×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Cheap GPUs Rendering Strong Passwords Useless

alt236_ftw Re:Ha Ha, mine goes to 11 (615 comments)

Indeed. You are probably not a target worth the time or effort.

Incidentally, salting only protects against dictionary attacks (not brute-forcing) and SHA-256 is generally hardware accelerated (unlike md5, so the crunching will potentially be faster in your case). Also as I would have a copy of your vault application, I could potentially edit the authentication part to remove any additional, non-functional, delays the vault program might have added.

But again, it depends on whether or not you are worth the effort.

The best way to do this would be to use a two token authentication (something you know + something you have), but its going to be a while to get a non-hacky global framework in place that keeps everyone happy, does not break country specific-patents and its not subject to export regulations. And it would have to be ubiquitous, and easy to carry and cheap enough for companies to afford to give out.

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

alt236_ftw Re:Ha Ha, mine goes to 11 (615 comments)

I stand corrected.

Similarly you can copy paste a password for an RDP session.

more than 3 years ago
top

Cheap GPUs Rendering Strong Passwords Useless

alt236_ftw Re:Ha Ha, mine goes to 11 (615 comments)

Single point of failure.

Essentially, you will need to carry a copy of your password bank with you AND the application which opens it at all times to function.
This means that if it gets compromised (your memory stick gets stolen/your dropbox account gets compromised/ etc...) an attacker will only need to guess/bruteforce/dictionary attack/social engineer/look over your shoulder one password and gain access to everything in your wallet.

Its not a bad plan in principle, but only if you keep important passwords outside the wallet just in case it gets compromised. The point of the article is to raise awareness to the fact that passwords take less time to bruteforce these days as GPUs are very well suited for the job.

Also, keep in mind that websites have can limits to what passwords you can use (up to x characters, no symbols, etc...)

And, you cannot copy paste your login password to an OS :)

more than 3 years ago
top

Beta For Thunderbird 5.0 Released

alt236_ftw Re:gmail (75 comments)

As you said, it depends what you use you email for.

The fact that *you* don't use your email for anything important, does not mean that *I* don't.

In my emails accounts (not only GMail) I have contracts, project proposals, contact details, collaborative discussions for projects, things I have emailed to myself as a backup, copyright notices for things I own and have released, etc.
Not to mention professional discussions, announcements and proposals. And more personal emails as well.

As organisations move to the cloud (my University is doing so now) one needs to think of What-If scenarios and plan accordingly.

For example, what happens if you are off-line and want to access an email?

more than 3 years ago
top

Beta For Thunderbird 5.0 Released

alt236_ftw Re:gmail (75 comments)

And what happens if the cloud storage glitches/crashes and you lose years of emails (http://www.huffingtonpost.com/2011/02/27/gmail-reset-emails-deleted_n_828863.html)? Yes, it was fixed this time and more contingencies are now in place, but the risk is still there.

You can still use Thunderbird (or any other mail client) to store an off-line copy of your email via POP3/IMAP.

more than 3 years ago
top

30+ Infected Apps Pulled From Android Market

alt236_ftw Package Names? (91 comments)

What I don't get is why no-one writes the package names of the malicious apps.

Application names are generally useless on Android since they can be duplicated freely (and there are legit apps with those names).
On the other hand, package names are unique in the Market.

Anyway, the list of the apps with the package names from the **previous** outbreak can be found here: http://globalthreatcenter.com/?p=2091

Also, a question: does the kill switch affect devices which don't have the market installed?

more than 3 years ago
top

Ask Slashdot: Best Certifications To Get?

alt236_ftw Re:Depends on who is hiring (444 comments)

Sorry, that was me. I cleaned my cookies earlier and forgot to sign back in.

more than 3 years ago
top

Ask Slashdot: Best Certifications To Get?

alt236_ftw Re:Uh, first things first (444 comments)

Sigh, that was me. I cleaned my cookies earlier and forgot to sign back in.

more than 3 years ago
top

Ask Slashdot: Android Security Practices?

alt236_ftw Re:Use common sense. (173 comments)

Regarding point 7, it would be nice if Google forced developers to justify the use of each permission with a quick blurb.
And about contacting, its the same as on eBay: If you want to know something not on the description, you do ask the seller don't you?
Also, there is a usually a link to the dev's website (along with his email) on the Market entry so the Market offers you a way to do it.

Regarding 8 and 9, you don't have to go out of the Market environment.
Simply searching the app by name will usually do the trick: If you see DocumentsToGo by random_person for $0 with 100 downloads and DocumentsToGo by Dataviz for $9.99 (or whatever it costs now) with >250.000, which one do you think is legit?

The Android Market its the same as any other market place. The seller will put up a generic, generally customer attracting advertisement for a product, but if you want more info you have to ask. Unless everyone just buys cars/boats/PCs/Phones only based on a TV ad without asking for any clarifications?

more than 3 years ago
top

Ask Slashdot: Android Security Practices?

alt236_ftw Use common sense. (173 comments)

Use common sense:

1. Don't root unless you REALLY need to.
2. If you are rooted, don't give root rights to an application unless you know what it is supposed to do AND you trust it to do just that.
3. Install a firewall.
4. Don't install applications from vendors you don't trust, or know little about.
5. Read the reviews of an application. See what people complain about.
6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and contacts for example).
7. If unsure about some permissions, check the developer's website to see if there is a good explanation. If not, contact the developer directly and ask.
8. If you suddenly find an app for free which you thought it was pay-only, check to see if it is cloned. If so, don't install it as it might be tampered.
9. Check if the developer of an application matches who you know it should be. If not don't install it as it might be tampered.
10. Personally I don't install or use an application which handles credit-card or bank account information directly/indirectly. This includes Paypal/Amazon and eBay. The reason for that is that I don't know how the information is stored on the phone, how it is transferred to the servers or if the authentication system is broken and can be hijacked (like the problem Google had the other day). Unfortunately I'm stuck with Google checkout, but I a secondary cash card.

Steps 8 and 9 would have saved quite a few people from grief in the last malware outbreak.

If you are so inclined (and rooted), you can also AdFree to block ad and some malware sites. This will also cause developers to lose income though.

The permission system works well but only if there is no root exploit involved. Once an app gets root rights it can do just about anything. For example, it can download a precompiled linux executable which will send all application info from your phone to a remote server. This will include contacts/application and preferences (point 10 above).

more than 3 years ago
top

Half of Used Phones Still Contain Personal Info

alt236_ftw Re:manufactuers and telcos fault again (83 comments)

I don't know about the WM7 implementation, but multiple times overwriting is hit and miss on flash media due to the wear levelling algorithm.
Unless the chip directly supports it, multiple overwrites simply spread the writes on different sectors.

more than 3 years ago
top

My $200 Laptop Can Beat Your $500 Tablet

alt236_ftw Re:The iPad is a tablet, but not all tablets are i (789 comments)

Oh yes!

I remember using Palm Pilots to register stock deliveries in an old job of mine.
It would take a couple of minutes to inspect the goods and 5 minutes to use the app to sign for the delivery and use the clunky interface on a small screen. Most of the problems were due to digitizer drift and bad UI but the experience was horrible.

Palm Pilots were great at their time (I still think that the T|X is the best overall device I've ever used) but in hindsight you can see how limited they were...

more than 3 years ago
top

My $200 Laptop Can Beat Your $500 Tablet

alt236_ftw Re:The iPad is a tablet, but not all tablets are i (789 comments)

Maybe I should have clarified myself.

You cannot enter extensive information onto a tablet by typing (well you can, but I pity anyone stuck in that situation). They are not built for that.
But yes, as you pointed out you can use them to populate lists via checkboxes, comboboxes and the odd sentence here and there.

more than 2 years ago
top

My $200 Laptop Can Beat Your $500 Tablet

alt236_ftw Re:The iPad is a tablet, but not all tablets are i (789 comments)

The actual reason is that Apple is providing a unified user experience.

The shiny-ness? The walled garden? The fact that there is a simple (as in my grandmother can use it) interface to interact with the phone? That is what Apple is selling. Anyone can buy an iPhone, install iTunes and get going within an hour. It will also patch your phone to the latest version the moment you pug it in.

On android?
You want to put music on it? - Figure out how your music player of choice does it.
You want to update it? - Figure out how your provider AND manufacturer does it (KIES/OTA/RUU/God knows).
You figured it out? - Good! now wait until your provided AND manufacturer tweak the official google update and push it to their distribution system (see above point).
You want to use your phone? - OK! now get used to the UI skin every manufacturer seems to be creating for their phones.

more than 2 years ago
top

My $200 Laptop Can Beat Your $500 Tablet

alt236_ftw Re:The iPad is a tablet, but not all tablets are i (789 comments)

Hey, I never said that it was perfect. I was commenting on the article.

Yes, it is a Chinese tablet and HSG X5A-G to be exact. The UI is not sluggish (and it can be bloody fast if you overclock it to 1GHz) but the screen is resistive so it does need tapping. It does come with android market though, and the apps are fine.

I got it for a project which required cheap processing hardware, two USB ports to use for sensors and WiFi for data upload. The screen and battery are nice additions which means that I can see what is going on in something bigger than a two line LCD and that it will gracefully handle the odd power outage.

In addition, it plays back full HD perfectly on my plasma.

So yes, it is nowhere close to an iPad, or a Xoom or a Tab, but as cheap project hardware that is a nice home entertainment device, its fine for $99.

It also means that I saved myself a days of H/W development time, so in my books I am impressed as are my project mates and my boss since I saved the company quite a bit of project money.

more than 2 years ago
top

My $200 Laptop Can Beat Your $500 Tablet

alt236_ftw The iPad is a tablet, but not all tablets are iPad (789 comments)

Repeat after me:
The iPad is a tablet, but not all tablets are iPads.

I own an Android tablet with USB host functionality (2 ports, weep old macbook air users!), which is sold for $99, has multitasking, can use a keyboard, does not use iTunes and supports SD cards.

Granted, I would never write an essay on it, but tablets are not meant to be user as PC replacements: They are information retrieval devices, not data entry ones.

more than 2 years ago
top

Google Pulls 21 Malware Apps From Android Market

alt236_ftw Re:Uh, why? (242 comments)

Not really - the line about the void warranty on website visit is about the fact you can jailbrak an iphone by visiting a page.

What I am saying that you need to accept certain responsibilities when you have a smartphone, no matter the brand.

The fact that android was targeted this time does not mean that WM7 or the iphone wont be targetted next (and according to pwn2own the iphone just failed).

more than 3 years ago
top

Net Sees Earthquake Damage, Routes Around It

alt236_ftw Re:anthropomorphizing (177 comments)

Its not a matter of considering the net a live entity, but it is a complex mesh of devices, each of which has a specialised function and the sum of those devices makes information flow based on certain decisions.

As large amount of decision making on routing, load-balancing, reflowing and path finding is automated and based on certain stimuli (broken links, bandwidth thresholds, lack of net neutrality, etc.) then the system in question -the internet- exhibits a behaviour which is dependant on those stimuli. Routers do have the ability to "observe" a break, "act" on it by trying to discover new routes and attempt "heal" the damage by choosing to route around the break without any human interaction.

So essentially, automated systems do exhibit behaviour patterns and you can say that "the interned routed around the problem", same way that you can say that an emergency generator "went on" by itself or that "my alarm did not ring today".

more than 3 years ago

Submissions

alt236_ftw hasn't submitted any stories.

Journals

alt236_ftw has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?