Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Re:Automatic authentication by contact sounds bad (Score 1) 194

My bank has it.
Something I have, something I know.

If I am on a trusted computer I can store the something I have portion and only need to provide the something I know.
If I am at an untrusted computer (or just got a new computer I want to trust) I get a PIN texted to my phone (trusted) that I can enter along with my normal passphrase. the PIN is from a OTP, so is useless after one use or 5 min, whichever comes first.

If I lose my phone I can notify the bank (same as lost card) and both the phone number and stored token are invalidated.

To validate a new phone I take it to the bank.

Comment Re:He's right (Score 1) 368

Actually I think that the first 2 years of high school should focus on things you will need to survive: money management, how financing works and why revolving credit is not a good thing; reading and writing.
The second 2 years should allow either continued academic *or* tradescraft. fo you go the tradescraft route you'll get two years focused on only the stuff you need for a particular field. Plumbing: math and geometry (drain slopes), chemistry (solvents and glues, interaction with metals), and of course hands on.
-nbr

Comment Re:Security (Score 1) 114

There is a crypto system for that. Schneier explained it in Applied Crypto.

Basically the trick is that of 7 keyholders you need at least 5 (or some other number) that will all enter their key to sign or authenticate data. This can be extended to the signature applied to null (or any other chosen value) being used as the key for an encrypted volume.

It is the system we use at my work to sign software. There are M keyholders with a minimum number of N required to sign the software.

Comment Re:Fraud is fraud (Score 1) 312

I got a free plant.
I tried to tell the drone at the register that the plant did not ring up.
they said it did.
-meh.

At that point I don't think it's unethical.

But: if you say nothing, yes it's unethical, though not criminal. If you exploit it then it *should* be criminal.

I temper this with the following:
We are supposed to have judges to *JUDGE THE LAW* not the people (that's what juries are for). As long as judges blindly go with laws that are unjust, then folks should not be charged for violating the spirit, but not letter of the law. It should work *both* ways equally. /rant (sorry)

Comment Re:Okay, so, just to be clear... (Score 1) 332

Given that some people post to their (public open) wall on FB their criminal exploits...
Good luck with the e-mail thing. People have no idea how the internet works. I showed someone a wireshark dump from their computer. E-mail, address, server, login credentials, etc. They were flabbergasted, but then said "but you have to be on my computer to do that...
tried to explain hops and how things get from point a to point b....
They didn't get it. /facepalm

Slashdot Top Deals

New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman

Working...