[linux-elitists] Pro-Linux FUD

Michael Bacarella mbac@netgraft.com
Thu Aug 14 09:15:23 PDT 2003


> > (The article also claims that the GNU FTP server compromise was
> > performed by somebody with physical access to the system, which
> > strikes me as unlikely). 
> 
> 	The FSF have an historical fear of system security (it's
> undemocratic, elitist, etc to keep people out of your computers) that
> makes administration difficult.  Fortunately, they're solving this
> problem in classic FSF style, by using GPG signatures to verify
> checksums.  This solution will survive system break-ins, provided they
> manage their keys properly.
> 
> 	It may be interesting to see if the FSF's "wiki way" of
> security turns out to be the future: lighten up on Prevention, and
> focus on Detection and Recovery.

Indeed.

At LWCE when they were selling associate memberships, they made
sure to reinforce that the card processing gateway they use
(trustcommerce.com) allows them to do recurring billing without
having to store credit cards on file.

Instead of retaining the user's credit card, they assign a billing
authorization code for that account and you retain that on file and
present it for future billings.  If your system is ever compromised
and someone makes off with the authorization codes, you can simply
tell the processor to blacklist all codes that have been assigned
to you.

-- 
Michael Bacarella                24/7 phone: 1-646-641-8662
Netgraft Corporation                   http://netgraft.com/

Finger email address for public key.  Key fingerprint:
  C40C CB1E D2F6 7628 6308  F554 7A68 A5CF 0BD8 C055



More information about the linux-elitists mailing list