Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Unbreakable Crypto: Store a 30-character Password In Your Subconscious Mind

GroovinWithMrBloe Re:Similar to PinPlus (287 comments)

It's a bit more than 7 squares. See a demo here (the java applet): http://pluspin.com/demo/newsoftheworld - and obviously you can configure it to enforce a minimum pattern complexity if so required.

more than 2 years ago
top

Unbreakable Crypto: Store a 30-character Password In Your Subconscious Mind

GroovinWithMrBloe Similar to PinPlus (287 comments)

I've looked at these guys before, http://www.pinplus.net/content/pin-nutshell Basically you remember a pattern and then to log in you are presented with a large grid of letters/numbers which you then have to type in the letters/numbers corresponding to your pattern. So you never reveal your pattern at any point, keyloggers/screenscrapers never have access to your pattern. Even if someone did get a screengrab, there are multiple instances of each letter/number in the grid, so you can't tell which position in the grid the user was referring to.

more than 2 years ago
top

UK Taxpayers' Money Getting Wasted On IT Spending

GroovinWithMrBloe GBP not UKP (174 comments)

500 UKP computer.
2450 UKP extra costs incurred by dealing with the UK government's self-serving bureaucracy.
50 UKP delivery.

It's GBP - for Pound Sterling. Admittedly not as intuitive as one would first think (Great Britain Pounds? No).

more than 3 years ago
top

Microsoft Social Media Site Accidentally Revealed

GroovinWithMrBloe Re:Facebook/Twitter Login? (134 comments)

Don't forget, Microsoft has also invested in Facebook.

more than 3 years ago
top

Vodafone Femtocells Rooted, Secret Keys Exposed

GroovinWithMrBloe Slap anyone that sets a root password (77 comments)

In embedded devices like these, there is no reason to use a root password. The devices should be locked down completely with a process to update them with signed firmware.

If they need some form of remote access, they should at the very least use SSH PKI.

more than 3 years ago
top

Ask Slashdot: Living Without Internet At-Home Access?

GroovinWithMrBloe The person has a job (462 comments)

I think he's actually unemployed and out of money and needs to save his $$$

The summary suggests otherwise: "I'll also still have access to the internet at my office"

more than 3 years ago
top

Roundabout Revolution Sweeping US

GroovinWithMrBloe Examples of pedestrian islands (1173 comments)

Example: http://maps.google.co.uk/maps?ll=-36.79191,174.771398&spn=0.001697,0.003484&sll=51.629526,-0.175223&sspn=0.021045,0.055747&t=h&z=19

See the two roundabouts? They each have pedestrian islands on each side road.

The roads themselves aren't high volume, but rather than having to come to a complete stop at each intersection and look, or install traffic lights and wait until the cycle goes green, you can basically drive straight through and only check a single direction as you go. You don't need to check for oncoming traffic, nor do you need to check for traffic turning into your path, as it's a single flow. It greatly reduces the number of potential points cars can crash into each other.

more than 3 years ago
top

Roundabout Revolution Sweeping US

GroovinWithMrBloe Re:Pedestrian problems? (1173 comments)

Pedestrian either have pedestrian crossings or pedestrian islands provided along each ingress/egress road. With ped crossings obviously cars give way to peds immediately, and there is no distraction because at that point you are still on a normal road. With the islands, the pedestrian moving into the middle first when it's safe, then onto the next side. Pedestrians don't walk onto the roundabout itself.

Roundabouts are used in low and medium volume traffic situations, where it is quite easy to find a safe gap to walk across a road. It does mean a bit more walking for someone trying to walk 'straight' through the roundabout, as you'll have to deviate slightly down a side road then walk back up again. But as mentioned, since there isn't normally much traffic, you don't normally need to walk far. It's normally quicker than waiting for a traffic light.

more than 3 years ago
top

Finding Fault With Qantas' RFID Baggage Tracking System

GroovinWithMrBloe Re:poor test (106 comments)

What Qantas has here is closer to the difference between self-checkouts in supermarkets - designed to handle only small loads - and the regular supermarket operator who can handle all volumes of goods. Yes, your floating point operation will work, sir, as long as you use the correct registers.

more than 3 years ago
top

Finding Fault With Qantas' RFID Baggage Tracking System

GroovinWithMrBloe No fatal JET crash is correct however (106 comments)

First off, QANTAS had a fatal crash in 1951.

You are of course correct, they have had fatal crashes in the past. But none with jet engines. I.e. nothing in the modern era. I'd prefer we had a rolling scale approach that reflects the average working life of modern planes, e.g. in the last 20 years has the airline had a fatal crash?

more than 3 years ago
top

Confusion Surrounds UK Cookie Guidelines

GroovinWithMrBloe Link to actual legislation? (143 comments)

Does anyone have a link to the actual legislation? So we can read and see for ourselves what the law states.

more than 3 years ago
top

Atari Loses Copyright Suit Against RapidShare

GroovinWithMrBloe Re:torrent (198 comments)

Easy to stop

- Don't allow zip files with passwords (or any other compression format)
- Inspect individual files in compressed archives for checksum matches (i.e. lolcat.jpg not matched, but game.exe is, so is README.txt, etc...) and if enough of the individual files match known checksums, flag it for human inspection.
- Check all files to identify what filetype they are - jpg/zip/gz/tar/etc... if the file type is not known, disallow it. Yes I'm sure someone will invent a zip file format with a JPG header.

- Perhaps for 'identity verified' customers (users who you have confirmed their phone/address somehow, e.g. TXT postal letter activation code) you lift the restrictions on no encrypted files, and also allow files of unknown type.

- Video and Audio are harder to detect than other lossless filetypes, as the user can modify it easily to change its checksum without destroying the content. There are some algorithms that fingerprints aren't affected by such changes but they're typically a lot more specific to the given filetype and I imagine quite intensive to run compared to a typical SHA/MD5 checksum.

more than 3 years ago
top

FCC To Allow Texting To 911

GroovinWithMrBloe Re:What the hell (321 comments)

Let's have a larger number for dedicated silent calls. 999 111 999. A lot harder to accidentally put in. Publicity of it will make sure people who *need* silent calls will use it (and those who don't are Darwins). All calls to 999 111 999 would be followed up, and pranksters would be severely fined / jailed on the first offense.

more than 3 years ago
top

Analysis of 32 Million Breached Passwords

GroovinWithMrBloe Re:A couple questions about passwords (499 comments)

For 'online' systems which lock accounts after a small number of tries, it would *seem* like an 8 digit alphanum password (which isn't one of the trivial ones discussed earlier) would be sufficient, wouldn't it?

More than likely it would be fine. I guess I was commenting more on your question of brute force attacks being relevant in the days where you get X tries then the account is locked. If you choose even a moderately sane password (i.e. no sequential numbers, no keyboard sequences, no common words) then you'll be a lot safer than most people.

But attackers these days are more interested in *any* account, not a specific account. So brute force hacking has shifted from brute force passwords to brute force usernames. Imagine trying tonnes of common usernames (johnsmith@gmail.com) against the top 3 most common passwords. You're bound to strike gold soon enough. Attackers will most likely have access to large email databases of legitimate addresses to use in their attempts. Sites allowing / encouraging / requiring you to use your email as your username these days only make such attackers easier.

more than 3 years ago
top

Analysis of 32 Million Breached Passwords

GroovinWithMrBloe Re:A couple questions about passwords (499 comments)

One thing to think about - If you try brute force a username, yes, you probably will lock out that account for a period of time. But what if you try the same password against random usernames. There is over 200,000 users with the password 123456. All you need to do is guess the username for one. Most websites don't detect and block against this sort of attack.

more than 3 years ago
top

Analysis of 32 Million Breached Passwords

GroovinWithMrBloe Re:Password strength vs. how often you change it (499 comments)

One thing some companies do, is require X of Y characteristics. i.e. Your password must be at least 8 characters long, and contain at least 3 out of the following 4: {lowercase letter, uppercase letter, number, special character}.

So your keyspace is far larger than: Must have a lowercase, uppercase, digit and special character. I think it's a nice compromise - but of course as this report shows, a hacker would still probably target [a-z0-9]{8}.

What would be interesting if the change password form predetermined the password requirements for this particular password, and these requirements are randomised each time the user wants to change the password. E.g. one time it may require a password of at least 8 characters, the next time it might require it to be 10 characters. One time it may require digits, another time it may require special characters. So an attacker in this case couldn't rely on a large populus having simple passwords of the bare minimum length as the system forces some variances in those minimums. Sure, it'll probably piss off users even more... (And I'm the first to admit I'd be pissed off by such an approach too).

more than 3 years ago
top

Most Security Products Fail To Perform

GroovinWithMrBloe Re:Confidentiality Integrity Availability. (99 comments)

I've been involved in certifying a firewall to meet ICSA requirements. Let me say that it can only be a good thing to take into account what certifications the product has before using it. This includes FOSS and commercial.

While it's nice that you can review the source of FOSS tools, that gives you no guarantee that the tools are configured appropriately and securely. If you are in an organisation that requires a verifiable degree of security (or as management sees it: level of risk) then using certified products is a no-brainer. No one claims a certified product is absolutely secure, and you should never base a purchase decision purely on the 'does it have a shiny certification logo on the carton?', but when using a certified product you can at least say that X, Y & Z situations are covered. This is especially important in the situation of a breach, where the integrity of logging is important. You don't want your boss screaming at you because the timestamps were wrong or inconsistent, that some data was not logged, etc...

If you are interested, take a look at the criteria for certification for firewalls - http://www.icsalabs.com/technology-program/firewalls/modular-firewall-certification-criteria-version-41

There are a lot of FOSS based products, including the one I worked on, that are ICSA certified. You can have your cake and eat it.

more than 4 years ago
top

Meteorite Destroys Warehouse In Auckland, NZ

GroovinWithMrBloe Casualty does not always imply fatal (278 comments)

Casualty is a term limited to not just describing dead people but also wounded people. reference.com definitions of casualty.

Anyway, I was among the tens of thousands of people who witnessed the 'streak of light' shortly after 10pm, from the Auckland Domain where the annual Christmas in the Park concert had just finished. The streak lasted less than what felt like 10 seconds, made no discernible noise, and looked about as bright than a nearby firework (of which there were heaps 5 minutes prior at the end of the concert).

In fact, at the time I only half thought it was a 'shooting star' as it could've been part of the fireworks. The show had finished, and people were packing up, so I wondered if it was something for the kids (Ooh, hey kids, look, Santa has flown away). But after reading this article, it must have been the same meteorite. Very cool!

more than 5 years ago

Submissions

GroovinWithMrBloe hasn't submitted any stories.

Journals

GroovinWithMrBloe has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?