InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
5,881.65
(
-1.13%
)
US TECH 100
20,001.05
(
-1.70%
)
Dow Jones
43,467.88
(
-0.65%
)
Brent Oil
71.77
(
-0.62%
)
Bitcoin
88,155.22
(
0.93%
)

Replies to post #929 on Apple Inc (AAPL)

Replies to #929 on Apple Inc (AAPL)
icon url

WinLoseOrDraw

07/09/03 10:28 AM

#930 RE: 2bStealthy #929

client side is vulnerable to an entirely different set of attacks, if anything the vulnerabilities are even worse than for server-side. it's why smart cards haven't taken off and your ATM still talks to the bank to verify your PIN.

encryption is useless without authentication, and authentication will continue to require a server-side solution for the foreseeable future.

icon url

Mac_of_Doom

07/09/03 11:40 PM

#983 RE: 2bStealthy #929

2B

Actually, I'm well aware of what your talking about. MSFT has talked about not only client side control of personal info, but chip based Antivirus as well. But there are major hurdles to overcome here, and just as many realtime threats as there are currently.


"When the crypto-security co-processor that sits on the southbridge as an LPC processor, then I will be able to safely store my info in MY machine"

Ok, lets take the MSFT hotmail hacking for a perfect example. The pakistani guy that found the easy hack could have been a malicious hacker, but he wasn't. Even if he was, with over 200 million hotmail users, him getting YOUR info would have been like hitting the lottery in odds. Still, someone could have paid the price, but being lodged in a large group like that offers a certain amount of security just by sheer size alone. If you had a hacker attacking you directly, then he's one on one with you and your info.

Which brings us to...


"not a server in the cloud where I have no control."

Lets say that everything is implimented in the fashion you suggest. Somehow, someway, your gonna have to pass that info to the commerce site you wish to do buisness with. At that very moment, you are broadcasting all that secret info that your trying desparatly to lockdown with a vise. Hackers can sniff packets, spoof IP's and redirect port traffic all day long, so how do you propose to stop them at the info transfer when your data is bound into packets for transport? I have given it some thought, and I don't see any way(beyond encryption and extreme packet monitoring techniques) to keep that data safe once you decide to pass it on. Then there is the matter of the site that you passed it to. What happens when they get hacked with your info stored in their HD's?

I'm all ears on this subject with you dude, I'm game to discuss it till you, me, or anyone else can solve the obvious problems, but IMO, there is no perfect or foolproof solution. As long as data is cast into the wild, there will always be hunters ready to swipe it.

M.O.D.