It is still completely possible for Google to use hashed passwords to authenticate users and only "save" the plain password in a "write only" file (text or separate database) with the unhashed passwords...
That's a distinction without a difference. It is absurd to keep a hash if you are required to keep the plain text. In reality this would mean encrypting the password, but it still comes down to eliminating hashing.
Is the software that does this fancy HTTPS interception and fake SSL cert generation typically off-the-shelf, or is it simple enough that companies write it themselves? If off-the-shelf, what this type of software be called?
How does it decrypt the traffic? It can't; only the parties in the SSL handshaking can do that, and that is the user's browser and the end server with its certificate.
Other posts on this thread detail how this is possible: You work for company X and go to https://bank.com./ Company X creates a Certificate Authority SSL certificate and installs it on all browsers. When you go to https://bank.com/ the proxy intercepts and pretends to be bank.com by generating a new server certificate for bank.com and talking to your browser as if it were bank.com. Since your browser trusts Company X's CA cert, it also trusts the fake cert created by the CA cert.
This is only possible if you are forced to use a browser with that CA cert installed, and the company has a proxy or other software/hardware that can essentially do a Man In The Middle attack.
If you say it's ok for mobile carriers to restrict apps on cell phones, then you implicitly say it's ok for Comcast to dictate what you can have on your PC.
This is another reason why iOS and Apple's ridiculous idea that they can tell you what you can do with your property is a horrible precedent: it's my device, not yours.
Simple logic was thrown out of the window by quantum physics. What makes you think the universe really does operate on a consistent set of physical laws? That's how Newtonian physics was thought to work too.
It's not as simple as them just trying to make more money. If they don't respond to the new and emerging threads from rivals, Google could eventually fail. This is part of the reason they extend into so many different areas such as Android. It's not just about making more profit; it's about ensuring long term survival.
This article is pure Android FUD, carriers have been stuffing phones with useless and unremovable crapware forever, regardless of the OS. Apple is the only phone manufacturer (at least of smart phones) that has managed to avoid this.
You are confused, this has nothing to do with Android. Carriers have been installing bloatware on phones for years, regardless of OS. Apple fortunately has managed to spare the iPhone. Calling this an "Android" problem is pure FUD.
Some of us actually don't mind. Apple's behavior is a big deal, and could have far reaching effects that affect everyone. If you don't like it, don't read it.
No, you posted your response because you're being ignorant. 4G is a big deal. It's the next big thing in cell phone technology. OF COURSE it's a big deal.
You're being elitist and ignorant, not Insightful.
Thank you for your suggestions... But Flash on Activity makes it even more annoying, because now it's flashing all the time. There is no way to turn it off.
I don't want to turn my computer off, I want to put it to sleep. I don't want to have to close all my programs. I can't tell a difference between sleeping with the lid on or off, the light seems the same either way.
I think Apple makes great products, but this whole "always leave a stupid light on" makes me think they don't actually use their own products. Their laptops and the Airport Express both insist on ALWAYS having a light on, that is very noticeable in an otherwise dark room. It is really, really annoying.
Well, they did catch Faisal Shahzad due to the watch list. After the fact... Thanks to a street vendor... And the airline screwed up so he almost got away... And yet the no-fly watch list worked nonetheless.
Do you know what plots will be foiled due to the intelligence they will now gather, that you will never hear about because they were prevented?
So you are telling me that a dedicated, built from scratch minimal "circuit", specifically designed to solve a particular mathematical problem, where even in the inputs have been specially converted to make it easier for the circuit to process, and the "output" is likewise interpreted in the native capacity of the circuit, is many times a faster than a general purpose entire computer, that has been designed to complete not only thousands of specific tasks, but also untold number of unknown ones, under a huge variety hardware platforms?
Duh, not shit Sherlock.
I understand they're trying to say that quantum computing could be many times faster than today's CPUs, but a simple comparison like this is a non-comparison. Talk about comparing apples and oranges... When you have something resembling a general purpose circuit that can take arbitrary inputs and outputs, then maybe we can start comparing to a modern CPU...
Slashdot Mirror
Remember when Americans wouldn't put up with this Soviet crap?
Nope.
That's a distinction without a difference. It is absurd to keep a hash if you are required to keep the plain text. In reality this would mean encrypting the password, but it still comes down to eliminating hashing.
Is the software that does this fancy HTTPS interception and fake SSL cert generation typically off-the-shelf, or is it simple enough that companies write it themselves? If off-the-shelf, what this type of software be called?
How does it decrypt the traffic? It can't; only the parties in the SSL handshaking can do that, and that is the user's browser and the end server with its certificate.
Other posts on this thread detail how this is possible: You work for company X and go to https://bank.com./ Company X creates a Certificate Authority SSL certificate and installs it on all browsers. When you go to https://bank.com/ the proxy intercepts and pretends to be bank.com by generating a new server certificate for bank.com and talking to your browser as if it were bank.com. Since your browser trusts Company X's CA cert, it also trusts the fake cert created by the CA cert.
This is only possible if you are forced to use a browser with that CA cert installed, and the company has a proxy or other software/hardware that can essentially do a Man In The Middle attack.
Interesting. So this turns their proxy into a Man-In-The-Middle-Attack by faking the SSL certificate of the server you are trying to connect?
How exactly would he have been charged of a physical, violent crime by posting images?
North Korea has nukes. Iran is clearly trying to get them. How are they not a threat that would merit deterrent?
If you say it's ok for mobile carriers to restrict apps on cell phones, then you implicitly say it's ok for Comcast to dictate what you can have on your PC.
This is another reason why iOS and Apple's ridiculous idea that they can tell you what you can do with your property is a horrible precedent: it's my device, not yours.
I'm not sure how SSL protects you from a key logger.
This is so easy to defeat with a simple regular expression in your spam filter. I doubt spammers will continue with this tactic for long.
Simple logic was thrown out of the window by quantum physics. What makes you think the universe really does operate on a consistent set of physical laws? That's how Newtonian physics was thought to work too.
What exactly are your criticisms of what he's said? It makes sense to me (though I am no physicist).
I wonder how many opportunities he's missed acting that way.
All the ones that I'm sure he would have passed up anyway.
It's not as simple as them just trying to make more money. If they don't respond to the new and emerging threads from rivals, Google could eventually fail. This is part of the reason they extend into so many different areas such as Android. It's not just about making more profit; it's about ensuring long term survival.
This article is pure Android FUD, carriers have been stuffing phones with useless and unremovable crapware forever, regardless of the OS. Apple is the only phone manufacturer (at least of smart phones) that has managed to avoid this.
You are confused, this has nothing to do with Android. Carriers have been installing bloatware on phones for years, regardless of OS. Apple fortunately has managed to spare the iPhone. Calling this an "Android" problem is pure FUD.
Some of us actually don't mind. Apple's behavior is a big deal, and could have far reaching effects that affect everyone. If you don't like it, don't read it.
1. Apply
No, you posted your response because you're being ignorant. 4G is a big deal. It's the next big thing in cell phone technology. OF COURSE it's a big deal.
You're being elitist and ignorant, not Insightful.
You just happen to love Microsoft. Why do you hate freedom?
Thank you for your suggestions... But Flash on Activity makes it even more annoying, because now it's flashing all the time. There is no way to turn it off.
I don't want to turn my computer off, I want to put it to sleep. I don't want to have to close all my programs. I can't tell a difference between sleeping with the lid on or off, the light seems the same either way.
I think Apple makes great products, but this whole "always leave a stupid light on" makes me think they don't actually use their own products. Their laptops and the Airport Express both insist on ALWAYS having a light on, that is very noticeable in an otherwise dark room. It is really, really annoying.
What is the number one complaint against the iPhone, Android's main competitor? The fact that it's only available on one network, AT&T, and it sucks.
So what network does Google decide to use for its flagship phone? The one carrier that is worse than AT&T: T-Mobile.
I mean seriously, what did you expect?
Well, they did catch Faisal Shahzad due to the watch list. After the fact... Thanks to a street vendor... And the airline screwed up so he almost got away... And yet the no-fly watch list worked nonetheless.
Do you know what plots will be foiled due to the intelligence they will now gather, that you will never hear about because they were prevented?
So you are telling me that a dedicated, built from scratch minimal "circuit", specifically designed to solve a particular mathematical problem, where even in the inputs have been specially converted to make it easier for the circuit to process, and the "output" is likewise interpreted in the native capacity of the circuit, is many times a faster than a general purpose entire computer, that has been designed to complete not only thousands of specific tasks, but also untold number of unknown ones, under a huge variety hardware platforms?
Duh, not shit Sherlock.
I understand they're trying to say that quantum computing could be many times faster than today's CPUs, but a simple comparison like this is a non-comparison. Talk about comparing apples and oranges... When you have something resembling a general purpose circuit that can take arbitrary inputs and outputs, then maybe we can start comparing to a modern CPU...