|
At last,
the contents of Aardvark's "million-dollar ideas" notebook
are revealed for all to see!
|
|
Time to kick-back, relax and enjoy the best of the worst that the web
has to offer:
MC Hawking's Crib
Get jiggy with one of the world's leading scientific minds -- or maybe not.
Are you talking on your mobile phone...
Worried about radiation from your cellphone frying your brain?
Fear not -- help is at hand! Note: this is a 200K graphic so be patient.
Today On 7amNews.com
With just hours to go until MIR begins its destructive
plunge through the earth's atmosphere, the normally
consevative BBC news service is warning that
wreckage from the doomed space station could rain
down almost anywhere on the face of the globe and
some countries have told their residents to stay
indoors
Find out more...
|
|
Microsoft Blow It Again
Microsoft have always had this funny attitude towards security in their Net-based
products.
Here's what you'd probably get if you rang them and asked them about how
they take care of online security "Security? Hmmm... can you spell that
for me? Are you sure that's a Microsoft product?"
Not only does each new version of their browser or operating system software
tend to come with a sign that says "Hack Me -- I'm easy" -- but their whole
browser-extension security model is based on the fragile concept of digital
certificates.
When Sun launched Java and (with only a few hiccups) showed it off as a secure
way to add functionality to a user's browser by downloading small programs
called applets -- Microsoft stood behind its Active-X technology and said it
was just as secure because users could choose whether to execute downloaded
Active-X code based on whether the site could be trusted. Central to that
trust was the digital certificate which would authenticate the originator of
the code.
Great idea eh?
Or maybe a poor excuse for designing bullet-proof security into the design?
Anyway -- the idea is that if you go to a website that has an Active-X control
on it, you will be presented with a digital certificate that says who the
authenticated creator of the applet is.
Naturally if this certificate authenticates the writer of the code you're about
to download and execute as "microsoft.com" then you're going to feel quite
happy to continue right?
BZZZT... not any more!
The Net's largest issuer of digital certificates,
Verisign has goofed and
issued two digital certificates in Microsoft's name to someone pretending
to be an employee of the software giant.
Uh-oh.... there goes Microsoft's security model!
Once again, Microsoft has shown that it's really out of its depth in the
area of online security -- something easily verified by the endless tide
of patches, warnings and advisories that relate to its products.
In a long and raving
security bulletin
issued by Microsoft, they go to great lengths to pass the buck to Verisign --
and it's true, Verisign did goof.
However, there's no acknowledgment by Microsoft that, at least as far as
Active-X components are concerned, their security model is just way too weak.
Microsoft are now preparing some patches that will automatically check to see
if the digital certificate being presented matches one of the fraudulent ones --
but what percentage of the online population is actually going to download it
and update their system? What percentage does that then leave vulnerable
to a couple of bogus certificates that could already be circulating amongst
the hacker underworld?
It's funny how Microsoft refuses to trust its users -- forcing them to
register their new software then re-register it each and every time they
change their hardware configuration -- yet they expect Net users to trust
them when they can't even provide semi-secure solutions.
As always, your feedback is welcomed.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
There are 2 Vacancies In The Job Centre
There are 10 Domain Names for sale
= open in new window