Comments on: Playing with Fire http://eternallyoptimistic.com/2008/02/14/playing-with-fire/ Wed, 10 Aug 2011 17:44:16 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: PageOnce Beta: Two Lattes Left On My Starbucks Card « PhilSpace http://eternallyoptimistic.com/2008/02/14/playing-with-fire/comment-page-1/#comment-332 PageOnce Beta: Two Lattes Left On My Starbucks Card « PhilSpace Thu, 17 Apr 2008 15:20:01 +0000 http://eternaloptimist.wordpress.com/?p=242#comment-332 [...] has some negative impressions, and I agree with some of the reservations Pamela has over the aggregation trend as a whole. Privacy and data portability will continue to conflict, and you do need to be careful [...] [...] has some negative impressions, and I agree with some of the reservations Pamela has over the aggregation trend as a whole. Privacy and data portability will continue to conflict, and you do need to be careful [...]

]]> By: Grant Alan Friedline http://eternallyoptimistic.com/2008/02/14/playing-with-fire/comment-page-1/#comment-335 Grant Alan Friedline Wed, 26 Mar 2008 20:28:32 +0000 http://eternaloptimist.wordpress.com/?p=242#comment-335 Hello Pam. I am new to your blog. With articles like this, I am quickly becoming a fan. When I think about Pageonce, I ask myself "Grant, would you trust any accounts to Pageonce?". I am able to answer yes, though certainly not all accounts. Is it the same for you? That is interesting in itself. I have to think about that. Hello Pam. I am new to your blog. With articles like this, I am quickly becoming a fan. When I think about Pageonce, I ask myself “Grant, would you trust any accounts to Pageonce?”. I am able to answer yes, though certainly not all accounts. Is it the same for you? That is interesting in itself. I have to think about that.

]]> By: SlashID Blog » Blog Archive » Business Model of Identity Management http://eternallyoptimistic.com/2008/02/14/playing-with-fire/comment-page-1/#comment-334 SlashID Blog » Blog Archive » Business Model of Identity Management Mon, 25 Feb 2008 03:54:04 +0000 http://eternaloptimist.wordpress.com/?p=242#comment-334 [...] your contacts or show all your accounts on one screen, thank you very much. Some people already cry foul, and hopefully their voice is being heard. (Some would claim that OAuth solves this problem - but [...] [...] your contacts or show all your accounts on one screen, thank you very much. Some people already cry foul, and hopefully their voice is being heard. (Some would claim that OAuth solves this problem – but [...]

]]> By: Alan H http://eternallyoptimistic.com/2008/02/14/playing-with-fire/comment-page-1/#comment-336 Alan H Sun, 24 Feb 2008 21:48:23 +0000 http://eternaloptimist.wordpress.com/?p=242#comment-336 I couldn't agree more -- I've been meaning to write up some semi-literate article about this myself. In my opinion, one of the main problems with this is that the user community has been poorly educated about credential management and conditioned to ignore or not consider the security problems posed by this. Admittedly, you need a fairly solid understanding of electronic security concepts before the "attack" itself is evident. The less sophisticated web users are not even going to recognize that divulging their Google , Hotmail, Yahoo! or even bank credentials to a third party is a bad idea because it isn't always obvious that it is a third party. You pretty much have to know that there is no solution to this problem to understand that there is a problem at hand. Simply put, we've dumbed things down so much in the media and education system that folks simply don't understand how this works and therefore cannot see the issues or risks. They are told to trust the pop-up dialogs that warn about this and that, but they are not really understanding the underlying security mechanism, so they are not in a position to see when they are broken or (worse) being exploited. I couldn’t agree more — I’ve been meaning to write up some semi-literate article about this myself. In my opinion, one of the main problems with this is that the user community has been poorly educated about credential management and conditioned to ignore or not consider the security problems posed by this. Admittedly, you need a fairly solid understanding of electronic security concepts before the “attack” itself is evident.

The less sophisticated web users are not even going to recognize that divulging their Google , Hotmail, Yahoo! or even bank credentials to a third party is a bad idea because it isn’t always obvious that it is a third party. You pretty much have to know that there is no solution to this problem to understand that there is a problem at hand.

Simply put, we’ve dumbed things down so much in the media and education system that folks simply don’t understand how this works and therefore cannot see the issues or risks. They are told to trust the pop-up dialogs that warn about this and that, but they are not really understanding the underlying security mechanism, so they are not in a position to see when they are broken or (worse) being exploited.

]]> By: Links » OAuth http://eternallyoptimistic.com/2008/02/14/playing-with-fire/comment-page-1/#comment-333 Links » OAuth Sat, 23 Feb 2008 12:38:06 +0000 http://eternaloptimist.wordpress.com/?p=242#comment-333 [...] is freaked out by sites that gather all your logins. So am I. But this is exactly why a group of us got together to create OAuth. OAuth allows you to [...] [...] is freaked out by sites that gather all your logins. So am I. But this is exactly why a group of us got together to create OAuth. OAuth allows you to [...]

]]>