Microsoft is right, and so are ID cards
Letters More concerns about ID cards this week, sparked by comments made by the UK's information commissioner who warned that Britain should not sleepwalk into a surveillance society. This is always an emotive one, so we'll skip the chit-chat and get straight to it:
Whilst I agree with the general thrust of the concerns, the Information Commissioner has got one thing wrong, unfortunately. It's not that the public is "sleepwalking" into it but are running to it with open arms. Most of the correspondents there seem to be saying that those opposed to the ID cards are criminals with something to hide.
Francisco, Newcastle upon Tyne.
national identity cards are a normal part of life in other European countries, e.g. Germany. in addition, the Germans have a national register, whereby you are registered with your address. if you move house you have to change register such a change.
there should not be a problem with having a card that states your name and address, together with your picture, obviously. there also should not be a problem with being required to produce it when needed. having lived with a national id card for many years i can say that i have never been asked to produce it at random, but only when conducting official business. i can tell you that a large number of foreign nationals find the English practice of identifying yourself by a phone or utility bill as utterly hilarious.
national identity cards have to go hand in hand with a national register, again holding name and address, together with some biometric identifier [what is a picture if it is not a biometric identifier].
i am not in favour of holding all kinds of personal information, but i am of the opinion that there are few rational arguments against a national identity card per se.
as for civil liberties, i find that telling me that i cannot enjoy a pint after 11:20pm is an infringement of my civil liberties, being asked to show who i am when picking up a parcel is not.
One would never say such a thing in public, but a former colleague is convinced that DB's fixation on ID cards and cataloguing everybody is down to his visual impairment.
But that's probably a sighted person's judgment on something they know nothing about ...
When the ID law passes I for one will be leaving the UK - emigration out of this emerging police state seems more and more attractive.
They even have George Orwell writing the announcements on rail station message boards
"Security: Be Vigilant! Be Alert!" is what now welcomes travelers waiting for their train to arrive.
Is anyone else getting worried about this?
In a word? Yes.
This week brought the news that Microsoft prevailed in its bid to maintains its position as preferred supplier to Newham Council. One deciding factor was that, according to a Microsoft funded study, Microsoft is cheaper and more secure than the open source alternative.
Um. Bullshit. The only way Microsoft is cheaper than Open Source is to find the most expensive vendor with the most expensive distro of Linux, the least skilled but highest priced vendor of Linux migration services, and the local Tech training firm who finally found a high school student to train users how to change their KDE Desktop image. Oh, and using IE because M$ is so very serious about security is the major deciding factor... How ridiculous is that? So what they're serious. We in the States were serious about protecting our country, and look at 9/11.
As the old saying goes, a fool (Newham) and his money (the taxpayers', in this case) are soon parted.
Microsoft's decision to block Downhill Battle from offering Windows XP Service Pack 2 through BitTorrent seems to have met with (some) muted approval:
OK everyone, lets all download one of the most important security updates ever from non-secured, anonymous servers.
As strange as it may seem, I can't help but wonder if MS isn't doing its users a favor. I understand the appeal of using BitTorrent to download large upgrades like this but seriously question wether users should be encouraged to download an upgrade from anonymous servers. Especially one that is so crucial for security. The use of a checksum is really minimum security considering what is involved.
Any ideas on why Microsoft - if they are even letting pirated copies use SP2 - are not letting people distribute it this way? I can understand the possibilities of a modified copy, but they could publish the MD5 to try and get around that.
I would think that ANY third-party support of their patch would be useful to them, but I guess that shooting the foot is more fun...
Some interesting thoughts about Phishing:
Forget email phishing - I'm a temp working for a call centre contracted to [a prominent supermarket's home delivery service]. I am frequently required to call a customer back and request credit card details to action a refund - this occurs if the customer has called in regarding products not arriving or damaged products, and I've had to call the store. If the store aren't willing to do the refund I have to call the customer for card details - for security(!) I don't have access to those details. The refund system can check if the card is the same as the one paid on (to prevent money laundering through groceries, that well known crime) but wont let me order a refund without full card details.
It gets worse. There is a team which receives information from a store regarding failed card transactions. This team then cold-calls a customer and says something along the lines of "hello, this is Fred from [supermarket]... problem with your card... can you confirm your card details for me please?". And people do. Even though quite often the number doesn't ID.
Both of the above happen all day every day. The only two security issues raised by customers that I've heard about are, firstly, I asked a customer's email address as a security check - his wife told him he'd get spam if he said it out loud. Took me a while to convince him I'd already got it and it was just to check who he was.
Secondly, I got a call from a customer asking if she could pay cash because she didn't want to use her card online. After trying to talk a septuagenarian through the details of SSL she gave me her details over the phone, because "that's more secure, isn't it".
As for company snooping - VNC runs when the computer boots up (not that anyone here knows how to use it) and the management tend to sneak up behind you during a nice game of golf.
A brief revival of Kev bashing, with the latest rebuke of his plans to insert a chip into his brain.
Lucy, I dunno which planet Cap'n Cyborg lives on, but if it were Earth he would know that two paralyzed patients had chips implanted in their brains in 1998 at Emory University med center in Atlanta, Georgia, and that New York is awash in cyborgs implanted with brain chip "pacemakers" to control Parkinson's tremors, and that a monkey at Duke University last year already did what Kev says he's gonna do -- control remote appliances by thought, and that the profs who did that have already applied to the US Food and Drug Administration for permission to launch clinical trials of that technology in humans.
Keep it up, Kev, and one day you may catch up with the monkeys!
And finally, we reported how a spurned lover's attempt to exact revenge on his cheating ex, backfired slightly, when he found himself in the dock. Fair enough: he did post an X-rated home vid online. And advertised it to her friends, family, work colleagues...
This one is anonymous, for rather obvious reasons:
But actually, a few years back (this would have been 98 or 99, somewhere in there), a similar story occurred involving a friend of mine.
He had been dating a girl. Then they broke up, somewhat nastily, and he moved on. A few weeks later, she e-mailed him a photo of her and another gentleman, mid-dirty deed.
My friend, being neither slow-witted nor in need of a jail sentence, promptly forwarded the e-mail to the girl's mom.
Pure class, that. Right. That is probably a good place to stop for today. More later in the week, and don't forget to vote for your favourite weasel name. ®
Sponsored: Protecting mobile certificates