Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

2/7/2005

Something on passwords

Filed under: — adam @ 3:11 pm

Interesting thought piece on whether passwords are useful at all.

http://www.technologyreview.com/articles/05/03/issue/review_password.asp

I’m not convinced either way, but I do have a huge gripe with one assertion. 4-6 digit pins are not fine for ATMs because they have more diligent security experts watching the gates. They’re fine for ATMs because it’s physically very hard to try more than a few numbers in succession, and because they have physical lockouts if you do, and you’re also on camera just trying random numbers. Oh, and they also know exactly where you are. If you notice, bank websites don’t just let you use your PIN anymore – you need a password that goes with it.

Some forms of online password transaction forms will lock you out if multiple failed attempts are made – I’d be worried if anything that required real security didn’t do this.

Anyway….


DNS spoofing attack

Filed under: — adam @ 12:55 pm

This seems pretty bad. It uses international support for alternate character sets to substitute a different character that looks like an english one. Moreover, it works with SSL, too.

This goes right through spoofstick. There’s a fix for mozilla/firefox, to turn off international character support.

http://www.shmoo.com/idn/homograph.txt

There’s a demonstration of a fake paypal link here:

http://www.shmoo.com/idn/

The link is:
<a href=’http://www.p&#1072;ypal.com/’>Click here to enter paypal</a>

Via boingboing.

(Update: You got your phishing scam in my internationalization! You got your internationalization in my phishing scam!)


PC Mag top 15 extensions

Filed under: — adam @ 12:34 pm

I’d never seen most of these. Scrapbook is awesome, and much better than Slogger, which I was using before for this. Colorzilla seems very useful too.

http://www.pcmag.com/article2/0,1759,1758861,00.asp

These have been added to my useful firefox extensions list.


Powered by WordPress