At least with proper use of salts, each password hash will have to be individually bruteforced. While single MD5 hashed password is trivial to break, 45 million are not.
Now, if you are designing password storage in 2016, there is no excuse not to use proper key stretching function, like scrypt.
Anecdote. For my b2b service advertising using Google AdWords when I restricted to non-mobile devices I cut my clicks by 100 times but improved interaction stats by nearly as much. That is, my theory that mobile was nearly all accidental clicks was empirically proven to be true. This is search-only on keywords, I could only imagine kinds of junk you'd get in other circumstances.
Just gotta come up with a new gimmick to reel in the suckers..
This is how you got to these shitty odds in the first place. People willing to punch only so many monkeys before you are mentally or technologically ignored.
0.02% out of how many millions? I'll play those odds
This is pretty much the underlying assumption of all marketing, thing is - there is no research backing up any of these. There are some number for in-line topic-relevant search results, but there is no numbers for social media and in-app banners. It could be 2*10^-18 for all we know and you can't make these odds work.
I remember gaming when 13'' CRT would be considered a luxury, the screen size wasn't the main point. The point I was making is that 2560X1440 on a 13'' would look about the same as 1920x1080 - the screen is too small to differentiate. So why bother?
Dirty little secret that can break all these social media companies is that advertising doesn't work on their platforms. Not even 0.02% work that is traditionally cited for search. At this point people are so trained to ignore these, that you might as well not bother. So more of the same would only get ignored more.
I don't expect business desktop OS to move away from Windows anytime soon, even when you consider numerous recent shenanigans.
Many things are stacked against Microsoft, key and most problematic is expectation of continuous growth. MS could have easily continued productive existence as a 'utilities' like company by focusing on Business OS and Office products. Unfortunately, desktop computing already hit peak and now is in decline due to smartphone proliferation. Then there is pressure from LibreOffice and Google Docs. Consequently, MS will experience negative growth if they keep to their core business. Such outlook is not acceptable in a public company, so no matter what, heads will keep rolling until they find some idiot to gamble cash reserves on unproven long-shot crackpot idea in attempts to sustain growth. Never mind that shareholders would be actually better off if they just paid it all out in dividends instead of write-off-about-to-happen acquisitions.
LinkedIn is a public resume. Just like you could be less than truthful with your resume and recommendations, you can be less than honest with LinkedIn profile.
Just hide clueless skill recommendations on your profile. You can control what to display.
MS is in a horsewhip business (Desktop OS and Office) and are trying to preserve the company. What else could they do but thrash?
Enterprise tech is losing market cap. Console gaming never became profitable. Smartphone and search failed to gain any traction. They will keep doing these random acquisitions until something works or they run out of capital. Kind of like IBM.
You are over-estimating your understanding of quantum computing. To simplify - quantum chips will replace your CPU, not network card.
The issue is that Shor algorithm would effectively solve factorization problem, making any kind of signature-based code signing obsolete. Without breakthrough the solution would be megabytes-long signatures that would not be compatible with any of the existing implementations. This is just one problem based on what we know today, then there are 15 years of expected but unpredictable progress.
Further nitpick - even if you could fix it with some degree of disassembly (e.g. removing CMOS chip) it is still considered bricking. Typically, bricking is related to software issues. As such, the question is - would disconnecting the car battery (hardware fix) disqualify this issue from getting categorized as bricking?
Car manufacturers do not understand InfoSec and should not be networking cars. It is only matter of short time until someone reverse-engineers update mechanism, inevitably discovering that they did not implement code signing and integrity checking, craft malicious update and bricks (or worse) cars equipped with such functionality.
More so, in 15 years your networked car could still be on the road. Even if 2015 best-practices are followed, by 2030 how resistant do you think such over-the-air update functionality going to be to, for example, quantum-capable attackers?
Could ants detect signs of human civilization from their ant hill in the forest? Probably not, but this doesn't change the fact that human civilization exists, and side from occasional lawn extermination are largely unconcerned with ants.
We are not contacted because our civilization is likely not at all unique and not at all interesting to entities capable of contacting us.
Beware? There is nothing you could do about this attack other than not using wireless keyboard with insecure data transmission protocol (i.e. all of them).
Any group associated with this person is enabling a scam artist.
Criticizing her in public forum is almost impossible. She is a) feminist b) plus sized person c) public advocate. No matter what she does to you, just preemptively apologize and hopefully SJW lynch mob won't completely ruin your life.
There is no functional difference between the two, only the intent should be considered - to belittle and discredit opposition. You can be Mr.Manners and still be as effective at enforcing conformity of views.
Just look at SJW movement, despite all of their safe spaces, trigger warnings, and so on dissent from within or deviation from accepted views is brutally suppressed. Sure, they are mostly civilized, but so what?
Sure, more intelligent people are better at arguing, but there is as much conflict, skullduggery, and politicking going on. Such places are equally unkind to outgroup members and wrongthink ideas.
Slashdot Mirror
I wonder how big a loan the goatse.cx guy forfeited on.
Well, he certainly get reamed for stretching the payments.
At least with proper use of salts, each password hash will have to be individually bruteforced. While single MD5 hashed password is trivial to break, 45 million are not.
Now, if you are designing password storage in 2016, there is no excuse not to use proper key stretching function, like scrypt.
Anecdote. For my b2b service advertising using Google AdWords when I restricted to non-mobile devices I cut my clicks by 100 times but improved interaction stats by nearly as much. That is, my theory that mobile was nearly all accidental clicks was empirically proven to be true. This is search-only on keywords, I could only imagine kinds of junk you'd get in other circumstances.
Yeah, it's a gamble
At this point you are into lottery-jackpot odds.
Just gotta come up with a new gimmick to reel in the suckers..
This is how you got to these shitty odds in the first place. People willing to punch only so many monkeys before you are mentally or technologically ignored.
0.02% out of how many millions? I'll play those odds
This is pretty much the underlying assumption of all marketing, thing is - there is no research backing up any of these. There are some number for in-line topic-relevant search results, but there is no numbers for social media and in-app banners. It could be 2*10^-18 for all we know and you can't make these odds work.
I remember gaming when 13'' CRT would be considered a luxury, the screen size wasn't the main point. The point I was making is that 2560X1440 on a 13'' would look about the same as 1920x1080 - the screen is too small to differentiate. So why bother?
Dirty little secret that can break all these social media companies is that advertising doesn't work on their platforms. Not even 0.02% work that is traditionally cited for search. At this point people are so trained to ignore these, that you might as well not bother. So more of the same would only get ignored more.
Who cares what 13'' display is like, it is too small and you won't even be able to see anything at max resolution.
I don't expect business desktop OS to move away from Windows anytime soon, even when you consider numerous recent shenanigans.
Many things are stacked against Microsoft, key and most problematic is expectation of continuous growth. MS could have easily continued productive existence as a 'utilities' like company by focusing on Business OS and Office products. Unfortunately, desktop computing already hit peak and now is in decline due to smartphone proliferation. Then there is pressure from LibreOffice and Google Docs. Consequently, MS will experience negative growth if they keep to their core business. Such outlook is not acceptable in a public company, so no matter what, heads will keep rolling until they find some idiot to gamble cash reserves on unproven long-shot crackpot idea in attempts to sustain growth. Never mind that shareholders would be actually better off if they just paid it all out in dividends instead of write-off-about-to-happen acquisitions.
LinkedIn is a public resume. Just like you could be less than truthful with your resume and recommendations, you can be less than honest with LinkedIn profile.
Just hide clueless skill recommendations on your profile. You can control what to display.
what's the purpose behind buying LinkedIn?
MS is in a horsewhip business (Desktop OS and Office) and are trying to preserve the company. What else could they do but thrash?
Enterprise tech is losing market cap. Console gaming never became profitable. Smartphone and search failed to gain any traction. They will keep doing these random acquisitions until something works or they run out of capital. Kind of like IBM.
Bluetooth is notoriously insecure, longer range and more effective discovery would only make attacks easier.
When you consider that MS backdoored OS, compromised compiler is, comparatively, much lesser sin.
Or we're all living in a simulator and the 'alien' expansion pack hasn't been released....yet.
Lets hope humanity doesn't get nerfed in the next patch.
You are over-estimating your understanding of quantum computing. To simplify - quantum chips will replace your CPU, not network card.
The issue is that Shor algorithm would effectively solve factorization problem, making any kind of signature-based code signing obsolete. Without breakthrough the solution would be megabytes-long signatures that would not be compatible with any of the existing implementations. This is just one problem based on what we know today, then there are 15 years of expected but unpredictable progress.
Interesting point. So should cars have a reset button? Seems there is a clear case for one.
Further nitpick - even if you could fix it with some degree of disassembly (e.g. removing CMOS chip) it is still considered bricking. Typically, bricking is related to software issues. As such, the question is - would disconnecting the car battery (hardware fix) disqualify this issue from getting categorized as bricking?
Car manufacturers do not understand InfoSec and should not be networking cars. It is only matter of short time until someone reverse-engineers update mechanism, inevitably discovering that they did not implement code signing and integrity checking, craft malicious update and bricks (or worse) cars equipped with such functionality.
More so, in 15 years your networked car could still be on the road. Even if 2015 best-practices are followed, by 2030 how resistant do you think such over-the-air update functionality going to be to, for example, quantum-capable attackers?
Could ants detect signs of human civilization from their ant hill in the forest? Probably not, but this doesn't change the fact that human civilization exists, and side from occasional lawn extermination are largely unconcerned with ants.
We are not contacted because our civilization is likely not at all unique and not at all interesting to entities capable of contacting us.
Beware? There is nothing you could do about this attack other than not using wireless keyboard with insecure data transmission protocol (i.e. all of them).
Any group associated with this person is enabling a scam artist.
Criticizing her in public forum is almost impossible. She is a) feminist b) plus sized person c) public advocate. No matter what she does to you, just preemptively apologize and hopefully SJW lynch mob won't completely ruin your life.
- we now know why filthy hippies smell that way
I think additional research is needed before you can justifiably make such generalized claim.
Now, that something only a self-identified asshole would say.
There is no functional difference between the two, only the intent should be considered - to belittle and discredit opposition. You can be Mr.Manners and still be as effective at enforcing conformity of views.
Just look at SJW movement, despite all of their safe spaces, trigger warnings, and so on dissent from within or deviation from accepted views is brutally suppressed. Sure, they are mostly civilized, but so what?
Sure, more intelligent people are better at arguing, but there is as much conflict, skullduggery, and politicking going on. Such places are equally unkind to outgroup members and wrongthink ideas.