Jock Gill: Misreading …

Jock Gill: Misreading and Misleading: How the right-wing zealots misuse the word of God and of our Founding Fathers to make their peculiar extremism seem either holy or patriotic

Seth Dillingham: Knowledge Management, Meta Data, and the Organization

The Post-September 11 Environment: Access to Government Information [via Anonymous Reader]

Neurotheology is the belief that religion is all in the mind.

Microsoft’s Passport to Trouble: I read yesterday about the first security breach of Microsoft’s Passport technology. Needless to say I was not surprised that it was the result of cross-site scripting and some cookie holes in Hotmail. When Microsoft announced their grand plans to leverage Hotmail, Internet Explorer, and Windows to make Passport and Hailstorm (excuse me, My .NET Services) a secure authentication service for online transactions, most people laughed pretty hard. Microsoft’s track record for producing secure products is one of the worst in the industry. I am waiting for the Passport technology to become more widespread. You can bet that as soon as it is, it will become wildly successful or it will fail miserably. It will fail if Microsoft cannot keep it secure (and so far, they’ve proven that they cannot). It will succeed if Microsoft can lock out competing authentication services from using the IE/Windows platform. It may also succeed if Microsoft can make Passport secure. Only time will tell. In the meantime, the people aware of these issues are avoiding Passport with a 1000-foot pole.

What I am afraid of mostly is the issue consumers face when using Passport-enabled web sites. For instance, I use 1800flowers.com on a regular basis to send flowers and gifts to friends around the country. I trust the ecommerce back-end of 1800flowers.com (though, I probably shouldn’t given some of the stories I’ve been told of its development back in 1998). One of the things that I need to worry about, as a consumer, is whether or not the people running 1800flowers.com keep their ecommerce system separate from the Passport functionality they’ve implemented with the help of Microsoft. If Passport’s security gets breached at that site, how safe is the information I’ve trusted 1800flowers.com with? Even if I have never used the Passport features there. The same goes for eBay. Imagine the nightmare that would unfold if eBay’s millions of users all of a sudden learned that their information was stolen? If Microsoft is not careful, it may at some point in the future become a liability to use Microsoft technology for secure transactions.

Unique ID Uniqueness: Anyone who has ever developed an ID-based authentication system knows that all transactions, orders, and user profiles are based on the concept of a unique ID. This can be a username (like an AOL screen name), an alphanumeric set of letters and numbers, or an email address. I ran into an interesting problem at Amazon.com recently. Apparently, their profile database allows for multiple accounts under a single email address. Like most people I use about a half dozen regular passwords for all of my various accounts across the Internet. When logging into a site, if one password doesn’t work, I try the others in my mental list until I get in. Apparently, at some point over the past five years I signed up for an Amazon account twice using the same email address, but using different passwords. If Amazon’s profile sytem had truly treated my email address as unique, the system should not have allowed me to do this. I do not know if Amazon recognizes this as a problem, or if they have plans to fix it. But I do know that I have multiple order histories scattered across about four or five different accounts in their sytem, two of them using the same email address. It would be really great if Amazon offered their users a way to consolidate or merge accounts, much like Yahoo has done with their various acquisitions, most notably egroups. AOL also had to solve this problem when they purchased Netscape and rolled the Netcenter profile database into their AOL profile database. This is why my AOL (and now also Netcenter) screen name is ‘camworld2’, since some long-ago AOL user once created the ‘camworld’ screen name, even though my old pre-AOL Netcenter screen name was also ‘camworld’.

Posted by Cameron Barrett at November 3, 2001 04:35 PM

Leave a Reply

Your email address will not be published. Required fields are marked *