On Thu, 24 Feb 2011 10:16:36 +0100 Marc Espie wrote: > the fact that most people reuse the same password,
You hear about that now said to be non existent security firm that was helping the fbi track down a support group of wkileaks called anonymous and ended up with all their email on wikileaks because the security firms bosses use the same pass on their email as found on their web CMS. "http://www.h-online.com/security/news/item/More-background-on-the-US-security-firm-break-in-1191797.html"; That made me chuckle. Atleast thanks to wikileaks, the fbi have had it drummed into them that data was insecure for crying out loud, they should stop pointing the finger outbound and get their house in order. Also sometimes seeing reactions to information without knowing why leads to horrible assumptions and reactions instead of the response "well I don't agree but I see why you did that." and "well that was obviously a corrupt individual or group" Sorry for changing the subject. >>I don't like having to trust dozens of CA and it's definitely not the best >>solution, but I don't see any alternative for this sort of thing. DNScurve/DNSSEC have been suggested, but how secure is the DNS infrastructure? I hate paying for ssl certs, just to get rid of the warnings.
