Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Ask yourself (Score 1) 100

by sjames (#48687609) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

If they're storing the passwords in clear text, that's not good. However, they could be assigning random passwords and only storing the hash after they send it via email to the user. There's just not enough information to say.

Agreed that security questions in addition to the usual click lost password and they send you a unique URL to navigate to is a good idea and considerably improves the security of password recovery as long as the answers to the security questions aren't easy to determine from looking through the users email box.

Comment: Re:This is not a SSL matter (Score 1) 100

by tepples (#48687585) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

So to fix this we added the "get connected" feature. Basically it's a page after the initial login where people can open a session to all their social networks and provide all their frequent email addresses. This way they can login with any of these. This helped a lot.

The Stack Exchange network has a similar feature. Each user can associate a Facebook account, an e-mail address and password, and multiple OpenID identifiers (Google, AOL, Ubuntu, etc.) to his Stack Exchange user account. The one thing I'm surprised they don't support is Twitter login.

Comment: Ask yourself (Score 1) 100

by sjames (#48685589) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

What are the actual risks? Just how likely is it that someone will breech your email and what would the consequences be? What would you suggest as an alternative means of delivering both password and password changes?

Consider that if the lost password procedure involves email, then there is no security benefit to keeping passwords out of email (the key to getting a valid password is just as harmful as the actual password if it leaks).

Comment: Re:6:05 on average (Score 1) 157

by sjames (#48680833) Attached to: Boston Elementary, Middle Schools To Get a Longer Day

There have been a lot of follow-ons to that too. People complain that kids sit their butts in front of video games and grow fat, but forget the reason. It's not that 'kids these days' are born lazy. It's that now that neighborhoods do not generally have a number of adults home at any given time, kids are strictly forbidden to go outside after school. They are under strict orders to lock themselves inside but no 'rough housing' (meaning running around engaged in physical activities).

Gee, I wonder why they don't exercise? What ever could be getting them in the habit of chatting online when they could walk two doors down and talk face to face?

If we as a nation want kids to value physical activity and going outside, we better fix the screwed up work/life balance until there are responsible adults at home again.

+ - The Slow Death of 'Do Not Track'->

Submitted by schwit1
schwit1 (797399) writes "FOUR years ago, the Federal Trade Commission announced, with fanfare, a plan to let American consumers decide whether to let companies track their online browsing and buying habits. The plan would let users opt out of the collection of data about their habits through a setting in their web browsers, without having to decide on a site-by-site basis.

The idea, known as “Do Not Track,” and modeled on the popular “Do Not Call” rule that protects consumers from unwanted telemarketing calls, is simple. But the details are anything but.

Although many digital advertising companies agreed to the idea in principle, the debate over the definition, scope and application of “Do Not Track” has been raging for several years.

Now, finally, an industry working group is expected to propose detailed rules governing how the privacy switch should work. The group includes experts but is dominated by Internet giants like Adobe, Apple, Facebook, Google and Yahoo. It is poised to recommend a carve-out that would effectively free them from honoring “Do Not Track” requests.

If regulators go along, the rules would allow the largest Internet giants to continue scooping up data about users on their own sites and on other sites that include their plug-ins, such as Facebook’s “Like” button or an embedded YouTube video. This giant loophole would make “Do Not Track” meaningless.

How did we get into this mess? For starters, the Federal Trade Commission doesn’t seem to fully understand the nature of the Internet."

Link to Original Source

If you have a procedure with 10 parameters, you probably missed some.