Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Software

WhatsApp Is Using IMEI Numbers As Passwords 102

Posted by Soulskill from the security-through-handwavery dept.
mpol writes "In the past, WhatsApp has been criticized over their insecure use of XMPP. Recently, new versions of their app have incorporated encryption. It seems the trouble isn't over yet for WhatsApp and its users. Sam Granger writes on his blog that WhatsApp is using IMEI numbers as passwords. This is at least the case with the Android app, but other platforms are probably using similar methods. Since someone's IMEI number is easily readable, this isn't really secret information that should be used for authentication."

Comment Re:It's not broken. (Score 4, Insightful) 1154

by AlXtreme (#41267607) Attached to: Ask Slashdot: How Would You Fix the Linux Desktop?

The problem is actually bugs in the handling of tables and form data from .doc/.docx files in LibreOffice.

This. A thousand times this.

Businesses and people are used to MS Word. They don't like it, they simply cope and can be fairly sure a document created in it can be read and changed by another user without too many problems. It's the defacto standard, and any alternative needs to deal with that standard.

In spite of all the effort gone into Star/Open/LibreOffice compatibility over the past 15 years it has always been hit-or-miss when opening a Word document. As long as you can't rely on a compatible Office suite users will simply stay with MS Office, and thus Windows/OS X.

The average user uses their PC to browse the web, read their email and as a fancy typewriter. Get that working properly and you can play ball.

Comment Re:There's nothing Darwin about it. (Score 1) 992

by AlXtreme (#41267319) Attached to: Texas Opens Fastest US Highway With 85 MPH Limit

On the Autobahn things can indeed get rather tense when it's busy. But as everyone knows the speed difference between drivers going in the same direction is high (You have trucks plowing along at 60mph while Audi's in the left lane easily going 100-120mph) your average driver tends to be very alert and respectful. You have to be, because not checking your mirrors means you're going to cause a pile-up.

The clowns thinking they belong on the left lane are quickly corrected. If you're a poor driver feel free to take the highway but stick to the right lane.

Comment Re:Use cases (Score 2) 212

by AlXtreme (#40246513) Attached to: MD5crypt Password Scrambler Is No Longer Considered Safe

I tend to use 'apg' when generating passwords, neat little tool. Aliased as 'apg -a 1 -m 12 -x 16' though, as the default generator goes for pronounceable passwords that are too short for my taste:

% apg
9&}v3Q/'n5O6UN
]%LE\!TLUt?Z]jjj
$i4&zmOxh-wmfGu
N6.H+i/^rcGo5`p ;a-_)wg}~*Xu~z
rKv4JoC6wO0`\6,j

If someone brute-forces those they have earned it.

Comment Re:AOL Keywords (Score 1) 239

by AlXtreme (#40227385) Attached to: Startup Applies For 307 GTLDs

Imagine typing only "google" into the address bar and getting google.

Even better: try it! I've seen too many people access Google via IE/Bing this way.

Between integrated search, bookmarks and Facebook pages these "exclusive" domain names are already rather redundant. Users will hit Google first when searching for something, they're used to it.

How will Ticketmaster inform users they can simply enter 'tickets' into their addressbar? "Shouldn't there be a .com behind that?" At least with 'tickets.com' it's clear you're talking about a domainname.

But I guess the internet marketing types are all drooling about even more TLDs that go nowhere.

Comment Re:Rats! (Score 1) 182

by AlXtreme (#40013833) Attached to: Gene Therapy Extends Mouse Lifespan

Except that the average life expectancy you quote is at birth... Roy was in his 40's when he started reducing his amount of calories, so his life expectancy would have been approaching 80 regardless of what he ate.

Pass me the steak!

Comment Re:Online needs to change (Score 1) 60

by AlXtreme (#39872111) Attached to: MIT And Harvard Start New Online Education Partnership

A different model might hold the student back until they show proficiency. Once they have confidence in the material, the system "rewards" them and presents the next chapter. The student is motivated to get the next level of achievement, and their level of understanding is greater.

The Khan Academy uses this approach when one does the exercises: you start with the basics and gradually gain points and badges while you work through the various topics, using the video lectures when you get stuck.

All exercises are voluntary but the mentoring and statistics are very well thought-out so that student progress can be followed in detail. The next step up would be that only students that have shown their proficiency are allowed to take an exam.

I'm currently using the KA code to set up a similar academy for a local university (the focus of the content being grammar). The code is rather hairy but the concepts behind the site are very interesting.

Comment Re:Define immortality (Score 1) 637

by AlXtreme (#39759073) Attached to: I believe humanity will first achieve ...

In 75 years, should we survive, we'll look back on it with the same amusement.

Like most science fiction writing you mean?

I've always found this definition of 'space opera' a bit of a misnomer, as if true science fiction always follows the laws of physics or has a deep underlying message about the future of technology. If you look back at the works of Asimov, Heinlein, Lem and Clarke you know that this isn't always the case.

The reason Hamilton's works are lumped under space opera is because of the extensive focus on setting and characters. But there are plenty of 'hard sci-fi' nuggets in his work IMHO.
Science

Magical Thinking Is Good For You 467

Posted by Soulskill from the grow-out-those-playoff-beards dept.
Hugh Pickens writes "Natalie Wolchover says even the most die-hard skeptics among us believe in magic. Humans can't help it: though we try to be logical, irrational beliefs — many of which we aren't even conscious of — are hardwired in our psyches. 'The unavoidable habits of mind that make us think luck and supernatural forces are real, that objects and symbols have power, and that humans have souls and destinies are part of what has made our species so evolutionarily successful,' writes Wolchover. 'Believing in magic is good for us.' For example, what do religion, anthropomorphism, mysticism and the widespread notion that each of us has a destiny to fulfill have in common? According to research by Matthew Hutson, underlying all these forms of magical thinking is the innate sense that everything happens for a reason. And that stems from paranoia, which is a safety mechanism that protects us. 'We have a bias to see events as intentional, and to see objects as intentionally designed,' says Hutson. 'If we don't see any biological agent, like a person or animal, then we might assume that there's some sort of invisible agent: God or the universe in general with a mind of its own.' According to anthropologists, the reason we have a bias to assume things are intentional is that typically it's safer to spot another agent in your environment than to miss another agent. 'It's better to mistake a boulder for a bear than a bear for a boulder,' says Stewart Guthrie. In a recent Gallup poll, three in four Americans admitted to believing in at least one paranormal phenomenon. 'But even for those few of us who claim to be complete skeptics, belief quietly sneaks in. Maybe you feel anxious on Friday the 13th. Maybe the idea of a heart transplant from a convicted killer weirds you out. ... If so, on some level you believe in magic.'"

Comment Re:Mod parent up (Score 1) 480

by AlXtreme (#39408723) Attached to: Ask Slashdot: What Are Your Tips For Working From Home?

Any sort of interruption will snap me out of that trance state, even if it's wifey asking me where I'm going as I step out the door. It's all about maintaining that mental bubble.

Sounds very familiar. I've tried explaining but even her presence can snap me out of 'the flow', which makes me way too irritable.

Having our dogs around me doesn't though, so I tend to simply take a stroll with them and let that unconscious part of the brain do the heavy lifting.

Comment Re:WTF were they smoking? (Score 2) 202

by AlXtreme (#39255223) Attached to: GitHub Hacked

Except that there are fields in any model that the user *shouldn't* be able to change via form. And lo, there is a mechanism in Rails to flag those fields in the model so that this sort of things doesn't happen: attr_accessible flags.

Madness... when defining the form you explicitly define which attributes of the model may be submitted and modified and everything else is ignored. Forms should be the filter between the crap a user may submit and your precious model.

Django does this right in my eyes: allowed attributes need to be stated in the Form if you don't want all fields displayed. If you have different types of users present those users a different form with corresponding list of attributes and additional validation. Subclassing forms makes this trivial to implement and you explicitly whitelist those fields that are allowed to be modified by a particular user.

Not that Django is perfect, but I'm amazed that RoR requires/required blacklisting model attributes instead of handling this explicitly in the form. Kudos to the hacker for outing this design-flaw.

Comment Re:Typical problem (Score 2) 304

by AlXtreme (#39100219) Attached to: Ask Slashdot: How Do You Deal With Priorities Inflation In IT Projects?

This is probably the best way, avoid/ignore any priorities that don't come in from up top.

Even better is not using priorities at all: simply set milestones and allocate people to meet those milestones. If during the weekly meeting one of the dept heads wants something done quick let them fight it out with the dept heads whose pet project is currently underway and will be delayed due to "reduced resources". The impact of "pet project will be delayed by 4 weeks" is much more concrete than "pet project is now a minor priority instead of major".

Business people need to understand that, unless they bring additional resources to the table, they will simply have to wait in line until it is their turn.

Slashdot Top Deals

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Close