11 publicly visible posts • joined 21 Apr 2006
Yet another case of foolishly continuing to use a known-broken technology because an easily workable attack, although foreseen and anticipated, has not yet been publicly announced.
Cryptographers have known about weaknesses in MD5 and recommended alternate hashing algorithms since 1996, yet Verisign only now discontinues use of MD5.
Serious DNS flaws have been known for many years, but only the Kaminsky disclosure has brought any real DNSSEC deployment efforts.
Likewise Microsoft and other developers sit on patches until an exploit has been publicly announced and is in the wild, and end users often hesitate to deploy patches that have been released.
Sure there are deployment challenges and costs, but simply doing nothing while vainly hoping that everything will be allright is an unacceptable option that saddles us all with an intolerable burden of risk.
Just thought I'd add my name to the list of people who have been defrauded on eBay, and I would encourage everyone with a similar experience to do the same to help reveal the true scope of the problem.
In my case, the seller never shipped and was soon delisted, but neither eBay nor PayPal responded (beyond the initial acknowledgement) to my repeated requests for an update of the status/resolution of my claim. Fortunately the amount was small.
@Neil: Actually, if you check your passport, you will find that Northern Ireland is indeed part of the "United Kingdom of Great Britain and Northern Ireland". So UK yes, GB no.
The number of security vulnerabilities being found, and the range of applications and platforms affected, is definitely not shrinking. The sophistication of organized criminals improves constantly. As the popularity of rootkit technology skyrockets, the total number of compromised computers is unknown but definitely growing.
So are we winning the war against hackers? Just as surely as we're winning the war in Iraq...