Forgot your password?

Comment: Re:Makes Perfect Sense (Score 1) 52

by sexconker (#47510415) Attached to: AirMagnet Wi-Fi Security Tool Takes Aim At Drones

If someone plugs in a router with a spoofed MAC of an allowed device for that port, you'd never know.
Most routers support MAC spoofing in order to forward the MAC of your main PC to the cable / DLS modem. Many ISPs will block a new MAC for a period of time or until your call up and tell them. If you require authentication on a wired port, they could set that up as well.
The only way to prevent a MITM attack is to physically secure the network wiring or centrally manage per-device encryption keys/certificates. And I know you're not doing that. And if you want to claim that you are, I also know you're not doing it for your printers and other devices.

For wireless, if someone plugs in a wireless router you might be able to detect it if you have antennas in range, but you can't stop it.

The air marshal shit Meraki does is completely illegal. You can't jam wifi, which is all Meraki does for "containment". They even fucking admit that it's illegal to use it in their documentation.
From , page 8:

2As containment renders any standard 802.11 network completely ineffective, containment measures should taken in your airspace. Extreme caution should be taken to ensure that containment is not being performed on a legitimate network nearby and, action should only be taken as a last resort. Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’).

Beyond the legality, it doesn't even work in a manner that could be called secure. It creates bubbles of noise where NO wifi works (hello DoS). It becomes a loudness war and the rogue AP will always have a bubble of effective range where it will win out. If you have two Meraki networks near each other, they often get into wars, shutting each other down where their edges meet.

VLANs has nothing to do with wireless security. Segregating your networks with a VLAN is pointless - all the devices that are wireless APs also include routing functions. Use them. VLANs are meant for logically extending a network that is physically separate, not for logically separating a network that is physically connected.

Comment: Re:Here we go... (Score 1, Interesting) 402

by sexconker (#47505963) Attached to: MIT's Ted Postol Presents More Evidence On Iron Dome Failures

They're not at war? Are you high? Hamas has declared war on Israel from day one. At this very moment Israel and Gaza is exchanging rockets missiles and bombs and hundreds of people are being killed every day. If, as you say, "Israel could wipe them out in a matter of days", then do it and get it over with.

Israel are trying to minimise casualties on both sides. Hamas are trying to maximise Israeli casualties, and use Palestinian casualties to their political advantage. It's a perfect example of asymmetrical warfare; the capabilities and aims of the combatants are completely different.

Israel has the military capability to destroy Gaza, just as the US had the military capability to destroy Iraq or Afghanistan back in 2003. But doing so is not in their long-term interests.

Do yourself a favor and drop your agenda and take a fresh look at what has been going on for decades. Israel is absolutely not trying to minimize casualties. They'll do everything and anything they can get away with, toeing the line as long as they have the backing of the US, which prevents anyone from doing anything about their horse shit.

Comment: Re:Here we go... (Score 1) 402

by sexconker (#47505925) Attached to: MIT's Ted Postol Presents More Evidence On Iron Dome Failures

If Israel is not willing to do the above, then don't complain when Hamas have to improvise just to have a fighting chance of defending themselves.

Two points: First, their improvisations are war crimes; second, Hamas are the aggressor. This is not particularly complicated.

There is no crime in war. War has no law.

Regardless, if you want to morally judge the actions of both sides here, Israel comes out looking far, far worse.

Comment: Re:Or is it unrealistic speed? (Score 1) 154

Hardly - you up to join me for a 10 mile hike tomorrow?

Seriously - walk around for a while at a normal walking pace and pay attention to how fast your body actually turns when going around corners. Or sit somewhere and watch other people do so as they go about their day - it's not nearly as fast as you would imagine. Certainly we *can* turn much faster without much effort, but we don't normally do so. Which means that FPS style games are simulating us turning much faster than normal, and if you add in wide-FOV VR you end up in the situation where your eyes are telling you your turning much faster than you're acclimated to, and your inner ears that you're standing still rather than subjecting them to the rather divergent set of accelerations such a maneuver should be causing.

Why would I hike 10 miles with you?
Why would you even compare "normal walking pace" to an FPS?
Beyond that, 3-4 seconds for a 360 at a casual pace is still ridiculously absurd. I'd say anything over 1.5 seconds indicates either obesity, octogeneriacity, or some other sort of disability.
I was referring to shitty FOVs for console games, not absurd fisheye Quake shit. A correct field of view can be determined based on the display and distance. You won't get motion sickness from a wide FOV if you just set the FOV correctly.
And your inner ear takes a back seat to your vision. Your brain will quickly ignore your inner ear if it's not matching what you're seeing unless you have a medical condition. This is why the spinning tunnel illusion works ( This is why it's difficult to stand still with your eyes closed. This is why the VR demos have shit like walking across a high beam. This is why when you're dizzy from spinning around 10 times with your head down on a baseball bat at the company picnic, you should focus on the guy in the outfield to steady yourself, not the ball on the tee a few feet in front of you. The more your vision mismatches what your inner ear says, the more quickly your brain stops listening to your inner ear.
When your inner ear is overriding your vision for whatever reason, you get a condition known as vertigo. If your inner ear is working normally and you have vertigo, you get a little dizzy whenever that fluid sloshes around. If your inner ear is fucked up due to infection or whatever and it's sending you bad data, you get debilitating loss of balance, motion sickness, etc.

Comment: Re:Dumb dumb dumb advice... (Score 1) 278

by sexconker (#47468011) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Not that.
A single point of failure as in the strong passwort that locks all your other password/login info.
If your password locker gets hacked, you're boned.

My KeePass database won't be cracked unless someone breaks AES.
If my PC gets hacked and I use KeePass, I'm boned for every password I have. Without KeePass, I'm boned for every password I use while hacked.
If my shit is hacked and I'm typing in passwords, that means I don't know my shit is hacked, so I'll be typing in passwords with reckless abandon.
With KeePass, I at least have a list of all passwords I need to change once I figure out I've been hacked.

Comment: Re:Simpler approach... (Score -1) 278

by sexconker (#47467957) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

What kills me is that different sites have different password restrictions that infuriates me.

Yeah, that. Though I basically do what the article says and have "weak" passwords for things like Slashdot, and stronger ones for things involving money. I'd like to be able to use my strongest password everywhere, but many places don't support that many characters. yes it's longer than "correct horse battery staple"

Obligatory XKCD:

XKCD is terrible, as usual. 4 dictionary words has low, low fucking entropy.
95% of all English is done with less than 5000 words. Most people only ever use a fraction of that. When tasked with coming up with a "random" selection of words, most people will use an even smaller fraction. Your 5000 word bank is going to be closer to 500 once you task a human with thinking them up. And they're going to be mostly nouns and adjectives. And when you task the same human to come up with a new set they're going to pick the same words.
Instead of 5000^4 you're looking at 500^4 or 1000^4 if you're lucky. And then of course most systems will simply truncate your password if it exceeds a certain length. Just a few years ago most sites simply truncated anything beyond 8 characters.

A typical keyboard will have 94 different characters ignoring whitespace, though many systems will reject a handful of them.
Consider even just a 64-character set [a-zA-Z0-9!?]: 64^6 > 500^4, 64^7 > 1000^4, and 64^9 > 5000^4.
Using an 80-character set means an 8 character password beats 5000^4.

Users should be generating random passwords using a full 94-character set. They should only dumb that set down if the site rejects certain characters. (The easiest thing to do is to just generate a new password and try again.) These passwords should be at least 8 characters long, though ideally they should be as long as the site allows.

But users won't do that unless it's easy for them. So why not use javascript to have the user's machine automatically generate a suggested, random password using the full character set your site allows, while meeting your complexity and length requirements? On the registration page you have an area that shows the suggested password with a "regenerate" button the user can click to churn through a few of them if they want. Then make the user type that password in twice, as usual. This introduces no security issues as long as you don't host user-generated content (XSS) on the registration page.

The only problem is the typical issue of people forgetting their passwords. They can do the same things they've always done - remember a few and reuse them, write them down on paper and hide that piece of paper, or forget them and reset them as needed.
Having to reset your password(s) when you forget them is an inconvenience, not a risk.
Using good passwords means that when a site gets hacked you don't have to worry/hurry as much (assuming they didn't store them in plain text and didn't use MD5 or some shit).
Writing passwords down and hiding the paper at home is a minor risk. Leaving a post-it with the password on your monitor at work is a moderate risk. Using shitty passwords is a major fucking risk.

Telling people to use shitty passwords so they can remember them is the wrong fucking thing to do. The fact that the passwords you suggest are shitty in a different way doesn't change that fact.

Comment: Re:Dumb dumb dumb advice... (Score 4, Informative) 278

by sexconker (#47467359) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

So what is this ideal password keeper? And how to do you access it whenever and wherever you're located?

KeePass. It has strong encryption options, it isn't tied to any site or service, the (encrypted) database can be synced however you want (such as with Dropbox) and used on any devices you want (including phones), it's got all sorts of options for generating passwords, automatically typing them, automatically expiring them, etc., and it's fairly light weight.

Comment: Re:Ridiculous! (Score 5, Insightful) 588

by sexconker (#47460631) Attached to: Marvel's New Thor Will Be a Woman

Thor is a male god.
Thor is an established character, based on the mythical Thor.
Making Thor female is just a publicity stunt.
Marvel can't create compelling original female characters, but that doesn't mean they should slap tits and a vagina onto existing male characters and hope they stick. What Marvel needs to do is realize that they can't create ANY compelling characters anymore, male or female, and fix that problem first.
Everyone knows that the real Thor will be back once this "arc" finishes - saying something is permanent in comics is an insult to anyone who reads them.

Alternatively, Han shot second.

Comment: Re:Will we ever stop celebrating him? (Score 1, Interesting) 157

We really should be recognizing him as the clown he was, and recognizing the administration and the cops and the courts as the tyrants the continue to be.
Instead he's been propped up as some sort of tragic hero figure and attached to things that have very little to do with him or the case against him, and thus the important shit (the tyranny) gets lost in the haze.

"Let every man teach his son, teach his daughter, that labor is honorable." -- Robert G. Ingersoll