So true. My older kid doesn't use Facebook, just Instagram. She says it's because Facebook is where mom and dad are. My younger kid doesn't use Instagram, just Snapshat. He says it's because Instagram is where his sister is.
Facebook used to be where I went to see what my friends are up to. Now it's where I go to be bombarded with sponsored crap. It's all political outrage, cat videos and click-bait.
Great. Now my keyboard can do 40 Gbps, but my LAN is still stuck at 1 Gbps. Why can't this inexpensive technology be used to give me a high speed LAN? 10GB Ethernet still costs thousands of dollars.
You don't grasp the immense size of China's population. 23 million is a rounding error.
Even worse will be the chilling effect on the billions who must exhibit important behaviors such as 'paying off protection money to officials', 'allowing some sleazy shit local official to sleep with your wife or else', 'not being deferential enough to "important" people'
Wow that's a whole lot of bullshit. Why don't you try pulling a gun on a cop. Even if you "win" you will be beaten to death by the hundred other cops who show up. Cops aren't more polite when they think they are in danger.
Why does my twitter account have better security than my BANK?! Bank of America only supports SMS authentication, and that is only to a long list of every phone number associated with my account. I cannot restrict it to just one phone number such as a Google Voice phone set up just for security. I asked a rep about Two-Factor-Authentication and she said "I never heard of that, what is it?"
It is mind boggling. My money has less protection that my throw away forum accounts.
Also, shout out to Vanguard, who has a "I FORGOT MY AUTHENTICATION DEVICE" link on the login page that allows me to skip using Google Authenticator if it's 'inconvenient'.
I had the same experience with my Van Dyke style beard. When 4/4 Postal Clerks at my local Post Office had Van Dykes (one of them is a woman) I knew it wasn't hip anymore.
While I'm not disagreeing that Bitcoin's halo is tarnished... The article says > hitting its lowest level since September 2007 When Bitcoin's original description was in a whitepaper published in 2009. How lazy does a reporter have to be to not even check a Wikipedia page? How well researched is the rest of the article?
I just got denied credit for a big purchase. On the rejection letter they listed the reasons I am not a good candidate: I paid off my mortgage in full and have no mortgage debt. I pay off my credit cards each month and carry no balance. We wouldn't want to let creeps like me into the country!
True but misleading. Executables compiled with an older 'go' will continue to execute. This is not true of Python. New Python interpreters can cause old code to break.
It's simple. Just don't give your Smart TV your wi-fi password. Ever. The Smart functions are terrible implementations anyway. Plug in something you trust more, like a Plex box, an Amazon Fire Stick or a Chromestick and let your TV be a dumb device that just displays whatever video signal you feed it.
Samsung Smart TVs got caught *browsing your network shared folders and sending your filenames to a server in South Korea*. There is no possible legitimate excuse for that. Don't trust consumer electronics devices!
Personally, I'd never trust an Alexa or similar device either, but YMMV.
Also, Vanguard has TOPT 2FA (Authy, Google Authenticator, etc), but on the page that asks you to enter your code there is a button 'I don't have my security device with me, send me an SMS instead'. This cannot be disabled. I am not making this up. I complained but the support rep couldn't understand why this is bad. She just kept asking if I wanted to turn off 2FA altogether.
And salespeople. Don't forget salespeople. When I worked at a system integrator (custom code for various industries) we got a cool big document scanner. We made a *spreadsheet with hyperlinks* to (1) scan a new document, (2) view a document. A salesman saw it and within two weeks had sold our "industry leading document management system" to a big South American bank. We had less than a month to put something together and then we all got shipped to South America to install our industry leading system and train the techno-phobic bank staff on using our spreadsheet with hyperlinks.
Programming language security had nothing to do with this hack. Someone called the phone company and pretended to be a clueless customer who was trying to port his phone to a new provider. Lazy phone company rep decided that even though the "clueless customer" didn't pass any of the security questions he would go ahead and port the phone away anyway 'to be helpful'. Now the hacker can receive all SMS messages that were supposed to go to the phone. He logs into Reddit's backend as the user and it sends a 2FactorAuthentication code to the user's phone. Which the hacker is now receiving.
Sending codes as an SMS to a phone is terrible security and everyone has known this for years. Bitcoin exchanges have been very publicly hacked this way enough that no exchange would even consider using SMS for security. I'm surprised Reddit, which has a very technical community, allowed this.
You have no idea what 'salted' passwords means, do you? It doesn't add the word 'SECRET' to every password or any other secret word. It adds a *different* random string to every password. This means rainbow tables are useless because the entire rainbow table would be specific to ONE user's password. It would be completely pointless to generate a rainbow table for ONE user instead of just a brute-force attack on that user, with or without a 'cluster of rented Amazon GPU servers'.
I have TOPT (Google Authenticator, Authy, Auth+ etc) on my phone and on an old iPod Touch I wasn't using anymore. If I lose my phone I'm not locked out of my accounts.
Great. My bank only has SMS based 2FA, with a checkbox on the screen labelled 'I forgot my device, log me in without it'. I kid you not. I've complained to their minimum wage offshore support people who can't find my words in their script so don't say anything.
Your private keys are stored in a secure hardware module inside the Yubikey. They never leave the Yubikey not even into your own computer. The login process sends a random challenge into the Yubikey. The Yubikey responds with the challenge encrypted by your secret private key. The website can verify the response against your public key. The response is unique to that random challenge and gives an eavesdropper no useful or repeatable information.
Each website gets a different set of keys generated by the Yubikey to prevent cross-referencing your identity.
Slashdot Mirror
Hate the stuff
So true. My older kid doesn't use Facebook, just Instagram. She says it's because Facebook is where mom and dad are. My younger kid doesn't use Instagram, just Snapshat. He says it's because Instagram is where his sister is.
Facebook used to be where I went to see what my friends are up to. Now it's where I go to be bombarded with sponsored crap. It's all political outrage, cat videos and click-bait.
Great. Now my keyboard can do 40 Gbps, but my LAN is still stuck at 1 Gbps. Why can't this inexpensive technology be used to give me a high speed LAN? 10GB Ethernet still costs thousands of dollars.
You don't grasp the immense size of China's population. 23 million is a rounding error.
Even worse will be the chilling effect on the billions who must exhibit important behaviors such as 'paying off protection money to officials', 'allowing some sleazy shit local official to sleep with your wife or else', 'not being deferential enough to "important" people'
Wow that's a whole lot of bullshit. Why don't you try pulling a gun on a cop. Even if you "win" you will be beaten to death by the hundred other cops who show up. Cops aren't more polite when they think they are in danger.
Why not just USB 5GBS, USB 10GBS?! Would that be so difficult?!
"SUPPORT. HELP. HUMAN. OPERATOR. GET ME A FUCKING HUMAN BEING YOU GODDAMN PIECE OF SHIT! "
processing... processing... processing... anger detected 37% probability
(im not yelling slashdot im not yelling... ok i am but its on purpose let this post go through...)
Why does my twitter account have better security than my BANK?! Bank of America only supports SMS authentication, and that is only to a long list of every phone number associated with my account. I cannot restrict it to just one phone number such as a Google Voice phone set up just for security. I asked a rep about Two-Factor-Authentication and she said "I never heard of that, what is it?"
It is mind boggling. My money has less protection that my throw away forum accounts.
Also, shout out to Vanguard, who has a "I FORGOT MY AUTHENTICATION DEVICE" link on the login page that allows me to skip using Google Authenticator if it's 'inconvenient'.
I had the same experience with my Van Dyke style beard. When 4/4 Postal Clerks at my local Post Office had Van Dykes (one of them is a woman) I knew it wasn't hip anymore.
While I'm not disagreeing that Bitcoin's halo is tarnished... The article says
> hitting its lowest level since September 2007
When Bitcoin's original description was in a whitepaper published in 2009. How lazy does a reporter have to be to not even check a Wikipedia page? How well researched is the rest of the article?
I just got denied credit for a big purchase. On the rejection letter they listed the reasons I am not a good candidate: I paid off my mortgage in full and have no mortgage debt. I pay off my credit cards each month and carry no balance. We wouldn't want to let creeps like me into the country!
I fail to see why this breach is news at all. It's all reset codes that expired minutes after they were used. This isn't sensitive data.
True but misleading. Executables compiled with an older 'go' will continue to execute. This is not true of Python. New Python interpreters can cause old code to break.
Bring it on! I'll pit their garage-sale used pitchforks against my Boston Dynamics dancing kill-bot any day.
It's simple. Just don't give your Smart TV your wi-fi password. Ever. The Smart functions are terrible implementations anyway. Plug in something you trust more, like a Plex box, an Amazon Fire Stick or a Chromestick and let your TV be a dumb device that just displays whatever video signal you feed it.
Samsung Smart TVs got caught *browsing your network shared folders and sending your filenames to a server in South Korea*. There is no possible legitimate excuse for that. Don't trust consumer electronics devices!
Personally, I'd never trust an Alexa or similar device either, but YMMV.
That is moronic!
Also, Vanguard has TOPT 2FA (Authy, Google Authenticator, etc), but on the page that asks you to enter your code there is a button 'I don't have my security device with me, send me an SMS instead'. This cannot be disabled. I am not making this up. I complained but the support rep couldn't understand why this is bad. She just kept asking if I wanted to turn off 2FA altogether.
And salespeople. Don't forget salespeople. When I worked at a system integrator (custom code for various industries) we got a cool big document scanner. We made a *spreadsheet with hyperlinks* to (1) scan a new document, (2) view a document. A salesman saw it and within two weeks had sold our "industry leading document management system" to a big South American bank. We had less than a month to put something together and then we all got shipped to South America to install our industry leading system and train the techno-phobic bank staff on using our spreadsheet with hyperlinks.
Programming language security had nothing to do with this hack. Someone called the phone company and pretended to be a clueless customer who was trying to port his phone to a new provider. Lazy phone company rep decided that even though the "clueless customer" didn't pass any of the security questions he would go ahead and port the phone away anyway 'to be helpful'. Now the hacker can receive all SMS messages that were supposed to go to the phone. He logs into Reddit's backend as the user and it sends a 2FactorAuthentication code to the user's phone. Which the hacker is now receiving.
Sending codes as an SMS to a phone is terrible security and everyone has known this for years. Bitcoin exchanges have been very publicly hacked this way enough that no exchange would even consider using SMS for security. I'm surprised Reddit, which has a very technical community, allowed this.
BTW my bank still ONLY offers SMS security :-(
You have no idea what 'salted' passwords means, do you? It doesn't add the word 'SECRET' to every password or any other secret word. It adds a *different* random string to every password. This means rainbow tables are useless because the entire rainbow table would be specific to ONE user's password. It would be completely pointless to generate a rainbow table for ONE user instead of just a brute-force attack on that user, with or without a 'cluster of rented Amazon GPU servers'.
> they get loose
Thank you. Just... thank you. I got a tear in my eye when you used 'loose' correctly.
> U2F is much more convenient
Not if you have an iPhone. It doesn't work on an iPhone so you can't access any of your accounts from the phone.
I have TOPT (Google Authenticator, Authy, Auth+ etc) on my phone and on an old iPod Touch I wasn't using anymore. If I lose my phone I'm not locked out of my accounts.
> bank I use has a device with a tiny camera
Great. My bank only has SMS based 2FA, with a checkbox on the screen labelled 'I forgot my device, log me in without it'. I kid you not. I've complained to their minimum wage offshore support people who can't find my words in their script so don't say anything.
Wrong.
Your private keys are stored in a secure hardware module inside the Yubikey. They never leave the Yubikey not even into your own computer. The login process sends a random challenge into the Yubikey. The Yubikey responds with the challenge encrypted by your secret private key. The website can verify the response against your public key. The response is unique to that random challenge and gives an eavesdropper no useful or repeatable information.
Each website gets a different set of keys generated by the Yubikey to prevent cross-referencing your identity.