Forgot your password?
typodupeerror

Comment: Re:No data, so choose your favorite villain (Score 1) 113

by Black Parrot (#47716527) Attached to: Scientists Baffled By Unknown Source of Ozone-Depleting Chemical

Any chance to pin that on the content mafia or patent trolls? C'mon, at least ONCE such a story has to hit someone we can uniformly hate and not be controversial.

So long as you don't blame it on Tesla, Bitcoin, or Starts with a Bang, everyone here will cool with it.

Comment: Re:Easy, India or China (Score 5, Insightful) 113

by Opportunist (#47716423) Attached to: Scientists Baffled By Unknown Source of Ozone-Depleting Chemical

Can we just agree on greed being the culprit? Democrat, Republican, where's the difference? As long as there's money to be made by ignoring the law and as long as breaking a law and getting caught is cheaper than heeding it, greed trumps "doing the right thing" any time.

Comment: Re:This is ridiculous. (Score 1) 102

by Opportunist (#47716403) Attached to: Researchers Find Security Flaws In Backscatter X-ray Scanners

Really? The public demanded? Who? Where? When? All I remember is scaremongering from the press and politicians telling us that the sky is about to fall and how they need to protect us.

I honestly cannot remember a single instance where anyone demanded to trade his liberties for "safety".

Comment: Re:Findings... (Score 1) 45

by vux984 (#47716001) Attached to: Tor Browser Security Under Scrutiny

They say ASLR is disabled

I *think* what they are saying is that:
ASLR is disabled in their build of the software. (It must be enabled via compiler option).

However, ASLR is enabled in windows itself.

from Microsoft:

http://www.microsoft.com/secur...

Address Space Layout Randomization (ASLR): In older versions of Windows, core processes tended to be loaded into predictable memory locations upon system startup. Some exploits work by targeting memory locations known to be associated with particular processes. ASLR randomizes the memory locations used by system files and other programs, making it much harder for an attacker to correctly guess the location of a given process. The combination of ASLR and DEP creates a fairly formidable barrier for attackers to overcome in order to achieve reliable code execution when exploiting vulnerabilities.

ASLR was introduced in Windows Vista and has been included in all subsequent releases of Windows. As with DEP, ASLR is only enabled by default for core operating system binaries and applications that are explicitly configured to use it via a new linker switch.

As for EMET and ASLR:

Basically EMET can force recent versions of Windows to use ASLR even on applications that don't explicitly build with support for it:

http://krebsonsecurity.com/tag...

EMET can force a non-Microsoft application to perform ASLR on every component it loads, whether the program wants it or not. Please note that before you install EMET, youâ(TM)ll need to have Microsoftâ(TM)s .NET Framwork 4 platform installed. And while EMET does work on Windows XP (Service Pack 3 only), XP users cannot take advantage of mandatory ASLR and a few other notable protections included in this tool.

Comment: Re:I definitely share password with family (Score 1) 111

by vux984 (#47715919) Attached to: 51% of Computer Users Share Passwords

Not really sure which post is "GP" at this point.

I agree that there are better alternatives to sharing passwords in many cases.

I just think that the scenarios where "sharing" is so far-and-away the easier (perhaps even "better") solution that they shouldn't be classified as a 'rare exception'. Its pretty common.

For example, my wife and I both need the passwords to all of our utility accounts. The teenaged kids have the login to netflix. We all share the login to the HTPC in the living room rather than having separate accounts. These are all cases where I "have" to share passwords.

If I had a trusted guest house-sitting while I was away? Would I change the netflix and wifi and htpc and alarm code just for their visit? No. I could, but I wouldn't bother. Not in a million years. This is a case, where I *could* change the password and change it back... but I wouldn't.

If I had to give my some tech at my cell carrier my password so they could log into my account to look at it with me (something I HAVE had to do in the past) then yes, I do change it, give them a temp, and then change it back.

People need to think about it on a case by case basis. A "sharing passwords is always wrong" mentality is absurd... a "give your password to anyone who needs into your account" mentality is just as absurd.

Each case needs to be evaluated on its own merit... value of what is being protected, level of trust to the individual, level of hassle, etc. Neither scenario is exceptional or rare.

The degree of technical confidence is inversely proportional to the level of management.

Working...