Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 2 3 [4] 5 6 7 8 9 ... 11

Author Topic: Computer security  (Read 25588 times)

0 Members and 1 Guest are viewing this topic.

TA

  • Tested
  • Karma: 29
  • Posts: 3219
    • View Profile
Re: Computer security
« Reply #60 on: March 25, 2010, 09:38:44 AM »

Logged
Do you understand how terrifying the words “vibrating strap on” are for an asexual? That’s like saying “the holocaust” to a Jew.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #61 on: November 23, 2010, 09:34:54 AM »

Doctorow: EFF has a Firefox extension called HTTPS Everywhere that automatically uses HTTPS on sites that allow it but don't have it set as the default option.
Logged

Aintaer

  • My hubris!
  • Tested
  • Karma: 10
  • Posts: 384
    • View Profile
Re: Computer security
« Reply #62 on: November 23, 2010, 09:04:37 PM »

That one sometimes causes trouble for me on Wikipedia.

P.S. on Encryption: e-mail could have been made secure long ago with correct implementation of PGP/GPG keys and trust infrastructure. The overwhelming problem is nobody cares, at least enough to generate their own keypair and share their public key. My public key, btw.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #63 on: January 28, 2011, 03:11:55 PM »

Haven't changed your Amazon password in a few years?  Do it now.

Wired: Amazon.com Security Flaw Accepts Passwords That Are Close, But Not Exact

Only affects old passwords; resetting fixes the problem.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #64 on: February 16, 2011, 08:42:08 AM »

Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #65 on: February 16, 2011, 10:24:27 AM »

Thorough, presented in terms simple enough that a moderately advanced user can understand it, and enlightening.  Nice find.
Logged

Büge

  • won't give you fleaz
  • Tested
  • Karma: -65304
  • Posts: 10062
    • View Profile
Re: Computer security
« Reply #66 on: February 16, 2011, 12:37:00 PM »

Those wacky Anons. What wholesome mischief will they cook up next?
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #67 on: May 28, 2011, 10:05:02 PM »

So okay.  Back in March, somebody launched a sophisticated attack against RSA, makers of the widely-used SecurID authentication system.  The attackers managed to get ahold of the keys used to generate its authentication tokens.

Well, the other shoe's dropped with an attack on Lockheed.  Lockheed reports it detected the infiltration early and repelled it before anything important was compromised, but it's going to have to replace 90,000 SecurID's.

Nothing serious has happened yet but this DOES seem like a major sea change in corporate espionage.  Lockheed may have gotten out of this unscathed but the next company might not.  And even if all the affected devices are decommissioned, this still shows that at least some criminals are shifting from weak, opportunistic attacks to strong, targeted ones.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #68 on: May 29, 2011, 03:16:28 AM »

Two things:

1) The "next company" could be in the process of being targeted or infiltrated as we speak, it could even be several. Maybe Lockheed just has better IT security dorks than their colleagues ad competitors. Sure, it's fair to say that the attackers don't have unlimited resources, but they seem to have enough to enable them to make strong attacks, so multiple simultaneous targets may be well within their capabilities. Why put all your eggs in one basket? Plus, diminishing returns over time, etc.

2) The target in question is very notable. This raises the obvious possibility that the current attacks - and possibly even the original attacks - were efforts sponsored by a foreign government rather than a purely criminal group. The list of usual suspects (or should I say suspect ?) comes to mind.

EDIT: Well I see the article suggested the second point already. Herp a derpy derp.
Logged

McDohl

  • Pika-boo
  • Tested
  • Karma: 27
  • Posts: 4379
    • View Profile
Re: Computer security
« Reply #69 on: May 29, 2011, 05:43:22 AM »

Textron (Bell Helicopter, Cessna, et al.) uses the same tokens.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #70 on: June 03, 2011, 04:02:35 PM »

Quote from: Stross
Oh dear fucking Cthulhu, this is like something out of a John Brunner novel: NewsTweak.

Worth reading the whole blog post; it's pretty amazing: a portable device that hops on wifi networks and fucks with the packets getting transmitted.  Serious man-in-the-middle potential.
Logged

Classic

  • Happens more often than you'd think.
  • Tested
  • Karma: -58471
  • Posts: 7501
    • View Profile
Re: Computer security
« Reply #71 on: June 03, 2011, 06:47:08 PM »

It probably says bad things about me that I have wanted to build almost EXACTLY that since I took my intro to networks course.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #72 on: June 03, 2011, 08:30:25 PM »

Well, like most hacking tools, it has the potential for education, prankery, or pure evil.
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #73 on: June 03, 2011, 11:07:42 PM »

Caution: legislature fails to distinguish between those.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #74 on: June 11, 2011, 09:03:40 AM »

Troy Hunt analyzes passwords compromised in the Sony Pictures breach.  Now, obviously even the best password in the world isn't going to help you if you're using a site maintained by people too stupid to even hash the fucking thing, but of course you can minimize the damage by only using it once.

And yes, we all know the rules: use a random and unique password for every site you go to, with a mix of caps and lowercase, numbers and symbols.  In practice that's a lot easier said than done, and the final line of the post pretty much nails the dilemma: "The only secure password is the one you can’t remember."

There are tools that make the situation easier.  APG (Automatic Password Generator) is a command-line tool that generates pseudo-random passwords that are pronounceable and thus easier to remember, like this example:

Code: [Select]
BedCyctyiv5 (Bed-Cyct-yiv-FIVE)
OlOdlukteog1 (Ol-Od-luk-te-og-ONE)
Donrikvof2 (Don-rik-vof-TWO)
PobTabIas2 (Pob-Tab-Ias-TWO)
ubNoivoc1 (ub-Noiv-oc-ONE)
kandOjvuec3 (kand-Oj-vuec-THREE)

While technically it's a much smaller pool of possible passwords than a truly random password, it's still orders of magnitude bigger than an all-lowercase password, even a non-dictionary one; it provides a password that's not going to be found in any rainbow tables but is easier to remember than something that's completely random.

I'm not sure what the closest Windows equivalent is and a quick Google search doesn't give me enough information to recommend something (given that this is, of course, a situation where you want to make damn sure you get your program from a reputable source).  If anyone has any recommendations, please feel free to share with the class.

I fear shit like this is going to get worse and worse in the weeks and months to come.  Sooner or later, odds are pretty good that a site you use is going to get cracked.  So be sure and use strong, unique passwords to minimize the harm.
Logged

TA

  • Tested
  • Karma: 29
  • Posts: 3219
    • View Profile
Re: Computer security
« Reply #75 on: June 11, 2011, 09:42:35 AM »

I seem to remember reading an article about using passphrases instead of passwords, as a series of words is a lot easier to remember than a random assortment of numbers and letters, while being long enough that brute force is infeasible, and dictionary attacks becoming computationally impossible once you are up to three or four words.
Logged
Do you understand how terrifying the words “vibrating strap on” are for an asexual? That’s like saying “the holocaust” to a Jew.

JDigital

  • Tested
  • Karma: 32
  • Posts: 2786
    • View Profile
Re: Computer security
« Reply #76 on: June 11, 2011, 10:31:48 AM »

Paradoxically, a ten letter word is easier to remember than a four letter acronym or four digit code. A word is only one thing to remember, but a four digit code is four things. This has applications in picking memorable domain names too.
Logged

Aintaer

  • My hubris!
  • Tested
  • Karma: 10
  • Posts: 384
    • View Profile
Re: Computer security
« Reply #77 on: June 11, 2011, 01:47:15 PM »

Personally my password generation is done by hand using a Da Vinci kind of thing where I take a word and flip it upside down first before doing the l33t-speak thing to them.

For example, Aintaer becomes V!u7a3L
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #78 on: June 11, 2011, 05:08:45 PM »

I am guilty of using a small number of passwords, but they're all old IT-dept-provided application user logins from places I haven't worked at in years. The advantage is that they're almost totally random strings of letters and numbers that I was forced to memorize at various times (i.e. my name or anything like that is nowhere to be found and some of them even include shift characters like !).
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #79 on: June 11, 2011, 06:46:37 PM »

A word is only one thing to remember, but a four digit code is four things.

Two things, more likely; most people combine four-digit numbers into sets of two.  My address growing up was ten twenty-four, not one zero two four.
Logged
Pages: 1 2 3 [4] 5 6 7 8 9 ... 11