BEAUTIFUL!
The security crowd really irks me as they really do little more than peddle fear and confusion.
I love to see them trip over their own 'doom and gloom' sermons. Serves them right.
Not sure if anyone ever listens to the Security Now podcast, but there was a show a few episodes back (between 108~110 - forget which) where Steve is going on about his "secure" password page where you can generate "secure" passwords and that nobody can know them because the page is all "secure" through SSL, blah blah blah... From that page:
What makes these perfect and safe?
...
Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.
*Emphasis mine...
Screen shot courtesy of my favorite screen shot utility, Screenshot Captor:
Isn't it ironic?The page is
http://grc.com/password.htm.
Both IE and Firefox redirect to HTTPS, but Opera doesn't. Why? Well, the answer should be fairly obvious. IT'S A SECURITY HOLE!
The page IS NOT secure in Opera. Huh? WTF? Wait a second... Didn't the
security expert just say, "
this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection?"
So much of the security industry is just pure snake oil.
And besides, nobody needs 64 character passwords. That's just silly. The universe will die out before you can brute force anything near that.
Reminds me of an
Ozzy song -
Miracle Man. It's about when the TV evangelist Jimmy Swaggart got caught with a hooker.