Bruce Schneier reports on poorly designed authentification methods, ie - why don't they expire? You know, those names and passwords you're forced to create to belong to a message board or to buy something from somewhere. People are generally pretty lazy with those things and once someone knows one set of data from one site, then they can probably get into other sites. Bruce is more concerned with the personal liability incurred for "owning" that username and password. Good points. I recently resigned from a message board and the only way I could resign completely was to contact the administrator and ask him to remove my data or, I logged in and changed my data to something useless. If the administrator was any good, his database will still contain my old data. I happen to somewhat trust this individual, but I'd be SOL if I didn't. (SOL is not an acronym for some programming term...er, well, maybe it is). Anyhow, good article, as usual, from Bruce.
Here's an interesting concept: you may incur lighter penalties if you actually steal that DVD title you covet rather than downloading it off of the internet. (This is where madness driven by ignorance comes in, but if you really needed to be told that, then it's too late for you). An excerpt:
For stealing the DVD you could face no more than up to 1 year imprisonment and up to a $100,000 fine; for downloading the same material you could face statutory damages of up to $3,300,000, costs and attorney's fees (ie: the other guy's attorneys), as well as up to 1 year imprisonment, and up to a $100,000 fine.
No comments:
Post a Comment