[Greg A. Woods - Fri at 08:53:50PM -0400] > (so far as I know no bank issues personal browser security certificates > and configures their secure servers to only accept connections from > browsers presenting valid, signed, certificates.... that would at least > get rid of perhaps half the concerns I have about client host security)
Well, one of my banks does. But what's the point, when the backdoor is wide open? The "security certificates" are generated at the spot if the client doesn't have them, as long as the client can provide a four digit pin code. At least that bank sends the PIN-code to the customer in a secure way; the customer has to identify him/herself at the post office. Most banks here thinks the ordinary mail service is secure enough - it's as insecure as it can get. Besides, I don't think the certificates provides protection against backdoors at the client computer (like trojan horses ... wasn't there something called "back orify" some years ago? Nobody learns! They block the port number back orify uses, and think they're safe. It would be like killing Bin Laden, and think _that_ is the ultimate security against terrorism). I think that any person having root access at the client computer, and enough skills and insight, can take over the control of the browser, and thus the session. The only secure banking system I've seen used such a device for creating one-time codes, but it wouldn't rely on a session, it would require the user to enter the code for _each_ transaction that was to be performed. That's quite secure. But then again, what's the point, when the calculator and the PIN is sent by regular mail service? Anybody snooping by my the mailbox every day before I get to it might easily steal both the generator and the PIN. > > I can hardly argue that any of those things are important. Not for me, at > > least. I can't tell for others. > > I'm not sure ACLs on branches are meaningful at all to anyone, at least > not in the bigger picture. Well, at least I've been in a situation where it could be meaningful - we wanted a lot of independent developers to have the right to commit to an experimental branch, while the stable branch only should be touched by some highly trusted person. Thus we could recommend anyone to use the stable branch. > I suspect anyone who thinks otherwise is > either not aware of the way security works in and with CVS, or is under > some dreadful misimpression about what kind of protection ACLs on > branches would afford in the real world. As said, when I say that 'ACLs could be implemented in CVS', it has to be done in a proper way ... and it has to be done impossible to mess directly with the repository. Since I'm not going to implement ACLs in CVS, it's totally irrelevant for me if CVS would need a bottom-up rewrite or not to meet the conditions :-) > > As long as people have write permissions to the repository, they can easily > > forge any audit trail. That is a real worry, I think - and it can only be > > solved by some tripwire system. > > There are many viable techniques for secure logging of an audit trail. Logging to a printer or an external host would do. Eventually, a modern file system could permit append-only access to log files. > In the real world if you look at the facts here you'll find that the > people who carried out those terrorist actions were, in all but maybe > one case, able to do so to completion specifically because those > immediately around them had a false sense of their own security. I disagree. I think the security control at the ground could have been removed, and I'm quite sure it wouldn't matter a bit for what would happen in the sky in this exact case. People - maybe except for you - wouldn't be a bit more alert. Paranoid people are always paranoid, relaxed people are always relaxed, regardless of how strict the security is. And after all, I support the relaxed people quite a bit (mind you, only as long as they have no responsibility for the security!) - the risk for beeing on board the hijacked plane is microscopic compared to the risk of beeing involved in a traffic accident, getting a heart stroke, etc - always beeing nervous and paranoid is certainly only going to increase the risk of a heart stroke, at least. Or tighten up the security control, and something different would happen. Anthrax in the subway. A tactical nuclear bomb under the WTC. The plane hijacked by old-fashionated fist-fights instead of weapons. Poison in the drinking water. There are a myriad of ways to do terrorism, and it's impossible to protect against all cases. However insecure the security control is, I think it does stop some lunatics. It doesn't stop those that /plan/ to do terrorist actions, but it /does/ stop a person that one disfortune evening just tilts over and decides to hijack an airplane. In Norway, we never had security controls on domestic airplanes. Well, except on the biggest and newest airports. I don't know if anything changed after 11th of september - but I'd daresay so. We've had at least one incident of a lunatic hijacking an airplane, and I don't think he would have done it if there had been any security control. Anyway, IMHO, tighting up the security controls and killing bin Laden won't help a bit to reduce world terrorism. It might reduce the risks a little bit, but not much. > When people get on airplanes with the assumption that all their fellow > passengers are disarmed and harmless (and after all they went through > the very same metal detectors and were inspected by the very same > security officers at the airport) I'd never assume the people around me to be armed bandits, even if there were no security control at all. I think most people wouldn't. Maybe only after the 11th of September incidents - and then again, people will be shocked and surprised when they suddently will be attacked by bandits some completely other place. > If you had ever ridden with me on a commercial airline you'd undoubtably > have heard me make remarks about just how false the sense of security > everyone was under in many of the circumstances we passed through, and > how easily it would be to subvert any of the actual security there was. I think it is quite impossible to have complete security. Explosives can be hidden just anywhere, I think. > > Still, it seems like a lot of banks actually can afford to lean on "security > > by obscurity". > > That's because they're in a position of authority and their customers do > not question their declarations (often because of course they do not > have the expertise to do so, especially in technologically related matters). I've never seen or heard about anyone that has lost money from their bank accounts, I can only guess that the bank would give the customer his money back to avoid any negative publisity. We have a new law in Norway - I think it states that if the customer claims anything is wrong, the customer should first get his money back, and then it will be up to the bank to take the case to the court and prove that the customer is wrong. I'm not sure if I would trust the law, but anyway I'm amuzed that I almost never have heard about bad stories. If all my money disappeared, and I didn't get them back, I would make nothing less than a small thunderstorm. If nothing would help at all, I'd probably tilt over and kill the person responsible for the security. -- Unemployed hacker Will program for food! http://ccs.custompublish.com/ _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
