![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Security through having the upper hand
May. 21st, 2002 12:42 amSecurity In Web Services: An Evolving Threat Model
... Yahoo's attempt to throttle the rate at which users can sign up for new accounts... users to retype a random word displayed in an image designed to be impossible for OCR to process. [Udi] Manber has found that people are still registering for massive numbers of accounts. "As far as I can tell, they're just doing it by hand. They're sitting there all day doing it by hand," he said. So he's considering changing the registration test to a simple arithmetic problem. It won't stop the mass registrations, but he might be able to get the abusers to perform distributed computing tasks for him.Now that's cute. I mean, essentially he's taking a problem and possibly generating revenue out of it. This article definitely raises my confidence in Yahoo!™ a few notches. Probably the same ones that were lost when they fucked around with their privacy policy a few weeks back.
That is if Mr. Manber actually impliments it.
I think the most important point is that: Hey guess what?! http and html are still still pretty shitty when it comes to security. Although the ID that he needs for reverse authentication is pretty much already owned by banks and given to nearly every citizen in the USA. They're called credit cards!
Oh, are you affraid now? Good, you should be. Think about it, as the internet becomes a more elegant extension of business in general anonymity isn't going to be a reality. It seems to me there are these two opposing ideas, at least in the developement community. That of free and open source software and security through open vigilence against the concept information privacy. At what point do the two collide?
I'm gonna get a little anecdotal and futurist. I believe the medium is to not only going to survive but prosper as a place of economic commerce when people are forced to accept a reputable governing body to regulate, engineer and preserve primary protocol for effective transactions. The IETF, W3C and ICANN are all really more about damage control than engineering better systems. For the most part developement of these systems is now out-sourced to private business. Which is great! Go open market! But the caveat being that when it comes to standards which I think elevate the whole of civilization it's not cool to allow monopoly.
Hello Java and .Net
We're talking about meeting the same level of privacy and ease across the board that a large retailer would achieve in a standard way. I definitely agree that there is, at present, far more pontential for mass abuse of the systems in place. Mostly due to the anonymity of the system. As it stands one big failure by eBay, Yahoo or Amazon and all those bread-and-butter consumers just pickin' up their $400 PCs and broadband connection now are gonna get their internet surfing and shopping legs sawed off at the knees. An exaggeration? Fuck no, there's still enough hype in news media fuck shit up for a decade without some serious fireproofing. Yeah, totally mid-90s mindset but I still think it's possible.
Why is there a stigma amongst the developers and engineers that being well known and identified on a network by trusted peers is a bad thing? I'll ya why! I don't know a single programmer who trusts the protocols at all and strong encryption is totally hindered by alarmist American export legislation. How much venture capital do you think Mafiaboy's DDOS exploits took out of IT start-ups?
So (quantum leap here, I'm tired) point being is I think there's a sane third way between the hegemony of digital totalitarianism and static anarchism. And the crowd yells "No shit Brodie! Go to bed!"
