both of which require only a one-time, 5/6-digit, non-changing, numeric password.
I'm surprised. I live in Luxembourg and all banks I know of don't do simple password systems. For the ING, it's the same system as you describe: electronic device that spits out numbers.
The other banks that I know of, have the following system: Username, Password (usually, easy passwords are not allowed) and finally they give you a 16-digit (actually, often alphanumeric) separated in 4 blocks of 4 chars. At login 2, 3 or 4 chars of this digit are asked (usually only one in each block). They do not ask different digits at each trial. After three failed logins, your account is blocked. You know this. So, even if a phisher would perform a man-in-the-middle attack, he would in worst case obtains 4 digits of the 16-digit code. The probability that the phisher gets exactly those 4 digits to login are 0.25^4. Not exactly high.
Sure, there is still a risk and it's still not foolproof. Especially, if the phisher decides to ask all codes, but most clients would become wary of that, I hope.
Of course, the system with an electronic device seems the best to me. No ebanking system should use a simple username/password authentication.
running a Windows box without access to administrator or super user privs is pretty miserable.
No it isn't. Your administrator just needs to have a clue. Actually, you only need one good admin in order to have many people run as "Limited User". Making an older (or badly behaved) program run correctly on Winodws as Limited is as trivial as giving the rights to the folders the application wants to write to and giving the rights to the registry keys that the application wants to write to. (Often it's an implementation error: the app just wants to read them, but they open the key as R/W)
Up until now, I have only found one single application that I didn't manage to run under Limited User and that was a game called "Children of The Nile". I still do not know what exactly it needs to run, so that I can grant it rights.
The only caveat with all this is that Windows XP *Home* removed the "Security Tab". Worst decision ever. You still can change the ACLs of files with the command line utility called "cacls.exe". There is also a way to reactivate the functionality by installing some powertool, but alas, I forgot again where you can download it.
No way... Many of my friend on slashdot are Mac-fans. I used to be one. Alas my iBook G3 600MHz died of a logic board failure and Apple didn't want to replace it. So I'm back to PC:-/
:-D Do you really think that I don't know the options. I do have a tape-deck adapter. I bought it back in the day for my MiniDisc player. The sound quality is not very good. Alternatives would be low-range-FM transmitters. I haven't seen any where I live, but I know they exist.
Ex-Fiancé? What fool would not marry you? I don't understand....
Oh, and it was quite fun to explain to my wife why I was talking about boobies on slashdot. So I showed her the discussion and your pictures.
She wasn't exactly delighted, but at least she saw that it's all harmless....:-)
I friended you, by the way.... Start a journal here, and I'm pretty sure you'll have a big audience in no time. Perhaps a good replacement for LadyGuardian;-)
I can... I bought an iPod Shuffle (not the "real thing"), but it ended up being a fancy USB stick. I bought my wife one because her car has an interface for it. That way she doesn't need to mess around with CD's.
My car can be upgraded to have an iPod interface. At least that's what I saw in an ad. Alas, I've got the 1st generation of that particular model and that one can't get an adapter. *sigh* No iPod for jawtheshark.
Well, I guess compared to a lot of people, I'm brand-spanking new.
Hey! Are you saying that I'm old, or what?;-)
The Man Show is free. It's under "video podcasts," and you can watch it on your computer.
Thanks for pointing that out. I had to click around a bit, because I'm no big iTunes user. It's just on this computer because I gave my wife an iPod. I frankly rarely use it.
Well, your UID is quite recent. So, could have been.... Besides, it's a running joke to ask that question on slashdot.
I don't even know that show. That's probably to do with the fact that I'm European and they don't air it here. This usually rules out iTunes video purchase too (Imagine the horror that I could watch all Lost episodes at the same time Americans do... *sigh* Damn media companies...) Perhaps it's on google video: I'll check there.
As for your pictures: I'd consider them safe for work. At least, I don't think that I'd ever get in trouble for watching stuff like that at work.
Look, I can be much more mature, after all, I crawled out of my moms basement ages ago and I'm even married (Go figure.... and still on slashdot!) The thing is: we men just like nekkid women and if they are pretty we're even more happy. You certainly qualify as pretty, IHMO. (Assuming you're not some random bloke that linked to pics of his ex-girlfriend)
As for the boobies. Well, I don't know why I like them but I most certainly wouldn't like to have them myself. Must be a nuisance. I do like the boobies of my wife, though...;-)
Why exactly would *any* financial institution want to verify credit card information. They have the fucking information: it's their bread and butter. No financial institution would lose any customer data because it's the most valuable item they have.
Anybody who falls for "please verify your information" has no clue how financial institutions work (Yeah, I know PayPal isn't a bank, but nevertheless... Your credit card number is the most valuable they have)
A compromise of the database would just mean that they lock your account. Next time you log in, you get an explanation and you have to re-enter your data.
No consumer content will be safe from copying until they can beam it straight into our heads.
Well... No... If we could beam the images straight to our head, we would understand how the brain works. In that case it would be pretty much trivial to intercept the beam and re-encode it to normal images.
I'm not saying that it is the incorrect way of finding malicious programs. However keep in mind that a rootkit usually hides itself. This usually means replacing programs such as ps and netstat that would betray it. Read it up.
... but yes, that is what kiddies think that hacking is these days.
It's very funny to see, any -14 year old (I used to be a teacher) seemed to have a PSP and it having a "Value Pack" was an absolute shame. You *needed* the "Giga Pack" or whatever it's called. I usually don't spend much on such toys, but two free games with a "Value Pack" was enough to convince me to throw over the 250€. (Okay, I had a few beers before buying it.... Blame the ethanol) None of the games need more than a few Megs of savespace.... Videos? MP3? I don't care, it's a gaming system...
But if I see the kids, it seems to be their primary use... Even tough they have cellphones/MP3 players that can do the same thing.... I don't even want to know their rationale...
I'm not saying that such a thing exists, but computers and software do require maintenance, like pretty much everything in this world. If you build a house and do not keep it maintained, it will be worth nothing within a decade. Buy a car and never do an oil change or change the brake pads, and you have a wreck on wheels within three years
Nothing we humans build is perfect and stays unharmed by the teeth of time.
If someone one day made computer programming completely unprofitable (I'm looking at you, Stallman), at least a handful of us programmers would be still able to manage a living doing something else.
Computer programming unprofitable? Ehm, I have some news for you: programming is not restricted to end-user software. There is a lot of money to be made from custom applications within companies. You, know, the kind that banks, insurance companies, manufacturing plants use. I dare you to find open source solutions for banking specific needs, or for controlling industry robots in manufacturing processes. I'm not saying it can't be done, but it's highly unlikely that it will happen. Consumer-grade software is *small* in comparison to that.
Besides, you didn't listen to Mr Stallman: the software itself can be sold (just give the source) and your revenue stream comes from support and services. A great example is a simple webserver: you can get the software at no cost, but unless there is a competent admin behind it, your server isn't worth squat because it probably will cease to work in no-time.
The only risk I see for programmers is the "age problem". I turn 30 this year, and I'm looking for a job. I've already been told that I was too old for a certain number of jobs. The "programmer" is percieved as a "young-guy-just-from-college-with-twenty-years-of- experience" (go figure) Perhaps, I should listen to Stallman and start my own IT services company.
Well, in summary (I just read the Spiegel article), the car in question first learns the track based on traffic cones. Actually, the only thing this cars knows are traffic cones. A program then runs on the collected data and calculates the "ideal" path. When the finanlly activate the "racing mode", the car "simply" drives the studied track and that *blindly*. There need not to be any traffic cones, and it will not stop if something unexpected happens (so if a rabbit jumps in it's way, the researches will have rabbit for dinner) It does react a bit on the data from the sensors in the racing mode, but it's more for avoiding small variations in the track like a wet spot.
The car itself is pretty much a standard Golf GTI 2.0 Turbo (200HP) and the only thing they changed was stronger braking. They use the default sensors to make the program learn. Also, in the Spiegel article, there is not any mention of GPS.
Oh, and the research isn't intended to make auto-driving cars for you and me. They want to create a way that cars do exactly the same test runs on test-tracks to check the settings of the car. The results would be more reproductible. If anything, this tech is to put test-drivers out of work;-)
They also mention that some of the tech was derived from a Touareg that they used in a competition of the US Defense Department in the Nevada desert. However, that one had completely different goals.
I'm sorry that I didn't translate the whole thing, but it was just too long.
Oh, and for the grandparents kids: there is a thing that is called "Fontwork Gallery". I suspect that "WordArt" or whatever it's called in MS Office, was too risky to take over. It's in the "Drawing Toolbar" and the icon looks like an "A" in a frame.
Slashdot Mirror
Next time I'll first RTFA, because it seems that's the system that Citibank uses.
Damn...
both of which require only a one-time, 5/6-digit, non-changing, numeric password.
I'm surprised. I live in Luxembourg and all banks I know of don't do simple password systems. For the ING, it's the same system as you describe: electronic device that spits out numbers.
The other banks that I know of, have the following system: Username, Password (usually, easy passwords are not allowed) and finally they give you a 16-digit (actually, often alphanumeric) separated in 4 blocks of 4 chars. At login 2, 3 or 4 chars of this digit are asked (usually only one in each block). They do not ask different digits at each trial. After three failed logins, your account is blocked. You know this. So, even if a phisher would perform a man-in-the-middle attack, he would in worst case obtains 4 digits of the 16-digit code. The probability that the phisher gets exactly those 4 digits to login are 0.25^4. Not exactly high.
Sure, there is still a risk and it's still not foolproof. Especially, if the phisher decides to ask all codes, but most clients would become wary of that, I hope.
Of course, the system with an electronic device seems the best to me. No ebanking system should use a simple username/password authentication.
Your words:
Funny, when I asked a group of Windows experts about exactly this, the answer was "it can't be done". "Impossible". "
My words:
Your administrator just needs to have a clue.
Do I need to draw a picture?
running a Windows box without access to administrator or super user privs is pretty miserable.
No it isn't. Your administrator just needs to have a clue. Actually, you only need one good admin in order to have many people run as "Limited User". Making an older (or badly behaved) program run correctly on Winodws as Limited is as trivial as giving the rights to the folders the application wants to write to and giving the rights to the registry keys that the application wants to write to. (Often it's an implementation error: the app just wants to read them, but they open the key as R/W)
Up until now, I have only found one single application that I didn't manage to run under Limited User and that was a game called "Children of The Nile". I still do not know what exactly it needs to run, so that I can grant it rights.
The only caveat with all this is that Windows XP *Home* removed the "Security Tab". Worst decision ever. You still can change the ACLs of files with the command line utility called "cacls.exe". There is also a way to reactivate the functionality by installing some powertool, but alas, I forgot again where you can download it.
Busted! Damn!
Oh, come one... I had my fun...
Got your first journal posting... And I advertised you on mine. I'm not a big celebrity on slashdot, but I do have my readers.... :-D
And you think that is a problem?
No way... Many of my friend on slashdot are Mac-fans. I used to be one. Alas my iBook G3 600MHz died of a logic board failure and Apple didn't want to replace it. So I'm back to PC :-/
:-D Do you really think that I don't know the options. I do have a tape-deck adapter. I bought it back in the day for my MiniDisc player. The sound quality is not very good. Alternatives would be low-range-FM transmitters. I haven't seen any where I live, but I know they exist.
Ex-Fiancé? What fool would not marry you? I don't understand....
Oh, and it was quite fun to explain to my wife why I was talking about boobies on slashdot. So I showed her the discussion and your pictures.
She wasn't exactly delighted, but at least she saw that it's all harmless.... :-)
I friended you, by the way.... Start a journal here, and I'm pretty sure you'll have a big audience in no time. Perhaps a good replacement for LadyGuardian ;-)
I can... I bought an iPod Shuffle (not the "real thing"), but it ended up being a fancy USB stick. I bought my wife one because her car has an interface for it. That way she doesn't need to mess around with CD's.
My car can be upgraded to have an iPod interface. At least that's what I saw in an ad. Alas, I've got the 1st generation of that particular model and that one can't get an adapter. *sigh* No iPod for jawtheshark.
Well, I guess compared to a lot of people, I'm brand-spanking new.
Hey! Are you saying that I'm old, or what? ;-)
The Man Show is free. It's under "video podcasts," and you can watch it on your computer.
Thanks for pointing that out. I had to click around a bit, because I'm no big iTunes user. It's just on this computer because I gave my wife an iPod. I frankly rarely use it.
Well, your UID is quite recent. So, could have been.... Besides, it's a running joke to ask that question on slashdot.
I don't even know that show. That's probably to do with the fact that I'm European and they don't air it here. This usually rules out iTunes video purchase too (Imagine the horror that I could watch all Lost episodes at the same time Americans do... *sigh* Damn media companies...) Perhaps it's on google video: I'll check there.
As for your pictures: I'd consider them safe for work. At least, I don't think that I'd ever get in trouble for watching stuff like that at work.
Maturity? On slashdot? You must be new here.
Look, I can be much more mature, after all, I crawled out of my moms basement ages ago and I'm even married (Go figure.... and still on slashdot!) The thing is: we men just like nekkid women and if they are pretty we're even more happy. You certainly qualify as pretty, IHMO. (Assuming you're not some random bloke that linked to pics of his ex-girlfriend)
As for the boobies. Well, I don't know why I like them but I most certainly wouldn't like to have them myself. Must be a nuisance. I do like the boobies of my wife, though... ;-)
Thanks for pointing out the sig... Hehe... Boobieees! ;-)
Why exactly would *any* financial institution want to verify credit card information. They have the fucking information: it's their bread and butter. No financial institution would lose any customer data because it's the most valuable item they have.
Anybody who falls for "please verify your information" has no clue how financial institutions work (Yeah, I know PayPal isn't a bank, but nevertheless... Your credit card number is the most valuable they have)
A compromise of the database would just mean that they lock your account. Next time you log in, you get an explanation and you have to re-enter your data.
That's pretty much fool-proof.
No consumer content will be safe from copying until they can beam it straight into our heads.
Well... No... If we could beam the images straight to our head, we would understand how the brain works. In that case it would be pretty much trivial to intercept the beam and re-encode it to normal images.
Wouldn't he become HD-DVD John (or Blu-Ray John), then? ;-)
I'm not saying that it is the incorrect way of finding malicious programs. However keep in mind that a rootkit usually hides itself. This usually means replacing programs such as ps and netstat that would betray it. Read it up.
... but yes, that is what kiddies think that hacking is these days.
It's very funny to see, any -14 year old (I used to be a teacher) seemed to have a PSP and it having a "Value Pack" was an absolute shame. You *needed* the "Giga Pack" or whatever it's called. I usually don't spend much on such toys, but two free games with a "Value Pack" was enough to convince me to throw over the 250€. (Okay, I had a few beers before buying it.... Blame the ethanol) None of the games need more than a few Megs of savespace.... Videos? MP3? I don't care, it's a gaming system...
But if I see the kids, it seems to be their primary use... Even tough they have cellphones/MP3 players that can do the same thing.... I don't even want to know their rationale...
I'm not saying that such a thing exists, but computers and software do require maintenance, like pretty much everything in this world. If you build a house and do not keep it maintained, it will be worth nothing within a decade. Buy a car and never do an oil change or change the brake pads, and you have a wreck on wheels within three years
Nothing we humans build is perfect and stays unharmed by the teeth of time.
If someone one day made computer programming completely unprofitable (I'm looking at you, Stallman), at least a handful of us programmers would be still able to manage a living doing something else.
Computer programming unprofitable? Ehm, I have some news for you: programming is not restricted to end-user software. There is a lot of money to be made from custom applications within companies. You, know, the kind that banks, insurance companies, manufacturing plants use. I dare you to find open source solutions for banking specific needs, or for controlling industry robots in manufacturing processes. I'm not saying it can't be done, but it's highly unlikely that it will happen. Consumer-grade software is *small* in comparison to that.
Besides, you didn't listen to Mr Stallman: the software itself can be sold (just give the source) and your revenue stream comes from support and services. A great example is a simple webserver: you can get the software at no cost, but unless there is a competent admin behind it, your server isn't worth squat because it probably will cease to work in no-time.
The only risk I see for programmers is the "age problem". I turn 30 this year, and I'm looking for a job. I've already been told that I was too old for a certain number of jobs. The "programmer" is percieved as a "young-guy-just-from-college-with-twenty-years-of- experience" (go figure) Perhaps, I should listen to Stallman and start my own IT services company.
Well, in summary (I just read the Spiegel article), the car in question first learns the track based on traffic cones. Actually, the only thing this cars knows are traffic cones. A program then runs on the collected data and calculates the "ideal" path. When the finanlly activate the "racing mode", the car "simply" drives the studied track and that *blindly*. There need not to be any traffic cones, and it will not stop if something unexpected happens (so if a rabbit jumps in it's way, the researches will have rabbit for dinner) It does react a bit on the data from the sensors in the racing mode, but it's more for avoiding small variations in the track like a wet spot.
The car itself is pretty much a standard Golf GTI 2.0 Turbo (200HP) and the only thing they changed was stronger braking. They use the default sensors to make the program learn. Also, in the Spiegel article, there is not any mention of GPS.
Oh, and the research isn't intended to make auto-driving cars for you and me. They want to create a way that cars do exactly the same test runs on test-tracks to check the settings of the car. The results would be more reproductible. If anything, this tech is to put test-drivers out of work ;-)
They also mention that some of the tech was derived from a Touareg that they used in a competition of the US Defense Department in the Nevada desert. However, that one had completely different goals.
I'm sorry that I didn't translate the whole thing, but it was just too long.
Come on folks, move to Europe, claim political asylum
You really want more Americans in Europe? Oh, the horror ;-)
(For the humour-impaired: This is a joke, I know many very nice Americans)
think whoever wrote the GnuCash docs deserves kudos. Wait, lemme see ...
And then you thank them by publishing their emails on a public forum, ready for spambots to catch them. That is really so nice of you....
I couldn't agree more.
Oh, and for the grandparents kids: there is a thing that is called "Fontwork Gallery". I suspect that "WordArt" or whatever it's called in MS Office, was too risky to take over. It's in the "Drawing Toolbar" and the icon looks like an "A" in a frame.