Posts by Charles 9

Re: Fewer Secrets

OR they can glean your details and use that in social engineering to get better access to your more-sensitive stuff through identity theft.

Re: Banking

Unless, of course, it's an extended weekend (coming up here in the US) and/or you're far from the nearest local branch (assuming they HAVE brick-and-mortar branches)? Or worse, they refuse to believe you?

Re: Is this really 2FA?

What happens when you routinely have to handle sensitive data BUT you're also highly prone to losing things like your keys, meaning you're likely to lose the fob?

Re: Complex passwords stuck on a post it note under your desk

Unless, of course, you're MUGGED and they take advantage while in an unconscious heap.

Re: Is this really 2FA?

And what if you LOSE it? Or they break the system like in the RSA attack? People lose their keys already, let's not try to add something ELSE to lose?

Re: Non issue?

If they can pwn the point of entry, then any other kind of entry screening is moot since they still have to go through the point of entry. IOW, 2FA isn't going to work not because it's going to the same point as the pwned point of entry but because it'll have to go through the pwned point of entry anyway.

Re: Date of birth

So you say all your dates (xxxx, mm dd)?

What about all the hispanics and so on that say "dd de mm, yy" (or simply English who say "ddth of mm, yyyy")?

Anyway, the mm/dd/yyyy format is consistent with Americans and many other English speakers who say "mm ddth, yyyy".

The ISO date format is as much a mishmash of letters and dashes as any other date format. The ONLY reason it's so useful in computers is that it AUTOMATICALLY sorts dates chronologically if you perform a simple ASCII sort (to the second if you use the extended format which includes a 24-hour time).

Re: Banking

"The pin is only in my head and that card is never used outside the house."

So what happens when (not if) Murphy strikes and you FORGET your PIN?

Re: "non-cloud based managers trump all"

"However, if any of your devices with KeePass gets hit by keyloggers / slurp-happy Malware, won't you be screwed too? Example: WAGS borrows your device in the car to look up directions to 'Hotpoint'. Hotpoint site gets compromised again... Game-Over, no???"

If a point of entry gets pwned, you're screwed no matter what. Things like KeePass at least make it hard to pwn you OUTSIDE the point of entry. If LastPass gets hacked, you can get pwned outside the point of entry.

Re: Complex passwords stuck on a post it note under your desk

So what if you have a bad day and FORGET the PIN?

Re: 2FA has been broken for a while

Oh? What if they steal the secrets needed to crack the algorithm? Wasn't that what the RSA attack was about?

PS. If they pwn the login point, then no amount of security will work because it can hijack anything at the point of entry. Even OTPs.

Re: 2FA migration

One, you can't properly back up a stock phone. Two, most OTP generators are keyed to both phone and Android serial, which can change on a restore. Used to happen to me with Authy.

Re: Straightforward algorithms

Even phrases become hard to remember past say ten or twenty sites. I always put it like this: "Was it CorrectHorseBatteryStaple or DonkeyEnginePaperclipWrong?" Especially if you refuse to leave grammar clues.

Re: 256 bit AES encrypted plain text file

That's one reason people like us like KeePass. It already uses strong encryption by default, let's you a file as a key, and it's FOSS.

Re: Another good reason to avoid Android

Only to be replaces with CHINESE bits inserted to replace them. And before you say, "Who cares?" don't forget China's busily engaged in an economic war with the West, too, so there CAN be serious consequences.

Re: Other Options

So what if they take your phone and then use it to make incriminating phone calls or texts in your name?

Re: Iris scans can be done properly

"This is similar to proper fingerprint scanners which should incorporate IR Doppler to detect flowing blood under the skin."

Does that also defeat the gummy fingerprint on top of someone else's finger which would have live blood flow and everything?

Re: ... and you STILL need a strong identity

"Well, I wouldn't hire you for any job that require a strong identity - such a person would be unfit for the role, sorry."

So basically it's, "Game Over. You Lose. Better Luck Next Life." How Spartan...

Ever considered the person doesn't have to work...because he or she is retired? Old people still need to be able to access their accounts and so on, and if the last local branch closes...

Not so good for palsied or arthritic hands. As for avoiding the phone, what if the bank is branchless?

Re: Three pillars of identity

So what happens when you have a terrible memory (meaning there's little you know) and you tend to travel with little and keep losing things (meaning there's little you have) and you STILL need a strong identity?

Re: But isn't the environment itself just as important?

But the point stands. What if the exploit is a gestalt, meaning it ONLY appears in a certain environmental combination and then becomes something greater than the sum of its parts? IOW, it's like planning for an emergency: the ONLY way to really know if the plan works is to have an emergency, with all the environmental factors that ONLY come from true emergencies.

Re: if the mandate is that the device will ...

Especially if "setting up" requires a computer the owner may not possess.

Re: Dear BBC,

"At the moment whois shows bbci.co.uk as registered to the BBC."

As I recall, bbci is short for "BBC Interactive" and represents the BBC's earlier forays into combining television and internet to create interactive programming. It's a legitimate domain that the BBC has had for about a decade or so.

Re: Until Adobe oficially kills Flash

But what if turns out to rise again like a zombie. Without a head, so sorry, folks, the old "shoot 'em in the head" ain't gonna work.

Re: @adrian4

But what if Z doesn't exist? It's like with medical equipment manufacturers still using outdated operating systems to stay legally-compliant. If EVERY site that has the W you need REQUIRES the use of Flash, then you're stuck with a Hobson's Choice (as in Take It Or Leave It). Some people may be willing to walk away, but for some it can result in collateral damage, such as not being able to use a piece of computer equipment for a job which means it'll have to be replaced (a more-expensive proposition).

Re: Look out Delaware!

Delaware's friendliness tends to favor factories, warehouses, and distribution centers. No sales tax among other things makes it advantageous to settle there. I believe Oregon has a similar business-friendly structure.

Re: Note the vote 0-8

I think the difference is whether or not product is exported directly to the buyer or run through some affiliate or subsidiary first. The latter can be sued directly while the former usually have to be taken to trade courts.

Re: Note the vote 0-8

An international company with no US presence couldn't be sued in the US due to lack of jurisdiction. Those kinds of cases usually go before the international trade courts which are a special case. Besides, isn't it normal for a company doing business in the US to have some sort of US presence for legal reasons?

Only if the DEFENDANT is incorporated in Delaware. That's the big thing. Patent trolls basically have to take on violators on their turf.

Nope, consider Facebook and Twitter.

Re: Break them up Now!

Like breaking up AT&T really did much long-term. Besides, how do you fight a TRANSnational who can hide behind foreign sovereignty?

Then how does it get instructions? REGARDLESS of the method, it can be an inroad to infection.

"What would have helped would have been the certification authorities requiring long term support."

Then what happens when NO ONE passes because of it? Now you have NO suppliers.

Re: What

"Someone bought a GBP500,000 molding machine that is tied to an obsolete operating system?"

Yes, because the alternative was probably buying a GBP600,000 molding machine tied to an obsolete operating system. IOW, this is what happens when EVERYONE uses commodity stuff to undercut the competition and win contracts.