LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Re: social authentication (was IOL Broadband handing over information.)

[ILUG] Re: social authentication (was IOL Broadband handing over information.)

Rory Browne rory.browne at gmail.com
Thu Jun 9 09:54:22 IST 2005 

Note to self:
Next time I want to deface a website(hosted by Eircom), just put Kae
Verens address in the From: header and Email Eircom :p

If it's something personal, I usually just get the person to verify
some information that only they should know.

One time a company rang me up, started asking confirmation
questions(to make sure I was Rory Browne). I refused to answer them,
on the grounds that I had no way of knowing that they were who they
said they were. They authenticated themselves(using information only
they would know) - and then forgot about authenticating me.

Another time in college, someone was coming around the computer suites
asking for Student ID's. Most people simply showed their ID's, but
being (a) paranoid(college library used DOB's as PIN codes), and (b)
in a bad mood, I asked him to confirm that the was a member of staff
or security - much to my amusement - he told me that he had left his
Staff ID in his office. He pointed out his picture on the staff
website, though, and I showed him my ID then .

On 6/9/05, Kae Verens <kae at verens.com> wrote:
> Rick Moen wrote:
> 
> >I said, "Sir, I certainly mean no offence, and it's certainly highly
> >likely that you're calling from the Sunnyvale Police Department on
> >official business, but you're asking for possibly sensitive information,
> >and so far I know you only as a voice on a telephone."  He offered me
> >his direct telephone number, but I reminded him that, for the same
> >reason, I'd prefer to be transferred to him from the Sunnyvale PD main
> >switchboard.
> >  
> >
> 
> That's exactly the kind of paranoia that I like to cultivate here in 
> work. Unfortunately, there is a clash sometimes between the effort 
> involved in authenticating a call from scratch (look up the number on 
> their website, call, and ask to be transfered), and the time (and 
> therefore, the monetary value) involved in completing the request. In 
> some cases, we need to make a decision whether to "just do it", or 
> insist on the procedure.
> 
> I notice, for example, that I can get Eircom to change DNS information 
> by just emailing them. As far as I remember, I've never been asked to 
> authenticate that I have adminstrative rights for such domains, though. 
> I guess, as a professional in the web industry, I have somehow inherited 
> a certain authority and they respect that I wouldn't abuse that... hmm...
> 
> Kae
> 
> -- 
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
> 
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell