Archive for the ‘security’ Category

Firefox-based attacks on irc.freenode.net

Saturday, January 30th, 2010

Activity of the OSGeo Community quite heavily relies on the Freenode IRC network, so this may be an interesting news:

hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.

Here is the whole story Firefox-based attack wreaks havoc on IRC users posted to The Register

hacker emblemMr Dan Goodin, I would wish you don’t cultivate the mainstream media alignment regarding the use of word hacker. Don’t call a hacker someone who has unlawful intentions, please.

Tags: , , , ,
Posted in author, open source, osgeo, security, systems | No Comments »

ACCU Security Conference 2009

Monday, September 28th, 2009

Let’s take the leader of Colossus reconstruction project, the author of The Code Book, the original creator of the PGP e-mail encryption package and horde of people as hungry of knowledge & fun as a bears of berries, and what you get?

ACCU :: Security: Yesterday, Today, and Tomorrow

You get ACCU :: Security: Yesterday, Today, and Tomorrow conference:

On November 7th 2009, the ACCU will be holding a one day conference at Bletchley Park, home of the legendary World War II ‘Enigma’ code breakers, and the site at which the world’s first digital computer went operational.

The event is put on the official calendar of events in Bletchley Park – National Codes Centre. It’s also announced by ZDNet.

By the way, who knows about the crucial role of the Polish Cipher Bureau and Polish mathematical geniuses in breaking Enigma? I can bet that many people still believe in this story which follows principles of canonical Hollywood education.

I think one of the things we need to make clear to Hollywood is, yes you’re in the entertainment business but the people who see your movies are going to come away thinking that’s information, not just entertainment.

By the way, I’ve read on ACCU forum that one of the speakers will probably talk about new his VoIP protocol and why his protocol spanks all other VoIP protocols as well as the effects of public policy and living in a surveillance society. The conference is going to kick!

Tags: , , , , , , , , ,
Posted in events, programming, security | No Comments »

all-in-one == claimid

Monday, August 17th, 2009

I’ve just discover a neat way to maintain all my Web profiles in one place with short URL. This is ClaimID – yet another networking tool.

http://claimid.com/mloskot/

By the way, Twitter is going to lose the battle with normal blogs and real life, so I’m slowly convincing myself to shutdown twitter.com/mloskot.

Tags: , , , , , , , ,
Posted in author, open source, security, tools | No Comments »

Learning the OpenID problems

Wednesday, May 14th, 2008

OpenID logoContinuing my recent discussion about OpenID and considering OpenID usage for authenticating to OSGeo services, I wanted to make a short review of its disadvantages. The OpenID advantages are well-known and can be described with a short statement:

open, decentralized, free framework, which allows Internet users to control their digital life with single identity

Stefan Brand collected number of opinions about OpenID and compiled a very interesting post on his blog about problem(s) with OpenID. Stefan’s blog entry is pretty long, so to understand his findings easier, I decided to abstract key thoughts on that matter.

Stefan summarized main problems and sources of OpenID criticism as follows:

OpenID is highly vulnerable to phishing and other attacks, creates insurmountable privacy problems, is not a trust system, suffers from usability problems, and makes it unappealing to become an OpenID consumer.

Next, complaints about the OpenID framework are presented in a few categories, which I’m going to summarize below.

(more…)

Tags: , , , , , , ,
Posted in open source, security | 2 Comments »

OpenID conquers communities

Sunday, May 11th, 2008

OpenID logoOn May 8th, Ross Turk posted on the SourceForge.net community blog: Hey! So I’ll just blurt it out: we’ve joined the OpenID Foundation!. As Ross confirms, OpenID use is becoming very popular, means users like the idea of decentralized, free and open standard that lets users control the amount of personal information they provide.

In the initial announcement about the OpenID idea, SF.net stuff revealed they use OpenID implementation from Zend Framework – Open Source Software (oh yeah!) available under BSD License.

Recently, I’ve noticed that Chris brought the idea of OpenID to OSGeo year ago and setup necessary infrastructure, so OSGeo userid can be used as an openid.

I tried today to use OpenID capabilities of OSGeo User ID, but without any luck. It seems like the service has been disabled or moved without update in docs. Anyway, I hope we are going to keep it running. Hmm, it’s unclear to me if the OSGeo User ID is supposed to work as an OpenID and allow OSGeo users to authenticate to external non-OSGeo services with it, like to SourceForge.net. Is it?.

I’m wondering if it would be reasonable and beneficial the OSGeo Foundation participates in activities lead by the OpenID Foundation. What about joining the OpenID Foundation as a non-profit organization?

Tags: , , , , , ,
Posted in open source, osgeo, security | 2 Comments »