I now blog at trevor.typepad.com, and this is a static archive

Security...

I've saved a funny script on this page to demonstrate the now popular trick of opening MS Windows users' CD drives using a web page, windows media player, and Internet Explorer.

What I enjoy most about this trick is that it bridges so many languages (Visual Basic, HTML, COM), protocols (HTTP), and clients (Internet Explorer, Windows Media Player). If any one portion of our system is open to unexpected interoperability, then the whole is open to unexpected security risk.

We live in an increasingly interconnected world in which no group of people (no matter how smart or rich) can build totally secure yet interoperable tools, which is why a monolithic identity system like Microsoft Passport is such a risk. Placing all of our eggs in one basket is not going to last beyond the first few large cracks. As the (often cracked) Hotmail system demonstrates, a centralized target will eventually fall.