Good idea. Digital equivalent to having to break down the door and change
the locks. - works but messy enough to keep LE honest.
On Sat, May 11, 2013 at 2:20 AM, Steve Pirk wrote:
> I like Google's approach, resetting the password and then supplying that
> the LE. You definitely get notified.
Plenty of more realistic threats againsts targets that are difficult to
impossible to secure. Shopping malls, movie theaters, schools, etc.
And the real reason airliners aren't being attacked anymore probably has
more to do with the passengers than the added security. Post 9/11, the
passengers wil
At this point, far less deadly but far more effective would be campaigns to
exploit all that extra security at airports, which could be very creative
and continued over a long period of time - clogging up the security
process to where air travel grinds to a halt.
I bet you could shut down a major
Spamming requires a certain, almost sociopaths sense of entitlement to
continue doing. Such people are virtually incapable of telling the truth.
They seem to honestly believe they have the right to steal, cheat, lie, and
scam. Those that lack that conviction don't stay spammers for long.
On Wed,
I find this amusing from an agency that has for years been a leading force
in defining what mandatory access control, role based access control, and
separation of duties should look like.
This was only possible because they found their own recommendations too
inconvenient, and therefore, someone a
And (one of?) the first hacks against it didn't take very long at all.
http://it.slashdot.org/story/13/09/22/1852214/ccc-says-apple-iphone-5s-touchid-broken
I bet a less involved method will be available within the week :)
On Fri, Sep 20, 2013 at 8:19 PM, Rob, grandpa of Ryan, Trevor, Devon &
Ha
the article: "This process
> has been used with minor refinements and variations against the vast
> majority of fingerprint sensors on the market."[1]
>
> 1. http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
>
> D.
>
>
>
> On 22 September 2013 23:08, Ste
Or just make everyone use the international format, -MM-DD :P
On Tue, Nov 12, 2013 at 3:44 PM, Jeffrey Walton wrote:
> On Tue, Nov 12, 2013 at 3:19 PM, Nick FitzGerald
> wrote:
> > Rob wrote:
> >
> >> (Yeah, OK, a bit late for the Antipodes ...)
> >
> > ..and, that here in the Antipodes,
Most likely, it's not a concern, as the fundamental programming of
driverless cars are to:
a) avoid collisions at all costs
b) follow all traffic laws perfectly
Given that the default action if anything unexpected happens is to stop and
safe the vehicle, using any of the automated cars currently i
Haha, yeah.
In all seriousness though, I would be all for it if the technical
requirements were a moving target that follows industry best practice and
competent security recommendations
Update the requirements yearly to be as strict as possible and give at most
1 year to be up to par.
Won't be
For me, the right answer would be to change the password to a random one,
keep the random one in my password manager, and reevaluate the situation
after they've had a chance to clean up their mess.
On Wed, Jun 6, 2012 at 5:47 PM, Patrick Laverty
wrote:
> Should we change our password yet? I see
In the wake of the LinkedIn, eHarmony, and last.fm password breaches, I've
been thinking about how to make a tool that will educate users on password
security in a way that will hit home.
It's relatively cheap to do sha1 hashing of a password and then compare it
to a database of compromised hashes
> Reading comprehension fail. Tomas's point is that yes, often there *is* an
> engineering solution. But if you invest $250K in an engineering solution
> for a
> problem that only risks $100K loss, you're being stupid. At that point,
> just
> making a note that you have a potential $100K liabili
Tubeworm?
On Wed, Sep 12, 2012 at 10:07 PM, Chris Boyd wrote:
>
> On Sep 12, 2012, at 8:03 PM, Bruce Ediger wrote:
>
> > On Wed, 12 Sep 2012, Kyle Creyts wrote:
> >
> >> What happens when the immune system overreacts, or reacts improperly
> >> to deal with a threat?
> >
> > Cyberthritis, Cyberlup
This isn't merely an authentication bypass IMO, it's a total disregard for
effective authentication...
http://www.cio.com/article/716547/Phone_Numbers_Are_Enough_to_Access_User_Accounts_on_Some_Mobile_Operator_Portals
I don't know whether I should be outraged or rolling on the floor laughing
about
But children should be inside playing videogames and getting fat, or
hooking up with sex offenders on facebook, so you can take the mother to
jail for that too.
*sigh*
On Fri, Sep 28, 2012 at 11:53 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah wrote:
> There are always two sides (and maybe mo
Yeah, would be nice if the term was properly explained, rather than turning
into another buzzword. The old term "stairstepping" almost captures the
meaning just as well, except that it leaves the "lying in wait" part off.
-Steph
On Fri, Oct 5, 2012 at 4:02 PM, wrote:
> On Fri, 05 Oct 2012 15:35
http://bruce.pennypacker.org/2005/02/28/the-rules-of-spam/
Spammer: "I'm done."
Rule #1 - "Spammer's Lie"
Enough said.
On Thu, Nov 1, 2012 at 8:12 PM, Richard Golodner wrote:
> On Thu, 2012-11-01 at 19:33 -0400, Rich Kulawiec wrote:
> > They shift tactics, locations, strategies, methods, goa
3. Fascism at it's finest. Get me out of North Carolina!
On Wed, Nov 7, 2012 at 2:03 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah wrote:
> From the OED:
> http://www.oed.com/view/Entry/271006
>
> 1. A Communist state.
> 2. U.S. Polit. A state (projected to be) won by the Republican candid
Not sure exactly how much of the fault can be placed on the union here.
Union also previously accepted pay cuts and benefit cuts at the same time
that upper management salaries rose exponentially - I can see why they'd be
willing to play chicken when the last time the "we're going to go out of
busi
As far as attack surface goes, the comparison between Flash and HTML5
really isn't a comparison.
I'll take the HTML5 pain if it replaces the black box of paper thin glass
that is Flash.
On Tue, Dec 4, 2012 at 2:08 PM, Jeffrey Walton wrote:
>
> http://www.thesecuritypractice.com/the_security_
Won't be too much weaker than a mechanical key though... just less
obscure...
On Sun, Jan 6, 2013 at 2:50 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah wrote:
> http://blog.buzzbuzzhome.com/2013/01/spare-house-key-app.html
>
> Any bets on how long it will take the bad guys to figure out how
It's more complicated than "control". The 5 declared nuclear powers at the
time the security council was devised are all permanent members, with a
veto that cannot be overruled. So the US can't always get its way with the
security council, but it can keep anyone else from getting theirs. In
practic
It's not terribly hard to remove something from git, but, in a public
repository, by the time you've caught and removed it, it is indeed too late
- there's no telling who might have retrieved it,
More lessons to learn:
- Protect your SSH keys with pass-phrases and use a ssh-agent if you can't
be
I've seen calls for direct democracy as a replacement
for representative government. There is a serious danger in that, and that
is tyranny of a majority. Look at Uganda's recent "kill the gays" bill -
can we really be sure that even something as malicious as that couldn't
pass here with Faux News
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gadi Evron wrote:
> http://www.securitylab.ru/news/extra/293608.php
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public
st entertaining
>
> http://blog.support-intelligence.com/
Highly entertaining. No idea if they'll fix it, but thanks for bringing
it to everyone's attention.
*bookmarks*
- --
Stephanie Daugherty
[EMAIL PROTECTED] / [EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
27 matches
Mail list logo
