On Mon, May 3, 2010 at 11:53 PM, narendra sisodiya <[email protected]> wrote: > > > On Mon, May 3, 2010 at 6:57 PM, Mohit Singh <[email protected]> wrote: >> >> >> 8. @Mohit, can you explain why DoS may somehow deregulation at the >> >> databases and how/if they would reveal passwords? (I don't understand >> >> what you are trying to say there :P) >> >> >> >> I want to elicit that the bottom halves of kernel may be combined to >> make an attack hack for a few moments. DoS attack tools are open >> source and for any news on Dos/DDoS attacks, kindly use Google Web >> Alerts. >> >> > 1. About the compromised squid box: >> > @Mohit: Think at least twice before making such claims. If I design a >> > system, not any jerkhead can break into it. >> >> Kindly read at least twice what I wrote - 'I cant assume that your >> squid box was compromised, but it is still a possibility'. - if this >> 'possibility' irks a sys admin, I just appreciate the spirit at least >> twice. >> >> > Assuming that HTTPS is unbreakable (which isn't the case in all >> > scenarios), any tinkering with the web traffic will get notified on >> > the client side. >> >> selfcommented by yourself. HTTPS is breakeable! It uses only a >> combination of those ciphers for which dedicated clusters have already >> been implemented by the pirates of the Caribbean. >> >> > 2. About Kerberos set up for emails: >> > Implementing a Kerberos system in place of the cookies and session >> > based systems, IMHO will make things less secure. How do you make sure >> > that every machine from which you are trying to access a ticket, has a >> > proper keytab ? Kerberos works perfectly for small networks, but I >> > haven't encountered any publically available web technology that uses >> > Kerberos. Definitely, it needs brainstorming, but with the current >> > infrastructure in place, it is impossible to change the entire system. >> >> Can we make a device the only place to open our mail? Can we? Then >> lets do that :) >> >> -- > > Hardware level authentication ? Google search gave me this - > http://docs.google.com/viewer?a=v&q=cache:CR9vTJfNHZgJ:www.proxim.com/support/techbulletins/TB-033.pdf+authentication+based+on+mac+address&hl=en&gl=in&pid=bl&srcid=ADGEESjzSGYxAYcorolw3l5JY7JcUjKNbpvQzridLnlZPHsByJPfG8f8c2eZdEhIgOPoDjq3x2ysSEV8J31yt_FOJ79VC86fBuKz8LZZ9vdlTDDKxPBOVzEOTIKVGrvLvinaqDTSN4hY&sig=AHIEtbQWIaGPXQ710pd2CTT_A5QDiLwNPg
Radius is generally used for 802.1x authentications, which does not seem to be relevant in any way to authentication for a web service. Cheers Nitesh Mor > > -- > ┌─────────────────────────┐ > │ Narendra Sisodiya ( नरेन्द्र सिसोदिया ) > │ Society for Knowledge Commons > │ Web : http://narendra.techfandu.org > └─────────────────────────┘ > > -- > l...@iitd - http://tinyurl.com/ycueutm > -- l...@iitd - http://tinyurl.com/ycueutm
