Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:I don't think I get it... (Score 2, Interesting) 549

I think they are trying to separate themselves to state that if you want the news, come to us and do it properly.

Riiighhht. When I want news done properly, I'll PAY FoxNews to do it properly. Just think about that for a second. The only reason anyone should be remotely concerned about this is because he now controls the WSJ.

Have you ever searched for some information, and Google gave a hit where the surrounding text of the query already answers your question? And then not clicked the website?

No, not for news. Try searching for "2009 election results" or "apple earnings 2009" and see if you can make sense of it (although "who beat rihanna" actually kind of worked). Nobody can use that crap. Even Google News doesn't provide usable news in their largest digest. FoxNews.com charging would be fun to watch, glad to see them go first.

Comment Re:Masking passwords doesn't do much (Score 1) 849

Do you think that more people record passwords via CCTV cameras and RF, or shoulder surfing? Now what happens to that number when you remove masking?

Does masking help, yes. Is it fool-proof security, no. It is a layer, and a decent one at that. The biggest issue is that it does reveal length, which really is way too much. No echo is better.

Comment Re:Um, here's a thought. (Score 1) 849

Howzabout we make it optional, so people can decide for themselves?

If we let lusers decide for themselves, they would choose weak passwords, write them down on post-it notes and stick them to their screens, take out full-page adds in the New York Times with them in 256 pt Arial.

Seriously, end users don't understand security. Maybe it can be an advanced setting. ;-)

Comment Re:hunter2 (Score 1) 849

Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.

Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.

If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.

Slashdot Top Deals

Between infinite and short there is a big difference. -- G.H. Gonnet