Text 1722, 250 rader
Skriven 2005-01-02 16:38:24 av Rich (1:379/45)
Kommentar till text 1717 av Geo (1:379/45)
Ärende: Re: Usage history
=========================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_018F_01C4F0E9.7B4EBB20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Having a password makes little difference if your computer is =
physically stolen. Unless your mother-in-law is encrypting the contents = of
her disk then someone stealing the laptop can get the disk contents. = You
know this. There is some little stuff that a password protects but = at the
same time having one actually adds some risk. For example, = Windows XP will
disallow remote authentication to a local account = without a password.
In any event, she is not bypassing "all the security". In truth she =
is bypassing nothing. Having no password is not bypassing password =
protection, it's making a choice to not require it. Everything with = this
choice made else still applies.
I disagree with your conclusion and even more with the suggestion =
that your example supports it. In fact your story argues against your =
conclusion. People do trust their computers and the web sites they = visit and
the email they receive. If they did not many problems these = people encounter
would not exist as they rely on the users trusting = something they should not.
When using the Internet, of all the components to trust, the PC is =
the one most worthy of trust as it is the only one over which you have = any
control. Even non-techical users have control as you do not need to =
understand how things work to control them (e.g. TV). You have no = control
over the ISP and as the path through which all your = communication must travel
they are the most unworthy of trust and most = capable of abuse. You have some
control over the web sites you visit as = it is entirely up to you what you
tell or do not tell them. Where you = loose control is that once you tell them
something you have no control = over how it is used.
Rich
"Geo" <georger@nls.net> wrote in message news:41d866bf@w3.nls.net...
Most folks may not be paranoid but they are getting there.
As for your ISP, you are correct, if you don't trust them then find a =
better ISP. But that's not even close to the risk level I was talking = about.
I'll give you an example.
The other day my mother-in-law asked me to patch her laptop for her. =
Wife brought it home and I booted it and up comes XP with her name = showing on
the login so I clicked on it and it autologged in as her. I'm = sitting there
at this point thinking wouldn't this be wonderful if = someone stole her
laptop. So tell me how much should I trust the people = who wrote this login
software? Do you think it gave her all kinds of = warnings about how dangerous
it is to allow autologins especially on a = laptop or do you think they just
made it really easy for her to bypass = all the security in NT with the touch
of a button?
This is what I was saying before, it's not a question of passport, =
it's a question of people not trusting their computers. Go to a webpage = and
get rooted, have someone steal your laptop with autologin, this is = not the
type of a device you trust with your passwords, credit card = numbers, or
financial records and people are realizing this.
Geo.
"Rich" <@> wrote in message news:41d78097$1@w3.nls.net...
Nope. With single sign-in you have the choice and can balance =
between your paranoia and ease of use. In case you really are clueless, = most
folks are not paranoid.
What you should really fear if you are the paranoid type is your =
ISP. They can see and track everything you do. It makes paranoia about = the
little bit of your activity that is authentication seem just silly.
Rich
"Geo" <georger@nls.net> wrote in message =
news:41d775e4@w3.nls.net...
"Rich" <@> wrote in message news:41d760be$1@w3.nls.net...
>> If you want to authenticate but fear that someone may try to =
make
correlations between your usage, use multiple identities.<<
Kinda goes against the single login method of passport does it =
not?
Geo.
------=_NextPart_000_018F_01C4F0E9.7B4EBB20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.1289" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Having a password makes =
little=20
difference if your computer is physically stolen. Unless your=20
mother-in-law is encrypting the contents of her disk then someone = stealing
the=20
laptop can get the disk contents. You know this. There is = some=20
little stuff that a password protects but at the same time having one =
actually=20
adds some risk. For example, Windows XP will disallow remote=20
authentication to a local account without a password.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> In any event, she is not =
bypassing=20
"all the security". In truth she is bypassing nothing. = Having
no=20
password is not bypassing password protection, it's making a choice to = not=20
require it. Everything with this choice made else still=20
applies.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I disagree with your =
conclusion and=20
even more with the suggestion that your example supports it. In = fact
your=20
story argues against your conclusion. People do trust their = computers
and=20
the web sites they visit and the email they receive. If they did = not
many=20
problems these people encounter would not exist as they rely on the = users=20
trusting something they should not.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> When using the Internet, =
of all the=20
components to trust, the PC is the one most worthy of trust as it is the =
only=20
one over which you have any control. Even non-techical users have =
control=20
as you do not need to understand how things work to control them =
(e.g.=20
TV). You have no control over the ISP and as the path through=20
which all your communication must travel they are the most = unworthy
of=20
trust and most capable of abuse. You have some control over the = web
sites=20
you visit as it is entirely up to you what you tell or do not tell =
them. =20
Where you loose control is that once you tell them something you have no =
control=20
over how it is used.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:41d866bf@w3.nls.net">news:41d866bf@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Most folks may not be paranoid but =
they are=20
getting there.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As for your ISP, you are correct, if =
you don't=20
trust them then find a better ISP. But that's not even close to the =
risk level=20
I was talking about. I'll give you an example.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The other day my mother-in-law asked =
me to patch=20
her laptop for her. Wife brought it home and I booted it and up comes =
XP with=20
her name showing on the login so I clicked on it and it autologged in =
as her.=20
I'm sitting there at this point thinking wouldn't this be wonderful if =
someone=20
stole her laptop. So tell me how much should I trust the people who =
wrote this=20
login software? Do you think it gave her all kinds of warnings about =
how=20
dangerous it is to allow autologins especially on a laptop or do you =
think=20
they just made it really easy for her to bypass all the security in NT =
with=20
the touch of a button?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>This is what I was saying before, =
it's not a=20
question of passport, it's a question of people not trusting their =
computers.=20
Go to a webpage and get rooted, have someone steal your laptop with =
autologin,=20
this is not the type of a device you trust with your passwords, credit =
card=20
numbers, or financial records and people are realizing =
this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41d78097$1@w3.nls.net">news:41d78097$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2> Nope. With =
single sign-in=20
you have the choice and can balance between your paranoia and ease =
of=20
use. In case you really are clueless, most folks are not=20
paranoid.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> What you should really =
fear if you=20
are the paranoid type is your ISP. They can see and track =
everything=20
you do. It makes paranoia about the little bit of your =
activity that=20
is authentication seem just silly.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:41d775e4@w3.nls.net">news:41d775e4@w3.nls.net</A>...</DIV>"R=
ich"=20
<@> wrote in message <A=20
=
href=3D"news:41d760be$1@w3.nls.net">news:41d760be$1@w3.nls.net</A>...<BR>=
<BR>>>=20
If you want to authenticate but fear that someone may try to=20
make<BR>correlations between your usage, use multiple=20
identities.<<<BR><BR>Kinda goes against the single login =
method of=20
passport does it=20
not?<BR><BR>Geo.<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></H=
TML>
------=_NextPart_000_018F_01C4F0E9.7B4EBB20--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|