Curious that Apple's Safari wasn't mentioned in recent discussions about High Assurance certs. Which brings us to a rash of sightings of Mac Viruses. Well, three at least. Unfortunately the media can be relied upon to over-play the appearance of Mac Viruses, and downplay the Microsoft ones. That's because one is rare and the other is common. Although that will change over time, I predicted Macs won't be overly troubled by it this year, so they'd better do the right thing!
More signs of aggressive play by media corporates seen. This time, "Mr & Mrs Smith" have been accused of playing on your PC with more than the normal funny going's on. It's not clear what it means when they say "like a root-kit" but maybe you should play that movie at your mother-in-law's place first.
Dave discusses the effect of Skype on the telecoms industry. Curiously, although these forces have been building up for a decade (does anyone remember the first IP phone?) and we've been discussing it for even longer, it takes a big success like Skype to actually shake the incumbents. Exactly the same thing is happening in the DRM world as the incumbents are waking up to the success of iPod. Business plans and ideas are flashing around just like the good old dotcom days.
Ping launches an essay on how to solve phishing. He starts out from a principle that bears thought:
I have an idea about how to solve the phishing problem. Although proposals to solve phishing are not yet as common as proposals to solve spam, there certainly have been quite a few of them, so you would be right to wonder what makes this proposal any different or any more likely to work.
So, right up front, here is the key property of this proposal: using it is more convenient than not using it.
This principle has been bubbling around for some time, awaiting a pithy encapsulation. Think about it - you use Skype because it is more convenient than not. You use SSH for the same reason. You probably benefit from SSL when you benefit only because you had to do nothing to make it happen. And Philipp points at how easy it is to turn off security:
Without any guarantees, here are two tips that will make sure you will receive these new features as soon as they are available (and if you're lucky, they will start working right away):
If you are using an https connection to access GMail, remove the 's' (i.e. the address should read "http://mail.google.com"). Eventually, all the new services will support https, but they typically don't initially...
The comments are worth a read - for any security guy that needs to be reminded about how users really respond. Including this one which has more FC significance:
Embedding Google Talk inside Google Mail is going to create a real problem for some people.Posted by iang at February 23, 2006 02:40 PM | TrackBack
I work for a bank where all external IM is forbidden. We can only go through auditable internal IM applications. This is enforced by a proxy server that blocks access to all known IM servers including MSN Messenger, Yahoo, ICQ, AOL, Google Talk, Jabber, etc.
If the Compliance nazis hear that we can access Google Talk from Google Mail, they will block Google Mail too.
I don't suppose there's much hope in asking, but is there any way we can have a special version of Google Mail _without_ access to Google Talk?
Posted by: Anonymous Banker at February 10, 2006 03:17 AM