusetts CIO Peter Quinn's resignation. Last night, in response to an entry pointing out that silence at the Standards Blog, ombudsman Richard Chacon at last responded, admitting to "lingering questions over why the [Quinn travel investigation] story was allowed to run without comment from Eric Kriss," but standing by "the initial reasons for looking into the story." Chacon also promises to report back with further observations after contacting Peter Quinn."

Microsoft continues push for 'InfoCards'. FrankieBoy writes "Bill Gate kicked off the RSA computer conference in San Jose, CA by unveiling a few more details about their new 'InfoCard' system in the upcoming IE7. With InfoCards people could save personal information on virtual cards on their computers which websites would recognize removing the need for many different internet passwords."

Gary McKinnon extradition hearing reopened. earthlingpink writes "BBC News is reporting that the extradition hearing has reopened for Briton Gary McKinnon who is accused by the US of hacking into military computers. The damages he has caused is estimated at £370,000 (about $640,000 today) and he is said to face more than 45 years in prison. The original story and audio interview were both covered by Slashdot in June of last year."

Bugs to help kick oil addiction. Mr. Ghost writes "Bugs such as certain species of termites and fungi such as Trichoderma reesei may be the key to effectively and cheaply generate ethanol from cellulose. Small companies like Iogen and large international energy companies like Royal Dutch Shell are putting more and more money into this research. This type of technology may even be a way for the American automobile industry to gain back market share from its competitors."

cancel ×

103 comments

Sorry! There are no comments related to the filter you selected.

New mantra? (-1, Offtopic)

Carnildo (712617) | more than 8 years ago | (#14728673)

So now it's no longer "Claria is Gator is Spyware", but "Windows is Claria is Gator is Spyware"?

Re:New mantra? (3, Informative)

Philip K Dickhead (906971) | more than 8 years ago | (#14728838)

Troll on, but you miss the mark, my uninformed friend.

This is nothing to do with data aggregation, targeted advertising or behavior tracking. It is not invasive software, surreptitiously installed while a user beleives they are performing another action.

This is more akin to "soft token" technologies:
http://www.rsasecurity.com/rsalabs/node.asp?id=214 1 [rsasecurity.com]
http://www.actividentity.com/en/products/4_2_6_sof tware_token.php [actividentity.com]
http://www.securehq.com/group.wml&deptid=80&groupi d=566 [securehq.com]

The catcher is that this is not tied to X.509 PKI infrastructures, per se. Identity is established by locally configurable means - usually a Kerberos ID - and presented by signed XML markups, rather than the static, signed ASN.1 encodings in certificates. The exchange is still fundamentally an RSA public key validation type problem, but with an extensible policy mechanism in XML. This is an application of the work done by multiple vendors in the WS-Security [coverpages.org] space. Dynamic policy, negotiated in a federated manner between endpoints, is not possible with x.509, which has permanent policy encoded in the cert.

There is integration with Windows AD Federation, which means there is possibility to interoperate with SAML clients. Trust can also be established by reputation - with attesters signing a keychain for particular identities.

The short story is that this could end phishing attacks.

The long story is that most banks and investment firms won't make this mandatory for transactions, since their Businesses still insist on Win95/IE4 compatibility from their IT and InfoSec personnel.

Re:New mantra? (1)

geekoid (135745) | more than 8 years ago | (#14729036)

All thjat does is identify the machine, not the user.

Re:New mantra? (1)

Philip K Dickhead (906971) | more than 8 years ago | (#14729160)

It identifies the person authenticating against the identity store. If you cache your ID, under a single-factor pwd of "password", be my guest!

Re:New mantra? (1)

geekoid (135745) | more than 8 years ago | (#14729321)

So I still need a password? but now only one password is needs to access everything? Why not just use Password Safe?

The point is, people don't know how to make good passwords. Very often, so called 'expert' give bad advise about creating passwords.

Bear in mind, a lot of people still have to be walked through the steps to get to explorer on windows.

Re:New mantra? (0)

Anonymous Coward | more than 8 years ago | (#14733496)

Why not just use Password Safe?

Because I love Ayanami Rei.

Re:New mantra? (2, Interesting)

CaymanIslandCarpedie (868408) | more than 8 years ago | (#14729389)

Make no mistake, no security scheme (at least that is feasible for average use) will ever be perfectly secure. But when saying "all that does is identify the machine, not the user" you must consider "what does the current system (passwords) identify?".

The answer is nothing. Passwords are probably just about the worst security method you could imagine (besides no security at all)! They just happen to be the easiest method, so they became default.

If you spend some times actually researching InfoCard, you'll see it is at minimum a very interesting idea. Do I think it is the ultimate correct answer to security? No. However, its the most promising proposal I've seen in some time that can both provide pretty solid security and be easy enough for joe sixpack to put in wide use. Eventually, I'm sure better things will come along (or things similar to InfoCard will evolve and improve) but for the time being InfoCard is probably the best idea out there right now considering security offered, ease of use, expandibility, etc.

The point is passwords have well outlived thier usefulness in computer security and ideas like InfoCard are promising ideas which could well be the answer (at least for now).

Re:New mantra? (1)

jonwil (467024) | more than 8 years ago | (#14729386)

Why do banks and others continue to insist on support for such old browsers anyway?
Does anyone have any actual evidence to support the theory of "We need to support version 4 browsers because our customers use them"?
Is it not true that MORE people are using current-version alternatives (i.e. Mozilla, Firefox, Opera, Konquer, Safari, Netsacpe 8, Camino etc) than are stuck with dinosaurs like Netscape Communicator and Internet Explorer 4?

Re:New mantra? (1)

RiffRafff (234408) | more than 8 years ago | (#14729407)

Troll on, but you miss the mark, my uninformed friend.

Whether he is uninformed or not is not really the point; many large corporations/industries already take a dim view of Microsoft's wheelings and dealings, and that alone will make this hard to implement. Add to that the mere fact that it *is* X.509 PKI we're talking about, and the scenario completely falls apart. It's here where the OSS world starts to shine, with its OpenPGP PKI and its lack of reliance on central CA.

Nice. (5, Insightful)

NoMoreNicksLeft (516230) | more than 8 years ago | (#14728716)

So stealing my laptop will allow anyone to go to websites and impersonate me?

Re:Nice. (2, Insightful)

WillAffleckUW (858324) | more than 8 years ago | (#14728830)

So stealing my laptop will allow anyone to go to websites and impersonate me?

Why, yes, yes it will.

Aren't you sleeping soundly, Citizen?

Trust the Computer: The Computer is Your Friend.

yes they can, without that much trouble. (2, Insightful)

twitter (104583) | more than 8 years ago | (#14728867)

So stealing my laptop will allow anyone to go to websites and impersonate me?

They can do that now, depending on what tools you use to store your information. All of the better browsers have some kind of password memory. If you took Bill's bait, you are using passport, the one password to rule them all. Of course, any of the keyloggers that propagate by M$ born worm will remember your passwords without telling you and Microsoft's "fast find" has kept a log of everything you type since 98. The real thing to worry about is the system being compromised from afar. Someone who knows what they are doing does not have to steal your laptop to get what they want out of it. Non Microsoft tools have taken local and remote attack into consideration but all bets are off with silly stuff like fast find.

Things are better on non M$ platforms.

Re:yes they can, without that much trouble. (1)

geekoid (135745) | more than 8 years ago | (#14729022)

"Someone who knows what they are doing does not have to steal your laptop to get what they want out of it."

well, besides the laptop that is.

It is extremely limely that the thief would be stealing the laptop, any information found on the laptop would be icing.

This same technology could cause a problem with any OS, not just MS. Including B$D, O$X, and the variety of Linuk$ distros.

The problem is, it identifies the computer only, not the person using it.

Re:yes they can, without that much trouble. (2, Informative)

rohanl (152781) | more than 8 years ago | (#14729111)

They can do that now, depending on what tools you use to store your information. All of the better browsers have some kind of password memory.

I don't know how other browsers/platforms implement this, but Safari on Mac OS X stores all password info in the Keychain. So the info is only available if you can get into that.

The default Keychain is unlocked when you log in, but you can create any number of other Keychains and keep them locked. Move the password data stored by Safari into a different keychain that you keep locked, and it's pretty secure.

Re:yes they can, without that much trouble. (1)

JohnFluxx (413620) | more than 8 years ago | (#14729642)

It's the same in kde - we have a kde wallet system.

Re:yes they can, without that much trouble. (0)

Anonymous Coward | more than 8 years ago | (#14735143)

Yeah, we do. So I tell Kmail to remember my damned email password so that I don't have to type it in every time I open the program, and it cheerfully stores my password in the wallet. So now I have to type in the password to the friggin' wallet every time I open Kmail. Somebody please explain to me the usefulness of this again?

It's my damned email password on a home computer running a non-routable IP, sitting behind a firewall which is itself behind a DMZ firewall. If somebody steals it, all they're going to do is to be able to check my email, or send out email as me. Until I change the password. And considering that the email server is sitting about three feet over with a real world IP in the DMZ, it'd probably be much easier for them to just directly hack the email server.

Re:yes they can, without that much trouble. (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14729413)

All of the better browsers have some kind of password memory

The way it works is information such as passwords are stored in an encrypted storage system that can only be unlocked by the encryption key associated with a Windows account. If someone steals your laptop, as long as they don't know your Windows password they can't access that information. I don't know why you mention Passport as it has nothing to do with this, except that the storage system can be configured to remember Passport account information as well. Or not.

I have no idea what you mean by "fast find".

Hope that's slightly educational - spreading FUD about Microsoft is no different than crying when they do the same to us. Please leave the advocacy to those of us who actually understand the enemy. Blabbering "M$ is teh sux" on Slashdot all day might be a nice way to fill your time but is not helpful.

Too biased and anti-Microsoft... partial nonsense (2, Interesting)

TheSpoom (715771) | more than 8 years ago | (#14729546)

IE has password memory. So does Mozilla / Firefox, Opera, Safari, and a host of other browsers. It's a feature to make it easier to access sites, but users with high authentication should know that that ease comes at a cost of security. Admittedly many non-IE browsers have a "master password" structure whereby you type one password for it to remember all of your passwords on demand (as mentioned by a sibling post about Safari), but said poster also recognized that most of these systems ship with the feature off by default, and even if it is on, you're still doing a balancing act with security and ease -- if a cracker finds your master password, they've found ALL your passwords.

And I believe you're referring to FindFast, Microsoft's indexing tool that they shipped with Office. As I remember it, FindFast indexed documents (i.e. Microsoft Word, Excel, etc. files) so they could be found easier later, as well as have quicker in-file searching (i.e. searching for a word inside all your documents). It never stored your domain passwords or any such security-related tokens. Once again, though, you're only screwed if you put your password inside a Word file in your system... and why the hell would you do that if you're concerned about security? (P.S.: Anyone who had even a bit of technical acument would turn FindFast off back in the time when it was used, as it made your system horribly slow when it was indexing and tended to do so at inopportune times.)

Passport only works on sites that explicitly choose to support it, and generally only if you register yourself that way: most will give you an option for a registration in their site database only (eBay did this previously if I remember correctly). Several alternatives [google.ca] have been attempted at Passport-like solutions as well, to be fair, including some open source options [openid.net] . Once again, Microsoft isn't forcing you to use their solution, and I doubt a lot of systems use Passport authentication for high-level access anyway.

Normally I wouldn't be so argumentative, but you made a sweeping generalization when you said that "non Microsoft tools have taken local and remote attack into consideration". You made your bias quite clear in that statement. Next time you want to post attacks, at least back them up with some proof or evidence.

Anyway, I have yet to form an opinion on this InfoCard thing, but seeing as how it'll likely be Microsoft-proprietary and they'll probably have something to gain from it, I doubt I'll be either signing up for one (unless I have to in order to access a system, and even then I'll resist quite vocally) or deploying it on my own login systems.

nonsense, I was taking it easy. (1)

twitter (104583) | more than 8 years ago | (#14732530)

These people [fuckmicrosoft.com] have the lowdown on what M$ keeps track of without telling the user. Fast find remembers your passwords and everything else you type. It's one small part of the tools that defeat any serious attempt at security on Microsoft platforms.

Some strange verbiage on that site. (1)

Medievalist (16032) | more than 8 years ago | (#14732660)

I haven't finished reading it, but this line:
The first thing you should know is that the index.dat files is that they don't exist in less you know they do.
really jumped out at me.

What in Avalokistevara's name is that supposed to mean?

Re:Some strange verbiage on that site. (1)

HTH NE1 (675604) | more than 8 years ago | (#14736764)

I can get you partly there:
The first thing you should know about index.dat files is that they don't exist unless you know they do.
Beyond that, you'll need to consult a quantum mechanic, who will tell you things about superposition and half-dead cats.

Re:nonsense, I was taking it easy. (1)

TheSpoom (715771) | more than 8 years ago | (#14735164)

First off, of course I'm going to believe that a site called FuckMicrosoft will be unbiased.

Secondly, take a look at Microsoft's own overview of FindFast [microsoft.com] (It's FindFast, not Fast Find, BTW):
You can open the Find Fast Control Panel icon to create additional indexes (for example, on a network drive), delete indexes, and set other options. Although you can use Find Fast in the Control Panel, Find Fast indexes Office documents automatically and requires no user interaction.
It can index other filetypes, but it indexes only Office documents by default.

There's also the section in that article that you linked to that's taken way out of context in the FuckMicrosoft article:
When you specify the type of documents to index in the Create Index dialog box, Find Fast includes the document types that are listed in the following table.
FindFast only indexes all files if you tell it to!

You've got a very narrow view and a very small base of evidence. You'd get a much better view if you took in more sites than just the ones that match your current world view. Who knows, maybe you'd actually post arguments that are factually correct!

Re:yes they can, without that much trouble. (0)

Anonymous Coward | more than 8 years ago | (#14729734)

I thought I had seen the last of the twitter [slashdot.org] experience [slashdot.org] , but I guess all of us Slashdotters are not that lucky.

Re:yes they can, without that much trouble. (1)

CarpetShark (865376) | more than 8 years ago | (#14736377)

Things are better on non M$ platforms.


Precisely. And you didn't even get into information like credit card details.

Re:Nice. (3, Funny)

Xeo 024 (755161) | more than 8 years ago | (#14728919)

Nah, you're just being paranoid. I'm sure no one has the time to "go to websites and impersonate" other people. Have some faith in your fellow man..

-CmdrTaco

Re:Nice. (1)

eclectro (227083) | more than 8 years ago | (#14729034)

So stealing my laptop will allow anyone to go to websites and impersonate me?

Sorry to deflate your ego, but they are just interested in emptying your bank account and stealing your identity.

If it involves impersonating you, that's where they would draw the line. Because that would involve too much work and not be worth it.

Re:Nice. (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14729157)

If you don't protect the InfoCard, yes, but that case is no different than if you saved your passwords in your brower of choice. You can protect your Info cards, however, via password protection or, given the hardware, a biometric scanner or a smartcard. There are a number of OS-level laptop data protection schemes being introduced in Vista that can also be applied to protect your Infocards.


When fingerprint scanners become more common in laptops and smartcard readers more common in keyboards, I believe Infocards will be a serious advantage over the current method of data protection. Given the relative costs of both of those devices, I think you'll see them pop up on most hardware in the near future.

Ethanol the answer to the US auto industry (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14728734)

That's a real logical leap. Anyone can build cars that run on any available fuel. How will the use of bio-fuel give an advantage to the American auto industry?

Re:Ethanol the answer to the US auto industry (1)

robbak (775424) | more than 8 years ago | (#14728926)

It's a question of people shifting aways from larger, US built vehicles (SUVs, especially) to smaller imported ones. Of course, the US could start making small cars, but the cannot compete. It's a similar issue here in Australia, too. Locally-built cars are all the larger, 6 or 8 cylinder "family cars", and people are shifting to smaller, 4-cylinder, imported cars. Moving to a renewable, possibly cheaper fuel, that is not at the mercy of international markets and reducing supplies, makes larger cars more attractive.

US auto industry, not US oil industry (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14729063)

The idea here is mostly that the US auto industry is SERIOUSLY hurting as a result of high oil prices in the U.S.. People are not as interested in cars and not interested in the same kinds of cars as they would be in an economy, like that of the 90s, with low oil prices. The U.S. auto industry has been harder hit by the oil situation than foreign carmakers, both because the U.S auto industry so heavily targets U.S. customers, and because the U.S. auto industry has so heavily invested in low-economy cars such as SUVs. At least one major analyst marked up Ford's recent plant closures as being a direct byproduct of oil prices.

Technology which could lower the price of fuel would reverse or at least negate this effect, allowing the U.S. car industry to recover.

Lowering oil prices would also benefit Japanese carmakers, of course, but who cares? Economics is not a zero-sum game. It's possible for something to benefit both American carmakers and foreign carmakers.

Re:US auto industry, not US oil industry (1)

Medievalist (16032) | more than 8 years ago | (#14733882)

Absolutely correct, especially the non-zero-sum bit.

Here's another point to ponder, on the "rising tide lifts all boats" theory:

If fuel were agriculturally produced rather than mined/drilled, the US could remove some of the incredibly market-distorting Farm Parity payouts - essentially, we could stop using taxpayer money to bribe farmers not to grow crops.

We pay off the farming [downstreet.net] mafias [usdoj.gov] to keep food prices artifically high [nationalaglawcenter.org] , so that there is an economic incentive to continue to produce food. If our ever-increasing appetite for fuels was redirected to compete with food production, these subsidies could be reduced or even eliminated.

I hope I don't end up with a horse's head in my bed for pointing this out...

Re:Ethanol the answer to the US auto industry (1)

gnugie (757363) | more than 8 years ago | (#14729336)

> That's a real logical leap. Anyone can build cars that run on any available fuel. How will the use of bio-fuel give an advantage to the American auto industry?

Anyone CAN build cars to run on Ethanol. The Big Three already DO.

http://tinyurl.com/dyrnv [tinyurl.com] (Minnesota E85 Vehicle Directory).

The good thing about InfoCards (0, Troll)

WillAffleckUW (858324) | more than 8 years ago | (#14728735)

is that they will make it easy to get into any system, since they have your password in them.

The bad things are:
1. Now physical hacking gets easier and you can hack a copy or just take the card and return it after scan.
2. People will have a physical device to lose. This is always a good idea.
3. We'll start seeing movies where thieves steal the InfoCards from the guard, or chop off the hand that has it on a locked wrist. Really good movies.
4. We can all rest securely knowing that noone would ever suddenly jack up the "cost" of the card, such as requiring you pay $5000 a year when they suddenly upgraded the OS, "for security reasons".

Hmm. Good thing I own MSFT shares ...

Re:The good thing about InfoCards (1)

jsprat (442568) | more than 8 years ago | (#14728809)

The card is not a physical card.

From the summary (emphasis mine):
...save personal information on virtual cards on their computers ...

Re:The good thing about InfoCards (1)

WillAffleckUW (858324) | more than 8 years ago | (#14728865)

Well, that's cool.

So, can we assume that noone will ever hack it, ever?

For example, noone will ever stick a USB card in the laptop while you get coffee, use the auto connect that always kicks in thanks to how USB works, and then copy it to decrypt it later when they have lots of time, right?

Gonna be a lot of missing laptops and PDAs ...

Re:The good thing about InfoCards (1)

0racle (667029) | more than 8 years ago | (#14729064)

Yes because passwords are so much more secure we should never ever consider another method.
 
At least someone might notice a lost pda quickly, how long will it take them to realize someone just copied their post-it note.

Re:The good thing about InfoCards (1)

WillAffleckUW (858324) | more than 8 years ago | (#14729106)

Personally, I think we should just brand the passwords on the computers, or stick them on our foreheads using postits.

Re:The good thing about InfoCards (1)

jonwil (467024) | more than 8 years ago | (#14729529)

Combine both a security card and a password.

Basicly, in order to use the computer, you need both a security card and a password. Anytime you remove the card, the computer locks. Then, when you come back, you put the card back in and type in the password.

Would be a good solution for increasing security at big corporations (because its much harder to get both the card and the password) and it would reduce the problem of people with post-it note passwords. Hopefully such a system would reduce the need to have manditory periodic password changing (allthough I still havent seen any evidence that it actually makes things more secure assuming you have good password rules in the first place)

You could also combine the security card for the PC with the card that is used to enter the building (my workplace has them and I am sure its not the only one)

I'll trust InfoCards (0)

Anonymous Coward | more than 8 years ago | (#14728924)

I'll be sure to use InfoCards to store my MS Passport information (since it will be required), and I'll use my MS Password information to access MSDN (since that is required).

Other than that, I'll use Password Safe [sourceforge.net] , thank you very much.

Re: Good thing I own MSFT shares (1)

usurper_ii (306966) | more than 8 years ago | (#14728944)

Don't feed the Beast.

Re:The good thing about InfoCards (1)

westlake (615356) | more than 8 years ago | (#14729239)

The bad things are:

1, 2, 3. It's a virtual card.

4. The card is part of IE7 and Vista.
In the consumer market, OEM Windows is cheap and prices are stable.

Passport The Standard? (5, Insightful)

webmistressrachel (903577) | more than 8 years ago | (#14728743)

I see how Microsoft would like to position their system (passes, OS, Mail Client, etc.) as the "standard". Even previous versions of Windows allowed users to talk to everybody and anybody. Now it seems they have found another way to cut out 3rd-party companies, or get license fees (thus still dominating the market).

Re:Passport The Standard? (1)

AuMatar (183847) | more than 8 years ago | (#14728779)

They tried. Passport was supposed to be part of Hailstorm and their .Net initiative. It fell flat on its face. I don't expect much more success this time around.

Collection of InfoCard Issues (5, Informative)

Anonymous Coward | more than 8 years ago | (#14728806)

At a Harvard workshop last week on user-centric identity, a bunch of us agreed to collect InfoCard issues as we hear about them. While work in progress, and your mileage my vary, I put an initial list of those on my blog.

http://netmesh.info/jernst/Digital_Identity/micros oft-infocard-issues.html [netmesh.info]

Kim Cameron, the chief identity architect at Microsoft, agreed to take them back into Microsoft to hopefully get them resolved.

Re:Collection of InfoCard Issues (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14729030)

It's interesting to see how far we've come from Passport, yet how little we've moved. At least we no longer are asked to ship our credit card data to Microsoft for "safekeeping", the InfoCard data resides on our own computers (for better or worse).

I noticed that there seems to be confusion about a meta-identity system (one system spanning identities) vs an identity meta-system (one identity spanning systems). Will InfoCard really be a meta-system? Googling, I'm not seeing much for implementing MS Passport authentication outside of Microsoft products, so my hopes aren't too high for being told how to receive customer InfoCards if I'm writing a commerce site in PHP, Perl, or Java (I found an MSDN site that looked hopeful, but after a chapter on authenticating users in JSP, there was a short paragraph that basically read "Or... you could use Microsoft Passport for authentication. Check MSDN for articles on authenticating with MS Passport in ASP.NET").

Re:Collection of InfoCard Issues (2, Funny)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#14729875)

Chief Identity Architect? (yes, it's unfair in this case)

But "InfoCard"'s nothing new, is it? (1)

martinultima (832468) | more than 8 years ago | (#14728812)

From my understanding of this whole thing, the InfoCard system's nothing new. We already have the same thing going on with existing technologies such as Firefox's Password Manager, Opera's Magic Wand, and not to mention my favorite – SSH keys! The latter I've been using obsessively now, I just keep the master key on my laptop and all my other boxes are set to recognize it so that I can get into any of them without a password.

(Completely off-topic, but the laptop's heavily password-protected as well; randomized 16-character password to log in, a completely different one to boot the thing or to get to it after it's been in standby... just in case anyone's worried about and/or hoping for my system mysteriously "vanishing" ;-)

For all that stuff about innovation, I have yet to see anything coming out of Microsoft...

Re:But "InfoCard"'s nothing new, is it? (1)

DrSkwid (118965) | more than 8 years ago | (#14728872)


Once I have your laptop I will just connect the drive to my computer and mount it myself, thus bypassing your random bazillion charater password if you like.

Personally I store my passwords using secstore and authorize using factoum, so my keys never need to be stored locally. I boot my laptop from a CDrom and mount my drives over the network, wherever I am. It doesn't even have local storage unless attach some via USB.

Relying on SSH is soooo 1999

Re:But "InfoCard"'s nothing new, is it? (2, Interesting)

Philip K Dickhead (906971) | more than 8 years ago | (#14728873)

No. You are talking about PIN/Password caching, in an encrypted store. Think Mac keychain.

This is an identity system, that supports federation, incorporates policy negotiation and can establish reputation with third-parties.

It is Passport, without the central identity repository - similar to Liberty Alliances' SAML work, but in the WS-Security framework, and with extended user functionality.

Re:But "InfoCard"'s nothing new, is it? (0)

Anonymous Coward | more than 8 years ago | (#14728894)


(Completely off-topic, but the laptop's heavily password-protected as well; randomized 16-character password to log in, a completely different one to boot the thing or to get to it after it's been in standby... just in case anyone's worried about and/or hoping for my system mysteriously "vanishing" ;-)


Yet all for naught if I^Hsomeone happens to get their hands on it, take the drive out, and plug it in as a secondary drive somewhere. That is, unless the filesystem is strongly encrypted as well... Of course a potential villain would have to consider whether that level of effort is even worth it - depends on exactly what it is you administer, I guess...

Re:But "InfoCard"'s nothing new, is it? (1)

martinultima (832468) | more than 8 years ago | (#14731552)

Yeah, but quite honestly I don't think anyone would waste their time (especially considering that all the real data's stored on another machine at home, and the only way to get to that machine outside of my home network is to SSH to the server, and from there SSH again to the other machine, and the server doesn't have any private keys on it).

Re:But "InfoCard"'s nothing new, is it? (1)

Firehed (942385) | more than 8 years ago | (#14729449)

Huh? I'm pretty sure IE has a password-storing thing like most alternative browsers do. It has some sort of form-remembering option, anyways. That said, it's not too difficult to remember passwords. What's difficult is the websites that force you to use some retarded thing because they think you having 9skmdl10d1337os for your password is going to make it harder to steal after you input it into some phishing site because you're a freakin' idiot, and as a result remembering what password goes with what site. Honestly, my old standard-affair 6-character lowercase-letters-only password is perfectly fine for almost all situations, but noooo, some sites require a minimum of eight or ten characters, alphanumeric mixed-case junk, etc. Hackers don't go around *guessing* at passwords last I knew, but if someone wants to take a 1-in-308,915,776 shot at logging into my /. account using the above information (or is /. one of the ones were I needed to modify it? I forget now... but luckily it's only one of four things anyways), go right ahead. Hell, I'll even mod you up.

The password problem isn't it being easily guessable (unless you just have mean friends), it's about throwing it around carelessly. Me changing an "l" to an "I" or a "1" isn't going to prevent someone from reading their stolen-password database after I log into a scam site, it just means I'm going to either need a password manager or a few post-it notes. Tricky passwords cause more inconvenience to the users than to the hackers, as I have four passwords that I need to remember and my bank locks me out after three wrong inputs. Not a problem from my Firefox'ed home, but anywhere else and it gets a bit irksome.

So go ahead, people, set your password to asdf. Just don't tell people that you did and don't type it into stealmyidentitypleaseforrealomgidontwannabehackedo hnoesexclamationpointtimesthree.com and you'll be all set. I have it so I'm automatically logged into my password-protected admin account (and it's only passworded because some stupid program requires it to work right) upon booting and have mine and my dad's credit card number stored in the history for a couple different websites. The only thing that'll be a problem for me is blatant carelessness. You know, like selling that notepad at a garage sale that has all my account names and passwords written down in it.

Biofuels are great! (1)

Oldsmobile (930596) | more than 8 years ago | (#14728827)

I think biofuels are FINALLY a realistic opening in the search for a oil-less way of transportation. After years of BS and dead ends with electric vehicles, hydrogen cars and whatnot, we finally have something that will use existing infrastructure and technology.

The only problem is, this will put the oil companies out of business. Seeing as oil companies have way more money than say, farmers (who look to benefit) and seeing as alot of money has been put into securing middle east oilfields, I don't see much shift in energy policy on this front in the near future. Atleast not in the US.

I mean, leaded gasoline became the industry standard instead of the equivalent of gasolinen with 10% ethanol, because the oil companies would have sold 10% less oil for chrissakes!

Re:Biofuels are great! (1)

WillAffleckUW (858324) | more than 8 years ago | (#14728853)

there's a bill in the Washington State Legislature (no direct bill link, as it has multiple versions, to mandate 2 percent biofuel usage here.

At least according to today's local papers.

Re:Biofuels are great! (2, Informative)

KlomDark (6370) | more than 8 years ago | (#14728883)

Unfortunately the majority of farms these days are corporate farms. Sure, there's still a lot of family-owned farms, but they are slowly getting Borged by the CorpFarms. Also lots of sneaky bullshit where CorpFarms set up deals with companies so they get better deals when they sell their products than the family farms can get.

Maybe, maybe not (1)

geekoid (135745) | more than 8 years ago | (#14729075)

At 60 dollars a barrel it begins to become more profitable to use foods for bio-fuels. So farms will sell their products to bio-fuel companies and not to the store.

And why would the energy companies invest in this? They could dominate this market, as well as other alternative markets, which will be less costly to protect and set up.
Of course, at it's current rate of growth, in 2030 Cina alone will need 94million barrels of oil per day. Currently 84 million barrels per day is pulled out of the ground for the entire world. A number that is not lilly to change.

So market demands will put pressure on alternative means.

Of course, by 2030 it would surprise me if most of China wasn't nuclear.

Re:Biofuels are great! (2, Insightful)

LoRdTAW (99712) | more than 8 years ago | (#14729115)

"The only problem is, this will put the oil companies out of business."

If you think about it why would they let themselves go out of business? Who is to say they wont buy out bio firms and farms working on alt fuels? Trust me, one day driving by exxon and shell farms producing the raw material for ethanol and bio diesel.

Re:Biofuels are great! (1)

DaveV1.0 (203135) | more than 8 years ago | (#14731861)

The only problem is, this will put the oil companies out of business


Actually, no they won't. They will stay in business, providing petroleum based products for military, commercial, and business uses. This would include jet fuel, diesel, solvents, plastics, etc. I can even see them continuing to make gasoline for a long time for old car buffs.

It won't put them out of business, but may keep them in business for a much longer time.

Ombudsman didn't really respond at all (3, Informative)

Error27 (100234) | more than 8 years ago | (#14728848)

I hate how lazy and irresponsible the mainstream media is these days.

The original article basically implied that Quinn was taking gifts from vendors to travel to conferences all over the world. This turned out to be false. So basically falsehoods. My feeling is that Quinn deserves an appology at minimum.

Then the "investigation" is just the Ombudsman phoning the reporter up, the reporter says there isn't any issue so it's fine. Plus some excuses about how busy the Ombudsman is and how his assistant is only part time. Mix in a few ad hominem attacks.

Nice. Way to go. It's goot that we have moronic lazy turd to keep everyone honest.

Re:Ombudsman didn't really respond at all (0)

Anonymous Coward | more than 8 years ago | (#14729135)

Well, you can always look back and see some ways you could've done a better job.

Re:Ombudsman didn't really respond at all (1)

dan of the north (176417) | more than 8 years ago | (#14730014)

Boston Globe's ombudsman, Richard Chacon: "I've been told by Steve (Kurkjian) that more stories on a related topic are coming..."

Does "related topic" mean civil servants 'not following proper state procedures for documenting business travel' or ?

Ombudsman didn't get it either (3, Insightful)

konijn (247004) | more than 8 years ago | (#14731382)

"I (and the Globe) have no stake in the debate over Open Source or Windows."
Mr. Chacon, this is about Open Standards, not Open Source.

too risky? (0)

Anonymous Coward | more than 8 years ago | (#14728850)

From TFA:

"Gates said it was too risky for people to enter their login names, passwords and credit card information on Web sites...

Using InfoCards, people could save personal information on virtual cards on their computers."

Great, so now I'm suppose to rely on yet another device created by microsoft to store my passwords?
I'm sorry Mr. Gates, but I'd rather keep my user names and passwords where I remember them best.. in my brain!

Using these infocards is just one more thing to try NOT to lose.

This ain't Nightline, foo! (0)

Sarcastic nerd (457081) | more than 8 years ago | (#14728877)

Slashback tonight

Please, get over yourselves, this isn't a network news show, this is a website, and hardly a polished one at that.

Re:This ain't Nightline, foo! (0)

Anonymous Coward | more than 8 years ago | (#14728934)

But it is Slashback. And it is tonight. So I say that's two points in their favor.

InfoCard and Passport (3, Insightful)

truthsearch (249536) | more than 8 years ago | (#14728925)

Microsoft already had a universal password system fail: Passport [msversus.org] . The majority of web site owners simply didn't trust Microsoft enough to integrate their security in any way.

Re:InfoCard and Passport (1)

ben_1432 (871549) | more than 8 years ago | (#14729105)

I think the actual reason is the restrictive cost of using Passport, and the effort to implement it:

http://weblogs.asp.net/ssmith/archive/2003/07/25/1 0517.aspx [asp.net]
"There are two fees for licensing .NET Passport: a periodic compliance testing fee of US$1,500 per URL and a yearly provisioning fee of US$10,000 per company."

InfoCard is open source (1)

pHatidic (163975) | more than 8 years ago | (#14729324)

Not only is InfoCard open source and standards based, but you are invited to participate in the design process. Just go to Kim Cameron's blog [identityblog.com] , he is the chief architect of identity at Microsoft.

I don't think that is correct (0)

Anonymous Coward | more than 8 years ago | (#14729696)

There were some rumors early summer last year, but they have proven to be false. Closed-source as usual.

Re:InfoCard is open source (1)

truthsearch (249536) | more than 8 years ago | (#14729738)

No thanks. I don't trust Microsoft [msversus.org] .

Infocards (1, Funny)

SeaFox (739806) | more than 8 years ago | (#14728989)

Microsoft continues push for 'InfoCards'. FrankieBoy writes "Bill Gate kicked off the RSA computer conference in San Jose, CA by unveiling a few more details about their new 'InfoCard' system in the upcoming IE7. With InfoCards people could save personal information on virtual cards on their computers which websites would recognize removing the need for many different internet passwords."

Wow! What a novel idea! It's like I'll have my own personal Passport for the internet letting all companies know who I am by referncing a single server controlled by a third party.

Tell me more about what other "new" ideas Microsoft has come up with recently.

Re:Infocards (1)

hereticmessiah (416132) | more than 8 years ago | (#14729195)

Uh, no. The information isn't centralised on a small number of machines, it's on each user's machine. Re-read it.

Infocards (0)

ben_1432 (871549) | more than 8 years ago | (#14729044)

Infocards really do sound quite good. If it was by someone other than Microsoft, I'm sure a lot of people would agree.

Yes, there's a chance they may result in some sort of identity theft if your laptop's stolen - but no less a chance then "Remember me" and your browsing history.

I think overall they're going to be very convenient for using a lot of sites and not having to remember passwords. You could bash keys till you've got a 30 digit password you'll never need to remember, and not have to do 'forgot password' forms every time you delete cookies.

How much land? (2, Interesting)

TheEvilOverlord (684773) | more than 8 years ago | (#14729097)

effectively and cheaply generate ethanol from cellulose

I wonder does anyone know how much land this would take up?

A. What's the richest source of cellulose
B. Based on the energy value of the ethanol produced from say 1 tonne of the crop, how much land is going to be needed to replace the oil consumtion in private cars in the USA?

I bet it's not a small amount...

Answer (1)

geekoid (135745) | more than 8 years ago | (#14729276)

"A. What's the richest source of cellulose"

A Midwesterns thighs!

Question:
At about 60 dollars a barrel it starts to become more profitable to sell crops for bio-fuel then it does to sell it to the food market.
What do you think farmers are going to do?

Pedant (1)

tabrisnet (722816) | more than 8 years ago | (#14730948)

That's cellulite, not cellulose.

Re:How much land? (3, Informative)

gone.fishing (213219) | more than 8 years ago | (#14729387)

You have some good questions and I don't have the answers however, I can share some insight that I do have.

Any woody or grassy plant is an excellent source of cellulose. This means that much land that is currently thought of as unprofitable would be well suited to grow the crop. For instance swamps could be harvested (without harming the wetlands in the winter) and could provide a huge amount of the raw matterials. "Slash and trash" from forests being harvested for lumber and pulp could also supply a lot of cellulose from the branches, leaves, and roots that are currently unused.

From what I have read the conversion of cellulose to ethanol is pretty efficient; the bugs eat the woody stuff and crap out suggary stuff that is made into ethanol using pretty normal, efficient processes. Think of these bugs like yeast, they eat and reproduce quite well given the proper circumstances so their added cost is minimal.

While the amount of land required to produce the feedstock for an ethanol production facility is something to consider, along with the costs of producing ethanol, this is only one part of the formula. The other side is the fact that oil that the United States imports puts us at the mercy of some people who we don't want controlling us. If we can put ourselves on a diet and reduce the amount of energy we import, we have a safer country and a more stable economy while we put Americans to work making something that we currently pay someone else for. When we reduce the demand for oil it is even likely that the oil that we do import will be less expensive (we are a major consumer of oil and the law of supply and demand will slide in our favor).

Ethanol is not a new, unique, or unusual fuel. Brazil is already up and running on an alcohol based economy, the lion's share of their fuel is produced in Brazil from sugar cane. In the MidWest of the United States, many states require all of the fuel sold in their state contain ten percent ethanol. In Minnesota (where I live) we recently increased the minimum amount of ethanol to twenty percent. We have a number of ethanol plants here that are distilling ethanol from corn. E85 us also making inroads. I have not noticed any difference in the way my cars run (2000 Dodge pickup, 2000 Chevy Venture, and a 1993 Ford Explorer) since the switch. Regular gas here today was $2.04/gal. Some people say their gas mileage is about the same but I'd say that I have seen a slight decrease in the MPG from "real" gas, I would guess the number to be about 5% reduction in MPG. Still even assuming a slight reduction in MPG, how does $2.04 stack up against the price you are paying for gas?

Re:How much land? (1)

TheEvilOverlord (684773) | more than 8 years ago | (#14731273)

"Slash and trash" from forests

That just gave me a horrible vision of poor people slashing any vegetation they can find just to have it processed as fuel to make a quick buck. Going to have to be careful who can supply the fuel chain or this could just cause more environmental harm.

$2.04

LOL I wish I could get petrol [wikipedia.org] so cheap. I'm assuming that $2.04 is per US gallon. That's 31.0 pence per litre. Here petrol is 94.9, which is $6.25 per US gallon.

*sigh*

Re:How much land? (1)

gone.fishing (213219) | more than 8 years ago | (#14732943)

"Slash and trash" is the stuff loggers leave behind after they have harvested the timber - it is mostly small branches, leaves, and root stock. In a way, commercial timber harvesting is horrible, clear cutting leaves the land pretty baren. Still, timber is like any other crop, it is able to be replanted and grow back. It just takes a bit longer.

Re:How much land? (1)

hains (630284) | more than 8 years ago | (#14735851)

Any woody or grassy plant is an excellent source of cellulose.

Kudzu and water hyacinths, two scourges of the south, come immediately to mind. If you can make ethanol AND clean up these weeds, you win twice.

The problem with 20% Ethanol (1)

rebill (87977) | more than 8 years ago | (#14737259)

Older gasoline engines were designed without taking ethanol content into account. Some cheap plastic parts (cheap as in, less expensive) work just fine in gasoline engines, but deteriorate quickly when exposed to ethanol.

The engines in the vehicles in Brazil were designed to take ethanol content into account, so they do not experience this problem. Both Ford and GM are bringing these engines to the United States in the near future (some are already here), so they will be just fine. It's those older cars that are in trouble - like your 1993 Ford Explorer.

Ethanol does not release as much energy when it is burned when compared to gasoline, so you do not get quite as high real MPG when using a gasoline/ethanol mix when compared to normal gasoline. Still, if you get 80% of the MPG for 33% of the price, it's a good deal all around.

The other interesting thing is that it is harder to get ethanol to burn at lower temperatures than it is to get gasoline to burn. Minnesota, you said? The solution is to have a small gasoline-only tank used just to start the car on a cold day, and then a change over to Ethanol once things have warmed up.

Re:The problem with 20% Ethanol (2, Informative)

gone.fishing (213219) | more than 8 years ago | (#14743179)

We have had ten percent ethanol in our fuel here in Minnesota for many years. I personally have never had to replace any part that has been damaged by ethanol and I don't expect the old Explorer to suffer any worse with twenty percent. Frankly, I think ethanol helps keep the fuel system cleaner.

Alcohol is less volatile than gasoline in cold weather but the lion's share of every-day cars on the road are now fuel injected and that more than makes up for some alcohol in the gas (injectors vaporize fuel much better than carburetors). Also, the alcohol really helps with frozen fuel lines and "water in the gas" both used to be big problems here in Minnesota where many of us all winter long added gas line anti-freeze (which is just alcohol) to our gas. We no longer need to do that.

Today, we don't need a second tank for gas/alcohol mixes but they do use that configuration in Brazil where most drivers use pure ethanol for fuel. I have a friend who uses E85 in her tank and she has never complained about hard starts in cold weather so, I assume that just a little gas added to the alcohol is all it takes to make it start well in the winter.

What really helps in the winter is a good battery. I try to replace mine at three years and I buy the biggest battery that will fit (you can get some 1000 amp batteries that are pretty small). Back in the days of carburetors I used to have to use a tank-heater and when it was really cold I'd even hook up a battery charger and throw a blanket over the hood and grille. I haven't done that in ten years though.

Re:How much land? (1)

jonwil (467024) | more than 8 years ago | (#14729427)

Would it be possible to do something similar to what they talk about in all the sci-fi novels where they grow various plants including alges in hydroponic tanks (or something similar) and then use the energy stored in the results as a fuel?

Ja man, I tink you know the answer (1)

eheldreth (751767) | more than 8 years ago | (#14734319)

Once again Hemp has been shown to be the answer to all that ails ya.

Improved security? (1)

complete loony (663508) | more than 8 years ago | (#14729201)

For instance, if a user clicks on an e-mail that takes the Internet browser to a suspicious site, the address location of the Web site will show up highlighted in the color yellow. On top of that, a certificate badge on the browser will turn yellow. If the user clicks on the badge icon, they can immediately report the suspicious site to Microsoft.
So how exactly do they determine that a site is suspicious? Further escalation in the eternal arms race ...
Similarly, if a user clicks on a suspicious file that will download from the Internet to the computer, Vista will ask the user if they really want to do such a thing. Vista can compartmentalize the computer so that suspicious, downloaded files are quarantined and don't infect vital computer processes.
Ok
Ok
Ok
I mean seriously, the more you annoy the user with useless ok dialogs, the less they read them. Why can't they just implement an execute bit in the filesystem and not allow users to change it easily. Yeah, I know MS would just prompt "Do you want to be able to run this exe in future?" and the users will just hit OK. And that's without saying anything about all the other holes that have been found in IE previously that allow downloading and executing without prompting at all. Do we really trust that there aren't going to be any more?

Re:Improved security? (1)

happy*nix (587057) | more than 8 years ago | (#14729634)

Obviously you sir are not a WindowsXP user.
Suspicious sites are as easily identified as "Dangerous" system drivers. Any driver not signed by M$ is dangerous. Like wise any site not registerd with MSN is suspicious. Hope that cleared things up for you.
BTW: Micro$oft would love to be able to allow anyone to register their website with MSN, but the economic reality is that the manpower required to verify your site is not free or even cheap. M$ has a responsibility to it's shareholders to make a modest profit on it's endeavors even if it doesn't actually pay dividends to those same shareholders.

Re:Improved security? (1)

netcrusher88 (743318) | more than 8 years ago | (#14729745)

Linux has this Cool Thing(tm) called fakeroot that does just that - basically intercepts file calls and allows the program to "change" any file on the system as root, without actually changing the filesystem.

This is yet another cool tool that Microsoft has ripped off from Linux/UNIX. Other examples include the Monad shell (reminds me of Tcl/Tk and other GUIable scripting languages), and a feature explained to me by an insider as mapping the registry to a drive (/etc anyone?). Now, I haven't seen any other news about the latter, but they were considering it, is my point.

I'll admit that Vista is innovative in some ways, but a lot of it is amazingly derivative. Even though I give microsoft a lot more flak than they deserve, they're being given a little more credit than I think they deserve as far as innovation in their next-gen OS. Still a worthy upgrade if Windows is your thing.

Re:Improved security? (0)

Anonymous Coward | more than 8 years ago | (#14730846)

An execute bit is useless because the problem is not with people executing programs. The problem is really with executable payloads in documents to be opened by vulnerable programs.

For example, some virus emails come with an encrypted attachment in ZIP format. They give you instructions on how to decrypt the payload (with the key to type in) and then execute it. If those instructions included "chmod +x virus.exe", people would still do it. If those instructions included "type in the root password", most people would still do it!

As another example, the recent WMF bug was not an executable file. In fact, IE was not vulnerable. The problem was that you could trick IE into executing an external image viewer (which WAS vulnerable) with the malware payload.

In general the suggestions that people take from Unix to solve the problem will not work. I already explained why an "execute" bit is pointless.

Just running as a user other than root is also not very helpful for a typical single-user system. The important part of the system is not the OS files (which can be reinstalled in a half-hour), but the user's files which are usually not backed-up and cannot be easily recreated. A malicious program (spyware, adware, mass emailer) can also cause itself to be run whenever the user logs in, which for most users is whenever they turn on their computer.

What IE7 on Vista will do is actually run with lower privileges than a regular user process. This means that since it cannot put files outside of its sandbox and has limited abilities to interact with other programs, it is actually safer than what could be created under Unix.

Malicious payloads will still be possible in the case of the inevitable security flaws, however their abilities to affect the system will be far more limited because they can only run until the user logs off or reboots.

dom

Because its a crime stupid. (4, Insightful)

Chiminea (696521) | more than 8 years ago | (#14729311)

McKinnon did not accidently wander into those systems, he did it intentionally knowing he was breaking the laws in both the UK and the USA. I took over as SA on a machine he had previously compromised. When it was determined that it had been "hacked" (yeah it takes mad skillz to exploit the old default MS SQL password) I had to report it and deal with the ensuing fun. After the forensic analysis (which was very fruitful) the box had to be reinstalled from scratch:NT,SQL and a particularly ugly document management application. Now those of you reading this who are actual professional system administrators know that we probably had other things to do. So if Gary is worried about spending time in a Virginia prison, tough. Thats where we keep criminals. (Sorry, didn't mean to rant).

Re:Because its a crime stupid. (1)

weierstrass (669421) | more than 8 years ago | (#14731551)

>McKinnon did not accidently wander into those systems, he did it intentionally knowing he was breaking the laws in both the UK and the USA

Yes mate. Except as a British citizen who carried out these actions while in Britain, he should be tried under British law.

How would you like it if the Iranian government decided you had broken their law by your actions online while sat at home in the States, and your government acquiesced and shipped you over there to face the music?

Re:Because its a crime stupid. (1)

Chiminea (696521) | more than 8 years ago | (#14732196)

I have no problem with him being tried in Britain (I'm originally from Suffolk myself) but your argument that because he was in Britain while he was breaking these laws is somewhat specious. Although his physical body was in the UK his "presence" if you will, was in the machines he was accessing Stateside. That is the nature of networks; you can directly impinge things miles away from you. If I hacked an Iranian bank and stole money then I would expect to be prosecuted under their laws and rightly so (like smuggling drugs in Malaysia, bad idea!). Just because I don't like the consequences doesn't mean I should be treated specially. I would imagine that the majority of crimes are committed by people who know that they are indeed breaking the law and in the case of cracking systems that number probably approaches 100%. My team and I lost time and money because this idiot didn't have the moral character to resist the temptation to break the law. Cheers!

somewhat specious (1)

weierstrass (669421) | more than 8 years ago | (#14732743)

>Although his physical body was in the UK his "presence" if you will, was in the machines he was accessing Stateside.

Sure.

I would prefer to put it like this:
Machines in the US accepted connections from remote computers over a public network, and executed code sent to them by a computer in the UK which was being operated by McKinnon.

A machine is a machine - it does what you tell it, especially if you control the power button. A public network is a public network.

Re:somewhat specious (1)

Chiminea (696521) | more than 8 years ago | (#14733163)

LOL, The victim (machine) stopped the bullet (code) that flew through the air (public network) sent by the gun (machine) that was discharged because someone pulled the trigger (BOFH!). Is it the fault of the victim that they were hit? Isn't this like blaming the guy the American Vice President shot for getting in the way. (Guns don't kill people! People with guns kill people!) Anyway, sorry for the silliness. The point is this bozo caused criminal injury (lost time and money) because of his actions; he is a criminal.

Re:Because its a crime stupid. (1)

aug24 (38229) | more than 8 years ago | (#14732541)

I'm not sure I would even characterise someone who entered a system that still had the default password as a criminal. It's like leaving a door open and then complaining someone came in. At best you could call it trespass (which isn't criminal).

Personally I'd get mad with the fuckwit who didn't change the password first.

Justin.

Re:Because its a crime stupid. (1)

Chiminea (696521) | more than 8 years ago | (#14733393)

Well if I could find the F*cktard in question a quick foot to the groin might be forthcoming, but they have long since departed the site. As far as "trepass" goes, a child might open the closed door of a neighbor's house and go in, an adult would not (let alone go down the lane trying every door they could). The presence of even a default password indicates that you are not supposed to go in. The door was not "open" (but it surely could have used a better lock...). Imagine how your beloved would feel if she came home and discovered someone had been inside going through her knickers.

Re:Because its a crime stupid. (1)

aug24 (38229) | more than 8 years ago | (#14733625)

I can see both sides, really, but I don't think a default password even implies you aren't meant to go in. It means the owner has made exactly zero effort to secure it. Zero. Now consider the real world equivalent of no security effort whatsoever: a closed, unlocked door at best.

One thing I hate is the current perception that, in law, the digital world should have more protection than the physical one. The presumption of freedom should triumph in both realms.

Justin.

inf0rmati7e fuckerfucker (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14729537)

disappearing up i7s

InfoCards explained (1)

jamesl (106902) | more than 8 years ago | (#14729576)

From the Seattle Post Intelligencer http://seattlepi.nwsource.com/business/259391_info card14.html/ [nwsource.com]

At the same time, the company [Microsoft] says it doesn't want InfoCard to be the only program of its kind. The program uses non-proprietary communications standards, and Microsoft says it would like to see the people and companies behind other operating systems, such as Linux and Apple's Mac OS X, create their own programs similar to InfoCard, to make the approach more common.

The approach "essentially adds an identity layer to the Internet," said Microsoft's Turner, calling such a layer sorely needed in today's online world.


The identityblog has lots of information about InfoCards, how they were conceived and how they will work. It would be good to start at this entry, The Design Decisions Behind InfoCards.
http://www.identityblog.com/?p=366/ [identityblog.com]

fucKer (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#14730256)

Anybody's guess of challenges that fear the reaper Dr1ven out by the World will have reciprocating bad Is the ultimate

Why use bugs? (1)

Grab (126025) | more than 8 years ago | (#14736682)

When everyone knows that triffids are the answer, and have absolutely no adverse consequences at all...?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>