Of course you don't have a driver - you bought a $35,000 car.
Slashdot videos: Now with more Slashdot!
I assume that you can copy and paste, so apparently the article has been updated. It now reads: "On some systems, the server will check a cryptographic signature on a token...".
But the answer to your question is yes, it matters. When the place it fails to match changes, this information is leaked by the response time. This is how an attacker extracts information from random guesses.
You know, attitudes like yours are IMHO the root of all that's wrong with computers today. And I'm saying that as a programmer, not as Jane Grandma. The whole idiotic OCD idea that you _must_ make up rules about everything, and that your rules are more important than what people are actually trying to do. The idea that if even someone's name doesn't fit "your" database, then you can just brush them off and have a beer.
Your message is more than 140 characters long, and doesn't fit in my database.
> it can be a small problem, I think, when "non-random" sequences are removed from possible random number generations. [...] it may take a fair slice out of the available keyspace
This is true, and could be a problem if everyone's PIN were randomly generated. Since most PINs are selected by users and conform to a known, decidedly non-uniform distribution, this actually makes sense. If it's known that e.g. 1234 is over-represented in the pool of PINs, that would be one of the first ones an attacker would try. Therefore, it makes sense to filter that out. But note that it's the over-representation of the PIN and the fact that attackers are aware of this skew that makes it worth avoiding, and not anything inherently insecure about "runs" or "pairs".
Well, here's one from 5 days ago. I think he beat you.
Either the FBI are wrong, or the article summary is.
The summary is wrong? That's unpossible!
they come here for (sometimes) informative, enlightened, or humorous discussion of the article and related topics.
I come here for the depressingly predictable jokes. Where's my "I for one..."? Ah, there it is.
Not sure about that.
GP is probably referring to things like address randomization, which make many types of vulnerabilities harder to exploit. I think Matasano Chargen has a good writeup if you're interested in more.
Initially, URL shorteners were a solution to a problem nobody had. Fortunately, Twitter came along and created a problem!
There is no bridge to Plum Island.
> I've been rick rolled plenty, but thankfully there are no memes that involve duping people into going to NSFW sites and getting written up by HR.
Apparently too young to remember when slashdot comments would link to goatse. That was long before "rick rolling".
Absolutely. I find myself using most of my moderator points marking posts as off-topic. A reply (even an insightful, informative, funny one) to an off-topic comment is itself off-topic. I've even considered saying so in my sig. And yes, I am aware of the irony of posting this, as it has nothing to do with rats or cables.
Totally. My home machine came with ME. I wiped it and replaced it with 2K. It was my primary machine until I got a laptop last year, and I never had a single problem with it for 8 years. I'd still use it, but the hardware gave out a few months ago.