140Mandak262Jamuna - Slashdot User

Submission + - Enhanced login

Submitted by 140Mandak262Jamuna on Tuesday August 29, 2006 @11:53AM

140Mandak262Jamuna writes: Most banking, mutual fund, and brokerage sites use very simple username+password screens to login. They are vulnerable to phish attacks and key logging etc. Recently Vanguard introduced its enhanced login screen. Basically you select a special "security image" from a list of 100 such images. Then everytime you login, before prompting for the password this image is shown. Thus it offers some protection against mass mailed phish attack.

I was wondering what other simple things they can do to improve the security of login process. I think they should allow me to customize my login screen. Type in the user name and they should take me to a page I had previously customized. With my own background colors, fonts, images uploaded by me. They should also show the last two successful login date/time, last two failed login with timestamp etc.

What else could they do? Could they tracert my IP address and refuse login if any of the hops go outside USA? But none of these will protect against keystroke loggers. What to do about them? Can we really hold the bank site responsible if the dumb user's computer gets hacked and keystroke loggers are installed? Or if they use unencrypted wifi connections to log in and get snooped on?

Submission + - Gmail locks horns with Outlook

Submitted by on Sunday August 27, 2006 @09:51PM

140Mandak262Jamuna writes: So it is official. One of the most common complaints from savvy /.ers about services by Google, like gmail, Writely etc was that "It is nothing. No corp is going to trust its private mail and docs to a thirdparty like Google. Especially one that is scanning and storing the emails".

And other equally savvy /.ers responded, "yeah, true, but once gmail perfects how to serve mail and docs with a good client-server , it would sell the solutions to corporations. No data leaves the company. But all software installations and maintenance will be done in the servers by professionals. And office workers have to just know how to use a generic browser".

Well it is official. Washington post and Reuters are reporting that Google has made the first move. It is taking an aim at Outlook. Makes sense because gmail is the most mature and well debugged application Google has. And Outlook is one of the most entrenched products from MS in terms of vendor-lock. We can soon expect similar products based on Writely. And after debugging serving a city with Wi-Fi, it will bypass all the telcos and it will franchise out Wi-Fi for a city in a box.

Finally some real competion in the computers and communications arena! The users should be very happy.

Submission + - Open Offer by MS to help Mozilla port to Vista!

Submitted by on Tuesday August 22, 2006 @08:20AM

140Mandak262Jamuna writes: Sam Ramji, Diro of the Open Sources lab of Microsoft has posted an open offer to mozilla/firefox to help it make sure FF runs fine on Vista. In Google groups. http://groups.google.com/group/mozilla.dev.plannin g/browse_frm/thread/622906b52581628e/a303e61ccb5c8 149#a303e61ccb5c8149 That was Aug 19, 3 PM.

Mozilla/FF has not responded yet, by Aug 22 7 AM. Should they? Is it a real genuine offer? Or should they be wary of G(r)eeks bearing gifts?

Submission + - IE6 update breaks websites

Submitted by on Thursday August 17, 2006 @10:31AM

140Mandak262Jamuna writes: Betanews is reporting that the security update for IE6 breaks a number of websites that uuses the HTTP 1.1 protocol and compression. MS is providing hotfix. The hackers will reverse engineer the security fix to find the vulnerability and then reverse engineer the hotfix to find ways to circumvent the protection. Security through obscurity? Only we general legit users who dont reverse engineer code are in the dark. With this many patches, hotfixes coming out, the hackers would know more about the vulnerabilities than any of us.

Open Source allows both good people (especially neutral thirdparty good people who no vested interests) and bad people see the code. Security through Obscurity closed sources let only the bad people see the holes. Which is better?

Last year when Firefox broke out into the mainstream, almost all the news stories used to include an obligatory line, "But Firefox does not work on all sites". Would a day come, when the news stories would add a line "But IE does not work on all sites"? Well, I am not holding my breath.

Slashdot Top Deals