Re: Follow Up To Re: Campus Single Sign-On

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Thu, 25 Aug 2011 16:48:38 -0000, "pmorley () mcdaniel edu" said:
> We have gone ahead and made a decision as to the platform we will support.
> I'm not going to disclose it for security purposes,

You *do* realize the security obtained that way is somewhere between zero and
none, right?  Especially since any attacker that actually cares which one you
use will be able to figure it out *really* fast anyhow?  Aything from asking
Google if it's indexed any of your IT News pages regarding the coming
deployment, to getting a zombied system and having it hit a page and seeing
what the SSO screen looks like, to....

In a related note - what are people doing with the whole SSO thing in a world
where Vint Cerf claims 140 million zombied computers - what confidence level do
you assign to an SSO session that it's *really* that user?

Attachment: _bin
Description: