tag:blogger.com,1999:blog-21633793.post482994935676117986..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Bad IdeaSusan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-21633793.post-84187322785015382062010-02-04T08:54:34.454-05:002010-02-04T08:54:34.454-05:00This is a comment on the Internet driver's lic...This is a comment on the Internet driver's license that was posted on another site (the driver's license post was published there, too):<br /><br /><br />One of the uses of a standard driver's license is that it can readily be used as an authentication token - unless you're a bouncer at a bar in a college town, your chances of encountering a *really* good fake are low enough that it's safe to assume you really are who the card says you are.<br /><br />Unfortunately, there's (by some estimates) over 140 million compromised computers out there. And for any sane definition of "displayed while using the Internet", that means you need to send credentials over the wire. After all - if it isn't displayed wile using the net, it's not very different from the *current* "cops or ISP bang on your door/account and ask what the you think you're doing". Now we already know how to do this - SSL supports authentication certificates in *both* directions, not just server->client. However, if a machine is compromised, it can use those credentials without your permission.<br /><br />How useful would driver's licenses be if there were 140 million joy riders out there, all with *perfect* forged licenses? Yeah, exactly.Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-82187722464098704302010-02-03T23:07:32.724-05:002010-02-03T23:07:32.724-05:00Actually, an internet drivers license is pretty mu...Actually, an internet drivers license is pretty much the same as working within a login domain. You would have to log in to the internet like you have to log in to a intranet. <br /><br />This is how schools do it. Revoking the license is as simple as disabling the account. There's even a software package used by some schools which causes the students name and photograph (license) to appear at the top left of the screen so that the teacher can verify student logged in (taking the test,etc) is the same one that is sitting at the keyboard.<br /><br />Perhaps a concomitant issue is the loss of anonymity. As abhorrent as this seems, this may be a good thing. It is well known that behavior improves when someone is watching. We teach civil disturbance soldiers that anonymity is a major factor in converting a crowd to a mob. Cameras have broken up more riots that batons.<br /><br />Enforcement may be as simple as that. I drive correctly (most of the time) because there's a card in my wallet that removes my anonymity if I don't.<br /><br />We all pay lip service to the adage that there is no privacy on the internet but we sure don't act like it.<br /><br />Like the Command Officer of the USS Simon Lake said one time, the three rules of conduct on his ship are (1) would you do it if the chief were watching, (2) would you do it if I (the CO) was watching, and (3) would you do it if your mother was watching.Professor Donhttps://www.blogger.com/profile/16267677947700230734noreply@blogger.com