[sldev] More about viewer auth in today's RC

Jesse Barnett jessesa at gmail.com
Tue Dec 4 18:35:09 PST 2007

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] More about viewer auth in today's RC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/4/07, Argent Stonecutter <secret.argent at gmail.com> wrote:
>
>
> It's not a security system.
>
> Like Tess said, this isn't about security.
>
> This is about a lot of words that people mix up with security. Like
> evidence, and investigation, and forensics, and stuff like that.
>
> _______________________________________________

Billion dollar credit card companies would disagree with that assessment.
And there is a similiarity between credit card with number and security code
in back and our username and password. Imagine how long a credit card
company could stay in buisiness without a complete system of security in
place. A system that among other things, employs pattern recognition. It is
actually much easier to get someone's credit card
number as opposed to our username/password.

I use my company credit card on websites everyday to make purchases. In fact
8 of us have credit cards and use them on the web, stores, gas etc. It is a
rare occurence for there to be a disputed charge even running about $20K of
charges a month.

Most of us don't think twice about handing over the little piece of plastic
on it worth several thousand dollars. But we are extremely worried about 3rd
party viewers possibly getting access to a few thousand $L. Think it needs
perspective.

Yes it and other targets are of some concern and that is why you need to try
to build a system to cover the vulnerabilites you are aware of and of course
fix any new vulnerabilities.

I haven't ever disputed the fact that we have multiple vulnerabilities and
that this nees to be fixed. Having to provide our info to login to Jira,
Wiki, Viewer, Forums etc is one. The only dispute I have is making sure we
don't loose some of the choices we have now, such as being able to log into
multiple accounts at the same time. Hopefully someone is working on that
too.

Jesse Barnett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071204/18e568b7/attachment.htm

Previous message: [sldev] More about viewer auth in today's RC
Next message: [sldev] More about viewer auth in today's RC
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list