Fedora home server using core 9

Patrick O'Callaghan pocallaghan at gmail.com
Wed Sep 3 18:17:39 UTC 2008

On Wed, 2008-09-03 at 19:57 +0930, Tim wrote:
> On Tue, 2008-09-02 at 10:33 -0430, Patrick O'Callaghan wrote:
> > The irony is that if you read Versign's documentation, they don't
> > actually claim to guarantee this. They just go through some
> > standardized checking process involving external authorities such as
> > notaries or business registries. A sufficiently interested adversary
> > can quite easily register a company and get a certificate.
> LOL...  It does seem to be typical that security is just a veneer.

That's a generalization, but a lot of security is theatre, as Bruce
Schneier often says.

> Some banks are just as bad, if you say that you don't have the
> identification that they're asking for often enough, they give in and
> let you do what you wanted without good verification.  They can also be
> too helpful with people who've forgotten their passwords.

Quoting Bruce again, security decisions are in the end made on economic
grounds. If the banks don't lose much from lax online security, they'll
have lax online security. To the extent that they have to compensate
customers, their security gets better.


More information about the users mailing list