Posts by David Greaves 8 publicly visible posts • joined 1 Aug 2007
... maybe they can accept this challenge:
http://16systems.com/zero/index.html
A normal fully functioning drive overwritten with 0s
Not exactly hard to do.
Getting back data from an accidentally damaged drive is one thing - a criminal with a bit of tech savvy OTOH.
Mind you a disaster recovery firm who can recover data from a PC after spilling wine on the keyboard. Wow! They must be good.
So basically Microsoft consider Hotmail no longer appropriate for use as a community communication tool?
No mailing lists, no big cc lists.
A lot of people will have started out on Hotmail and even now may not have the tech-savvy to know they're being screwed.
How long I wonder until there's a cost option that lets Hotmail users use mailing lists? Either for the senders or the users?
Nah, Microsoft would never do that!
I look forward to the next instalment :)
You mentioned some services that may be interesting - maybe you could expand on the state of play around trust and identity in open source and standards? The whole Passport vs Liberty Alliance seems to have gone quiet; and of course the ever present spam problem seems to be a trust/identity issue at heart.
Services that addressed these issues successfully would, I feel, truly be worthy of Web 2.0 tags.
So LinkedIn didn't test their code? They released a product into the public arena that contained a flaw. Who would *directly* suffer if this flaw was exploited? Not LinkedIn; the users.
So someone comes along and finds the flaw. They spend time making sure it is a flaw. It is. They notify LinkedIn and ask for compensation for their work. LinkedIn refuse (why should they pay, *they* aren't at risk and they get it for free in a few days anyhow).
If LinkedIn (or any business) had confidence in their site then they'd have a policy of paying for such exploits - after all there aren't any are there? They do continually penetration test the site don't they? Oh wait, no. The risk is external (as Schneier would say).
Jared was being responsible - there is no 'bobby on the beat' who knocks at your door and says "did you know your windows are unlocked around the back". So Jared has become an entrepeneur - he walks the beat and finds problems. The community doesn't pay him for this service so he asks for (not demands) support from those he helps.
What other motivation do LinkedIn have to fix their problem? None. They were told that there was a problem and obviously did not have the expertise to fix it *even knowing it was there*.
Eventually, when they realise that designing and testing the site properly would be cheaper than paying Jared, his job is done.
The approach Jared used seems to be beyond reproach.
Ask yourself - what would LinkedIn say if they discovered Jared had approached NatWest with a way to undetectably remove funds from the LinkedIn business account; and NatWest had told him to take a hike?
"Unprofessional. Practically criminal! That's *our* money!!"
Oh, really?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
