Comments for StraightSecTalk

Comment on A Referrer Spam Anecdote by OLIVER

OLIVER — Fri, 25 Jun 2010 20:33:06 +0000

PillSpot.org. Canadian Health&Care.No prescription online pharmacy.Special Internet Prices.Pillspot.org.< b > < a href=”http://pillspot.org/products/vitamins_herbal_supplements/ Vitamins@buy.online” >.< /a >…

Categories: Antibiotics.Skin Care.Antidiabetic.Anti-allergic/Asthma.Vitamins/Herbal Supplements.Antiviral.Womens Health.Eye Care.Stomach.Mental HealthStop SmokingAnxiety/Sleep Aid.Pain Relief.Mens Health.Blood Pressure/Heart.Weight Loss.Antidepres…

Comment on Browser Usability Problems Trump Design Flaws by CAMERON

CAMERON — Thu, 24 Jun 2010 11:52:19 +0000

Medicamentspot.com International Legal RX Medications. Special Internet Prices (up to 40% off average US price). NO PRIOR PRESCRIPTION REQUIRED!…

Combivir@buy.online” rel=”nofollow”>.…

Comment on A Referrer Spam Anecdote by Frankie

Frankie — Fri, 11 Jun 2010 19:21:44 +0000

Hello! Please e-mail me your contacts. I have a question < a href=”http://complective.ru/contact/ zachary@complective.ru” >…< /a >…

Thanks!…

Comment on Taking Down Domain Squatters by Kevin Borders

Kevin Borders — Thu, 13 Aug 2009 23:28:14 +0000

I totally understand where you are coming from. I have spent several hours per domain name I have registered searching for a reasonable name that is also not parked. I wonder how many cumulative man-hours (on the clock for many of us, mind you) have been wasted searching for domains because of squatters. I would like to see a figure of “Domain squatters cost society $___ billion dollars per year.” Maybe that would encourage congress to come down harder on ICANN and fix the domain squatting problem.

Comment on Taking Down Domain Squatters by S Watson

S Watson — Tue, 11 Aug 2009 19:00:51 +0000

We spend days upon days finding available domains for our clients. Anything that would help free up the hundreds of thousands of domains that are simply parked for no reason would definitely get our vote.

Comment on Taking Down Domain Squatters by Kevin Borders

Kevin Borders — Tue, 07 Oct 2008 21:19:00 +0000

Thanks for the comment Hugo. The suggestions in the petition look like they would be very helpful for expired domains. Preventing squatting on domains that have not expired is a more difficult problem. It would be interesting to try to write a petition that addresses this this of squatting as well.

Comment on Taking Down Domain Squatters by Hugo Monteiro

Hugo Monteiro — Mon, 06 Oct 2008 23:42:50 +0000

You might want to take a look at a petition against domain squatting. There are some ideas on how to prevent squatting in there.
Link is http://www.petitiononline.com/DNSquatt

Best regards.

Comment on Browser Usability Problems Trump Design Flaws by Kevin Borders

Kevin Borders — Tue, 12 Aug 2008 15:46:22 +0000

Hi Erik,

Thanks for the feedback. You bring up some excellent points. After all, SSL only provides security between endpoints. If the server does not handle security properly and is vulnerable to XSS (or other) attacks, or if the client is hacked, then encryption is useless.

However, all we can do as security professionals is progressively improve security at different layers. Research on bank website security usability and on browser usability aims to make end-to-end encryption more secure by helping the user make correct decisions. For websites that do protect against the vulnerabilities that you mentioned and clients that have not been hacked, it is essential that other security mechanisms are working and can be properly applied by the common user.

Kevin

Comment on Browser Usability Problems Trump Design Flaws by Erik Heidt

Erik Heidt — Thu, 31 Jul 2008 13:40:09 +0000

Kevin -

I think that you are placing too much emphasis, and possible indicating value that doesn’t exist for, SSL protected web pages.

Obviously SSL provides an expectation of confidentiality for the communication, but I feel that you are assigning other qualities to it which are not present when used for https.

The fact that a page is protected by SSL does not authenticate it’s content. The content on a https page is no more difficult to manipulate, and is subject to the same attack vectors, as an http page. (These include Cross-site-scripting, manipulation of site content through application/platform vulnerabilities, etc.).

In fact the existence of SSL can be used by an attacker to increase the effectiveness of XSS or other site manipulation attacks.

Also, man-in-the-browser and malware attacks, use techniques that nullify the value of the SSL “lock icon” on the browser. I think if you look at the available data on malware generation kits and the rise of highly targeted, even single-person-targeted attacks.

Erik
Art of Information Security

Comment on Taking Down Domain Squatters by Kevin Borders

Kevin Borders — Mon, 28 Jul 2008 11:54:51 +0000

JDP, you bring up a good point. The reason why there is no system for dealing with domain squatters right now is probably because it would be costly to set up something effective. An interesting approach might be to have the person challenging the squatter pay a “challenge fee” to ICANN so that they would have the resources to investigate the claim. This way, the challenger would still have to pay more for the domain, but at least the money wouldn’t be going to the squatter.