D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OK so whats wrong with it?

 



On 2/8/07, Neil Williams <linux@xxxxxxxxxxxxxx> wrote:
On Thu, 8 Feb 2007 21:19:32 +0000
"Robin Menneer" <robinmenneer@xxxxxxxxx> wrote:

> > > > Just as I was beginning to think this was perhaps workable M$ support
> > it - I
> > > > cant help but feeling somethings wrong...
> > No. You can run your own authentication server, if you like. Or, you can
> > sign up for an OpenID service, e.g. MyOpenID.com, and get a URL from
> > them. Then, if you already have a URL associated with you, you can set
> > that up to forward to the authentication server URL.
> >
> > My MyOpenID URL is http://bma.myopenid.com/ but whenever I need to
> > authenticate I use http://bmalee.eu/~bma/ - in the headers of that page
> > are a couple of META tags that point anything looking for authentication
> > towards the MyOpenID server.
> >
> > The ISP has nothing to do with it, unless they run their own auth
> > server.
>
>
> Gosh, this worries me.  Does it mean that ubuntu  isn't protected against
> all  those nasties out there that will descend on us once  M$ bites the dust
> ?  Or before  ?   Robin

What twisted logic brought you to that conclusion? Just because free
software implements a protocol that is also implemented in Windows,
does not mean that the free software implementation will suffer any of
the problems of the Windows version. If that were true, GNU/Linux would
be awash with malware already.

OpenID - like any ID system - can be abused but it is still up to the
user to authenticate, i.e. a decision has to be made when challenged by
a site requesting authentication. The one advantage with OpenID (if it
lives up to the promise) is that BAD sites should not be able to
pretend to be reputable sites as they do currently with HTML email.

Phishing attacks will not be prevented by OpenID because so many users
"just click through" whatever appears on the screen. It is down to the
implementation to ensure that warnings are clear and unambiguous and it
is incumbent on users to protect themselves. The OS can do what it can
- and free software is better at this than proprietary software - but
the OS cannot compensate for a clueless user.

Much malware now depends on social and cultural manipulation, not
technological exploits. The weakpoint is the bit between the screen and
keyboard: the organic bit.

"Error exists between screen and keyboard. Need a user who has a
clue..."

Yes, I haven't a clue,  This is precisely why I have a computer and more precisely why I have gone for ubuntu.  Surely it's not incumbent on the thickie user to protect the computer.  If the  software is good encoiugh, it should protect itself.  I accept that warnings may be half-way houses that shouldn't be ignored, bu they should be in ordinary english and free of computer jargon.   It's not that my logic may be twisted, it's just absent.  Robin

--


Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/


--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html



-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html