Re: [NF] Clarification on web security

Author: Ted Roche

Posted: 2014-07-30 at 10:54:40

On Wed, Jul 30, 2014 at 11:40 AM, Ken Dibble <krdibble@stny.rr.com> wrote:

>

> Again, the older your OS is, the less likely it is an actual target for

> real, not theoretical, malware that is actually in circulation today.

And, with all due respect in return, we continue to disagree on this point.

WinXP is a marvelous target for bad guys. Little old ladies (and guys,

until recently, my dad among them), have Windows XP machines hooked up to

the internet, often poorly, often out-of-date with updates, hanging off

half-decent internet connections cable and DSL, running 24 hours a day.

These are _perfect_ machines to harvest and take over in

command-and-control botnets to churn out spam and participate in DDOS

attacks. These happen, every day , and botnets of millions of compromised

machines (feel free to search the web for this info yourself) are running

everyday.

And offices are filled with clueless clerks who love to play games or visit

sketch sites on their breaks and lots of small- and medium-sized businesses

host botnets, too.

While the bad guys have control of your machine, it's pretty trivial to

pick off your credit card info, tax return and compromising selfies, too.

This is happening today, every day. Even if you refuse to believe it.

> SSL certificates are a form of blackmail. You pay in order to get somebody

> to issue an opinion that your encryption is good. That does not mean your

> encryption is not good if you don't pay to get the certificate.

>

You can always self-sign certificates, and establish your own web of trust.

We do for many of our applications.

--

Ted Roche

Ted Roche & Associates, LLC

http://www.tedroche.com

--- StripMime Report -- processed MIME parts ---

multipart/alternative

text/plain (text body -- kept)

text/html

---

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/CACW6n4uzOTAHDoCYZN9YAkCn8jogQHVriNfqipnJ5h0XGNmKUw@mail.gmail.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2014 Ted Roche