.NET in General - Page 2


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28

Thread: .NET in General

  1. #16
    David Bayley Guest

    Re: .NET in General

    ForumMonster,

    > > * Microsoft is the most hacked domain on the planet.

    >
    > Seems like exactly the wrong place to upload anything of worth to,
    > then, doesn't it?


    Exactly... Unlike the Sun/Oracle vision, MS recognise that users want to
    keep sensitive data on the client offline.

    BTW, how are you getting on with Delphi's OOP and manual memory handling?

    --
    David.




  2. #17
    Jeff Peil Guest

    Re: .NET in General


    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message
    news:3a7b4527.17660941@news.devx.com...
    >
    > Bad in the 80's, and then they learned their lesson and improved their
    > security. This needs to happen in the online world, and fast. For
    > example, people have been talking FOR YEARS about microcash for online
    > payments, and still the only one way that is acceptable all over is
    > the credit card. Why isn't there a credit card that is valid for only
    > a single transaction? That's why all the DotComs went bust recently.
    > No one wants to trust them by buying anything.


    Mike,

    Banks did tighten up security, but the game is far from over, banks just
    don't let the general public find out about things till years after they're
    over, in general.

    I certainly don't doubt that security problems at banks continue to this
    day, and people I know in that industry would lead me to believe that its a
    constant war for them that will never end, they just generally don't let
    news of such cases leak out, as the impact of the public finding out about
    it would be very bad for that bank.



  3. #18
    Jon Ogden Guest

    Re: .NET in General


    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message
    news:3a7b4527.17660941@news.devx.com...
    > Why isn't there a credit card that is valid for only
    > a single transaction?


    American Express's Private Payments enables their members to use an
    instantly generated, limited life, transaction number instead of an actual
    cardnumber to make purchases online.

    That's why all the DotComs went bust recently.
    > No one wants to trust them by buying anything.


    I had friends at Furniture.Com. They went belly up because they got far more
    orders than they could handle. From everything I've heard, an awfully of the
    dotcoms did just fine selling things, it was just delivering them after
    they got the order that killed 'em - including the take-backs that
    card-companies would institute when customers cancelled their order.

    Good Luck
    Jon



  4. #19
    Joe \Nuke Me Xemu\ Foster Guest

    Re: .NET in General

    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message <news:3a7b4299.17006378@news.devx.com>...

    > So what's the alternative? You never have them change their passwords,
    > and they still share them (we know they do). They say "Tracey, if you
    > need to access my spreadsheet while I'm out of the office the password
    > is..." We know this happens. And then Tracey leaves the company for


    That's what you get for not tracking simultaneous logins.

    > whatever reason and because that password has been lingua franca for
    > so long, she won't forget it in a hurry. A new boyfriend perhaps, and
    > soon that password is winging its way across the city. But if Tracey's
    > colleague had changed the password regularly, then the knowledge that
    > Tracey had would have naturally timed out over time. Surely it isn't
    > too difficult to enter a different password once in a while and
    > remember it without writing it down?


    Audit early, audit often. It *is* better to be feared than loved.

    > Just no one THINK of getting one of those retinal scanners looking in
    > MY eyes, thanks all the same! Only needs one recalibration snafu and
    > my eyes are toast. Same with the daft fingerprints. How long will it
    > be before someone gets their finger chopped off for nefarious
    > purposes? Else if it catches on, people will walk around the whole
    > time with their hands in their pockets and bump into things.


    Iris scanners are pretty nonintrusive and are about as likely to
    blind you as your average webcam. Thumbprint scanners now tend to
    look for jitter indicative of a pulse. I've been looking into them
    because if I have to set one more Winblows login password to the
    name of the luser's pet, I'm going to go postal!

    --
    Joe Foster <mailto:jfoster@ricochet.net> Space Cooties! <http://www.xenu.net/>
    WARNING: I cannot be held responsible for the above They're coming to
    because my cats have apparently learned to type. take me away, ha ha!



  5. #20
    Joe \Nuke Me Xemu\ Foster Guest

    Re: .NET in General

    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message <news:3a7b0dd4.3495944@news.devx.com>...

    > Like the banks, credit card companies, building societies, Western
    > Union, etc? You don't hear too much about *their* security being
    > compromised. My bank, for example. I've been with it for twenty years,


    They're merely better at sweeping it under the rug. You don't hear
    much about Andy Mueller-Maguhn and the Automatic Teller Machine
    network, for example.

    --
    Joe Foster <mailto:jfoster@ricochet.net> Space Cooties! <http://www.xenu.net/>
    WARNING: I cannot be held responsible for the above They're coming to
    because my cats have apparently learned to type. take me away, ha ha!



  6. #21
    Jonathan Allen Guest

    Re: .NET in General

    > > So what's the alternative? You never have them change their passwords,
    > > and they still share them (we know they do). They say "Tracey, if you
    > > need to access my spreadsheet while I'm out of the office the password
    > > is..." We know this happens. And then Tracey leaves the company for

    >
    > That's what you get for not tracking simultaneous logins.
    >


    Changing passwords does nothing to solve the password sharing problem. You
    could easily have a group of clerks sharing the exact same password. Since
    passwords tend to expire at the same time, it is not unheard of for a group
    of clerks to all change their passwords to match. That way if one forgets,
    the others will remember.

    The only way to have real security is through proper training. Reward those
    who keep their passwords secret and punish those who share it. It only takes
    a couple public punishments in a large office for everyone to get the point.

    When I was still in college, there were serious repercussions when someone
    walked away from their console while logged on. The standard practice was...

    1. Using their own email account, send a letter to them (and anyone in their
    address book) saying how much of a screw up they are.
    2. Rename or move (never delete) a few files to drive the point home.
    3. Give yourself access to their private folders.
    4. Log them out

    The last one was used as proof when we totaled up the number of scores. Who
    ever had the most access at the end of the semester gets the bragging
    rights.

    --
    Jonathan Allen


    "Joe "Nuke Me Xemu" Foster" <joe@bftsi0.UUCP> wrote in message
    news:3a7cf009@news.devx.com...
    > "Mike Mitchell" <kylix_is@hotmail.com> wrote in message

    <news:3a7b4299.17006378@news.devx.com>...
    >
    > > So what's the alternative? You never have them change their passwords,
    > > and they still share them (we know they do). They say "Tracey, if you
    > > need to access my spreadsheet while I'm out of the office the password
    > > is..." We know this happens. And then Tracey leaves the company for

    >
    > That's what you get for not tracking simultaneous logins.
    >
    > > whatever reason and because that password has been lingua franca for
    > > so long, she won't forget it in a hurry. A new boyfriend perhaps, and
    > > soon that password is winging its way across the city. But if Tracey's
    > > colleague had changed the password regularly, then the knowledge that
    > > Tracey had would have naturally timed out over time. Surely it isn't
    > > too difficult to enter a different password once in a while and
    > > remember it without writing it down?

    >
    > Audit early, audit often. It *is* better to be feared than loved.
    >
    > > Just no one THINK of getting one of those retinal scanners looking in
    > > MY eyes, thanks all the same! Only needs one recalibration snafu and
    > > my eyes are toast. Same with the daft fingerprints. How long will it
    > > be before someone gets their finger chopped off for nefarious
    > > purposes? Else if it catches on, people will walk around the whole
    > > time with their hands in their pockets and bump into things.

    >
    > Iris scanners are pretty nonintrusive and are about as likely to
    > blind you as your average webcam. Thumbprint scanners now tend to
    > look for jitter indicative of a pulse. I've been looking into them
    > because if I have to set one more Winblows login password to the
    > name of the luser's pet, I'm going to go postal!
    >
    > --
    > Joe Foster <mailto:jfoster@ricochet.net> Space Cooties!

    <http://www.xenu.net/>
    > WARNING: I cannot be held responsible for the above They're

    coming to
    > because my cats have apparently learned to type. take me away,

    ha ha!
    >
    >




  7. #22
    Brian G. Rice Guest

    Re: .NET in General

    Microsoft is not protecting the same type of data that your banks are. For
    every site, there is an appropriate amount of time and money to be spent on
    security. A primarily content oriented site certainly does not need the
    same level of security as a financial institution.

    As to hotmail, if you are that concerned about someone reading all of the
    SPAM sent to your hotmail account, change the password yourself every month.

    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message
    news:3a7b0dd4.3495944@news.devx.com...
    > On Fri, 2 Feb 2001 10:12:11 -0800, "Sjoerd Verweij"
    > <nospam.sjoerd@sjoerd.org> wrote:
    >
    > >> Until security is spotless

    > >
    > >Security is never spotless. Ever. On any platform. Besides, if you have a
    > >foolproof way to prevent DoS attacks, I think there are a few companies

    that
    > >might want to talk to you.
    > >

    >
    > Like the banks, credit card companies, building societies, Western
    > Union, etc? You don't hear too much about *their* security being
    > compromised. My bank, for example. I've been with it for twenty years,
    > and never a mention of any outage. And yet Microsoft, the most
    > significant software company on planet earth (we are led to believe),
    > suffers not one, but two outages in the space of a few days.
    >
    > For example, where I work we have to change passwords regularly. Does
    > Hotmail ever prompt me to change my password? No, it never did.
    >
    > MM




  8. #23
    Mike Mitchell Guest

    Re: .NET in General

    On Sat, 3 Feb 2001 22:52:35 -0800, "Jonathan Allen"
    <greywolfcs@bigfoot.com> wrote:

    >The only way to have real security is through proper training. Reward those
    >who keep their passwords secret and punish those who share it. It only takes
    >a couple public punishments in a large office for everyone to get the point.


    Ah, humiliation! Would this work, too, to educate kids?

    >
    >When I was still in college, there were serious repercussions when someone
    >walked away from their console while logged on. The standard practice was...
    >
    >1. Using their own email account, send a letter to them (and anyone in their
    >address book) saying how much of a screw up they are.
    >2. Rename or move (never delete) a few files to drive the point home.
    >3. Give yourself access to their private folders.
    >4. Log them out


    Or you could have one bathroom for the good guys and another for the
    others.

    Or you could tell their moms what dozy kids they raised.

    Or you could have security pretend to 'arrest' them.

    Or [add further crass punishments here].

    Proper training, eh? It's the business!

    MM


  9. #24
    Mike Mitchell Guest

    Re: .NET in General

    On Fri, 2 Feb 2001 19:02:42 -0800, "Jeff Peil" <jpeil@bigfoot.com>
    wrote:

    >I certainly don't doubt that security problems at banks continue to this
    >day, and people I know in that industry would lead me to believe that its a
    >constant war for them that will never end, they just generally don't let
    >news of such cases leak out, as the impact of the public finding out about
    >it would be very bad for that bank.


    In a slightly different vein (I can't find any others...), what do you
    think of the likelihood that consumers will eventually tire of the
    Internet, cease trading their trinkets, and go back to buying in
    shops? Over here, teens are already leaving the Internet big time, as
    they get more enjoyment out of their mobile phones and SMS. I wonder
    whether the Internet for ordinary folks may go the same way as CB
    radio.

    MM

  10. #25
    Mike Mitchell Guest

    Re: .NET in General

    On Sun, 4 Feb 2001 00:03:13 -0800, "Brian G. Rice" <bgrice@entier.org>
    wrote:

    >Microsoft is not protecting the same type of data that your banks are. For
    >every site, there is an appropriate amount of time and money to be spent on
    >security. A primarily content oriented site certainly does not need the
    >same level of security as a financial institution.


    What about information about a company's employees, their private
    addresses, their bank details? What about company documents which
    could affect the share price? What about medical information which
    could stop you from getting insurance or treatment? What about details
    discussing your kids' education, where they go to school?

    Let us hope that this information and much more is held as secure as
    that in a financial institution, because lots of it could be even more
    valuable to one's life than just money.

    >As to hotmail, if you are that concerned about someone reading all of the
    >SPAM sent to your hotmail account, change the password yourself every month.


    Oh, no, I'd better not do that until Hotmail remind me....!

    MM

  11. #26
    Jeff Peil Guest

    Re: .NET in General


    "Mike Mitchell" <kylix_is@hotmail.com> wrote in message
    news:3a7d4035.8614358@news.freeuk.net...
    >
    > In a slightly different vein (I can't find any others...), what do you
    > think of the likelihood that consumers will eventually tire of the
    > Internet, cease trading their trinkets, and go back to buying in
    > shops? Over here, teens are already leaving the Internet big time, as
    > they get more enjoyment out of their mobile phones and SMS. I wonder
    > whether the Internet for ordinary folks may go the same way as CB
    > radio.


    This is really getting off-topic for this group, if you want to repost over
    in the off-ramp, we can continue there.



  12. #27
    Karl E. Peterson Guest

    Re: .NET in General

    You contradict yourself, regularly. No arguments there!
    --
    http://www.mvps.org/vb


    "Jonathan Allen" <greywolfcs@bigfoot.com> wrote in message
    news:3a7b8394@news.devx.com...
    > Do you have any real arguments to contradict me, or are you just grasping at
    > straws?
    >
    > --
    > Jonathan Allen
    >
    >
    > "Alessandro Coppo" <a.coppo@iol.it> wrote in message
    > news:3a7b2eaa@news.devx.com...
    > > Jonathan Allen wrote in message <3a7b17db@news.devx.com>...
    > > >That has the greatest potential for security leaks in many companies. By
    > > >forcing the user to change their password on a regular basis, many

    > > employees
    > > >start to have trouble remembering their latest password. This causes them

    > > to
    > > >do dangerous things like writing it on a post-it note and placing it

    > under
    > > >the keyboard or on top of a drawer.

    > >
    > >
    > > <sarcasm mode="on">
    > > You are right. Password scheduling is useless. By the way, why don't give
    > > every user a default, unchangeable password using e.g. (in US) is IRS
    > > number? easy to remember and they won't write it down because Uncle Sam

    > has
    > > already done it...
    > > </sarcasm>
    > >
    > > Alessandro Coppo
    > > a.coppo@iol.it
    > >
    > > P.S.: visit http://www.counterpane.com/labs.html
    > >
    > >
    > >

    >
    >



  13. #28
    Steve Dee Guest

    Re: .NET in General

    Mike,

    > the credit card. Why isn't there a credit card that is valid for only
    > a single transaction? That's why all the DotComs went bust recently.


    There are several that are valid for only a single transaction. Pretty new
    stuff though.
    Oh, and the DotComs mainly went bust because they didn't have valid
    products. People threw money into DotComs thinking they would hit gold or
    another Microsoft.....Kindof like when Netscape went public. Tons of free
    cash, but no product. DotComs are dying because they are not
    producing...not because of Credit Card's and transactions.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center