Saturday Nov 04, 2006

XML Decoding Help Required...

Hi Everybody. Here's a request. I'm trying to decipher a file with the header a follows:
The body of this XML file has a tag block as follows:
If anybody knows anything about this, please let me know... by either posting a comnent here ( which obviously is as good as telling the world ;-) ) or by emailing me @ myFIRSTname.myLASTname@sun.com Anybody ???

John Doe's Infocard

LOL... had some time to kill..... and so I made a few images that you could use as your infocard image to help you identify the different infocards you create and distinguish between them instead of relying on the infocard super-imposed name. And here's John Doe's Infocard. Use the password "password" to import the infocard. This distribution of John Doe's infocard could probably make John Doe a "celebrity" again. remember to save John Doe's infocard with the extention .crds I know that most of the sites that would accept this card would also have a "confirm registration" email sent out. Well, I shall soon do something to address that too. The email address registered on this card is john.doe.infocard@gmail.com. So, what I shall also do is setup gmail forward to forward all emails to a_secret_email_address@blogger.com, and then setup a blog to publish all those emails received. Well, then I could probably write a javascript or any utility to auto-click & confirm all url's in the posts, or to parse the contents of emails received and to a HTTPrequest.get() on all URL's that the blogpost contains. But since that would take some effort, and is not something I am too keen on doing anyway, and also since I currently do not have too much stale time on my hands, I shall do that only if I see the card being used... or I may also decide against it and keep this as "insider" info ;-) Guess I would be wasting too much time on this. so the idea is now officially canned. ROTFL.
NOTE : This is in no way an attempt to initiate a world-wide attempt to present John Doe's infocard as a mechanism to break all web service's/application's that may someday accept infocard as it's auth medium. I received a few emails and phonecalls to clarify the intent here.. So Here's a public post of the intent. If you see that this can be used as a way in which tens of thousands of folks use a "common" credential (with User Control and Consent) to authenticate, and even deceive the "registration confirmation" system into accepting the credential, then I hope you see the big picture. These AuthN mediums are not for a person to person authentication system but for a "automated" system. I see this as a means in which hackers have a platform to authenticate into systems, initiate a new breed of DoS attacks, Hijack Identities, & misuse the system. Please see this not as an attempt to "attack" but as an attempt to show you that there can be several ways in which a system's stability can be compromised using extremely simple means. It does not require a rocket scientist to do such tasks. & mind you there are several folks "out there" who do this just for the kicks. So when you folks read about infocard and it's capabilities in all its basking glory, please remember not to tie yourselves down to a "infocard walled garden" and think outside of the BOX. As "WE" work on securing the system/'s even more, the "outsiders" would always find innovative ways of breaking it. Therefore "WE" need to work as a "TEAM" and CO-LAB-OH-RATE!! Please... Lets not work on "proprietorizing" IDENTITY. We got to have a solution that the industry sees as something that is SECURE, OPEN & more importantly INTER-OPERABLE. Remember it takes 2 to tango.
About

for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today