Hi Warren,
I'm a programmer at a large company and I can assure you we use a
"stricter" method of transferring any files that leave our company than
the LOTW method.
We use 2048 bit public/private key encryption (such as PGP / GnuPG).
We encrypt the files on servers behind our firewalls and transfer them
to our servers outside the firewall via encrypted file transmission as
well (scp or sftp both work well).
When we exchange the public keys we call and verbally ensure we have
received the key from a contact at the receiving company before we sign
the key and add it to our "key ring".
The files I've dealt with have only had customer name and address
information so it's not as important as financial information (in the
grand scheme of things, I'm not belittling a person's right to privacy).
When I set up my personal online banking accounts we had to sign an
agreement at the bank, wait for a card to come via the post office with
our account password, log on to the website, change our password, before
we could access our account. It's pretty close to the LOTW (minus the
keys, but SSL uses a simpler version of the key encryption process).
I didn't find it too difficult (no command line arguments or vi
commands to remember here) and I've been having fun watching the amount
of confirmed contacts build as others add their logs. It's still nice
to get QSL's in the mail but I think the effort required to hack the
LOTW system is much greater than any potential return (what would a
hacker gain? DXCC? 5Band?, it's probably easier to steal credit card
numbers from most web sites!).
Hopefully the major contest next weekend will change everyone's focus
to contesting and put to bed all the LOTW talk.
73,
George / KF9YR
-----Original Message-----
From: cq-contest-bounces@contesting.com
[mailto:cq-contest-bounces@contesting.com] On Behalf Of Warren C.
Stankiewicz
Sent: Friday, May 21, 2004 8:44 AM
To: CQ-Contest@contesting.com
Subject: [CQ-Contest] A Lack of Focus? (Was LotW - Needs More
Participation)
You know, someone brought up a good point about this that bears
mentioning.
They discussed how their financial institution delivered their account
and
password information.
You can even argue that the ARRL's position is even stricter than that
you'll find at your local bank or brokerage. Certainly, my bank and my
brokerages do things much differently than LoTW does.
Which brings up a question: Why? I can see when my money's involved. But
we're talking about mere operating awards here. A certificate to put on
the
wall. Maybe a pin. If you're one of the "Deserving", someday a plaque.
That's it, folks. And when we're gone, how long do you figure they'll
stay
up on the wall before they make the trip to the dust bin?
This obsession with security by ARRL's LoTW program mirrors the
obsession
with the awards it supports by the users themselves. This used to be a
hobby, and some say it's a "public service"; but some people seem to
certainly have taken this beyond the looking glass.
With malice towards none,
Warren, NF1J/6
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.687 / Virus Database: 448 - Release Date: 5/16/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.687 / Virus Database: 448 - Release Date: 5/16/2004
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|