Josh in CharlotteNC (profile), 15 Nov 2012 @ 1:09pm
Politely
"I am politely asking you" ... "will be filing a libel suit"
Wait. What?
Legal threats are not polite. Baseless legal threats even moreso.
Can we please start smacking the lawyers across the face with a dainty white glove? That's how you politely threaten someone (or so says Hollywood, and they would never lie to me).
Josh in CharlotteNC (profile), 15 Nov 2012 @ 12:15pm
Re: Re:
Please, let the poor propagandaist--err, researcher live in his carefully constructed delusion. Don't shatter it by forcing him to acknowledge the annoying evidence.
Josh in CharlotteNC (profile), 14 Nov 2012 @ 12:50pm
Re: "the same [legalism] that we raised"
You guys never discuss WHO OWNS the content
The public. Culture is the sharing of ideas and expression amongst a group of people. Once content is released to the public, trying to put up artificial fences of monopoly ownership and control around it is silly.
Josh in CharlotteNC (profile), 14 Nov 2012 @ 11:53am
Re:
It does exist.
Really? Where's the proof of that?
The only "terrorist" incidents I can recall in the last 10 years in the US have either:
-been planned, executed, and encouraged by the FBI finding some troubled person and railroading them into performing
-failed entirely due to the stupidity, poor execution or planning by the "terrorist"
If you want to go and be paranoid, don't let me stop you, but there are entirely better and more entertaining things to occupy yourself with (anything involving why Romney lost the election, for example).
Josh in CharlotteNC (profile), 14 Nov 2012 @ 11:29am
Define availability
"Interest in using Internet cafes, despite hotel Internet availability."
Dammit, I must be a terrorist. The last place I stayed at claimed to have wifi, but I got a stronger signal and better access from the Panera across the street than from the hotel - while sitting in the hotel lobby.
Josh in CharlotteNC (profile), 13 Nov 2012 @ 11:53am
Re: Re: Re:
How is it different from having a standalone software on your phone if you have a standalone software on your Windows?
If you have the software running that generates the code on the same computer you use to run the game it is not standalone.
The phone is an entirely seperate channel - malware running on your computer will not effect your phone*. Again you're missing the point of the "two" in two-factor authentication.
I'm not saying that it is impossible to make software that will run on Windows to generate the codes - I'm saying from a security perspective, there would be no point to doing so as it does not increase security.
*Yes, I know there are situations where this is not strictly correct (ie phone syncing could introduce an attack vector on the phone).
Josh in CharlotteNC (profile), 13 Nov 2012 @ 9:12am
Re: Re: Re: Re: Re:
without locking the account for a fixed time.
They're not trying to login via Blizzard's servers.
They're testing passwords based on a password file that contains a "one-way" hash value of the password.
They don't attempt to login via Blizzard's servers until they're relatively sure they have a correct password.
Instead of using a lockpick on the locked door monitored by the a security camera, they learn the lock manufacturer, and figure out which key is used by glancing at the number stamped into it by watching when the guy pulls out his keychain in the parking lot. They get a copy of that key, then walk in and unlock the door without alerting security beforehand.
Josh in CharlotteNC (profile), 13 Nov 2012 @ 8:56am
Re:
Why not make a free Windows version if they can make free mobile ones?
I don't think you understand the "two" in two-factor authentication.
One of the things the mobile authenticator protects you from is password harvesting malware on the computer you play the game from. Even if your computer is infected, someone still can't login to your account because they can't get the code from the authenticator.
The way the fobs and authenticators work is that a seed value is generated on the device. That seed value, along with the current time, is used to generate that changing code. As long as both the login server and your device know the seed value and the correct time, they both can generate the same code - and allow you to login.
What happens when the malware running on your PC gets that seed value, and your password? They can now impersonate you, login to your account, and steal all your stuff.
Do you want the illusion of security, or real security?
Josh in CharlotteNC (profile), 13 Nov 2012 @ 8:42am
Re: Not such a dumb lawsuit
AND that Blizzard should provide them instead of charging customers,
You think that if Blizzard would be forced to provide a fob to everyone with an account that wanted one, they wouldn't cover those costs elsewhere? Higher account activation fees? Higher monthly fees? Less developers working on content?
Charging the marginal cost of the fob to those that want one, while providing free mobile authenticator software to anyone with a smartphone, is considerably more efficient - and thus results in lower costs for everyone.
Josh in CharlotteNC (profile), 13 Nov 2012 @ 7:49am
Re: Re: Re:
Generally speaking, increasing the number of permitted characters in a password substantially increases the time required to test every single password.
While technically true, this is not really a factor any longer. With the speed of processors (and GPUs), extensive wordlists and rainbow tables, brute-force cracking of a password hash is relatively easy and not time consuming for average 7 or 8 character passwords, mixed case or additonal numbers/symbols not withstanding.
There are a few things Blizzard can do to for effective account security.
-Secure the storage of their password files through various means - they have done about as well as they can here, and better than many others.
-Offer two factor authentication for their users - they have, and in a more accessible manner than many of their competitors
There are some things that users can do to make their accounts secure.
-Make use of the offered two-factor authentication
-Do not reuse the same passwor/account info for multiple sites
-Use longer passwords - a 14 or 20 character pass-phrase is (generally) more secure than a 7 character password using mixed case/numbers/symbols.
Josh in CharlotteNC (profile), 7 Nov 2012 @ 5:42am
Re:
+1
Love my Logitech G510 and G500. I was considering trying some Razer other products, but I think I'll just stick with their mousepads (until they need a internet connection too).
Josh in CharlotteNC (profile), 6 Nov 2012 @ 1:22pm
Re: Re: Re:
So you think it's legal to intentionally cause a panic in Connecticut? LOL!
Are you claiming that it is illegal to intentionally cause a panic over something you know not to be true?
I can think of a few things that would cover. Panic of terrorists carrying more than 3 ounces of liquid onto planes. Panic over job losses due to copyright infringement. Panic over cyber-bullying/attacks/crime/anything.
Josh in CharlotteNC (profile), 6 Nov 2012 @ 1:04pm
Re: Re: Re:
The personal attacks are completely uncalled for.
I think I was pretty clear that even though it would be easy to notice, that few bother to look.
I happen to work in information security at one of the largest banks in the country, so yes, I have an idea what I'm talking about, and I'm not naive.
Of course machines can be programmed to lie. My point was that it is exceedingly stupid to change all the votes to go your way, or do it in an obvious manner, unless you want to have a long stay in a federal prison.
You don't go into a casino with a set of loaded dice that always come up 7 and expect to sit at the craps table and win millions. A pair of fair dice will sum to 7 on average 1/6th of the time (6 out of 36 possibilities). But if you go in with a set that comes up 8/36, it will take much longer for the casino to wise up.
If you want to get away with election fraud, there are "better" ways to go about it than what was stated. If you can hack or re-program the machines, you can tip an election in a much more subtle manner. If the election is close, you only need a few machines, in areas your opponent is strong in, and you only change a small percentage of votes.
Josh in CharlotteNC (profile), 6 Nov 2012 @ 12:34pm
Re:
Most of the rest of the world is just as bad as we are.
Designing a system for elections is surprisingly complicated when trying to meet many goals:
1) Fair and accurate
2) Secure from voter tampering
3) Accessible for all voters (the blind, for example)
4) Protects the secret ballot...
5) ...while not allowing multiple voting
6) Able to be approved and purchased by the large number of local counties following their own rules and the laws in 50 different states
7) Able to be run by the poll workers in above counties/states
8) Secure from poll worker/observer/consultant tampering
My own voting today was quick (~20 minutes to wait in line, 5 minutes to vote) and painless. The machine appeared to work correctly. The voter-verified-paper-trail recorded my votes correctly. Technologically I saw no problems at my precinct on the machine I used. What I can't verify is if the other machines behaved the same, or even the same one for other voters. I can't verify the paper record will ever be seen if there's a question on the results. I can't verify the poll workers didn't add some votes when no one was around.
Josh in CharlotteNC (profile), 5 Nov 2012 @ 3:42pm
Re: Re: Re: Re: Re:
Apologies for the copyright thing. I assumed you were a troll, as they're usually the only ones around referring to Somalia.
I have some libertarian views, and I don't think the anarchist label should be anywhere near as negatively portrayed as it is - there could be rational discussion on this front. But I don't subscribe to the far right/tea party/Ayn Rand crap, either.
On the post: Latest Company To Discover The Streisand Effect: Casey Movers
Politely
Wait. What?
Legal threats are not polite. Baseless legal threats even moreso.
Can we please start smacking the lawyers across the face with a dainty white glove? That's how you politely threaten someone (or so says Hollywood, and they would never lie to me).
On the post: Harvard Research Scientist: Sharing Discoveries More Efficient, More Honorable Than Patenting Them
Wake up and smell the reality
Can't wait for the arguments about how this research would never be funded unless the company doing it can patent and monopolize the result.
On the post: RIAA Prefers Customers Who Buy A Little To Pirates Who Buy A Lot
Re: Re:
On the post: German Court Sees Through The DOJ Fairy Tale, Rejects Attempt To Seize Megaupload Assets
Re: "the same [legalism] that we raised"
The public. Culture is the sharing of ideas and expression amongst a group of people. Once content is released to the public, trying to put up artificial fences of monopoly ownership and control around it is silly.
On the post: The DHS And FBI Present: You Might Be A Terrorist If... (Hotel Guest Edition)
Re:
Really? Where's the proof of that?
The only "terrorist" incidents I can recall in the last 10 years in the US have either:
-been planned, executed, and encouraged by the FBI finding some troubled person and railroading them into performing
-failed entirely due to the stupidity, poor execution or planning by the "terrorist"
If you want to go and be paranoid, don't let me stop you, but there are entirely better and more entertaining things to occupy yourself with (anything involving why Romney lost the election, for example).
On the post: The DHS And FBI Present: You Might Be A Terrorist If... (Hotel Guest Edition)
Define availability
Dammit, I must be a terrorist. The last place I stayed at claimed to have wifi, but I got a stronger signal and better access from the Panera across the street than from the hotel - while sitting in the hotel lobby.
On the post: Blizzard Sued For Trying To Make Accounts More Secure
Re: Re: Re:
If you have the software running that generates the code on the same computer you use to run the game it is not standalone.
The phone is an entirely seperate channel - malware running on your computer will not effect your phone*. Again you're missing the point of the "two" in two-factor authentication.
I'm not saying that it is impossible to make software that will run on Windows to generate the codes - I'm saying from a security perspective, there would be no point to doing so as it does not increase security.
*Yes, I know there are situations where this is not strictly correct (ie phone syncing could introduce an attack vector on the phone).
On the post: Blizzard Sued For Trying To Make Accounts More Secure
Re: Re: Re: Re: Re:
They're not trying to login via Blizzard's servers.
They're testing passwords based on a password file that contains a "one-way" hash value of the password.
They don't attempt to login via Blizzard's servers until they're relatively sure they have a correct password.
Instead of using a lockpick on the locked door monitored by the a security camera, they learn the lock manufacturer, and figure out which key is used by glancing at the number stamped into it by watching when the guy pulls out his keychain in the parking lot. They get a copy of that key, then walk in and unlock the door without alerting security beforehand.
On the post: Blizzard Sued For Trying To Make Accounts More Secure
Re:
I don't think you understand the "two" in two-factor authentication.
One of the things the mobile authenticator protects you from is password harvesting malware on the computer you play the game from. Even if your computer is infected, someone still can't login to your account because they can't get the code from the authenticator.
The way the fobs and authenticators work is that a seed value is generated on the device. That seed value, along with the current time, is used to generate that changing code. As long as both the login server and your device know the seed value and the correct time, they both can generate the same code - and allow you to login.
What happens when the malware running on your PC gets that seed value, and your password? They can now impersonate you, login to your account, and steal all your stuff.
Do you want the illusion of security, or real security?
On the post: Blizzard Sued For Trying To Make Accounts More Secure
Re: Not such a dumb lawsuit
You think that if Blizzard would be forced to provide a fob to everyone with an account that wanted one, they wouldn't cover those costs elsewhere? Higher account activation fees? Higher monthly fees? Less developers working on content?
Charging the marginal cost of the fob to those that want one, while providing free mobile authenticator software to anyone with a smartphone, is considerably more efficient - and thus results in lower costs for everyone.
On the post: Blizzard Sued For Trying To Make Accounts More Secure
Re: Re: Re:
While technically true, this is not really a factor any longer. With the speed of processors (and GPUs), extensive wordlists and rainbow tables, brute-force cracking of a password hash is relatively easy and not time consuming for average 7 or 8 character passwords, mixed case or additonal numbers/symbols not withstanding.
There are a few things Blizzard can do to for effective account security.
-Secure the storage of their password files through various means - they have done about as well as they can here, and better than many others.
-Offer two factor authentication for their users - they have, and in a more accessible manner than many of their competitors
There are some things that users can do to make their accounts secure.
-Make use of the offered two-factor authentication
-Do not reuse the same passwor/account info for multiple sites
-Use longer passwords - a 14 or 20 character pass-phrase is (generally) more secure than a 7 character password using mixed case/numbers/symbols.
On the post: Cisco VP Threatens To Stalk Memo Leaker... Driving More Attention Than Original Memo
On the post: When A Mouse Requires An Internet Connection, You're Doing 'Cloud' Wrong
Re:
Love my Logitech G510 and G500. I was considering trying some Razer other products, but I think I'll just stick with their mousepads (until they need a internet connection too).
On the post: Stop Saying It's Okay To Censor Because 'You Can't Yell Fire In A Crowded Theater'
Re: Re: Re:
Are you claiming that it is illegal to intentionally cause a panic over something you know not to be true?
I can think of a few things that would cover. Panic of terrorists carrying more than 3 ounces of liquid onto planes. Panic over job losses due to copyright infringement. Panic over cyber-bullying/attacks/crime/anything.
Any of those sound familiar?
On the post: Cause For Concern: 'Experimental' Patches Applied To Ohio Voting Machines Without Certification
Re: Re: Re:
I think I was pretty clear that even though it would be easy to notice, that few bother to look.
I happen to work in information security at one of the largest banks in the country, so yes, I have an idea what I'm talking about, and I'm not naive.
Of course machines can be programmed to lie. My point was that it is exceedingly stupid to change all the votes to go your way, or do it in an obvious manner, unless you want to have a long stay in a federal prison.
You don't go into a casino with a set of loaded dice that always come up 7 and expect to sit at the craps table and win millions. A pair of fair dice will sum to 7 on average 1/6th of the time (6 out of 36 possibilities). But if you go in with a set that comes up 8/36, it will take much longer for the casino to wise up.
If you want to get away with election fraud, there are "better" ways to go about it than what was stated. If you can hack or re-program the machines, you can tip an election in a much more subtle manner. If the election is close, you only need a few machines, in areas your opponent is strong in, and you only change a small percentage of votes.
On the post: Cause For Concern: 'Experimental' Patches Applied To Ohio Voting Machines Without Certification
Re: Re:
On the post: Cause For Concern: 'Experimental' Patches Applied To Ohio Voting Machines Without Certification
Re:
Designing a system for elections is surprisingly complicated when trying to meet many goals:
1) Fair and accurate
2) Secure from voter tampering
3) Accessible for all voters (the blind, for example)
4) Protects the secret ballot...
5) ...while not allowing multiple voting
6) Able to be approved and purchased by the large number of local counties following their own rules and the laws in 50 different states
7) Able to be run by the poll workers in above counties/states
8) Secure from poll worker/observer/consultant tampering
My own voting today was quick (~20 minutes to wait in line, 5 minutes to vote) and painless. The machine appeared to work correctly. The voter-verified-paper-trail recorded my votes correctly. Technologically I saw no problems at my precinct on the machine I used. What I can't verify is if the other machines behaved the same, or even the same one for other voters. I can't verify the paper record will ever be seen if there's a question on the results. I can't verify the poll workers didn't add some votes when no one was around.
On the post: Cause For Concern: 'Experimental' Patches Applied To Ohio Voting Machines Without Certification
Re:
Dice that always come up 7 are quickly noticed. Dice that come up 7 only slightly more than they should aren't found out so easily.
On the post: Why Do Both Major Parties Suck So Badly On Civil Liberties?
Re: Re: Re: Re: Re:
But feel free to vote for Ron Wyden instead.
On the post: Why Do Both Major Parties Suck So Badly On Civil Liberties?
Re: Re: Re: Re: Re:
I have some libertarian views, and I don't think the anarchist label should be anywhere near as negatively portrayed as it is - there could be rational discussion on this front. But I don't subscribe to the far right/tea party/Ayn Rand crap, either.
Next >>