Dailydave mailing list archives
Re: Passport, Magazines of Failure.
From: miah <jjohnson () sunrise-linux com>
Date: Fri, 31 Dec 2004 12:42:30 -0500
There is also MyUID. www.myuid.com. Looks like SXIP is much further ahead though. -miah On Fri, Dec 31, 2004 at 05:56:24PM +0100, pete wrote:
Have you seen SXIP? https://sxip.org/ It seems to be what Passport wanted to and it's open and growing. ISECOM will be implementing it by Q2 2005 to coordinate authentication for all the Hacker Highschool teachers using our test network. We will also later provide it freely to partners, team members, and contributers to use for most any authentication needs on the web. I think it's a good idea-- at least it solves our needs. -pete. Dave Aitel wrote:I think it's interesting to see that Passport failed.http://seattletimes.nwsource.com/html/businesstechnology/2002136272_passport31.htmlIt seemed like a good idea at the time, I'm sure. All the VC's I knew were telling me about it's "compelling offering" and extremely excited about it. Yet my sources on internal to Microsoft felt it was a bit kludgy. On the other hand, everyone at MS loves Palladium (NGSCB), and it's possible we'll see a relaunch of "Passport" when we see Longhorn. Because with hardware tokens, we really can authenticate users as individuals, and Gates is already talking about how people should stop using passwords... But I still think Passport was a good idea. Authentication is hard. It's a pain in the ass, and that means it's expensive. In fact, a lot of the gibberish that goes into doing a real portal is hard. I don't want to maintain a huge database just to hold user data. Why can't all the tiny companies like me offload it onto a trusted third party like Microsoft? I guess the small companies don't have 10K to spend on it. And Microsoft doesn't want to do it for free, or for regulatory reasons can't just offer it to every Tom, Dick, and Harry on the interweb. But that doesn't mean the whole idea has to die. The OpenSource community should take it as a mandate to fill the void. We won't though, I'm sure. Much like Bush can't really move a carrier group onto the shores of Indonesia as floating hospitals and aide stations, the OS community can't tackle something this politically complex this quickly. Anyways, I meant to make fun of Chris Wysopal/Weld's netcat overflow, but not in a mean way. So consider that done, please. Weld was head of R&D over at @stake, and I hear he still runs SRA. I think it's extremely funny how much money has gone into SRA, Fortify, and the rest of the source/binary analysis products and how amazingly nothing they all have to show for it. You KNOW that if any of them actually had a product that could produce any kind of results, it would be "Samba bug of the day" month. It's interesting because you can see the VC money pouring into these companies, and you can imagine the meetings they're having a few years later when it turns out they completely misjudged how hard the problem was. I notice Fortify now has a "Attack Simulation" software. Some sort of customized debugger, I have to guess. Maybe eventually they'll build a fuzzer into it. They have 3 more years until the 5-year "VC wants money back" mark comes up and bites them on the ass, so it'll be interesting to see. At least Fortify is still trying though. Check out this sample from Cigital: "Cigital offers enterprise-level software development process improvement programs that leverage SQM while increasing productivity on current and future projects." Someone needs to fire their Marketing VP. Compare and contrast these self-serving "magazines": http://www.sqmmagazine.com/ versus. http://www.sbq.com/. There must have been an article in the Harvard Business Review that mentioned starting your own trade magazine as something for floundering start-ups to do. Then, of course, the inevitable "all-electronic" format failure message looks real good on the website. Anyways, happy new years everyone! May next year's worms be more interesting than last years! -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Passport, Magazines of Failure. Dave Aitel (Dec 31)
- Re: Passport, Magazines of Failure. pete (Dec 31)
- Re: Passport, Magazines of Failure. miah (Dec 31)
- Re: Passport, Magazines of Failure. Florian Weimer (Dec 31)
- Re: Passport, Magazines of Failure. pete (Dec 31)