"real" companies like the world's largest retailer (guess who) does exactly what you are proposing. No files come or go by HTTP or email. No thumb drives are available on any workstation attached to the LAN. Services like Dropbox are completely off the table.
I'm guess you're talking about a company like Wal-Mart. Are you saying that the Procurement department there can't receive any PDFs, spreadsheets, word docs or any other file from a prospective supplier via email? I'm pretty sure that's not correct. I used to work for a food company that did business with both Wal-Mart and Sam's Club, and I don't ever recall getting a request for help sending files to them (and trust me, my users would not have been able to follow whatever instructions they were given for alternative delivery methods).
I currently work for a large post-production company in the entertainment industry, where security is a big deal. But they don't impose the draconian security measures that are required for the production areas/networks on the rest of the business. The HR and Finance department have their own security needs (physical and electronic) that are different from Operations, and it wouldn't make sense to apply one rule to all areas.
I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate.
I am in no ways an expert in this type of thing, but from the sound of it, the DDoS on WL was much more sophisticated that those normally perpetrated by Anonymous and the like.
I'm referring to your previous comment that 2 factor authentication only needs to be set up once. If that's the case, it is *NOT* 2 factor authentication.
Well, you are semantically correct. When Google's 2-factor is turned on, anytime you log on to the account from an untrusted* computer, you must enter the 2nd factor authentication code. To be 100% 2 factor authentication you would want to force the entry of the second factor for *every* single login, but you also want to balance security and convenience based on your personal risk management algorithm. Just as it makes sense for you to not use 2-factor authentication because you always log in from a computer you control, it makes sense for a Google user to use 2-factor only when they log in from a computer that they don't control.
Someone stealing my laptop won't get my info because I have full disk encryption, so unless they can break my password...
Question on that: I'm guessing you run Linux, and thus your login password is probably harder to crack, but if you were running Windows, and thus had a relatively easy way to crack the login password, would full disk encryption still protect you.
*I'm not sure, but it may ask for the 2nd factor every X logins from a trusted computer.
#2 true, but then that goes for your "trusted computer" scenario. If you assume your computer is under your full control (the assumption I make for my desktop and laptop) then you don't "need" 2-factor. What the 2-factor prevents is someone stealing your password and logging in from their computer. If they steal your laptop or desktop (i.e. you lose the physical security layer), then your in trouble anyway.
You're implying that the system(s) that talk to Curiosity are not connected to any system that is connected to the internet? How do the operators at JPL send their commands to the transmitter's in Australia?
Assuming no one can hack SSL, and I do not login from unknown computers, what will 2 factor do for me?
You are perhaps not the best target for 2-factor as your secondary (or tertiary) security measures given the fact that you already use 3 different security practices when accessing email: SSL, own computer, un-shared password. You probably also have a robust password. A lot of, if not most, people use only one, weak level: a six to eight character password shared across multiple sites. Two-factor will help them. (Of course, they should also use a unique, harder to crack password, but turning on 2-factor auth is probably easier).
Also, if you only access from trusted computers, 2-factor auth only needs to be set up once. Unless you are really paranoid about giving out a phone number, what's the bother?
Hitting people with wrenches is forbidden by the Bill of Rights.
Your point being....?
Didn't stop them from hitting Padilla or Manning with metaphorical wrenches. A couple more direct examples: reporters jailed (or threatened with jail) for not revealing their sources.
Mayor Bloomberg argued that the system isn't an example of Big Brother overstepping the line. 'What you're seeing is what the private sector has used for a long time,' he told Gothamist. 'If you walk around with a cell phone, the cell phone company knows where you are. We're not your mom and pop's police department anymore.'"
How in the hell is that statement supposed to make me feel comfortable?
Mod parent up. It's quite darkly amusing that sites require 3-5 security Q&As so that when you answer the first one incorrectly you get 2 or 3 more swipes at the apple.
This whole thing would be so much easier if we just agreed to embed a chip in people's hand.
Make no mistake, this is coming. The chip will be your phone and your credit cards and banks will be linked to it. To pay you'll simply swipe your hand over the scanner at the retail location and then select (or say) "American Express." It will double as a two factor authentication device by receiving a security token wirelessly from the server when you try to log into an account. The system you're accessing will either have a scanner for you to wave your hand in front of, or the code will appear on your HUD for you to type in.
Or you could just use two factor authentication today with your cell phone.
I 1000x prefer two step authentification ala gmail.
I'm setting this up because, why not? The conundrum I face is that the only mobile phone I have is for work. I have a Google Voice number which forwards to my work cell. I set up the 2 factor with my Gvoice number, but this seems inherently weak and vulnerable to me, as an attacker could simply re-route the Gvoice to another phone if they got into my Google account. On the other hand, they can't get into my Google account from an untrusted computer without my work cell (or whatever phone Gvoice is pointing toward at the time).
Am I being paranoid, or should I change the 2 factor authentication phone to be an actual cell number instead of Gvoice?
As many others have noted, these are simply another password you have to remember. And if you re-use the fake answer across sites, well then what's the point? If you use something like LastPass or KeePass, you can (manually) store the Q&A, but then if you are using those programs then you can have a sufficiently secure password (and not forget it) in the first place and don't need a security question. All the security Q&A is, no matter how you structure it, is another password to remember. If you have trouble with the first password, chances are you will have trouble with the second. Double authentication does not mean using the same method twice.
One of my banks uses security questions in a somewhat unusual way. When you are prompted with the security question, you are given a choice of 10-15 answers from which to pick. This works OK for questions like "Who is your favorite author," as long as you don't pick someone extremely obscure. However, all of their fake answers to "What was your first school" end in the word "Elementary." I didn't know that when I crafted my answer, so the correct answer sticks out from the list like a sore thumb.
Serious question: Caffeine is a naturally occurring substance... were they expecting 0g / L? What is the natural amount of ocean water caffeine; otherwise it is hard to judge the extent of the impact.
Well, I don't think there are any plants in the Pacific Northwest that contain caffeine, so I would expect higher concentrations around cacao and coffee countries in the tropics.
When I was on vacation last winter, the people we were staying with didn't tell me they only drank decaf. I normally drink 2-4 cups a day, often starting with 20oz of Starbucks. About two days into it, I got so sick I stayed in bed. I thought I was coming down with the flu. When we put it together the it could be the caffeine withdrawal, we made a trip to the pharmacy to get some instant coffee and I was better in no time.
Slashdot Mirror
"real" companies like the world's largest retailer (guess who) does exactly what you are proposing. No files come or go by HTTP or email. No thumb drives are available on any workstation attached to the LAN. Services like Dropbox are completely off the table.
I'm guess you're talking about a company like Wal-Mart. Are you saying that the Procurement department there can't receive any PDFs, spreadsheets, word docs or any other file from a prospective supplier via email? I'm pretty sure that's not correct. I used to work for a food company that did business with both Wal-Mart and Sam's Club, and I don't ever recall getting a request for help sending files to them (and trust me, my users would not have been able to follow whatever instructions they were given for alternative delivery methods).
I currently work for a large post-production company in the entertainment industry, where security is a big deal. But they don't impose the draconian security measures that are required for the production areas/networks on the rest of the business. The HR and Finance department have their own security needs (physical and electronic) that are different from Operations, and it wouldn't make sense to apply one rule to all areas.
No way. I heard there's only one computer on the whole planet and it's like a 386. Plus the latency will be murder on your games...
There are a couple of older machines up there with enough power to get a Doom II LAN party going.
I think having the tables turned and have Wikileaks DDoSed in turn is, well, highly appropriate.
I am in no ways an expert in this type of thing, but from the sound of it, the DDoS on WL was much more sophisticated that those normally perpetrated by Anonymous and the like.
"If they're shooting at you then you must be doing something right"
-- Muammar Gaddafi
I'm referring to your previous comment that 2 factor authentication only needs to be set up once. If that's the case, it is *NOT* 2 factor authentication.
Well, you are semantically correct. When Google's 2-factor is turned on, anytime you log on to the account from an untrusted* computer, you must enter the 2nd factor authentication code. To be 100% 2 factor authentication you would want to force the entry of the second factor for *every* single login, but you also want to balance security and convenience based on your personal risk management algorithm. Just as it makes sense for you to not use 2-factor authentication because you always log in from a computer you control, it makes sense for a Google user to use 2-factor only when they log in from a computer that they don't control.
Someone stealing my laptop won't get my info because I have full disk encryption, so unless they can break my password...
Question on that: I'm guessing you run Linux, and thus your login password is probably harder to crack, but if you were running Windows, and thus had a relatively easy way to crack the login password, would full disk encryption still protect you.
*I'm not sure, but it may ask for the 2nd factor every X logins from a trusted computer.
#2 true, but then that goes for your "trusted computer" scenario. If you assume your computer is under your full control (the assumption I make for my desktop and laptop) then you don't "need" 2-factor. What the 2-factor prevents is someone stealing your password and logging in from their computer. If they steal your laptop or desktop (i.e. you lose the physical security layer), then your in trouble anyway.
The password is hunter2
You need to use the /cleartext command. All I see is *******.
You're implying that the system(s) that talk to Curiosity are not connected to any system that is connected to the internet? How do the operators at JPL send their commands to the transmitter's in Australia?
You're all wrong. It's "Bull sigh" because that's the sound a bull makes when you get pedantic on the internet.
Assuming no one can hack SSL, and I do not login from unknown computers, what will 2 factor do for me?
You are perhaps not the best target for 2-factor as your secondary (or tertiary) security measures given the fact that you already use 3 different security practices when accessing email: SSL, own computer, un-shared password. You probably also have a robust password. A lot of, if not most, people use only one, weak level: a six to eight character password shared across multiple sites. Two-factor will help them. (Of course, they should also use a unique, harder to crack password, but turning on 2-factor auth is probably easier).
Also, if you only access from trusted computers, 2-factor auth only needs to be set up once. Unless you are really paranoid about giving out a phone number, what's the bother?
Hitting people with wrenches is forbidden by the Bill of Rights.
Your point being....?
Didn't stop them from hitting Padilla or Manning with metaphorical wrenches. A couple more direct examples: reporters jailed (or threatened with jail) for not revealing their sources.
You could build all three Little Pigs houses with all that straw.
If you can't save a couple hundred bucks... you have bigger issues than big brother.
This is what BB is counting on, and why the system is being rigged to keep people poor.
I haven't seen any clear way to calculate say an integral using something like c++ or c#.
Just guessing here, but I would expect that such a task is probably more easily doable in a recursive language like Scheme/Lisp.
Or in this case, another city.
Tell that to Muslims in New Jersey.
Mayor Bloomberg argued that the system isn't an example of Big Brother overstepping the line. 'What you're seeing is what the private sector has used for a long time,' he told Gothamist. 'If you walk around with a cell phone, the cell phone company knows where you are. We're not your mom and pop's police department anymore.'"
How in the hell is that statement supposed to make me feel comfortable?
If you read the article,
Really? Really?
Mod parent up. It's quite darkly amusing that sites require 3-5 security Q&As so that when you answer the first one incorrectly you get 2 or 3 more swipes at the apple.
This whole thing would be so much easier if we just agreed to embed a chip in people's hand.
Make no mistake, this is coming. The chip will be your phone and your credit cards and banks will be linked to it. To pay you'll simply swipe your hand over the scanner at the retail location and then select (or say) "American Express." It will double as a two factor authentication device by receiving a security token wirelessly from the server when you try to log into an account. The system you're accessing will either have a scanner for you to wave your hand in front of, or the code will appear on your HUD for you to type in.
Or you could just use two factor authentication today with your cell phone.
I 1000x prefer two step authentification ala gmail.
I'm setting this up because, why not? The conundrum I face is that the only mobile phone I have is for work. I have a Google Voice number which forwards to my work cell. I set up the 2 factor with my Gvoice number, but this seems inherently weak and vulnerable to me, as an attacker could simply re-route the Gvoice to another phone if they got into my Google account. On the other hand, they can't get into my Google account from an untrusted computer without my work cell (or whatever phone Gvoice is pointing toward at the time).
Am I being paranoid, or should I change the 2 factor authentication phone to be an actual cell number instead of Gvoice?
As many others have noted, these are simply another password you have to remember. And if you re-use the fake answer across sites, well then what's the point? If you use something like LastPass or KeePass, you can (manually) store the Q&A, but then if you are using those programs then you can have a sufficiently secure password (and not forget it) in the first place and don't need a security question. All the security Q&A is, no matter how you structure it, is another password to remember. If you have trouble with the first password, chances are you will have trouble with the second. Double authentication does not mean using the same method twice.
One of my banks uses security questions in a somewhat unusual way. When you are prompted with the security question, you are given a choice of 10-15 answers from which to pick. This works OK for questions like "Who is your favorite author," as long as you don't pick someone extremely obscure. However, all of their fake answers to "What was your first school" end in the word "Elementary." I didn't know that when I crafted my answer, so the correct answer sticks out from the list like a sore thumb.
It might not occur to your proverbial grandma that people can track down her mother's name.
That's because, as everyone knows, people from Proverbia are idiots.
Serious question: Caffeine is a naturally occurring substance... were they expecting 0g / L?
What is the natural amount of ocean water caffeine; otherwise it is hard to judge the extent of the impact.
Well, I don't think there are any plants in the Pacific Northwest that contain caffeine, so I would expect higher concentrations around cacao and coffee countries in the tropics.
When I was on vacation last winter, the people we were staying with didn't tell me they only drank decaf. I normally drink 2-4 cups a day, often starting with 20oz of Starbucks. About two days into it, I got so sick I stayed in bed. I thought I was coming down with the flu. When we put it together the it could be the caffeine withdrawal, we made a trip to the pharmacy to get some instant coffee and I was better in no time.
it is a whole lot easier to change an environment than to remodel society.
That's pretty much the crux of the problem, right there.