[Nottingham] You think https is secure !!!

[Jason Irwin]

On 09/04/14 12:23, Martin wrote:
> All quickly fixed but only by those sharp enough and interested enough
> to quickly update.
Not so quickly. As an end-user one should now change every password, but
only *AFTER* the site has been updated. For me, that's about 100.
Doable, but a PITA.

1 minute per password? 100 minutes. £12 per hour? £20 cost. Number of
people affected - 2 billion? So this simple glitch just cost the global
economy £40billion. Add on to that the costs of the admins running
around, downtime, new certs etc.

> And as for a backup to the impossibility of maintaining 'complete
> security'... Perhaps our outdated laws should focus on *how* data is
> *used* to try to clamp down on abuse of personal details...
We're back to the NHS again, aren't we?

Until computers came along the, amount of effort required to cross-ref,
reverse look-up, mine it etc pretty much protected it from all but the
most determined/resourceful people. And that tended to be the security
services and even then, the effort was so great that they'd only do it
if required OR were willing to waste *a lot* of resources on is
(although this did/does happen in repressive regimes).

What pisses me off is the likes of Experian charging me to access the
information they have collected about me. They get to profit from both
ends (selling it and form me accessing it). Something always struck me
as being rather "off" about that. Not that I actually do pay them.

-- 
╔═════════════╦══════════════════════════════════════════╗
║ Jason Irwin ║ OpenPGP (GPG/PGP) Public Key: 0xD0C592B1 ║
║             ║ Import from hkp://subkeys.pgp.net        ║
╚═════════════╩══════════════════════════════════════════╝