It's already impossible to rent movies and buy music and in some instances, buy books in most places in the US.
Last time I checked, the US Postal Service still delivers to every address in the US. Netflix, among others, delivers movies (on DVD or Blu-Ray) by mail.
Amazon, while offering 256kbps DRM-free MP3 downloads, also still sells music CDs and books. There are plenty of examples of other such vendors.
It may come to pass that there isn't a general market brick-and-mortar shop for books or music in some areas, particularly smaller towns, but what's wrong with ordering things for delivery?
My friend applied for an FBI agent position. She excelled at all the various requirements (e.g. physical fitness test, background checks, etc.) only to fail the polygraph test twice. Why'd she fail? They repeatedly asked her if she had ever done drugs, such as marijuana. She never had done drugs, as several people she knew had gotten into various legal (and when using harder drugs, medical) trouble when using drugs, and so she had an emotional response when asked during the polygraph test.
Even though she passed the required drug tests, the mere fact that she had an emotional response to being asked if she had ever done drugs was enough to disqualify her from ever working at the FBI. Go figure.
I've had a personal domain since 1999 (it's my slashdot username followed by.com). Nobody else in the world has ever had email service at that domain; it's just my account and a few role accounts (postmaster@, abuse@, etc.). Nothing else.
I still get mis-addressed email, which is odd when the intended recipient is not named "Pete".
Why should I change my email address (which is a major part of my online identity) simply because there's idiots out there who can't understand how email works?
I have a personal domain, where my email address is firstname@mydomain.example. Naturally, I get a bunch of spam, but the filters take care of that.
Occasionally I'll get seemingly-legitimate mail for individuals whose names are completely different from my own, yet the sender is evidently using user-entered email addresses. My first name, as my username implies, is "Pete", yet I've gotten mail to my personal account regarding, for example, a woman named Diane who scheduled a service appointment with an Apple Store in New York. The message had legitimately been sent by Apple. Diane had filled out the form on the Apple site and input my address in the email address field. Very odd.
If I was using a Gmail account, I could see someone with a similar name making such a slip, but getting both the username and the domain name completely wrong? I'm surprised that someone could be foolish enough to make such a mistake, but I am apparently underestimating the stupidity of some people.
Skype. As an old AIM user i like a buddy list window and when i double click friends a new window open up allowing me to chat with them. the new skype doesn't allow me to do that anymore. i click on a friend and the window resizes and shows me buddy details. and when im talking with friends everything is tabbed with no option (that i saw) to make everything window based. so thankfully i had an old copy in downloaded. i deleted the new copy and reinstalled the old and will continue to use the old until the copy no longer allows it to connect to there network.
Being that your passwords haven't been compromised (at least based on the most recent information they've posted), I don't see how this is remotely an issue.
As they state on their site, "We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs."
Best case scenario, there are no bad guys. It was just a blip on the network and LastPass freaked out over nothing. This is a minor inconvenience to all involved.
So, worst case scenario, bad guys get everyone's email address, salt, and salted password hash. Due to the salt, they can't use rainbow tables, so they need to brute-force each account's password. The only accounts vulnerable to this would be those with trivial master passwords (which is stupid). There's no way of knowing which accounts have trivial passwords, so they'd need to try brute-forcing everyone's passwords and then use those passwords to log into the LastPass service, get the encrypted blob, and decrypt it. By having everyone change their master passwords, all the information that the potential attackers get would be useless. Additionally, they are doing IP-based checking to help detect suspicious logins to their service.
Even in a worst case scenario, having a non-trivial master password makes it exceedingly unlikely that a bad guy could access your account. Changing your password makes it even more unlikely. Using one of the several two-factor authentication methods LastPass offers makes it effectively impossible.
Lastly, nobody *needs* to use LastPass. It's entirely up to you.
The data stored on LastPass is, with the exception of the salt and email address (neither of which are sensitive), encrypted. The only risk is to those who used weak "master passwords", and then the bad guys would need to identify which of the encrypted data blobs they got (assuming they actually got any) are weakly secured. This is not exactly easy.
From the LastPass announcement:
In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.
In short: - Not many, if any, encrypted data "blobs" were taken. This means that the odds of an offline attack on the encrypted data is low. - They don't state how many people's email addresses, salts, and salted password hashes were taken. It could have been only a few accounts worth, or it could have been a lot. Based on what they're saying, the main risk seems to be an offline attack on the password hashes, and then having the bad guys log into the online accounts and get data. Other mechanisms, like two-factor authentication, would then apply. Changing passwords in such a scenario is a good thing, as even if bad guys managed to get people's passwords, they would be invalid.
Perfect security isn't possible, but LastPass seems to be on the ball with this. I appreciate them disclosing the information and trying to remedy it immediately, rather than waiting for a week as with Sony.
Why is it that I have to present multiple forms of ID, my social security number, large amounts of contact info, and admit to any felonies just to get a job bagging groceries, but the person running for the highest office of one of the most powerful countries in the world does not have to produce a birth certificate to prove that they fulfill two of the basic requirements of holding the position (natural born citizenship and at least 35 years old)?
He does. Just not to you.
Do you honestly think that candidates are not thoroughly vetted for eligibility by the relevant government authorities?
Oh, and I do get a fair number of advertizements and service calls. If you had an appointment with Comcast last Thursday, the tech called the wrong number - that's why he didn't show up. Google did a good job on the translation though...
I have similar experiences, only with email instead of voicemail.
This confuses me as I've owned my own domain for just under 12 years (and was the original registrant), and am the only recipient at the entire domain. It's my personal address and a few generic role accounts (postmaster@, abuse@, etc.) that forward to my personal account. There is no reason why someone named "Diane" should use my email address (pete@[my slashdot username].com) when scheduling an Apple Store appointment in South Carolina (not a state where I've ever lived).
Yet, oddly enough, it happened on April 11th of this year. Go figure.
Good to know. All of that information seems to match what our research has indicated. Many thanks.
We've been looking to eat healthier and eat out less, so having a pricing structure that would encourage this is a good thing, even if it does sting the wallet a bit.
Due to the hideous cost of shipping goods internationally, we're looking at living a monk-like lifestyle, at least before, during, and shortly after the move. We're not moving any furniture (there's an IKEA just outside of Bern with reasonable prices, and nearly all of our furniture is IKEA stuff already), and we pretty much only need to move clothes and computers. We'll also be coming back to the US for Christmas and whatnot (we're originally moving out in August), so we can retrieve other not-needed-immediately stuff. As we're recently married (one year in June), we've got a fair bit of electric wedding presents (small appliances and the like) which won't run on 240V power, so our parents have offered to store them for us for the time being, so we don't need to worry about transporting them.
I'm particularly grateful for the internet: several expat mailing lists have been most useful in regards to getting details on living, housing, and so on. Now even Slashdot is being useful. This is fantastic.
Evidently the Steam version of Mass Effect doesn't have SecuROM, though the retail version does (the retail version also has internet-based activation). Also, according to the wiki, ME2 only has a standard "check if disc is physically present" check, rather than SecuROM or anything to that effect. Also, ME2 does away with online activation.
I prefer Steam, for what it's worth, as I don't need to deal with physical media. The nominal DRM included with Steam sure beats the annoyances of SecuROM and the like.
Dunno. I bought both on Steam, so I presume they come with whatever DRM Steam uses. The Steam DRM hasn't ever been a problem for me. Your mileage may vary.
Good. We're looking forward to it. Even in a worst-case scenario, it's still a learning experience. I suspect that being in a mainly academic environment, I'll be a bit more insulated, but we'd still like to learn all we can.
That said, anything in particular I should be aware of, watch out for, or know ahead of time? We've been doing massive amounts of research on the country, culture, and so on, but we can always use more information.
I got my bachelor's in physics in 2010. I've been doing IT work to fill the gaps until I go to graduate school. Fortunately, I got into the schools that I was looking for (any Slashdotters in Switzerland that want to get a beer sometime in the next few years? I'll be in Bern.), so I'm a bit excited. Moving from the US to Switzerland will be a refreshing change, and will allow my wife and I to fulfill our our love of travel (in our copious free time, naturally).
I suspect that science in Europe will be about as bitter as science in the US, but it'll be a different kind of bitter!
They're only being discarded because they've started to fail. So giving them away would be a bit of a dick move, regardless of whether it's a privacy threat or not.
As for the shredding, my bet would be that they're just following a data-destruction spec from 10-20 years ago, when wiping really wasn't a surefire way to destroy data.
I would think that they'd be shredding (and crushing) the hard disks because it's faster than sitting around and waiting to overwrite disks, especially with larger hard disks. Shredding also works on disks that are damaged and unable to function.
Are you using Dropbox v1.0 or higher? That was when they implemented TrueCrypt support.
I just did a similar test with a 100MB TrueCrypt volume and Dropbox 1.0.10 (admittedly a bit out of date -- why doesn't Dropbox auto-update?) and it worked precisely as expected: only the changed parts (about 4MB, as I used to images as the test files) of the TC volume were uploaded, while the bulk of the TC file remained unchanged and didn't get uploaded.
ME2 is fantastic. I highly recommend it. About 45 hours worth of gameplay for me on the first playthrough. I highly recommend the Lair of the Shadow Broker DLC as well.
I re-played ME1 as a Renegade (first character was a Paragon) and will start ME2 anew with that character. We'll see how that goes.
Slashdot Mirror
It's already impossible to rent movies and buy music and in some instances, buy books in most places in the US.
Last time I checked, the US Postal Service still delivers to every address in the US. Netflix, among others, delivers movies (on DVD or Blu-Ray) by mail.
Amazon, while offering 256kbps DRM-free MP3 downloads, also still sells music CDs and books. There are plenty of examples of other such vendors.
It may come to pass that there isn't a general market brick-and-mortar shop for books or music in some areas, particularly smaller towns, but what's wrong with ordering things for delivery?
Yes. At least the Gmail-based one does (not sure about the Google Talk client itself).
My friend applied for an FBI agent position. She excelled at all the various requirements (e.g. physical fitness test, background checks, etc.) only to fail the polygraph test twice. Why'd she fail? They repeatedly asked her if she had ever done drugs, such as marijuana. She never had done drugs, as several people she knew had gotten into various legal (and when using harder drugs, medical) trouble when using drugs, and so she had an emotional response when asked during the polygraph test.
Even though she passed the required drug tests, the mere fact that she had an emotional response to being asked if she had ever done drugs was enough to disqualify her from ever working at the FBI. Go figure.
I've had a personal domain since 1999 (it's my slashdot username followed by .com). Nobody else in the world has ever had email service at that domain; it's just my account and a few role accounts (postmaster@, abuse@, etc.). Nothing else.
I still get mis-addressed email, which is odd when the intended recipient is not named "Pete".
Why should I change my email address (which is a major part of my online identity) simply because there's idiots out there who can't understand how email works?
Doubtful. They probably just had your address as a BCC.
I have a personal domain, where my email address is firstname@mydomain.example. Naturally, I get a bunch of spam, but the filters take care of that.
Occasionally I'll get seemingly-legitimate mail for individuals whose names are completely different from my own, yet the sender is evidently using user-entered email addresses. My first name, as my username implies, is "Pete", yet I've gotten mail to my personal account regarding, for example, a woman named Diane who scheduled a service appointment with an Apple Store in New York. The message had legitimately been sent by Apple. Diane had filled out the form on the Apple site and input my address in the email address field. Very odd.
If I was using a Gmail account, I could see someone with a similar name making such a slip, but getting both the username and the domain name completely wrong? I'm surprised that someone could be foolish enough to make such a mistake, but I am apparently underestimating the stupidity of some people.
Skype. As an old AIM user i like a buddy list window and when i double click friends a new window open up allowing me to chat with them. the new skype doesn't allow me to do that anymore. i click on a friend and the window resizes and shows me buddy details. and when im talking with friends everything is tabbed with no option (that i saw) to make everything window based. so thankfully i had an old copy in downloaded. i deleted the new copy and reinstalled the old and will continue to use the old until the copy no longer allows it to connect to there network.
View menu --> Compact View
What, like LastPass?
Bcdedit isnt GUI, last I checked....)?
EasyBCD is freeware and GUI. Very handy.
Curse me for using the last of my mod points in a previous thread.
Seriously. They need a lot more user interface testing. /sticking with 10.04 LTS for the time being
Being that your passwords haven't been compromised (at least based on the most recent information they've posted), I don't see how this is remotely an issue.
As they state on their site, "We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs."
Best case scenario, there are no bad guys. It was just a blip on the network and LastPass freaked out over nothing. This is a minor inconvenience to all involved.
So, worst case scenario, bad guys get everyone's email address, salt, and salted password hash. Due to the salt, they can't use rainbow tables, so they need to brute-force each account's password. The only accounts vulnerable to this would be those with trivial master passwords (which is stupid). There's no way of knowing which accounts have trivial passwords, so they'd need to try brute-forcing everyone's passwords and then use those passwords to log into the LastPass service, get the encrypted blob, and decrypt it. By having everyone change their master passwords, all the information that the potential attackers get would be useless. Additionally, they are doing IP-based checking to help detect suspicious logins to their service.
Even in a worst case scenario, having a non-trivial master password makes it exceedingly unlikely that a bad guy could access your account. Changing your password makes it even more unlikely. Using one of the several two-factor authentication methods LastPass offers makes it effectively impossible.
Lastly, nobody *needs* to use LastPass. It's entirely up to you.
Woosh.
How so?
The data stored on LastPass is, with the exception of the salt and email address (neither of which are sensitive), encrypted. The only risk is to those who used weak "master passwords", and then the bad guys would need to identify which of the encrypted data blobs they got (assuming they actually got any) are weakly secured. This is not exactly easy.
From the LastPass announcement:
In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.
In short:
- Not many, if any, encrypted data "blobs" were taken. This means that the odds of an offline attack on the encrypted data is low.
- They don't state how many people's email addresses, salts, and salted password hashes were taken. It could have been only a few accounts worth, or it could have been a lot. Based on what they're saying, the main risk seems to be an offline attack on the password hashes, and then having the bad guys log into the online accounts and get data. Other mechanisms, like two-factor authentication, would then apply. Changing passwords in such a scenario is a good thing, as even if bad guys managed to get people's passwords, they would be invalid.
Perfect security isn't possible, but LastPass seems to be on the ball with this. I appreciate them disclosing the information and trying to remedy it immediately, rather than waiting for a week as with Sony.
Might be difficult to find you, as you posted AC. :)
Why is it that I have to present multiple forms of ID, my social security number, large amounts of contact info, and admit to any felonies just to get a job bagging groceries, but the person running for the highest office of one of the most powerful countries in the world does not have to produce a birth certificate to prove that they fulfill two of the basic requirements of holding the position (natural born citizenship and at least 35 years old)?
He does. Just not to you.
Do you honestly think that candidates are not thoroughly vetted for eligibility by the relevant government authorities?
Oh, and I do get a fair number of advertizements and service calls. If you had an appointment with Comcast last Thursday, the tech called the wrong number - that's why he didn't show up. Google did a good job on the translation though...
I have similar experiences, only with email instead of voicemail.
This confuses me as I've owned my own domain for just under 12 years (and was the original registrant), and am the only recipient at the entire domain. It's my personal address and a few generic role accounts (postmaster@, abuse@, etc.) that forward to my personal account. There is no reason why someone named "Diane" should use my email address (pete@[my slashdot username].com) when scheduling an Apple Store appointment in South Carolina (not a state where I've ever lived).
Yet, oddly enough, it happened on April 11th of this year. Go figure.
Critical (XP) and Important (7) updates are available to everyone, including users of pirated systems.
The MSRT is listed as an Important update on my Windows 7 systems (don't have any XP ones to check).
Good to know. All of that information seems to match what our research has indicated. Many thanks.
We've been looking to eat healthier and eat out less, so having a pricing structure that would encourage this is a good thing, even if it does sting the wallet a bit.
Due to the hideous cost of shipping goods internationally, we're looking at living a monk-like lifestyle, at least before, during, and shortly after the move. We're not moving any furniture (there's an IKEA just outside of Bern with reasonable prices, and nearly all of our furniture is IKEA stuff already), and we pretty much only need to move clothes and computers. We'll also be coming back to the US for Christmas and whatnot (we're originally moving out in August), so we can retrieve other not-needed-immediately stuff. As we're recently married (one year in June), we've got a fair bit of electric wedding presents (small appliances and the like) which won't run on 240V power, so our parents have offered to store them for us for the time being, so we don't need to worry about transporting them.
I'm particularly grateful for the internet: several expat mailing lists have been most useful in regards to getting details on living, housing, and so on. Now even Slashdot is being useful. This is fantastic.
Fair enough.
Evidently the Steam version of Mass Effect doesn't have SecuROM, though the retail version does (the retail version also has internet-based activation). Also, according to the wiki, ME2 only has a standard "check if disc is physically present" check, rather than SecuROM or anything to that effect. Also, ME2 does away with online activation.
I prefer Steam, for what it's worth, as I don't need to deal with physical media. The nominal DRM included with Steam sure beats the annoyances of SecuROM and the like.
Dunno. I bought both on Steam, so I presume they come with whatever DRM Steam uses. The Steam DRM hasn't ever been a problem for me. Your mileage may vary.
Good. We're looking forward to it. Even in a worst-case scenario, it's still a learning experience. I suspect that being in a mainly academic environment, I'll be a bit more insulated, but we'd still like to learn all we can.
That said, anything in particular I should be aware of, watch out for, or know ahead of time? We've been doing massive amounts of research on the country, culture, and so on, but we can always use more information.
Now you tell me!
I got my bachelor's in physics in 2010. I've been doing IT work to fill the gaps until I go to graduate school. Fortunately, I got into the schools that I was looking for (any Slashdotters in Switzerland that want to get a beer sometime in the next few years? I'll be in Bern.), so I'm a bit excited. Moving from the US to Switzerland will be a refreshing change, and will allow my wife and I to fulfill our our love of travel (in our copious free time, naturally).
I suspect that science in Europe will be about as bitter as science in the US, but it'll be a different kind of bitter!
They're only being discarded because they've started to fail. So giving them away would be a bit of a dick move, regardless of whether it's a privacy threat or not.
As for the shredding, my bet would be that they're just following a data-destruction spec from 10-20 years ago, when wiping really wasn't a surefire way to destroy data.
I would think that they'd be shredding (and crushing) the hard disks because it's faster than sitting around and waiting to overwrite disks, especially with larger hard disks. Shredding also works on disks that are damaged and unable to function.
Are you using Dropbox v1.0 or higher? That was when they implemented TrueCrypt support.
I just did a similar test with a 100MB TrueCrypt volume and Dropbox 1.0.10 (admittedly a bit out of date -- why doesn't Dropbox auto-update?) and it worked precisely as expected: only the changed parts (about 4MB, as I used to images as the test files) of the TC volume were uploaded, while the bulk of the TC file remained unchanged and didn't get uploaded.
ME2 is fantastic. I highly recommend it. About 45 hours worth of gameplay for me on the first playthrough. I highly recommend the Lair of the Shadow Broker DLC as well.
I re-played ME1 as a Renegade (first character was a Paragon) and will start ME2 anew with that character. We'll see how that goes.