Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: The weak point (Score 1) 152

by MoogMan (#49671943) Attached to: The Best Way To Protect Real Passwords: Create Fake Ones

"There is, however, one large problem: What if a person mistypes a password? In that scenario, a fake vault is generated, and a user is locked out of his or her accounts."

This is the weak point - It forces the user, or the system, to generate an additional artifact to inform the user (but hopefully not the attacker) that the password safe is correctly unlocked.

"One possible fix is to create a hash of the master password that is linked to an image that is shown when the password is entered. The authorized user should recognize when the wrong image is displayed, but an attacker would not."

I'd expect this one image to be shown only when the master password is entered. i.e. it is an unique indicator. Fake images will need to be generated for all other passwords, and if there are duplicates then they can be eliminated as false-positives. Strategies like this will always be the weak point. It's commendable that they're attempting to fix the problem, lets just hope the additional complexity doesn't weaken the system overall.

Comment: Re:IBM no longer a tech company? (Score 4, Interesting) 283

by MoogMan (#48228779) Attached to: Ballmer Says Amazon Isn't a "Real Business"

Amazon isn't 'losing money' - Just take a look at it's top-line growth vs capital expenditure.

Amazon is re-invest revenue instead of distributing back to stakeholders, or keeping cash in the bank. Cash in the bank is seen as waste. Instead, cash re-invested is being leveraged to create accelerated future growth.

+ - Ask Slashdot: Can some of us get together and rebuild this community? 21

Submitted by wbr1
wbr1 writes: It seems abundantly clear now that Dice and the SlashBeta designers do not care one whit about the community here. They do not care about rolling in crapware into sourceforge installers. In short, the only thing that talks to them is money and stupid ideas.

Granted, it takes cash to run sites like these, but they were fine before. The question is, do some of you here want to band together, get whatever is available of slashcode and rebuild this community somewhere else? We can try to make it as it once was, a haven of geeky knowledge and frosty piss, delivered free of charge in a clean community moderated format.

+ - IT Departments - How are you supporting your os code?

Submitted by Anonymous Coward
An anonymous reader writes: A lot of IS groups are using Open Source tools (Linux, MySQL, PHP, etc...) to build cost effective and reliable IT infrastructures for their companies. Upper and executive management wants to know how these tools will be supported since their isn't one single commercial entity that does by default (ie. Microsoft). So, what does your IS group do? Do you hire staff with the expertise to do support in-house or out source all your support to a third party? Or something else?

Comment: Re:Trade-off (Score 3, Interesting) 65

by MoogMan (#39754875) Attached to: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

Privacy and security are almost never a zero sum game. In this case, reducing privacy isn't going to help find more 'criminal/terrorist activity'; It will just cause them to use Freenet, TOR, steganography, for comunication etc. instead and result in making it even harder to track real criminal activity.

Secondly, common people are really really bad at making these risk-reward trade-offs (for instance, many people have a fear of flying, but a more rational reaction would be to have a fear of travelling to get a flight as you're more likely to get killed in a car/bus on the way to your flight, than actually flying; you may tell your children to 'never talk to strangers', but in fact that would put them in a far worse position if they ever got lost -- the huge majority of people are not evil! etc.) - we'd be better off delegating to a panel of economists and statisticians to determine the outcome.

It seems intuitively obvious to me, which means that it might be wrong. -- Chris Torek

Working...