Comment Re:my life sucks (Score 1) 488
Not in Haiku form? srsly?
my life is a sham
two day wait makes my wrists itch
please pass me a knife
Not in Haiku form? srsly?
my life is a sham
two day wait makes my wrists itch
please pass me a knife
It is MIT Kerberos, so yes. This came out last week.
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-002.txt
Shame on you, you think that internets people would know better.
Except for the fact that they revamped their website for about 4 million dollars. So to get 35 paid subscribers from that web redesign and have their traffic fall from 2.2m to 1.5m (per month)
in fact, forget the motivation
Agreed, although Jonathan Swift was Irish. I'm American, so close enough as far as I am concerned.
So if the defendant is trying to get back pay, then aren't they just going to pull the "freeloader's debt" thing, and sue him for unpaid auditing?
I think they are trying to separate themselves to state that if you want the news, come to us and do it properly.
Riiighhht. When I want news done properly, I'll PAY FoxNews to do it properly. Just think about that for a second. The only reason anyone should be remotely concerned about this is because he now controls the WSJ.
Have you ever searched for some information, and Google gave a hit where the surrounding text of the query already answers your question? And then not clicked the website?
No, not for news. Try searching for "2009 election results" or "apple earnings 2009" and see if you can make sense of it (although "who beat rihanna" actually kind of worked). Nobody can use that crap. Even Google News doesn't provide usable news in their largest digest. FoxNews.com charging would be fun to watch, glad to see them go first.
The worst thing is, I think that I may remember that number for the rest of my life. What a waste of space.
And if you didn't get the joke,
WOOSH
It is trivial to write a script (on Windows or Unix) to simply attack the default gateway. Hopefully, that is what they do as opposed to using the default configuration, but maybe they aren't so cl3v4r.
Do you think that more people record passwords via CCTV cameras and RF, or shoulder surfing? Now what happens to that number when you remove masking?
Does masking help, yes. Is it fool-proof security, no. It is a layer, and a decent one at that. The biggest issue is that it does reveal length, which really is way too much. No echo is better.
Howzabout we make it optional, so people can decide for themselves?
If we let lusers decide for themselves, they would choose weak passwords, write them down on post-it notes and stick them to their screens, take out full-page adds in the New York Times with them in 256 pt Arial.
Seriously, end users don't understand security. Maybe it can be an advanced setting.
Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.
Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.
If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.
Right, and when we unmask all passwords, people will just shoulder surf, much easier! No recording equipment, plausible deniability, easy to do in public places. It's a real win-win.
I'm not sure that you really thought this through.
Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!
