Forgot your password?
typodupeerror

Comment: Re:How does it secure against spoofing? (Score 1) 83

by Opportunist (#48198661) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

Comment: Re:How does it secure against spoofing? (Score 1) 83

by Opportunist (#48198589) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The system you describe has been implemented often. Most often I've seen it with online games and the like where the main threat is the use of credentials by a malicious third party (i.e. some account hijacker stealing username and password, logging into your account and doing nefarious things with it). For that, you don't need a dongle. You need two synchronized devices that output the same (usually numeric) key at the same time. Basically you get the same if you take a timestamp, sign it using PKI and have the other side verify it. If you have two synchronized clocks, transmitting the signature (or its hash) suffices. That doesn't really require plugging anything anywhere, although it probably gets a lot easier and faster to use if you don't have to type in some numbers and instead have a USB key transmit it at the push of a button.

But that's no silver bullet. All it does is verify that whoever sits in front of the computer is supposedly who they claim to be and entitled to do what they're doing. It does NOT verify what is being sent, or that the content being sent is actually what this user wanted to send.

If anything, it protects Google rather than the user. Because all that system does is making whatever is done by the user of the account non repudiable. Because whatever is done, it MUST have been you. Nobody else could have done it, nobody else has your dongle.

Comment: Re:How does it secure against spoofing? (Score 1) 83

by Opportunist (#48198461) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Technically, "real" two factor authentication, with two different channels involved, require an attacker to infect and hijack BOTH channels if he doesn't want the victim to notice it.

As an example, take what many banks did with text message as confirmation for orders. You place the order on your computer, then you get a text message to your cell phone stating what the order is and a confirmation code you should enter in your computer if the order you get as confirmation on your cellphone is correct. That way an attacker would have to manipulate both, browser output on the computer and text messages on the phone, to successfully attack the user.

In other words, it does of course not avoid the infection. It makes a successful attack just much harder and a detection of the attack (with the ability to avoid damage) much more likely.

Comment: How does it secure against spoofing? (Score 5, Insightful) 83

by Opportunist (#48196909) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

Comment: Re:Easily done: (Score 1) 257

by TubeSteak (#48196465) Attached to: 3D-Printed Gun Earns Man Two Years In Japanese Prison

then go lose a world war and dismantle most of your armament producing capability under scrutiny by an occupying force.

The USA (under Bush Jr. and Obama) has been encouraging Japan to become increasingly militaristic over the years.
They're trying to create a stronger military partner to help counterbalance China's burgeoning military spending.

And the current Japanese PM, Shinzo Abe, is essentially the Japanese equivalent of a Holocaust denier,
in that he's repeatedly gone on the record to deny or downplay Japanese war crimes.

His brand of nationalism is also pissing off South Korea, which certainly doesn't promote regional stability.

Comment: Re:Old news (Score 1) 371

by Rei (#48194991) Attached to: NASA's HI-SEAS Project Results Suggests a Women-Only Mars Crew

Hmm, now I'm curious. A fighter may have a takeoff weight of say 15000kg. Let's say that the "short lean female" saves 40kg over an "average male". With the other reductions - clothing, oxygen, etc - you probably get down to maybe a 60kg savings. That's a 0,4% reduction in system mass. The rocket equation (applicable here too) probably boosts that up to about a 0,5% benefit in many regards. Still not that much

However, if you can shrink the cockpit , then you're looking at a much bigger advantage - possibly 100-200kg extra weight savings and maybe cutting 5-10% off the total aero drag. That could actually be a big deal - relevantly faster accelerations, top speed, range, etc.

Comment: Re:Psychological issues (Score 1) 371

by Rei (#48194875) Attached to: NASA's HI-SEAS Project Results Suggests a Women-Only Mars Crew

There is no "how human societies have been organized". Some societies have had (and even continue to have) near complete segregation of the sexes except for reproductive purposes. Some have had full integration.

And "popular wisdom" is in general stereotype BS. It was "popular wisdom" that said that people of African descent were worthless for anything except manual labor and it's pointless to try to educate a woman, that gays are a social evil that needs to be obliterated, that burning witches is the only way to save the town, and that letting the races mix is tantamount to national suicide.

Comment: Re:Women prefer male bosses (Score 1) 371

by Rei (#48194781) Attached to: NASA's HI-SEAS Project Results Suggests a Women-Only Mars Crew

You seriously think you can make a claim credited to a scientific study, and then when you can't show evidence that such a study claiming what you did was ever conducted, suddenly switch to a "but everyone knows" laden with old gender stereotypes and the standard lame appeal to darwin - and think that will fly?

In almost any sentence where people say "Women (verb)..." or "Men (verb)..." and it's about something psychological (as opposed to, say, something involving reproductive organs or a statistical difference in strength / height or the like), 99% of the time it's equally accurate to simply say "People (verb)..." The popular perception of differences between genders (including the effects of both brain structure and hormones) is often vastly different from the statistical reality. Screw Mars and Venus; men and women are from Earth. Psychologically, we're statistically virtually identical in most measures. And in many cases where there are differences that even manage to meet statistical significance, what differences there are may well be artifacts of culture.

How little are most of these "differences"? This set of graphs puts it into perspective.

Again: Either present your supposed "study" or drop the issue.

Comment: Instead of the "bah" ... (Score 1) 157

Bah, none in my areas. :(

No matter how many "bah..." you utter ain't gonna change the matter for the better if you don't pick yourself up from your fat ass and DO SOMETHING ABOUT IT !

What I am saying may sound harsh, but the thing that you are expressing is exactly the one thing that is retarding the cities / communities from progressing forward --- When everybody is waiting for someone else to do it there ain't gonna be anything done

Don't sweat it -- it's only ones and zeros. -- P. Skelly

Working...