Know of any US banks that offer SecureID or something similar? I'd sure like to know, as in order for my LLC to accept credit cards I have to have a US bank, so it's not like I can shop around even if I wanted to.

I agree, I mean, it's not like banks want to you easily move money out of an account anyway.

Where's Tomas Malthus when we need him? Dead... with probably a thousand descendants.

We'll you are correct, and it's a shame that this happens. The sad truth is, this is some ridiculous war between Sony and some image it has of how the world is. The same can be said for LulzSec and like minded people. The victims are the users caught in the middle. It's no different than some poor SOB getting shot in the face between two guys going at it outside a club because one guy pissed of the other

Isn't that the whole point though? I mean, I would think that sometime between the start of the attack and one-hundred thousand years later a Facebook admin might realize there is an attack on this account and take appropriate measures. And a botnet will not matter, 5 attempts every 15 minutes is 5 attempts every 15 minutes. Sure, a lot of computers can come up with a lot of answers to the question 'what is the password for account XYZ,' but the computer asking the question will only allow 5 answers every 5 minutes. It doesn't matter if there are a billion guesses from a billion people... for 15 minutes there can be only 5.

Thus, it doesn't matter if it comes from the same computer every time over a period of 10E5 years, or a different computer every time. A modern computer is quite capable of making 5 guesses in 15 minutes, but a trillion computers can't make more than 5 guesses in 15 minutes under this scheme. The only thing that many computers could do would be a DDOS attack against the application gateway/server... and will also bring down service for everyone and not just the account being attacked. (I suppose that many machines could make 'better' guesses, but that is beyond the scope of this argument as even minimum entropy with ideal conditions would still be decades to brute force)

Heck, under this scheme, a single modern high performance CPU would be more than enough to try and attack all 300 million Facebook accounts with maximum efficiency it would still take an average of 10E5 years though (1.5billion guesses every 15 minutes is way less than the 3 billion guesses for a Westome@3GHZ using Base64 encoded SHA1 hashes, for example) And that number will only go up once chips have build in SHA instructions, but it still won't make the net effect any faster.

The lesson here - sanitize your SQL, keep the DB away from the web-server, and for God's sake make sure the application has a modicum of preventative circuit breakers and you will stop a majority of script kiddies.

Wait what? You talk about 'bad manners' as agents of malcontent.

I don't know where you come from, but I would consider it 'bad manners' to crack a security system just because you don't like a person, organization, or company... just as I would consider it 'bad manners' to punch someone in the face because I think they have 'bad manners.' Isn't it 'bad manners' to force someone to do something they would rather not... such as change their password because you just stole it from them?

I don't know of a single nation that forces people to buy Playstations, Sony Music, or Sony TVs. If you don't like it, don't associate with them. Anything else is 'bad manners.'

You are correct sir. I should be able to park a dump truck full of gold anywhere in the world and know that it will be safe. Likewise, I should be able to create an account with and not worry about criminals misusing that information. Criminals, weather premeditated or not, always think that "because I could, I should." It doesn't matter if you are stealing my truck full o' gold because I was stupid, or stealing my identity because you can. It isn't yours, and you have no privileges to access it....

Unfortunately, the world has criminals and my utopia doesn't exist. Well, it does in my town but the Internet doesn't end at the county borders. I can leave the door unlocked, let my neighbors borrow the car, and leave money on a counter... I can't leave my passwords lying around on the internet because of yo-yos like LulzSec.

Then it would still be a problem with the application, FB in this case. Even a 15 minute x5 attempt cool down would prevent the brute force of all but the most trivial of passwords such as - 1234, password, qwerty, "insert last name here". With such a scheme and a "poor" password of low entropy, say a dictionary word and number combination of 5-9 characters, apple6174 it would take E5 years to brute force on average. If you used that password with 1000 different applications, it would still take 273 years no matter how fast your computer is.

Passwords are useless if the application security is poor. It's no different than having a RSA keycard and sign-out out process enforced by security guys who like to take naps. That's why I hate those password strength tools on signup pages. It's better than security by obscurity, but it still obfuscates the fact that a dumb password should still be protected by the application... period!

Ugh, -1000 grammar points.

Um, the Nobel Prizes for sciences and literature has nothing to do with the Peace Prize. The Peace Prize, your "hate America crowd", consists of Norwegian politicians and related types who are interested in promoting agendas. The other prizes are awarded by the various Swedish academies related to that prize. Sweden is not Norway... look it up on Google if you don't believe me. The Swedish academies are definitely more objective than politicians, and probably less politically motivated by the prize nominees than the peace prize. I'm no fan of medieval academic society here in the 21st century -I truly hate graduation ceremonies and 'group think' of modern universities - but as a person who directly works with a Nobel Laurette who definitely fulfill the European stereotype of a "cowboy American," I'm here to tell you hating America is not a prerequisite, desirability, or issue, for nominees one way or the other.

In other words. The "Nobel Peace Prize" is currently a great way for politicians to promote their adjectives. The "Nobel Prize" is a great way to recognize people who have contributed to our society through invention and discovery... even if Americans receive them from time to time.

Maybe I don't understand the problem, but in my mind it has nothing to do with available address space and everything to do with equipment cost. My ISP is a cable co-op, so what you pay is directly proportional to what you get. For my $50 I'd rather have increased bandwidth than a brand new room full of Cisco switches that isn't going to make things 'better' for me at this moment.

Our annual letter basically said that the plan was to upgrade to IPv6 when we need to upgrade the "big iron" in the next few years. So what 'profit' that could be spared went to additional bandwidth instead of new hardware. The caveat being any new bandwidth in the future will require new hardware, hence the reason to postpone IPv6 roll-out. If IPv6 were pushed back 5 years, we wouldn't upgrade until necessity forced us to. In our case, that will either be one of two things; A) our equipment has to be upgraded to handle additional traffic, or B) IPv6 roll out is required for users to use the services they require. To me, that means IPv6 it will happen when it happens, and not a day before.

I suspect this is the case with all ISPs big and small. Why pay for something now when you won't need it until later? Either way, my gut tells me there will be IPv4 squatters just like there are domain squatters. It's a bit ridiculous to pay for invisible property, but I doubt it will be too painful since unlike DNS there is a viable alternative.

This is why I generally support the big guys, Google et. all, when they go out and state they will no longer support older browsers. Not only is it good for security and designers, but it's good for server admins. With apache2 and IIS supporting SNI on all browsers, except XP SP2, it's time to move on. I really don't feel like playing the domain games of yesteryear with IP addresses.

2.5 cents

Zazzoo. 20.57 bits. What do I win? :(

And encrypt your passwords with DES... and login as root... and don't forget to smudge taco sauch on that post-it-note with that command "yum update" written on it.

Seriously, don't listen to all the naysayers. Just because you call yourself smart and have a million users doesn't make you smart. And just because you don't have a million users and don't think you're smart doesn't make you stupid. Work hard, subscribe to mailing distribution and software mailing lists, and ALWAYS make it a point to check your logs. It might sound pointless, but at least you'll be logging into a shell more often than you clean your gutters.

If that fails, there is always Plan B.

Perhaps yet another reason for more support of S/MIME. Should your mail server change hands like this, you could simply revoke your signed certificate and move on.

I'm pretty sure people are free to say what they want in this country. We are not fascists just because a person espouses beliefs that are extreme realizations of an ideal many Americans believe in. That does not mean we want to be ill-informed or unprepared for the sake of opaque safety. Freedom of speech does not make us fascist! We are not militant belligerents looking to fight out our grudges against neighbors because of some long forgotten slight. We may have made mistakes, but we are not afraid to correct them, even if it may take generations.

What would make us fascist is if we censored the author's speech, or perhaps speech contrary to his words. But this is not done, and for the very same reason we are here arguing against him. In this country, you are free to subscribe to the author's beliefs and disassociate with people you deem "undesirables" if you wish. You are free to protest the author, or debate him both publicly and privately in a variety of media. So If these liberties we hold dear make us fascist, just remember, this is America's world and the rest of you are just living in it. Deal with it.