Comment Re:Read "Outliers" (Score 1) 385
Otherwise, I agree overall with your comments.
Yep. Very much so.
Every once in a while Illiad sticks in a new story line, but it's getting more and more rare. I was just struck by the reference to goatce.cx.
I hereby claim that I have hands, therefore I am able to stab someone. Should I be detained and my property seized because I am ABLE to commit a crime?
Situational.
The government does NOT do jokes about fucking with airplanes.
I guarantee you that if you were walking around an airport with a knife talking about how you COULD stab then you'd be detained. And they'd probably keep your knife.
The punchline for this week's story line arc at Userfriendly is significant to any slashdotter with less than a seven digit UID.
Close to where I live are large intertidal mudflats. Every other summer some tourist drives a brand new four by four out there and gets stuck. And then, of course, the tide comes in. When the vehicles are recovered two or three tides later, they are insurance write-offs - the electrics, interior, and engine are all beyond repair.
You do not want to immerse something complex and expensive in salt water unless you really, really have to.
Remember: seawater ruins everything.
One of those occasions where I wish I had mod points but don't. Mod the parent post up!
Seawater is extremely corrosive. Engineering the rocket engine to survive sudden immersion in seawater when very hot would add a great deal to the complexity and cost (and probably weight). And that's before you add the cost of engineering the rest of the vehicle to resist corrosion.
Read to the end for a secret revelation.
One for all the various forums, social sites and other crap that is of absolutely no importance to me and if it gets leaked and you use it to log in as me on one of them, you can post comments in my name - omg, the sky is falling.
The problem there is that all it takes is one crap site and an attacker can check all of your "reset answers" (pet's name / mom's name / etc) to see if they can be used for an attack.
One is for sites that I have some stakes in, like accounts in online games and such, where you could do some damage in the sense of destroying something that took me time to create (delete my GW2 characters, I'd hate you for it, but no real damage has been done).
A different password but does it still have the same "reset answers" that the other category does?
And you are depending upon the admins of those sites to correctly secure them and keep them sites secure for THEIR ENTIRE EXISTENCE.
And one I use for sites where you could do some damage that I could probably reverse, but it would take effort and might cause me real-world inconveniences, such as shopping sites where you could order something in my name and I'd have to go and cancel the order or send it back or whatever.
Just about all of the damage can be reversed. It's just a matter of how much time and how much money is lost doing so.
This is about preventing the damage before it costs you time and money.
Your Amazon account should NOT have the same password that your eBay account has. No matter how much you trust either of them.
My PayPal and banking accounts have their own passwords,
...
And they should have their own email accounts tied to them. If someone cracks your GameYouUsedToPlay.com account that should NOT give them the email address you use at your bank.
Now, for the secret revelation!
Passwords WERE once used for security.
NOW they are mostly (99.9%+) used for MARKETING. That is why almost all the sites out there require a unique login. And those sites are very lax with their MARKETING data (your username/password/answers).
Once you understand that (and what information you are leaking when you give it to them) you can make better decisions on how much RE-USABLE information you want to give them.
Think about what the minimum information an attacker would need to access your bank account (either login or social engineering) and then look at how many sites have that information.
It doesn't matter. If someone is cracking your (end-user) password at work then they probably have some other means of attempting it.
1. keylogger
2. some reduction attack
3. pass the hash
4. fake authentication request & server
5. etc
By the time the attacker has copies of the hashes and is trying to use any of the techniques in TFA on them it's too late for you as an end-user.
For non-work websites just remember 2 things:
a. DO NOT USE THE SAME PASSWORD
b. If it is financial, don't use the same username/email-address as other sites.
The problem is that easy to get at fossil fuels are gone. They've already been gotten, and they're not coming back easily.
Yes , that is the correct Syntax.
Will this post without Slashdot requiring me to be human? What is up with slashdot randomly logging me out while I'm typing a post?
6 Curses = 1 Hexahex