[Nottingham] You think https is secure !!!

Martin martin at ml1.co.uk
Wed Apr 9 12:26:05 UTC 2014

On 09/04/14 13:00, Jason Irwin wrote:
> On 09/04/14 12:23, Martin wrote:
>> All quickly fixed but only by those sharp enough and interested enough
>> to quickly update.
> Not so quickly. As an end-user one should now change every password, but
> only *AFTER* the site has been updated. For me, that's about 100.
> Doable, but a PITA.
> 1 minute per password? 100 minutes. £12 per hour? £20 cost. Number of
> people affected - 2 billion? So this simple glitch just cost the global
> economy £40billion. Add on to that the costs of the admins running
> around, downtime, new certs etc.

Perhaps the freedom of free-of-cost is too cheap... But who cares enough
to check and code audit?

>> And as for a backup to the impossibility of maintaining 'complete
>> security'... Perhaps our outdated laws should focus on *how* data is
>> *used* to try to clamp down on abuse of personal details...
> We're back to the NHS again, aren't we?
> Until computers came along the, amount of effort required to cross-ref,
> reverse look-up, mine it etc pretty much protected it from all but the
> most determined/resourceful people. And that tended to be the security
> services and even then, the effort was so great that they'd only do it
> if required OR were willing to waste *a lot* of resources on is
> (although this did/does happen in repressive regimes).

For the NHS example, that is where paper files in the back room of the
GP who knows you personally makes usually for a very good 'gatekeeper'
for such easily and richly exploitable personal data...

> What pisses me off is the likes of Experian charging me to access the
> information they have collected about me. They get to profit from both
> ends (selling it and form me accessing it). Something always struck me
> as being rather "off" about that. Not that I actually do pay them.

Except that we all do pay such companies in various ways by the costs
that they incur upon all our daily lives...


- ------------------ - ----------------------------------------
-    Martin Lomas    - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from   hkp://subkeys.pgp.net   or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg

More information about the Nottingham mailing list