Comments for Jeff's Blog http://qyv.net/jisblog Ramblings of a Security Technologist Fri, 21 Nov 2008 16:11:21 +0000 http://wordpress.org/?v=2.3.3 Comment on What’s Wrong with this Picture? by Donald Eastlake 3rd http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-3867 Donald Eastlake 3rd Sun, 24 Aug 2008 02:49:50 +0000 http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-3867 The EMV (EuroCard, MasterCard, Visa) protocol which authenticates via a smart card chip in the card, has existed for years. All European cards have these. If/when the losses get big enough, people will move to such technologies. Donald The EMV (EuroCard, MasterCard, Visa) protocol which authenticates via a smart card chip in the card, has existed for years. All European cards have these. If/when the losses get big enough, people will move to such technologies.

Donald

]]> Comment on What’s Wrong with this Picture? by M Gettes http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-2232 M Gettes Thu, 17 Apr 2008 14:05:52 +0000 http://qyv.net/jisblog/2008/04/16/whats-wrong-with-this-picture/#comment-2232 I understand and completely agree with your point. As you very well know - changing the system is extremely difficult since it, this fine credit card system, is essentially the basis for commerce. How can we use the current system to better employ security techniques in a way actually usable by human beings with limited understanding of the issues? I like what some banks are doing - offering (on the internet) the ability to obtain short-term credit card numbers with appropriate limits on time and dollars. This is essentially using my current card as a qualifier to obtain other short-term card uses. This is, of course, analogous to short-term PKI certs and so on. If we could do this in a way where the net was not so required - or distribute it via telephones (isn't this what Bank of America and the MIT center for the future of banking should be doing?) so anyone could use it - then we might make the overall system better by limiting exposures. It ain't perfect - but I think it is better. /mrg I understand and completely agree with your point. As you very well know - changing the system is extremely difficult since it, this fine credit card system, is essentially the basis for commerce. How can we use the current system to better employ security techniques in a way actually usable by human beings with limited understanding of the issues? I like what some banks are doing - offering (on the internet) the ability to obtain short-term credit card numbers with appropriate limits on time and dollars. This is essentially using my current card as a qualifier to obtain other short-term card uses. This is, of course, analogous to short-term PKI certs and so on. If we could do this in a way where the net was not so required - or distribute it via telephones (isn’t this what Bank of America and the MIT center for the future of banking should be doing?) so anyone could use it - then we might make the overall system better by limiting exposures. It ain’t perfect - but I think it is better.

/mrg

]]> Comment on Identity on the Internet by Ric http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-115 Ric Sat, 27 Oct 2007 01:21:35 +0000 http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-115 this is really good. thanks a lot. This topic was so hard to find. i hope that you continue this. this is really good. thanks a lot. This topic was so hard to find. i hope that you continue this.

]]> Comment on NERCOMP Presentation by Dennis Devlin http://qyv.net/jisblog/nercomp-presentation/#comment-47 Dennis Devlin Mon, 24 Sep 2007 14:57:49 +0000 http://qyv.net/jisblog/nercomp-presentation/#comment-47 I enjoyed your presentation at NERCOMP. I enjoyed your presentation at NERCOMP.

]]> Comment on Identity on the Internet by dominair http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-46 dominair Sat, 22 Sep 2007 12:36:22 +0000 http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-46 I find it interesting too, but how about if just start using our domain name as an identification, after all the first thing employer do before hiring somebody is making a search on the net. nice blog , keep it on! I find it interesting too, but how about if just start using our domain name as an identification, after all the first thing employer do before hiring somebody is making a search on the net.

nice blog , keep it on!

]]> Comment on Identity on the Internet by notary public http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-5 notary public Mon, 28 May 2007 07:05:42 +0000 http://qyv.net/jisblog/2007/05/08/identity-on-the-internet/#comment-5 Hi! A very interesting way of explaining how authentication works on the web. Thank you so much for sharing and keep em coming! :) Hi! A very interesting way of explaining how authentication works on the web. Thank you so much for sharing and keep em coming! :)

]]>