Decius wrote:
] People get into your account because they guess your password,
] or because you leave yourself logged in and then your friends
] come over and use your computer, or because you use the same
] password all over the place. There isn't much that I can do
] about these attacks as a site manager. I need YOU to use
] client certificates to login to my site, and you need to keep
] your certificate on a smart card or ibutton that stays on
] your person.
]
] Is anyone using technology like this? Would you want to use it
] to access MemeStreams if it was available? What do you think?

i agree with D. It's an education problem (or a laziness problem) more than anything, letting the browser remember your passwords so you don't have to type them in all the time (especially when the differ, like all of mine do). I do this, with non-critical sites (i.e. when $$$ isn't involved), so you could walk up to my laptop (or my work computer) and post as me all day. I don't think a lot is gonna change until the infrastructure exists that Decius suggests. A way to get there in the short term, without specialized hardware (card reader, iButton reader) is to store certificates on a usb pendrive device, which is becoming more ubiquitous anyhow. At least, it's a step in that direction. I'd like to move towards that myself, allowing the usb device, like the key for my car, to authenticate me everywhere, and ideally handle automatic release of as much personal data as i authorize, on an object-by-object basis. If widely adopted, this also solves the issue of retail sites being hacked for your credit card number. If my device can handle the details of telling amazon my info when i authorize it to, there's no longer any need for them to store my credit card number locally.

Decius wrote:
] I'm not sure SSL is really all that useful. It would prevent
] people from stealing your password over the wire, but I don't
] think most of these attacks are sniffing related. It would
] also allow you to authenticate that you are entering your
] password on my site, but I think most people who would fall
] for a phoney login would still fall for it. I'll bet if you
] offered it for a small fee few would buy.

SSL takes the ability to use proxies out of the equation.. Most (read: almost all) open proxies out there do not relay SSL. Hence, it raises the bar for the work needed to distribute an attack across hosts.

SSL would only secure the login process, cookie replay could still be accomplished. You can do some skey like shit with cookies, but hijacked sessions are not the problem big problem. The big problem is someone being able to maintain crazy numbers of sessions, without us knowing. That's how you would manipulate a system, and cause some real havoc.

] People get into your account because they guess your password,
] or because you leave yourself logged in and then your friends
] come over and use your computer, or because you use the same
] password all over the place. There isn't much that I can do
] about these attacks as a site manager. I need YOU to use
] client certificates to login to my site, and you need to keep
] your certificate on a smart card or ibutton that stays on
] your person.

Again, I don't think this is the "big problem". Harmful trolls and spammers are going to be the problem. Remember the discussion on Everything In Moderation driven by the Slashdot troll? Those are the dudes I'm worried about..

Those are going to be our terrorists.. One of them can do soooo much damage, and their attacks are hard to profile, predict, and defend against while not getting in the way of users. I'm dreading the arms race..

] Is anyone using technology like this? Would you want to use it
] to access MemeStreams if it was available? What do you think?

In general, I use the hardest authentication that makes sense and doesn't get in my way. I figure we will support SSL for logins, and soon.. Why not? I'd prefer to enforce it, as every browser from lynx on up supports SSL these days. Make life for the "terrorists" that much harder, and at least the users who use the same password everywhere are a little less at risk of having all their other accounts owned if someone happens to be pw sniffing them logging on us. Network Effects.

However, it must be remembered that at the heart of most security problems is something biological. The user on the other end is the weakest link, and as you said, its on them to have an idea of what risk they are at and to protect themselves.

Obviously as sysops we will do our best to make user's aware of risks, but we can't really do much.. If someone targets a user, and wants to break into their account, the methods used are going to be focused on the user, not us.

Rattle wrote:
] Again, I don't think this is the "big problem". Harmful
] trolls and spammers are going to be the problem. Remember the
] discussion on Everything In Moderation driven by the Slashdot
] troll? Those are the dudes I'm worried about..

I find if you manage a community well the trolls are few, but the spammers will come. The answer to both problems is effective moderation technology.

We can also easily limit the number of posts a day per user. We already have SOME limits in place. Legitimate users will never see those limits. Coupled with captcha we can easily make spamming a real hassle. Thats the nice thing about a system like this. We're aren't locked into a standard. We can simply eliminate the elements of other architectures that make them conducive to abuse...

] In general, I use the hardest authentication that makes sense
] and doesn't get in my way. I figure we will support SSL for
] logins, and soon.. Why not?

Because its expensive to scale.