Archive for March, 2006

iPod in airport = Bad

I am finally in a plane headed to Melbourne and lucky to be here at all. I missed my flight at 8:30pm for 2 reasons.

  1. When I looked at my boarding pass I confused my seat number (5D) with the departure gate. Stupid.
  2. While I was patiently waiting for the (now overdue) boarding call I was listening to a ranting podcast, completely unaware that the plane was infarct leaving on time and was trying desperately to call for me.

Still unaware of my error I proceeded to board the plane from the wrong gate with everyone else in the lounge. As I scanned my boarding pass, there was suddenly a problem. My pass was returning the wrong name. Do they ask for id? No. Do they try and resolve the problem? No, they direct me onto the plane anyway.

Thinking that at last I could relax and be on my way I sit down and stow my bags. A moment later there is another problem. Someone else has my seat number. I am just about to get grumpy now, when the hostess mentions that this flight is headed for Coolangatta and not Melbourne.

Oh. Dear.

Once out of the plane the Qantas staff were very helpful in getting me back on track, although the next available flight was at 10:20pm. It certainly gave me an opportunity to reflect on my attention while traveling.

Tuesday, March 28th, 2006

ipod, travel No Comments

Who do You Trust?

FEDERATED DIGITAL IDENTITY

In the context of providing a strong authentication solution the concept of a Federated Digital Identity is often mentioned. This essay seeks to explore this concept to review and challenge the benefits that ‘Federation’ of digital identity management can provide.

However before discussion Federation the concepts of a Digital Identity and even Identity itself will be briefly discussed. (more…)

Monday, March 27th, 2006

identity, security No Comments

The problem with whitelists

A Computerworld article today referred to a report published by the National Consumers League in Washington DC, proposing ‘A Call to Action’ for fighting phishing. Although I haven’t fully reviewed the report, the text that popped out at me was a recommendation to use ‘whiltelists’ to stop phishing attacks.

A whitelist is simple a list of places that are good and safe to go to. Ideally you would add the website address of all of the banks and financial institutions to the list, and all of the legitimate online vendors. Then anyone not on this list would be considered, at best as unknown, and at worst blocked by default.

The problem with whitelists is in their management. How does a vendor get on this list? Who manages the list? What happens if a legitimate vendor changes the web address of their payment page?

Quite quickly this becomes an operational nightmare, particularly if considered on a global scale. I can see this being beneficial if there is a way to create and manage personal whitelists, where the customer identifies a site as being good and trusted. Unfortunately this can then become the next target of the social engineers, by tricking customers into adding their fake sites to private whitelists.

Glancing at the rest of the paper it looks like a great resource, but the 6th recommendation for action ‘ISP’s and domain name owners can cooperate on whitelists’ sounds simple but will be operationally infeasible.

The phishing battle continues…

Monday, March 20th, 2006

security No Comments