Two GCC stories

Two GCC stories

Posted Jul 7, 2010 18:24 UTC (Wed) by nix (subscriber, #2304)
In reply to: Two GCC stories by fuhchee
Parent article: Two GCC stories

This person admitted the obvious that "NightStrike" is not real. AFAIK only he and his sympathisers suggested in later editorial comments that a "real-enough" but fake name might have been acceptable.

But how would you have known if it wasn't? Ignoring someone who points out a huge gaping flaw in your security policy because you don't like their name is not clever.

As for better authenticators, well, you've already mentioned things like home addresses, phone numbers, et seq. Of course all of these are fakeable: one must estimate the determination of possible attackers when figuring out which to rely on. But NightStrike is quite right that relying on 'a real-sounding name' gives you nothing: it drives away those who wish to or must use pseudonyms while failing to keep out any bad guys at all.

---

to post comments

Two GCC stories

Posted Jul 7, 2010 18:47 UTC (Wed) by fuhchee (guest, #40059) [Link] (1 responses)

"But how would you have known if it wasn't?"

So let me get this straight. *Because* we refuse to give someone
logon privileges (for reasons that even you are sympathetic to), you
complain about a hypothetical opposite situation where we might
someday give access to someone else? So actual evidence of our
prudence is twisted to insult to our hypothetical straw-man
security policy?

Dude. Really.

I am not prepared to disclose a full investigative plan to be applied
to an arbitrary person seeking such access. "It depends." But I am
prepared to promise this: being "merely real-sounding" has not and
will not be sufficient.

Two GCC stories

Posted Jul 7, 2010 21:20 UTC (Wed) by nix (subscriber, #2304) [Link]

Right, good. That was all I was concerned about.