You have no reason to expect my server to receive your mail unless we have a contract. If we had a contract, you'd be using SMTP AUTH and there would be no issue.
Since we don't have a contract, you're relying on my good will to accept your message.
If you turn off the preschool interface and the visual effects XP appears to be faster here, although that's based on appearance and not any formal testing.
My Gateway has a power calibration mode in the BIOS that does this for you, plus measures the battery before and after, and calibrates the charge indicator (the percentage which is revealed to Windows, as apposed to the mAh which the battery meter reveals internally)
It's a handy feature and saves you from playing games with power management.
But the point is that the virus isn't doing anything other then what the user is already authorized to do -- Send email.
Sure you could throw up a "this application is trying to access the internet" dialog or something, but the user will authorize it for the same reason that they ran the damn thing in the first place -- They don't know any better.
Most of the holes are in the user -- In the majority of recent viruses the only way it gets installed is by the user opening an attachment.
If you can convince an idiot to run a virus when they're using Windows, you can put that same idiot in front of a Linux box, trick them into running the attachment, their Linux box will get hit too.
Now, if the user isn't running as root, the virus can't completely 0wn the system. So what? A spam-sending botnet doesn't need root, it needs no more access to the system then an IRC client.
I lock mine with black ties, include white ties and a note to please lock the back with my supplied ties. The white ones are marked with a coloured dot.
While I'm not too stressed either way, if I know the bag was opened I'll be more careful reviewing the contents when I unpack it.
Personally, I tend to use sufficiently unlikely to be guessed passwords. No they don't all have numbers or symbols or anything else, but they don't need to -- Brute forcing isn't an issue if you can only try 3 passwords every 10 minutes.
Symbols, uppercase/lowercase, etc, only make bruteforcing harder, they don't interfere with other ways of compromising accounts.
I haven't bothered with locks on my last few flights (and you were still permitted locks at that time) -- Instead, I just used plastic ties.
Security was quite willing to use my own plastic ties rather then their own, which meant I could still tell whether or not my luggage was opened again after it left my sight.
Why would he have endangered a life with it? It seems to be 911-5555 is a perfect valid number even...
Simple: 911 call centers can only handle a fixed number of simultaneous calls. If you trick a telemarketer/fax/whatever into calling 911, you may delay a legitimate emergency call from connecting.
While I don't disagree about password lengths (and passphrases in general), if I can socially engineer a passWORD out of somebody, I can get their passPHRASE just as easily.
Passphrases would solve a lot of problems, but idiots that give out their password at the slightest provocation isn't one of those problems.
And exactly why is taking an identity so easy? That is, why does the system have to run the way it does?
Simple: Any information which you can use to verify who I am can be used by someone else to verify they are who I am. (In other words, the person they're pretending to be)
The only solution is verification -- Either single-use validation numbers of some sort, or a two way confirmation process. Unfortunately, either option would require a lot more centralization then Americans would accept, although with a universal federal ID it could happen.
Imagine that I provide my personalID, the utility (or whatever) responds with their corporateID and a serial. I then login to a central system, enter my personalID, my personalPIN, the corporateID and the serial. The company is then informed that I have provided both authentication and authorization.
The result is that as long as the central authority is secure, the entry bar is raised a lot higher -- In essense, it means no longer making something I know into something that everybody I deal with knows.
There would be never be any reason ot excuse for any company to ask for your personalPIN, and doing so should be grounds for execution.
A photograph on the card would do wonders without the unintended offense of "overweight balding 45-year old white male" being associated with your credit card.
Hell, if you were willing to sell your soul in exchange for the credit card company's convenience they could make your picture digitally available and when you purchase a product, print pictures of you on the product packaging and pay UPS an extra buck or two to verify that the package is only delivered to a matching individual.
You're welcome to go through my garbage. It's all shredded though.
Not just the stuff you'd find useful either, I shred all the junk mail I receive too. If you plan on finding my personal info, you'd better be prepared to learn what sort of sales are happening at the local grocery stores too.
If your bank isn't already doing this, you should either change banks or start paying your bills and build up a credit rating equal to that of a common dog.
By the time I was 15 my bank would immediately honour up to $500/day worth of deposits, and up to $1500 of "uncleared" deposits would be available to me as of 6PM the following business day after the transaction.
In other words, I can insert an empty envelope and get up to $500. Once they verify that I inserted something resembling cash or a cheque, I can get up to $1500.
Of course I've had an ATM card since I was 12, never deposited a bad cheque when I didn't have sufficient funds to cover it after it bounced, never bounced a cheque I've written, all that.
My roommates, on the other hand, still have to wait 5 business days for cheques to clear. Why? Because of R9 credit ratings (well, one of them, anyway)
How do you figure? In the quantities that an ATM manufacturer buys it would be no problem for them to order (or build) any CPU they need for the forseeable future.
You don't need a PentiumVI to run an ATM, chances are a 386 will more then do the trick for a text interface, and a 386 with a reasonably fast graphics card will do the trick for a GUI version of the ATM.
Slashdot Mirror
On what grounds?
You have no reason to expect my server to receive your mail unless we have a contract. If we had a contract, you'd be using SMTP AUTH and there would be no issue.
Since we don't have a contract, you're relying on my good will to accept your message.
It's obviously not "The" Shania Twain... But it's not unreasonable to assume the gender is correct.
Which do you think Shania would want?
Since Shania is a female name, and the majority of the population is straight, do you think Shania would likely want a blond or blonde?
Make lesser mistakes?
I don't know about you, but I'd rather they don't make encourage mistakes big or small.
If you turn off the preschool interface and the visual effects XP appears to be faster here, although that's based on appearance and not any formal testing.
My Gateway has a power calibration mode in the BIOS that does this for you, plus measures the battery before and after, and calibrates the charge indicator (the percentage which is revealed to Windows, as apposed to the mAh which the battery meter reveals internally)
It's a handy feature and saves you from playing games with power management.
But the point is that the virus isn't doing anything other then what the user is already authorized to do -- Send email.
Sure you could throw up a "this application is trying to access the internet" dialog or something, but the user will authorize it for the same reason that they ran the damn thing in the first place -- They don't know any better.
Most of the holes are in the user -- In the majority of recent viruses the only way it gets installed is by the user opening an attachment.
If you can convince an idiot to run a virus when they're using Windows, you can put that same idiot in front of a Linux box, trick them into running the attachment, their Linux box will get hit too.
Now, if the user isn't running as root, the virus can't completely 0wn the system. So what? A spam-sending botnet doesn't need root, it needs no more access to the system then an IRC client.
The difference is that you aren't charged an additional fee AND expected to return the product.
Which is fine, except that they did not file for bankruptcy -- They filed for bankruptcy protection.
I lock mine with black ties, include white ties and a note to please lock the back with my supplied ties. The white ones are marked with a coloured dot.
While I'm not too stressed either way, if I know the bag was opened I'll be more careful reviewing the contents when I unpack it.
Personally, I tend to use sufficiently unlikely to be guessed passwords. No they don't all have numbers or symbols or anything else, but they don't need to -- Brute forcing isn't an issue if you can only try 3 passwords every 10 minutes.
Symbols, uppercase/lowercase, etc, only make bruteforcing harder, they don't interfere with other ways of compromising accounts.
I haven't bothered with locks on my last few flights (and you were still permitted locks at that time) -- Instead, I just used plastic ties.
Security was quite willing to use my own plastic ties rather then their own, which meant I could still tell whether or not my luggage was opened again after it left my sight.
Whether this still applies or not, I don't know.
Why would he have endangered a life with it? It seems to be 911-5555 is a perfect valid number even ...
Simple: 911 call centers can only handle a fixed number of simultaneous calls. If you trick a telemarketer/fax/whatever into calling 911, you may delay a legitimate emergency call from connecting.
While I don't disagree about password lengths (and passphrases in general), if I can socially engineer a passWORD out of somebody, I can get their passPHRASE just as easily.
Passphrases would solve a lot of problems, but idiots that give out their password at the slightest provocation isn't one of those problems.
And exactly why is taking an identity so easy? That is, why does the system have to run the way it does?
Simple: Any information which you can use to verify who I am can be used by someone else to verify they are who I am. (In other words, the person they're pretending to be)
The only solution is verification -- Either single-use validation numbers of some sort, or a two way confirmation process. Unfortunately, either option would require a lot more centralization then Americans would accept, although with a universal federal ID it could happen.
Imagine that I provide my personalID, the utility (or whatever) responds with their corporateID and a serial. I then login to a central system, enter my personalID, my personalPIN, the corporateID and the serial. The company is then informed that I have provided both authentication and authorization.
The result is that as long as the central authority is secure, the entry bar is raised a lot higher -- In essense, it means no longer making something I know into something that everybody I deal with knows.
There would be never be any reason ot excuse for any company to ask for your personalPIN, and doing so should be grounds for execution.
A photograph on the card would do wonders without the unintended offense of "overweight balding 45-year old white male" being associated with your credit card.
Hell, if you were willing to sell your soul in exchange for the credit card company's convenience they could make your picture digitally available and when you purchase a product, print pictures of you on the product packaging and pay UPS an extra buck or two to verify that the package is only delivered to a matching individual.
Banks need it primarily because they pay interest. That's right, that $0.01 they pay you is income.
You're welcome to go through my garbage. It's all shredded though.
Not just the stuff you'd find useful either, I shred all the junk mail I receive too. If you plan on finding my personal info, you'd better be prepared to learn what sort of sales are happening at the local grocery stores too.
Is it water proof? How about baseball bat proof? Bullet proof?
Neat idea, but $149USD? DAMN.
I notice a lot that look like they're looking, but very few actually said anything when the signature was completely rubbed off of my old card.
It's nice that they're pretending to care, but I suspect it's more to passify secret shoppers then because they actually care.
Also take out the ones that need more then numbers and F-keys to initiate locally.
huh?
If your bank isn't already doing this, you should either change banks or start paying your bills and build up a credit rating equal to that of a common dog.
By the time I was 15 my bank would immediately honour up to $500/day worth of deposits, and up to $1500 of "uncleared" deposits would be available to me as of 6PM the following business day after the transaction.
In other words, I can insert an empty envelope and get up to $500. Once they verify that I inserted something resembling cash or a cheque, I can get up to $1500.
Of course I've had an ATM card since I was 12, never deposited a bad cheque when I didn't have sufficient funds to cover it after it bounced, never bounced a cheque I've written, all that.
My roommates, on the other hand, still have to wait 5 business days for cheques to clear. Why? Because of R9 credit ratings (well, one of them, anyway)
How do you figure? In the quantities that an ATM manufacturer buys it would be no problem for them to order (or build) any CPU they need for the forseeable future.
You don't need a PentiumVI to run an ATM, chances are a 386 will more then do the trick for a text interface, and a 386 with a reasonably fast graphics card will do the trick for a GUI version of the ATM.