Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Similar to PinPlus (Score 1) 287 287

I've looked at these guys before, Basically you remember a pattern and then to log in you are presented with a large grid of letters/numbers which you then have to type in the letters/numbers corresponding to your pattern. So you never reveal your pattern at any point, keyloggers/screenscrapers never have access to your pattern. Even if someone did get a screengrab, there are multiple instances of each letter/number in the grid, so you can't tell which position in the grid the user was referring to.

Comment: Slap anyone that sets a root password (Score 1) 77 77

by GroovinWithMrBloe (#36772980) Attached to: Vodafone Femtocells Rooted, Secret Keys Exposed

In embedded devices like these, there is no reason to use a root password. The devices should be locked down completely with a process to update them with signed firmware.

If they need some form of remote access, they should at the very least use SSH PKI.

Comment: Examples of pedestrian islands (Score 1) 1173 1173

by GroovinWithMrBloe (#36652900) Attached to: Roundabout Revolution Sweeping US

See the two roundabouts? They each have pedestrian islands on each side road.

The roads themselves aren't high volume, but rather than having to come to a complete stop at each intersection and look, or install traffic lights and wait until the cycle goes green, you can basically drive straight through and only check a single direction as you go. You don't need to check for oncoming traffic, nor do you need to check for traffic turning into your path, as it's a single flow. It greatly reduces the number of potential points cars can crash into each other.

Comment: Re:Pedestrian problems? (Score 1) 1173 1173

by GroovinWithMrBloe (#36652804) Attached to: Roundabout Revolution Sweeping US
Pedestrian either have pedestrian crossings or pedestrian islands provided along each ingress/egress road. With ped crossings obviously cars give way to peds immediately, and there is no distraction because at that point you are still on a normal road. With the islands, the pedestrian moving into the middle first when it's safe, then onto the next side. Pedestrians don't walk onto the roundabout itself.

Roundabouts are used in low and medium volume traffic situations, where it is quite easy to find a safe gap to walk across a road. It does mean a bit more walking for someone trying to walk 'straight' through the roundabout, as you'll have to deviate slightly down a side road then walk back up again. But as mentioned, since there isn't normally much traffic, you don't normally need to walk far. It's normally quicker than waiting for a traffic light.

Comment: Re:poor test (Score 1) 106 106

by GroovinWithMrBloe (#36260494) Attached to: Finding Fault With Qantas' RFID Baggage Tracking System
What Qantas has here is closer to the difference between self-checkouts in supermarkets - designed to handle only small loads - and the regular supermarket operator who can handle all volumes of goods. Yes, your floating point operation will work, sir, as long as you use the correct registers.

Comment: No fatal JET crash is correct however (Score 1) 106 106

by GroovinWithMrBloe (#36260470) Attached to: Finding Fault With Qantas' RFID Baggage Tracking System

First off, QANTAS had a fatal crash in 1951.

You are of course correct, they have had fatal crashes in the past. But none with jet engines. I.e. nothing in the modern era. I'd prefer we had a rolling scale approach that reflects the average working life of modern planes, e.g. in the last 20 years has the airline had a fatal crash?

Comment: Re:torrent (Score 1) 198 198

by GroovinWithMrBloe (#34792012) Attached to: Atari Loses Copyright Suit Against RapidShare

Easy to stop

- Don't allow zip files with passwords (or any other compression format)
- Inspect individual files in compressed archives for checksum matches (i.e. lolcat.jpg not matched, but game.exe is, so is README.txt, etc...) and if enough of the individual files match known checksums, flag it for human inspection.
- Check all files to identify what filetype they are - jpg/zip/gz/tar/etc... if the file type is not known, disallow it. Yes I'm sure someone will invent a zip file format with a JPG header.

- Perhaps for 'identity verified' customers (users who you have confirmed their phone/address somehow, e.g. TXT postal letter activation code) you lift the restrictions on no encrypted files, and also allow files of unknown type.

- Video and Audio are harder to detect than other lossless filetypes, as the user can modify it easily to change its checksum without destroying the content. There are some algorithms that fingerprints aren't affected by such changes but they're typically a lot more specific to the given filetype and I imagine quite intensive to run compared to a typical SHA/MD5 checksum.

Comment: Re:What the hell (Score 1) 321 321

by GroovinWithMrBloe (#34322056) Attached to: FCC To Allow Texting To 911
Let's have a larger number for dedicated silent calls. 999 111 999. A lot harder to accidentally put in. Publicity of it will make sure people who *need* silent calls will use it (and those who don't are Darwins). All calls to 999 111 999 would be followed up, and pranksters would be severely fined / jailed on the first offense.

Comment: Re:A couple questions about passwords (Score 1) 499 499

by GroovinWithMrBloe (#30849446) Attached to: Analysis of 32 Million Breached Passwords

For 'online' systems which lock accounts after a small number of tries, it would *seem* like an 8 digit alphanum password (which isn't one of the trivial ones discussed earlier) would be sufficient, wouldn't it?

More than likely it would be fine. I guess I was commenting more on your question of brute force attacks being relevant in the days where you get X tries then the account is locked. If you choose even a moderately sane password (i.e. no sequential numbers, no keyboard sequences, no common words) then you'll be a lot safer than most people.

But attackers these days are more interested in *any* account, not a specific account. So brute force hacking has shifted from brute force passwords to brute force usernames. Imagine trying tonnes of common usernames ( against the top 3 most common passwords. You're bound to strike gold soon enough. Attackers will most likely have access to large email databases of legitimate addresses to use in their attempts. Sites allowing / encouraging / requiring you to use your email as your username these days only make such attackers easier.

Loan-department manager: "There isn't any fine print. At these interest rates, we don't need it."