Forgot your password?

Comment: Re:No, no. Let's not go there. Please. (Score 4, Interesting) 695

by nine-times (#47899683) Attached to: Why Atheists Need Captain Kirk

I think part of what you're pointing out is that atheism is not a belief system, and so people shouldn't expect atheists to all think the same way or believe the same things.

However, it's a nice little piece of irony that, since people who claim to be "atheists" can believe different things, they can also disagree on what it means to be an atheist. I've talked to quite a few people who identify themselves as atheists, for whom it does seem to be a belief system. For them, being an atheist includes a deep respect for science, a belief in empiricism, a responsibility to proselytize. It's not uncommon for there to be a rejection of morality outside of utilitarianism. There's usually a general belief that there's nothing to this world beyond physics, the math behind the physics, and the application of physics to build up the physical world around us. There's often an associated desire to find awe and reverence in science and physics, and to treat that as a sort of pseudo-spirituality, while talking about how stupid religion is.

I find whenever you start talking about atheism, you actually end up with a fair amount of disagreement from all sides about what atheism actually is. You're confidently saying one thing, and someone else will say something else with just as much confidence. It's pretty much impossible to have a meaningful conversation unless we can agree on our terms somehow.

Comment: Re:Not true. (Score 1) 85

by nine-times (#47888683) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

Of you know the user's account name and password it can log in to their iCloud account

And then you're pretty much screwed right there, regardless.

A fake WiFi spot can probably gather at least the user name in plain text

I wouldn't bet on that. Apple should be passing credentials over SSL. However, given that the username is the same as your email address, it's not impossible for people to find that out.

Apple allowed infinite rapid guesses of the password

Well.... no. They allowed an indefinite number of guesses, or an unlimited number of guesses, but not an infinite number of guesses. It may seem like I'm just being picky with word choice, but it they allowed an infinite number of guesses (somehow) then all of their accounts would be compromised. By allowing an unlimited number of guesses, they only open the door for a given account to be compromised after some kind of investment of time. The investment of time required depends on the quality of the password.

So if your password is extremely weak, then it might possibly get compromised by a general attack-- trying known user accounts with a small dictionary of passwords. If your password is pretty weak, then it might be compromised by a targeted attack on your specific account. If your password is extremely strong, then a brute force attack is unfeasible.

Comment: Re:No no no... (Score 1) 85

by nine-times (#47883725) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

As I understand it (and I may be wrong), the accounts were accessed by abusing the "forgot my password" service.

I hadn't heard this exactly, but Apple's public statement did include a mention of security questions. Their statement was pretty vague. They say that there was "a very targeted attack on user names, passwords and security questions".

Still, that's not really an exploit of iCloud's service. If they chose security questions that someone could find the answer to, I wouldn't consider that an iCloud exploit. I do think that the use of security questions should be reevaluated, but they're a pretty standard practice these days. Even if someone forces a reset of your password, under normal circumstances you should notice that the password has changed the next time you log in.

Comment: Re:Eat real foods, mostly veg, not too much (Score 1) 288

by nine-times (#47883245) Attached to: Link Between Salt and High Blood Pressure 'Overstated'

Part of the problem is that these things are being reported badly by the press. A study shows some minor correlation between coffee drinkers and... let's say... people who suffer from heart disease. The news the next day is, "Coffee causes heart attacks".

Another part of the problem is, for a while, we apparently didn't even bother to study things scientifically. Research would show a correlation between being overweight and heart disease, and that was pretty valid. But then the assumption was made: If you want less fat on your body, you should have less fat in your diet. Since you have to eat something, replace meat with bread. Since you want food to taste good, replace fat with sugar. Or replace fat with vegetable products, because vegetables are healthier than meat, right?

Except that we hadn't really studied that stuff. It turns out, the bread and sugar and transfats are probably worse than having some level of meat and fat in your diet.

Finally, the fact is that we have a hard time studying diet. It's rare that you see anything resembling a controlled study, and you certainly don't see controlled studies going over long periods of time. We can't just gather up a couple thousand random people and give them a highly controlled diet for 20 years to see how their bodies respond.

Comment: Re:Not true. (Score 2) 85

by nine-times (#47882469) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

The article is about fake Wifi hotspots.

I don't think it was even that simple. I didn't read the article in detail because it seemed dumb, but the author seemed to be talking about spoofing a trusted destination for WiFi iPhone backups.

So if you set up your iPhone to sync over WiFi, and if you connect to a compromised WiFi network, and *if* that network has a machine that manages to spoof the computer that you sync your iPhone to, the iPhone will sync to that computer instead, which might sync sensitive information.

That's a very special set of conditions, and it's not clear how you would spoof the computer that's serving as a sync destination.

Comment: Re:No no no... (Score 4, Insightful) 85

by nine-times (#47882405) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

I do think Apple was a bit disingenuous regarding the "bad passwords" used by celebrities, given the iBrute tool apparently was able to keep trying different passwords against Find My iPhone without any sort of delay - a shortcoming Apple apparently fixed a few days back.

First, I don't think that it's known that the accounts were compromised with iBrute. People made the connection because the leak happened shortly after iBrute was announced, but there have been many suggestions that the photos had been acquired months or years before that. That makes it pretty unlikely that the accounts were accessed using iBrute. And Apple seems to deny that the accounts were accessed by exploiting "Find My iPhone".

Second, their comment about "bad passwords" is valid regardless, and would be valid even if the passwords had been accessed through brute force attacks. Brute force attack mitigation is specifically helpful in protecting accounts with weak passwords. If your password is strong enough, a brute force attack should still take a prohibitively long time to succeed.

From what I've been reading, it seems most likely that only some of these photos came from compromised iCloud accounts, and those accounts were probably not compromised due to an exploit of iCloud's service. There was just a news story about 5 million Gmail passwords being leaked, but it doesn't seem that it was from a exploit of Google's services either. Most likely, they were all acquired by phishing, or other non-technical attacks.

Comment: Re:No no no... (Score 3, Insightful) 85

by nine-times (#47882251) Attached to: Mining iPhones and iCloud For Data With Forensic Tools

I skimmed the article, so I may have missed something, but the attacks that they're talking about generally entail having physical access to the phone, offline access to the phone's backup, phishing for passwords, or WiFi man-in-the-middle attacks *if* you can manage to spoof a computer that the iPhone trusts.

Which is to say, these aren't tremendous vulnerabilities on Apple's part. An attacker might be able to pull off a brute-force attack on your encrypted password-protected iPhone backup if they have an offline copy, if the password is weak. Well golly! Everyone better stop using their iPhone right away.

Comment: Re:To be fair... (Score 4, Funny) 400

"Brees isn't watching movies on his surface" about 98% of the audience would have said "WTF is a 'surface'?

That's not true.

I'm sure lots of people would be like, "Of course he's not watching movies on his own surface. How on earth would he have a movie on his own skin? But maybe he's watching movies on his iPad. Duh!"

Comment: Re:magicJack alternative? (Score 1) 160

by nine-times (#47875669) Attached to: Google Hangouts Gets Google Voice Integration And Free VoIP Calls

I wonder what's going to happen to the other features, though. Part of the great thing about Google Voice (formerly Grand Central) was that you could route and filter the calls. You could say, "If my girlfriend calls this number, put her directly through to my cell phone. If my boss calls during working hours, ring both my cell and my desk phone. If my boss calls after hours, ring my cell phone twice and then send him to voicemail with my professional voicemail greeting. If my mom calls, ring my home phone. If someone calls and the number isn't in my address book, send it directly to voicemail with an anonymous greeting."

I don't remember what all the options or limitations were, but it had some flexibility. Google Voice still does some of this stuff, but I haven't seen any of it in Hangouts.

"Turn on, tune up, rock out." -- Billy Gibbons