Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:jessh (Score 1) 397

by bwcbwc (#48917425) Attached to: "Mammoth Snow Storm" Underwhelms

The main thing NYC cares about is that the mayor gets the snow off the streets so things get back to normal ASAP. The main thing the 'burbs care about is not getting stuck driving/riding in a snow storm for several hours. Shutting down the city when there is a significant risk of a major snowstorm keeps both groups from being unhappy and keeps their chances of getting re-elected. This isn't about the nanny state, it's about the voting booth.

Comment: Comcast hijacking home routers' wireless... (Score 3, Interesting) 43

by bwcbwc (#48903397) Attached to: For New Yorkers, Cablevision Introduces a Wi-Fi-Centric VoiP Network

The whole controversy last year about Comcast offering public wi-fi using the routers they supply to their home customers suddenly makes a lot more sense. Normal wi-fi data usage from outside users in a residential area is not a widely used feature, but "cellular" wireless is much more common. I bet we'll see a similar service (similarly priced) from them shortly.

Comment: Re:Definitely interested in this... (Score 1) 171

by bwcbwc (#48874019) Attached to: Hands On With Microsoft's Holographic Goggles

Granted this is just an interesting concept at the moment, however I think Microsoft may have something worthwhile here. The only thing is lacking (or missing rather) is a tactile interface - so that one could "feel" virtual objects.

I'll be paying attention to this, because I think this could be a game changer.

It's probably more than just a concept. They're marketing it like it will be out for holiday season 2015. It looks like they view this as the "killer app" for Windows 10. The closing of the ad shows both the Windows 10 and Microsoft logos in sequence.

I wonder how it'll play with an HP Sprout or a 3-D printer.

Comment: Re:haha (Score 3, Interesting) 114

by bwcbwc (#48644401) Attached to: Google Sues Mississippi Attorney General For Conspiring With Movie Industry

Google is lobbying the AG's themselves, but they seem to be on the defensive. From Ars: http://arstechnica.com/tech-po...

Several weeks later, a meeting took place between Google executives and Connecticut Attorney General George Jepsen. The same morning the meeting took place, MPAA's Perrelli was informed about it by two attorneys at the AG's office, who offered to send Google's presentation to Perrelli. Jepsen reached out to the MPAA, seeking demands that he could press against Google.

The article makes clear that many AG offices seem to be favoring the MPAA side, even after hearing from Google. I'd be really interested to see a survey of who's funding election campaigns for all state AGs in the country. Follow the money and see what shows up.

Comment: Re:Every 30 days. (Score 2) 247

by bwcbwc (#48530151) Attached to: Ask Slashdot: Convincing My Company To Stop Using Passwords?

Maybe, as long as the sentence isn't a quotation from anything online or exceeds 50 characters or so. Dictionary attacks use entire phrases now, but they still don't go beyond a character limit that's fairly low compared to entire sentences.

Some additional password fuzzing techniques to consider.
- Putting nums or special characters between syllables in words, not just between the words.
- Using multiple specials/nums between each word.
- Strange uses of spaces and punctuation.
- There are 2 additional ways to encode alpha characters as numbers besides 1337-speak. Use alternate means.
- use puns or homophones to make your phrase less likely to match a dictionary.

As far as the OP, there are some things that your company can do to improve security without completely abandoning the passwords. They may find some of these more palatable:
- Instead of sending new password direct to user, send an access code to the user's manager. User has to request the access code from the manager, then use the code to login to the site that gives them their temporary password. This has the additional advantage of bringing to manager's attention which employees are particularly bad at remembering their passwords, and who probably need more attention to assure they don't have any sticky note reminders on their desktop.
- Rather than use full 2-factor authentication, just enable a standard password locker software to install on each employee's computer and give them a flash drive to host their password file. This is a lot cheaper than buying customized smart cards or key dongles, and is significantly more secure than what you have now, especially if they use the random PW generators that most lockers make available.

God help those who do not help themselves. -- Wilson Mizner