Step 1: Go here Step 2: Copy a suitable string, depending on the limits of the system you're creating a password for Step 3: Add a 4 - 6 digit PIN Step 4: Paste it in, write it down, or use something like Keepass.
Hell, letting your browser remember your password is better than picking something stupid.
If the password is sufficiently complex, and the system uses properly salted hashes, then it is infeasible to crack remotely via brute-forcing the password database. Simple passwords are susceptible to brute force cracking.
A better solution is to use both. Write down the complicated password, but append or prepend a memorized PIN. That way, if the written component is compromised, the PIN still has to be guessed.
~Yeah, I can *so* see Edward Snowden getting a confirmation from the U.S. Senate.~ It is only slightly more probable than Jill Stein getting elected to President.
My phone is encrypted and protected with a fairly strong password (12-digit PIN in my case). In addition, the mobile banking app is also protected with a different, fairly strong password. It has multi-factor authentication, but since that is a text to my phone that doesn't count here.
Since my life is on the phone and I use it to constantly stay in touch with family and friends, plus things like navigation, and quick look-ups of information, it is always on me. So much so that I'd sooner forget my wallet or car keys than my phone.
Finally, my phone is not only constantly backed up, it has, essentially, a GPS locator that I can use from my PC to to find it. Just enter "where's my android phone" into Google, assuming you're logged in to your Google account.
It wouldn't, as my criticism was directed at the 3rd party security tool vendor, not the OS vendor. I would have been equally derisive if the malware was for iOS and only was effected on jail broken devices.
Thought, to correct your assertion, you actually wonder if my comment would be different if the target of the malware was iOS.
I personally prefer Google's model because it gives me the choice whereas Apple's does not. Android says "you should" whereas iOS says "you must".
This is a 24 page report that can be summed up as "An amazing number of people are stupid enough to click links embedded in SMS messages. However, since this sort of attack is blocked by anyone with the default 'do not allow third-party apps' setting in Android, we only saw 38 actual instances of infected devices contacting the C2 systems. Please take the other 23 1/2 pages of the report as proof we are highly technically skilled, but in general spreading FUD so you pay us lots of money to protect against a threat that has an almost insignificant likelihood of affecting you."
Yeah, that problem was solved centuries ago. Considering I'm posting from inside a restaurant who is doing just that, after stopping at a gas station who did the same, the challenge of finding people to accept paper currency AND purely digital bits via a debit card is trivial.
No. Think of it more along the lines of not just setting dedicated lanes for buses and bicycles, but only for COMCAST buses and bicycles -- unless you paid an extra toll.
Comcast and others did this with VoIP in the past. They prioritized their VoIP traffic while de-prioritizing competitorVoIP traffic.
It not only is perfectly legal now, but essential to business that ISPs prioritize traffic by traffic type -- called Quality of Service (QoS).
What they want to do is not by TYPE but by DESTINATION and OWNER. This allows them to essentially tax competitors to services they offer directly, like Vonage and VoIP or Netflix and streaming video.
Federal regulations *REQUIRE* drives to be scrubbed clean, using guidance from NIST SP-800-88 on methods, once the system is ready for disposal. Bitching that she wiped the server is just ignorance of Federal requirements.
Her contention is this was done AFTER everything required to be retained by law was in the hands of State. The counterclaim is that she didn't turn everything over.
Screaming that her wiping the server is evidence of a cover-up is just ignorant. It is a required step.
He seems to be referring to active NSM and Hunt Teams as opposed to passive compliance and vulnerability monitoring, which is what most organizations do.
Reading through the Vice article it seems as if Snowden didn't exactly come out and say "I think what we're doing is illegal". It was much more along the lines of him questioning their training on oversight and the boundaries. He was asking questions about the relative priorities of Congressional Law vs Executive Orders.
The thing is, we don't know what was discussed in a couple of the verbal meetings, so he very well could have pointed out that the reason he was asking is the decision that was the foundation for some of the programs was a Classified Executive Order that went against Statute.
He implied as such when he was pointing out the training materials, including some SOPs, were out of date and referred to lapsed or repealed laws.
On the other hand, I'm thinking if he went to the IG and flat out said "Hey, I think these programs I'm working on are illegal", I'm pretty sure the response would have been something along the lines of "you're fired -- allow us to remind you of your NDA and the consequences".
I'm not sure of the total duration, but Cricket and AT&T both had major, multi-hour outages on Thursday starting about 4:15 p.m. Eastern. From the chart below, it looks like the majority of it lasted...about 7 hours.
You can buy a box of tri-sodium phosphate for a couple dollars at most home improvement stores, like Lowe's and Home Depot. Add a quarter cup to your laundry and it really helps.
Slashdot Mirror
Yes.
My general instruction to people has been:
Step 1: Go here
Step 2: Copy a suitable string, depending on the limits of the system you're creating a password for
Step 3: Add a 4 - 6 digit PIN
Step 4: Paste it in, write it down, or use something like Keepass.
Hell, letting your browser remember your password is better than picking something stupid.
A password written down on a sticky note can't be cracked remotely. You have to be physically present in the room to have a shot. http://www.imdb.com/title/tt0086567/?ref_=nv_sr_1
If the password is sufficiently complex, and the system uses properly salted hashes, then it is infeasible to crack remotely via brute-forcing the password database. Simple passwords are susceptible to brute force cracking.
A better solution is to use both. Write down the complicated password, but append or prepend a memorized PIN. That way, if the written component is compromised, the PIN still has to be guessed.
More recently, Jupiter Ascending.
Poetic justice to South Park -- the Simpsons did it first.
https://www.youtube.com/watch?v=VRNwqVU70Q8
~Yeah, I can *so* see Edward Snowden getting a confirmation from the U.S. Senate.~ It is only slightly more probable than Jill Stein getting elected to President.
For what office is Scott Corner a candidate? Or are you claiming there are emails directly from HTC offering this?
No? Then there is no violation of the law and your a typical partisan troll.
My phone is encrypted and protected with a fairly strong password (12-digit PIN in my case). In addition, the mobile banking app is also protected with a different, fairly strong password. It has multi-factor authentication, but since that is a text to my phone that doesn't count here.
Since my life is on the phone and I use it to constantly stay in touch with family and friends, plus things like navigation, and quick look-ups of information, it is always on me. So much so that I'd sooner forget my wallet or car keys than my phone.
Finally, my phone is not only constantly backed up, it has, essentially, a GPS locator that I can use from my PC to to find it. Just enter "where's my android phone" into Google, assuming you're logged in to your Google account.
Maybe you've heard of Hyperloop?
You mean like this: http://www.smbc-comics.com/comic/social-security
Books and movies can cost quite a bit more than what you're implying.
Did you intentionally make a subtle M*A*S*H reference? :-)
It wouldn't, as my criticism was directed at the 3rd party security tool vendor, not the OS vendor. I would have been equally derisive if the malware was for iOS and only was effected on jail broken devices.
Thought, to correct your assertion, you actually wonder if my comment would be different if the target of the malware was iOS.
I personally prefer Google's model because it gives me the choice whereas Apple's does not. Android says "you should" whereas iOS says "you must".
This is a 24 page report that can be summed up as "An amazing number of people are stupid enough to click links embedded in SMS messages. However, since this sort of attack is blocked by anyone with the default 'do not allow third-party apps' setting in Android, we only saw 38 actual instances of infected devices contacting the C2 systems. Please take the other 23 1/2 pages of the report as proof we are highly technically skilled, but in general spreading FUD so you pay us lots of money to protect against a threat that has an almost insignificant likelihood of affecting you."
And?
This is just Microsoft once again making certain your bought and paid for content Plays For Sure! (tm)
The name of the algorithm behind AES is Rijndael -- a combination of the names of the Belgian cryptographers who developed it.
His utterings are in the running for either biggest lie of the year, or most ignorant.
Yeah, that problem was solved centuries ago. Considering I'm posting from inside a restaurant who is doing just that, after stopping at a gas station who did the same, the challenge of finding people to accept paper currency AND purely digital bits via a debit card is trivial.
That's setting the bar low. I would be surprised of the Ebola virus polled higher than Congress!
No. Think of it more along the lines of not just setting dedicated lanes for buses and bicycles, but only for COMCAST buses and bicycles -- unless you paid an extra toll.
Comcast and others did this with VoIP in the past. They prioritized their VoIP traffic while de-prioritizing competitorVoIP traffic.
It not only is perfectly legal now, but essential to business that ISPs prioritize traffic by traffic type -- called Quality of Service (QoS).
What they want to do is not by TYPE but by DESTINATION and OWNER. This allows them to essentially tax competitors to services they offer directly, like Vonage and VoIP or Netflix and streaming video.
It is a protection racket, pure and simple.
Federal regulations *REQUIRE* drives to be scrubbed clean, using guidance from NIST SP-800-88 on methods, once the system is ready for disposal. Bitching that she wiped the server is just ignorance of Federal requirements.
Her contention is this was done AFTER everything required to be retained by law was in the hands of State. The counterclaim is that she didn't turn everything over.
Screaming that her wiping the server is evidence of a cover-up is just ignorant. It is a required step.
Keep in mind, the bar is set low here. Is it smarter and more complex, producing better quality movies than say, Uwe Boll?
Read The Practice of Network Security Monitoring.
He seems to be referring to active NSM and Hunt Teams as opposed to passive compliance and vulnerability monitoring, which is what most organizations do.
Reading through the Vice article it seems as if Snowden didn't exactly come out and say "I think what we're doing is illegal". It was much more along the lines of him questioning their training on oversight and the boundaries. He was asking questions about the relative priorities of Congressional Law vs Executive Orders.
The thing is, we don't know what was discussed in a couple of the verbal meetings, so he very well could have pointed out that the reason he was asking is the decision that was the foundation for some of the programs was a Classified Executive Order that went against Statute.
He implied as such when he was pointing out the training materials, including some SOPs, were out of date and referred to lapsed or repealed laws.
On the other hand, I'm thinking if he went to the IG and flat out said "Hey, I think these programs I'm working on are illegal", I'm pretty sure the response would have been something along the lines of "you're fired -- allow us to remind you of your NDA and the consequences".
I'm not sure of the total duration, but Cricket and AT&T both had major, multi-hour outages on Thursday starting about 4:15 p.m. Eastern. From the chart below, it looks like the majority of it lasted...about 7 hours.
http://downdetector.com/status/cricket-wireless
Things that make you go "hmmmm...."
You can buy a box of tri-sodium phosphate for a couple dollars at most home improvement stores, like Lowe's and Home Depot. Add a quarter cup to your laundry and it really helps.