Hi Bob,
Thank you for your concerns. The truth is that I've been incredibly
busy lately both in my personal and professional life and therefore I
am not so active at the moment. I am also taking the time to think
about new ideas and wrap up some old projects.
In fact, the Agile Hacking project
Hey Paul,
some valid points indeed but let me inline some of my thoughts. read on.
On Sun, Mar 23, 2008 at 10:37 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
--On March 23, 2008 2:52:53 PM + Petko D. Petkov
[EMAIL PROTECTED] wrote:
First of all, OpenID is a very simple but rather
thinks of you as such. enjoy your
sheep.
On Sun, Mar 23, 2008 at 9:52 AM, Petko D. Petkov
[EMAIL PROTECTED] wrote:
Hi Steven,
I guess most 1337 hax0rs will flame you on this list. There are good
security blogs you can follow and learn from instead. Full-disclosure
is for rants
PROTECTED] wrote:
Petko D. Petkov wrote:
As I said, if you don't trust public OpenID providers, roll your own.
It is very, very, very easy.
You seem to miss one point, in the current online environment you are
not talking about 5 or 6 id/credentials but more like 20 to 30
agree :)
On Mon, Mar 24, 2008 at 10:50 AM, Gorn [EMAIL PROTECTED] wrote:
Petko D. Petkov wrote:
Indeed but this can be a subsystem, a feature of the OpenID provider.
For example, some OpenID providers have the feature to choose
different persons depending on the usage. So
Let's put it this way,
It is easy to prevent phishing attacks against OpenID on the
client-side with browser extensions. In fact, I think that Firefox
will make this feature a default in their upcoming versions. It could
work exactly the same as the current trusted certificate authorities
every
on your last comment,
OpenID is exactly design for that! To give the power back to the user!
On Mon, Mar 24, 2008 at 3:10 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
--On Monday, March 24, 2008 09:13:38 + Petko D. Petkov
[EMAIL PROTECTED] wrote:
Yes, and convenience is often
was just speaking about passwords in that case, presumably people can
remember their email addresses.
On Mon, Mar 24, 2008 at 10:17 AM, Petko D. Petkov
[EMAIL PROTECTED] wrote:
what about usernames? you still need to keep track of your usernames
since sometimes your preferred username
comments inlined
On Mon, Mar 24, 2008 at 3:10 PM, Paul Schmehl [EMAIL PROTECTED] wrote:
--On Monday, March 24, 2008 09:13:38 + Petko D. Petkov
[EMAIL PROTECTED] wrote:
Yes, and convenience is often the enemy of security.
Not always. I think complexity is the enemy
what about usernames? you still need to keep track of your usernames
since sometimes your preferred username is either taken or not
possible or you need to login via email or any other peculiarity the
site supports.
On Mon, Mar 24, 2008 at 2:43 PM, John C. A. Bambenek, GCIH, CISSP
[EMAIL
Hi Steven,
I guess most 1337 hax0rs will flame you on this list. There are good
security blogs you can follow and learn from instead. Full-disclosure
is for rants and bashing only!
I can point you to some articles that I wrote regarding OpenID,
however, let me share my thoughts quickly as that
Dear Reepex,
Unfortunately, you've already lost all the respect for a larger
portion of people on this mailing list as well outside of it. You have
never led by example but by bashing people on what they try to
accomplish. Everyone who has been in this industry/life style for long
enough know
at 2:40 AM, Petko D. Petkov
[EMAIL PROTECTED] wrote:
Dear Reepex,
Unfortunately, you've already lost all the respect for a larger
portion of people on this mailing list as well outside of it. You have
never led by example but by bashing people on what they try to
accomplish. Everyone who
Michael,
I have no clue how it will go. However, just because no one has done
it and there are too many IFs, it does not mean that we should not
approach this problem. If we manage to find a way to crowdsource all
the information in a timely manner, keep up-to-date with the latest
and be at the
reepex, I know how much I know and I know that you fall into the group
of lamers, trolls and all other unfriendly inhabitants (you know who
you are) of full-disclosure who are incapable of showing what they
know and incapable of producing anything of a value so that they keep
doing what they do
http://www.gnucitizen.org/blog/agile-hacking/
Help us create the best hacking reference/manual/book ever made. We
provide the scene, the resources and the money, and you keep the
credits and the control over the eventual profits. Read on.
During the next couple of months we are open for your
well, let's see how it goes
On Tue, Mar 18, 2008 at 7:19 PM, reepex [EMAIL PROTECTED] wrote:
Just because you call me troll doesn't mean you should ignore my questions.
Who is your book aimed towards? You said this will be the ' best hacking
reference/manual/book ever made' . Doesn't that
I would like to inform you that securls.com is back online: Harder,
Better, Faster, Stronger!
http://www.securls.com
and it has videos...and you can also have your own premium page for a
small fee (that's for companies/organizations that are interested). We
will keep improving the service so
cDc's goolag tool is pretty cool but here is an online alternative for
those of you who are interested: http://www.gnucitizen.org/ghdb/
pdp
--
http://www.gnucitizen.org
http://www.gnucitizen.com
GNUCITIZEN
___
Full-Disclosure - We believe in it.
http://www.gnucitizen.org/projects/router-hacking-challenge/
The Router Hacking Challenge is Over! We've got some very interesting
results which prove that routers', and in general embedded devices',
security is poor. There is definitely more room for further
development and we urge security
20 matches
Mail list logo