Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 ... 6 7 8 9 10 [11]

Author Topic: Computer security  (Read 26718 times)

0 Members and 2 Guests are viewing this topic.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #200 on: October 29, 2012, 10:22:39 PM »

Anybody know a JS blocker that works like NoScript but is less fiddly?  I'm about fucking sick of having to figure out which twenty domains to temporarily unblock every time I want to write a comment on some random news site.

And yes, I can definitely see the POSITIVES of a thing that discourages me from writing comments on random news sites, but still and all, NoScript is high-maintenance as fuck is what I'm getting at.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #201 on: October 29, 2012, 11:12:21 PM »

I don't have an answer (sorry Thad!), but that reminds me of a sort-of related question: What are the relative differences between FF"s NoScript and Chrome's ScriptNo? Google is not too helpful other than stating that ScriptNo was designed by a former member of the NoScript Team.
Logged

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #202 on: November 15, 2012, 05:37:27 PM »

http://mobile.informationweek.com/80256/show/669b1d881110bcf0edb3a637cb15f573/?

NASA laptop stolen containing unencrypted PII of personnel.

Is it just me or do organizations perceived to be more technically proficient seem more apt to fumble embarrassingly on security stuff like this?  At this point I'm just waiting for MIT to lose a database full of student loan information or something.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #203 on: November 16, 2012, 12:05:53 AM »

Is it just me or do organizations perceived to be more technically proficient seem more apt to fumble embarrassingly on security stuff like this?

Weeeeeell, inasmuch as the government keeps cutting funding for organizations perceived to be more technically proficient...

I doubt the problem is that nobody at NASA understands how to encrypt a hard drive.  Better guess: their IT department hasn't had either the time or the money to choose a third-party encryption package, and BitLocker is not an option because they haven't upgraded to Windows 7 yet.

Again, just a guess.  But I wouldn't be at all surprised.

Of all the places I've worked, the one that was the most on-the-ball about security was, unsurprisingly, a place that dealt with medical records.  We're talking each laptop equipped with a hard drive encrypted with a unique key, something like 16 characters (all lower-case and pronounceable, so as to be easier to remember than a completely random password but still secure enough to thwart any kind of brute-force measure).  So yeah that whole government regulation thing seems to help, when they actually have security regulations.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #204 on: November 17, 2012, 01:31:24 PM »

Mat Honan explains why passwords are inherently unsecure.

Not really anything new here but a pretty good overview of the salient points.  Toward the end he does a pretty good job of describing what's wrong with other forms of authentication, too -- text message authentication can be intercepted by someone from finding out the last four digits of your SSN and calling your cell company to set up forwarding; biometrics are bad because once someone steals your biometric data you can't change it; monitoring your location and associations to make sure it's really you means pretty much giving up on the notion of privacy.

In the end, he argues that there's not going to be any single future mechanism of authentication, that there need to be multiple factors and data-mining algorithms capable of determining you are who you say you are with a reasonable degree of certainty based on a variety of information.

How to do that painlessly enough to be acceptable to end users while actually WORKING continues to be the rub.  Which is nothing new; Douglas Adams did a pretty solid job of making fun of that dilemma in Mostly Harmless 20 years ago.

(Mostly Harmless, incidentally, is a book about how the electronic compendium of all knowledge that every civilized person carries around with them is taken over by parties who have a monomaniacal interest in destroying the Earth and seek to doing this through manipulating their customers.)
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #205 on: November 26, 2012, 12:16:50 AM »

Anybody know a JS blocker that works like NoScript but is less fiddly?  I'm about fucking sick of having to figure out which twenty domains to temporarily unblock every time I want to write a comment on some random news site.

And yes, I can definitely see the POSITIVES of a thing that discourages me from writing comments on random news sites, but still and all, NoScript is high-maintenance as fuck is what I'm getting at.
NoScript is still your best bet. Most other script-blocking addons like Ghostery, Disconnect, and their ilk are more like privacy helpers (blacklist Facebook & co instead of forcing you to whitelist everything) than guards against general xss-buttfuckery.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #206 on: December 08, 2012, 11:56:57 AM »

RIM blacklists a bunch of common passwords for BlackBerry 10.

Good.  About time somebody did it.

I'm curious what percentage of passwords those 106 account for.  I'd be really interested in seeing a graph.

The current password system needs to die.  In the meantime, this is a good Band-Aid.

I'd go so far as to suggest keeping one of the major leaked unsalted-hash DB's handy and reject any password that's a match.

I'd stop short of suggesting a system that rejects all dictionary words, including common symbol-for-letter substitutions.  Human memory's just too fragile for that to be a reasonable solution.

Unless of course all the major browser vendors start including built-in password generators/wallets.  Which would create its own problem, in a single point of failure which would be easily accessed by phishing even assuming the backend was perfectly secure.

There's the xkcd solution, of course.  And I DO think it would probably be a good idea for websites to drop all this "must include at least two numbers, a symbol, and a capital letter" horseshit and encourage longer passwords instead of more convoluted ones.  But Munroe's math is pretty fucking optimistic (as he seems to acknowledge in his alt text); if everybody started using "four 'random' common words" as a standard passphrase, odds are pretty fucking good they wouldn't actually be random.  People would still pick common names, things on their desk, and indeed probably pick four words that were related to one another.  Upshot is we'd still end up with passwords based on the same handful of words, easy to guess heuristically.

Plus, long passwords are a bitch to type into a phone.

tl;dr As always there's no simple solution to password security.  Even "nuke the whole system and start over" is a really complex solution fraught with its own various drawbacks and weaknesses.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #207 on: February 22, 2013, 11:05:35 PM »

If you use cPanel and are a member of wheel, change your password.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #208 on: April 12, 2013, 05:53:20 PM »

If you use Wordpress, check your password security.  Tens of thousands of WP blogs appear to have been compromised by bruteforce attacks.  If you use a good password you should be safe.  (It probably wouldn't hurt to rename your admin account something besides "admin", either, on WP and anything else you might have a separate admin account on.)
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #209 on: June 26, 2013, 04:05:03 PM »

Opera servers compromised.  If you're an Opera user, run the latest update; even if you're not an Opera user, beware of any certificates you see that are signed by Opera, because the attackers got at least one of their private keys.
Logged

Smiler

  • HOM NOM NOM NOM
  • Admin
  • Tested
  • Karma: 66
  • Posts: 3334
    • View Profile
Re: Computer security
« Reply #210 on: June 26, 2013, 04:53:42 PM »

This is the most disappointing thing because the new version of Opera is the most godawful thing ever, and I don't know if even this is enough to update.
Logged

Mongrel

  • Emoticon Knight-Errant
  • kodePunc Team
  • Tested
  • *
  • Karma: -65340
  • Posts: 17029
    • View Profile
Re: Computer security
« Reply #211 on: July 08, 2013, 11:33:53 AM »

So apparently there's a critical security flaw that affects a full 99% of all Android phones?

Errr, whoops?
Logged

Cthulhu-chan

  • Tested
  • Karma: 10
  • Posts: 2036
    • View Profile
Re: Computer security
« Reply #214 on: December 19, 2013, 11:46:10 PM »

daaaamn, talk about coming at the problem sideways.  guess they'll need to make authorization take the same about of effort, regardless of success.welp now that i've glanced at the article, I don't know HOW you'd fix this, short of acoustic dampening of the box.
Logged

Cait

  • Tested
  • Karma: 1
  • Posts: 269
    • View Profile
Re: Computer security
« Reply #215 on: December 20, 2013, 02:02:32 AM »

Knowing the acoustic frequency range being used, I suppose you could probably install a functional white noise generator inside the case. Power-reading is a harder nut to crack, but it's more limited in usefulness.
Logged

Mothra

  • ┐('~`;)┌ w/e
  • Admin
  • Tested
  • Karma: -62198
  • Posts: 3778
    • View Profile
Re: Computer security
« Reply #216 on: December 20, 2013, 02:10:07 AM »

That is insane. Holy hell.
Logged
Pages: 1 ... 6 7 8 9 10 [11]