Forgot your password?

Comment: They just removed a major security feature in FF (Score 5, Interesting) 40

by chrisvdb (#47032435) Attached to: Mozilla Launches Student Coding Program "Winter of Security"

I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.

Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.

With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.

If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...

Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.

Comment: Re:New but inferior sync (Score 1) 688

by chrisvdb (#46889145) Attached to: Firefox 29: Redesign

The Mozilla devs seem to think that disk encryption is a better solution than an encrypted password file... but they forget that an encrypted disk does not protect against vulnerable/malicious applications reading your password file. Or leaving you computer unlocked for a few minutes. The old sync version will be removed 'as soon as possible' (in the dev's words) so at that point we'll have to choose between not upgrading, not sync'ing or not locally encrypting the password file.

Please consider voting for the bug on Bugzilla. This might help too:

Comment: New but inferior sync (Score 5, Informative) 688

by chrisvdb (#46874533) Attached to: Firefox 29: Redesign

So, the new FF finally implemented a more userfriendly sync functionality. Apparently less than 1% of its users was using the old (but very secure system). The new sync system is (unsurprisingly) similar to Chrome's sync system: you create an account, when you log in your info is encrypted based on your account password and uploaded to Mozilla's servers.

What I cannot get my head around is that Mozilla claims they cannot access your data (as they don't know your password) but that they are able to reset a lost password... how can that be a secure system??

Also, in the new version it's no longer possible to use a master password... if you want to use sync all your password will be in plaintext (well, obfuscated) in FF's password file. Any malicious or vulnerable application can get access to ALL your passwords.

Doesn't sound like an improvement to me...


Wii Hardware Upgrade Won't Happen Soon 325

Posted by Soulskill
from the can't-show-ugly-mario-in-hd dept.
As high-definition graphics become more and more entrenched in this generation of game consoles, Nintendo has had to deal with constant speculation about a new version of the Wii that would increase its capabilities. Today, Nintendo of America president Reggie Fils-Aime bluntly denied that a hardware revision was imminent, saying, "We are confident the Wii home entertainment console has a very long life in front of it." He added, "In terms of what the future holds, we've gone on record to say that the next step for Nintendo in home consoles will not be to simply make it HD, but to add more and more capability, and we'll do that when we've totally tapped out all of the experiences for the existing Wii. And we're nowhere near doing that yet."
First Person Shooters (Games)

Duke Nukem Forever Not Dead? (Yes, This Again) 195

Posted by Soulskill
from the you-didn't-think-it-was-over-did-you? dept.
kaychoro writes "There may be hope for Duke Nukem Forever (again). 'Jon St. John, better known as the voice of Duke Nukem, said some interesting words during a panel discussion at the Music and Games Festival (MAGFest) that took place January 1 – 4 in Alexandria, Virginia, according to Pixel Enemy. Answering a question from the crowd regarding DNF, St. John said: "... let me go ahead and tell you right now that I'm not allowed to talk about Duke Nukem Forever. No, no, don't be disappointed, read between the lines — why am I not allowed to talk about it?"'"

Living In Tokyo's Capsule Hotels 269

Posted by samzenpus
from the living-in-the-hive dept.
afabbro writes "Capsule Hotel Shinjuku 510 once offered a night’s refuge to salarymen who had missed the last train home. Now with Japan enduring its worst recession since World War II, it is becoming an affordable option for people with nowhere else to go. The Hotel 510’s capsules are only 6 1/2 feet long by 5 feet wide. Guests must keep possessions, like shirts and shaving cream, in lockers outside of the capsules. Atsushi Nakanishi, jobless since Christmas says, 'It’s just a place to crawl into and sleep. You get used to it.'”

Computers will not be perfected until they can compute how much more than the estimate the job will cost.