Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment This can only be a good thing. (Score 2) 180

We'll get an economic boost from this. I mean, yes, it'll increase the incidence of cancer, but with something like cancer, there's no real way to trace back exactly why any one individual got cancer, and even if that could be done, there's no way of knowing which company released the particular chemical that caused the cancer, because a lot of different companies will be doing it. And if everyone's responsible, no one is.

To parahrase Nelson from the Simpsons, it's a victimless crime, like punching someone in the dark!

Comment Non-sequitor (Score 4, Insightful) 147

The recommendation doesn't make sense. Yes, your phone may not always be in your possession. That would rule out software authenticators too, since they reside on the same phone that may not always be in your possession. Even dedicated hardware tokens may not always be in your possession, they can be lost or stolen just like a phone. So if not being always in your possession is the criteria, then all of the NIST's recommended methods fail to meet it.

As for VoIP lines, yes they can be intercepted. They do however share one characteristic with cel-phone lines: they don't normally share a path with the network connection being authenticated except possibly at the user's ISP and computer (if the VoIP line terminates on their computer as opposed to their cel phone). That limits the ability of a single attacker to intercept and alter both paths, which is the central facet of what 2FA does.

Ultimately the only secure 2FA is a dedicated hardware token that requires biometric authentication to function. Anything less than that is insecure, the question being merely whether the insecurity reaches the point of being unacceptable.

Comment Re:Seen it a hundred times at least. (Score 4, Insightful) 80

Or it may be related to the reliability of recovering from backups. Backups are intended to recover from catastrophic failures, not mere accidental deletion of messages, so recovery of any particular message can be problematic. Even if the message was stored long enough to be caught in a backup, incremental backups mean it may take searching a month's worth of backups to find the exact one that backed up that message. Fail to scan a large enough range and you won't find the message even if it's backed up. If the message was received and then deleted before the next backup run then it may not be on any backup, and there's no way to distinguish not finding it because it wasn't backed up from not finding it because you didn't search the right set of backups. Explaining all that to ordinary users is all but impossible, so from a service-level standpoint it makes more sense to not bring backups up at all and simply say "If you deleted it, we can't recover it.". That, users can comprehend even if they don't agree with it.

A request from a court for discovery is a completely different matter not limited by the service level provided to users, so it makes sense that Yahoo may be able to produce a message in response to a discovery request that it won't recover in response to a user request simply because they don't want to argue with every user whose message never made it into a backup or who wants them to go back through 5 years worth of backups to find it.

Comment Re:The bottome line (Score 1) 269

Flywheel storage. Pretty much the equivalent of the pumped-water storage used in conjunction with hydroelectric plants. Use excess power to spin up the flywheels, use the flywheels to drive generators when you've a power deficit to make up. The companies who make diesel locomotives have lots of experience with the basic motor-generator tech needed.

Slashdot Top Deals

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...