You can't compare the passwords from two different phishing attacks. You only get the passwords from people who fall for the scam. If one scam is easier to detect than the other one, then one sample will contain passwords from dumber people than the other sample.
The quality of passwords has nothing to do with the type of people that where scammed, but with the difficulty of detecting the spam.
If you are going to use 1GB of RAM, it would be much more efficient to add this GB to your main memory and increase the size of your filesystem cache (if your OS doen't do it automatically). Ok, you wouldn't gain in boot time, but after that the OS makes sure your additionnal GB is used in the most efficient way.
It's almost the same thing as when pagefiles were introduced in Windows. People suggested using a RAMdisk to hold the pagefile, so that swapping would be much faster........
I can't stand all the hype around Quantum Crypto. If you have a close look at it, you'll see that it doesn't solve anything...
When you transmit bits with QC the law of physics guarantee that nobody will see them, even if some genius breaks all the math behind classical crypto. This is all very well but the throughput is too low, thus QC is used to transmit a key which is then used to encrypt the data. Thus you still need symmetric crypto to encrypt your data.
Now, something everybody seems to ignore: QC does not authenticate the transmission. I can buy two magiQ boxes and set up a man in the middle attack. QC can not prove whether you are exchanging bits with the original sender or with some monkey in the middle. To solve this problem the QC vendors suggest:
Physical monitoring of the fiber: if you can guarantee nobody touches your fibre, you don't need any crypto!
Using certificates: Ooops, so now we need asymmetric crypto too, so our QC system relies both on symmetric and asymmetric crypto. Why do we need QC for then?
Use a shared secret that is programmed into the boxes when they are delivered: If you already have a shared secret, you don't need to exchange a key with QC, you can derive the key from your shared secret...
So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.
Diffie-Hellman does not prevent man-in-the-middle attacks. It just makes sure that only you and the person you ran the Diffie-Hellman key exchange with know the key.
You still need some other mechanism to make sure that you are actually talking directly to the right person and not to some man in the middle.
In IPsec they use either a shared secret, a public key or a certificate to authenticate parties.
In other news, the US congress just passed a law that would make it mandatory to fit these camera devices with a new DRM technology that blocks unlicensed contents.
You will only see what the *AA (or the government) wants you to see...
It's a pitty none of the tests have compared the false positive rates of the various spyware busters.
It would be interesting to run all tested products on a PC with no spywares and compare the results. On my machine pest patrol (the online version) found 16 non-existing spywares.
Testing for positives only encourages products that create false postives.
Slashdot Mirror
"Wathever makes a soldier sad, will make a killer smile", Leonard Cohen, The Captain, 1984
As in 12.14.2006 instead of 14.12.2006 ? I thing the americans always misrepresent dates. Must be a sign of their crooked politics...
You can't compare the passwords from two different phishing attacks. You only get the passwords from people who fall for the scam. If one scam is easier to detect than the other one, then one sample will contain passwords from dumber people than the other sample.
The quality of passwords has nothing to do with the type of people that where scammed, but with the difficulty of detecting the spam.
If you are going to use 1GB of RAM, it would be much more efficient to add this GB to your main memory and increase the size of your filesystem cache (if your OS doen't do it automatically). Ok, you wouldn't gain in boot time, but after that the OS makes sure your additionnal GB is used in the most efficient way.
It's almost the same thing as when pagefiles were introduced in Windows. People suggested using a RAMdisk to hold the pagefile, so that swapping would be much faster........
I can't stand all the hype around Quantum Crypto. If you have a close look at it, you'll see that it doesn't solve anything...
When you transmit bits with QC the law of physics guarantee that nobody will see them, even if some genius breaks all the math behind classical crypto. This is all very well but the throughput is too low, thus QC is used to transmit a key which is then used to encrypt the data. Thus you still need symmetric crypto to encrypt your data.
Now, something everybody seems to ignore: QC does not authenticate the transmission. I can buy two magiQ boxes and set up a man in the middle attack. QC can not prove whether you are exchanging bits with the original sender or with some monkey in the middle. To solve this problem the QC vendors suggest:
- Physical monitoring of the fiber: if you can guarantee nobody touches your fibre, you don't need any crypto!
- Using certificates: Ooops, so now we need asymmetric crypto too, so our QC system relies both on symmetric and asymmetric crypto. Why do we need QC for then?
- Use a shared secret that is programmed into the boxes when they are delivered: If you already have a shared secret, you don't need to exchange a key with QC, you can derive the key from your shared secret...
So even if you use QC, you still need to rely on all the classical crypto to make it work. So it is just as good as classical crypto, without routing.Since F-Secure detects it since June 21st, does it imply this is old news?
Diffie-Hellman does not prevent man-in-the-middle attacks. It just makes sure that only you and the person you ran the Diffie-Hellman key exchange with know the key.
You still need some other mechanism to make sure that you are actually talking directly to the right person and not to some man in the middle.
In IPsec they use either a shared secret, a public key or a certificate to authenticate parties.
In other news, the US congress just passed a law that would make it mandatory to fit these camera devices with a new DRM technology that blocks unlicensed contents. You will only see what the *AA (or the government) wants you to see...
It's a pitty none of the tests have compared the false positive rates of the various spyware busters. It would be interesting to run all tested products on a PC with no spywares and compare the results. On my machine pest patrol (the online version) found 16 non-existing spywares. Testing for positives only encourages products that create false postives.