Critical Vulnerabilities In Web-Based Password Managers Found
That is very dangerous: when the master password is trivial to reverse from the site password, an attacker could easily set up a hoax site, get your site password and reverse your master key. Master Password above uses a hmac-sha-256 of a 64 byte master key which is something you can't just reverse. It also uses an expensive scrypt based salted key derivation to get that key from your master password, which is also something you can't reverse.
Critical Vulnerabilities In Web-Based Password Managers Found
How about no keyfile at all? Keeping backups of a keyfile in secure locations, syncing a keyfile between multiple devices and handhelds securely and without conflict, etc all needlessly complicate password management and eventually affect overall security. Also, if an authority obtains your keyfile through any form of search, they are legally within their right to force you to provide the key to unlock it. Not so if there is no encrypted vault.
EU's Top Court May Define Obesity As a Disability
Aggression is a wholly ineffective behavioural change effector. You are just being a short-sighted ass, and the fact that your simplistic opinion is shared by most of the citizenry is most likely the largest cause of obesity.
You won't understand why until you consider that the biggest cause of obesity is psychological.
Many people have a hard time understanding what psychological issues are and how real they manifest themselves. It's not unlike the middle ages where ignorant healers would bleed you to try and get rid of the sickness. These are opinions based on whatever common sense they had at the time combined with a general ignorance. These people were not dumb, they were just uninformed. Now you straighten yourself out.
People get fat because their psychological state drives them to consume things that produce dopamine (the hormone that makes you happy). Probably because they either don't have enough of it (they're sad) or because they've grown addicted to it (nearly everything you buy nowadays will make you addicted to dopamine). To solve the "getting fat" problem, people need to stay away from unhealthy things that produce dopamine (sadly, these are also the "easy" things), and start finding the healthy things that produce dopamine (going out with friends, learning, experiencing new things). Sadly, this becomes harder and harder as your weight increases.
But that's not all. Once you're heavy, solving the "getting fat" problem not only gets tougher, it also won't actually make you skinny. Even if you stop eating anything unhealthy, you will not lose weight. You could eat half the calories a healthy skinny person eats and not lose weight. That's because your body is designed to not go down in weight. You can do crazy things to go down temporarily, but your body will be fighting you all the way and as soon as it gets the chance it will reset your weight back to what it was. This is why nearly every dieter regains their weight. To lose weight permanently, you need to either fight your body's set-point permanently or undergo a certain type of surgery, such as a gastroscopic bypass or duodenal switch.
As for why your attitude is what causes obesity: simplification of the issue, making it taboo and agressively pushing skinnyness are all factors which cause both the psychological environment where a person will start to obsess over the importance of their weight, as well as the bad sources of dopamine and the physical situation of people starving themselves for no good reason which will have the result of your body going into panic mode, shut down its metabolism and build stores of fat for anything it can possibly get its hands on.
The best way to make your population fat is to tell them being fat is horrible, all your own fault and eating food is bad for you. For the love of all that is good, DO NOT TELL ANY CHILD TO NOT GET FAT. Just teach them to live happy and healthy. Being happy means you need no bad sources of dopamine.
GnuTLS Flaw Leaves Many Linux Users Open To Attacks
First of all, none of this has anything to do with "Linux". These are all user-land libraries and tools you're referring to. They are all available for Linux, BSD and Windows alike; including OpenSSL and GnuTLS.
Secondly, "top dog" has nothing to do with any of this either. Software such as OpenSSL and GnuTLS needs to be secure. That means that there should be no exploits. The amount of people "attacking" it is irrelevant given those constraints. Whether 1 researcher is looking for bugs or 10.000 criminals are trying to exploit it is irrelevant. None of them should be able to find anything useful.
Lastly, Windows as much as any other proprietary solution is completely irrelevant to this discussion to anyone with a sensible opinion on the topic. That's not because proprietary software is worse than free software, it's because proprietary software can never offer the kinds of security guarantees that free software can by mere virtue of their insistence on secrecy. What that means is, even if there is a proprietary replacement of OpenSSL for which no exploit is published in 10 years, you could never trust that the NSA, the Russians, the Chinese or the Iranians don't have a way in. You can't even trust that they haven't forced the company to add in back-doors and keep them secret. Essentially, proprietary software loses by default and free software is the only useful thing we have left, even if it sometimes fails at keeping its promises.
Apple Announces New Programming Language Called Swift
If the world ever advanced when it came face-to-face with a problem it could not solve with current models we wouldn't have reached much of anything.
Obviously the "it doesn't solve any problems" statement is utterly false. It solves all the same problems Objective-C solved.
So why a new programming language? First of all, new programming languages allow you to express the abstract concepts you're trying to convey in a more optimal fashion. Each time we improve a programming language, we have an opportunity to further close the hole of cognitive dissonance between what we want to do and how we describe that intent to a computer. We have an opportunity to remove whole classes of bugs that were possible in the previous generation languages. We have the opportunity to learn from what we don't like about our current situation and make it more comfortable for ourselves.
The less we need to worry about how to do the things, the more we can focus on what things we could do.
Don't be so conservative.
Apple Announces New Programming Language Called Swift
Sounds like they're looking for Chris Lattner.
How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
The same argument can be applied to government. Just because all laws are visible to the public doesn't mean we don't ever put and keep bad laws in effect. The solution to bad laws is not hiding them, it's more publicity. Similarly, more review on each commit would help the OpenSSL project.
Turkish Finance Minister Defends Twitter Ban
It is also wholly within Turkey's right to put out arrest for Dick Costolo (Twitter's CEO) and demand his extradition to be tried under Turkish law on what Twitter has done for Turkish residents.
First Automatic Identification of Flying Insects Allows Hi-Tech Bug Zapping
Only female mosquitos suck blood. Therefore, only the females are a health threat to humans.
Ask Slashdot: How Do You Manage Your Passwords?
The idea is great, the implementation horrible.
Master Password is an implementation of the same idea which takes care of all the flaws.
In my opinion, what you need from a password manager is:
- The output passwords need to be strong against attacks and the solution needs to be strong against attacks.
- You need to be able to trust the algorithm and the implementation that implements it, and any involved parties.
- Being safe from loss is just as important. If you can get locked out of everything the day your apartment catches fire, it sucks.
- It needs to be sufficiently easy to use so that I won't get lazy and skip it.
Doing 10 MD5's (SuperGenPass) offers NO strength against attacks on the solution at all. In fact, if I want all your passwords, all I need to do is make a website, get you to sign up with me, and brute-force your master password from the site password you gave me. A day's work, at most.
Master Password implements several techniques to solve all of the above security problems: http://masterpasswordapp.com/s...
The iOS 7 Jailbreak Fiasco
Evasi0n7 is the name of the method used to apply a tethered jailbreak to the phone. The 7 is for iOS 7. The jailbreak is what disables the security features that lock people out of their own device.
TaiG is the name of a "store" the distributes Chinese applications, similar to Cydia, the store that is currently considered to be the "default" for distributing applications on jailbroken devices. Aside from using Cydia or TaiG, you can also put apps on the device manually or use other stores / distributions.
The deal with TaiG was not a result of any stealing. Evasi0n (the team that made the Evasi0n7 method) had been approached by TaiG with an offer of bundling their store instead of Cydia (which doesn't have a lot of Chinese content) for Chinese users only. Terms of the deal included that TaiG would not be allowed to distribute any "pirated" applications. Evasi0n's rational was that without TaiG on the device, most Chinese users would proceed to install an app store that did provide "pirated" apps and this way they would be condoning a "non-pirating" app store to the huge Chinese jailbreak audience. In exchange for bundling TaiG and therefore giving TaiG a huge userbase in China, Evasi0n was offered a lump of money.
Unfortunately, it turns out after the fact that some pirated apps were spotted on TaiG. Evasi0n reported these to TaiG ASAP and they were removed. You can imagine the trolling that ensued especially from competing jailbreak teams.
Other teams working on a jailbreak method in parallel to Evasi0n were also given this offer from TaiG. In fact, another team was getting a jailbreak release ready with a similar, stolen or different method, I don't know, but since they were getting close to a release, Evasi0n decided to fast-track their working method and release a jailbreak early. The up-side of an early release was that they'd get TaiG's money and they'd get the credit for the jailbreak. The down-side is that the huge volume of apps written for jailbroken devices hadn't been tested and fixed to work on iOS 7 yet, including "Cydia". iOS compatibility is even more crucial for jailbroken apps than for standard iOS apps since they often use undocumented API which is obviously very volatile across iOS versions.
As a result of Evasi0n's early release, a bunch of people jailbroke their device only to find that almost all of the apps written for jailbroken devices that they were installing crashed or cashed their phones to break - since, as I said, they weren't updated for iOS 7.
TL;DR - Evasi0n worked really hard to find a method for jailbreaking, figured they deserved some money for their effort, figured in the mean time they'd condone a safe store to the Chinese, saw their chance at success slip away as other teams were gearing up to steal the glory and released before the developer community was ready, causing breakage and mayhem, never mind the trolling about the sudden appearance of a Chinese app store instead of Cydia.
For Evasi0n's side of the story, read http://evasi0n.com/l.html
RSA Flatly Denies That It Weakened Crypto For NSA Money
What specifically about the United States of America did you expect to be different? In the end, we're all people and we're all just as corruptible. Only transparency and risk of exposure can make us behave. Which is why secrecy is always counter to democracy.
Evad3rs Announce iOS 7 Jailbreak For Latest Apple Devices
It's really not so much about "all the cool stuff Cydia offers".
It's all about freedom and control. A non-broken device is effectively a leased piece of hardware where the owner tells you what you can and cannot do with it. It's like renting your house rather than owning it. Sure, it's nice that maintenance is taken care of for you; but most of us actually prefer to know that the thing we live in/with is controlled by us, not somebody with a different agenda whose interest in your happiness and satisfaction is nothing more than a side-effect of their interest in profit.
It's about wanting to do something with this computer in your pocket that's more powerful than a mainframe when I was a kid, and not having to wonder whether Apple's sandbox will agree to it. It's about wanting to run a daemon on start-up and being able to. It's about wanting to ssh into your phone when you left it at home and get the thing off of it that you need. It's about it locking up and you being able to see why. It's about breaking the display but still being able to put VNC on it and use it like the powerful computer that you payed for minus the display. It's about POSSIBILITY and FREEDOM to do as you please with the thing you payed 750$ for.
Storing Your Encrypted Passwords Offline On a Dedicated Device
When all your online access depends on it, you can't have enough redundancy.
Security isn't just about secrecy. It's also about being safe from loss.
Which is exactly why I created Master Password (algorithm/app): The theory is that all your passwords should be stateless, not rely on any form of storage at all, be long to be secure against brute-force attacks, be irreversible, and even if you lose everything you own tomorrow, be recreatable purely from your own knowledge.
Why People Are So Bad At Picking Passwords
It is my opinion that you cannot trust a human to make a good password.
You also cannot trust anything, a hard-disk, a notebook, a company(!) to store your passwords.
Which is why I use http://masterpasswordapp.com/ and I unlock it with a passphrase. The key elements here being: stateless, no storage, strong passwords.
Microsoft Warns Customers Away From RC4 and SHA-1
There's a difference between using SHA1 for verifying integrity and using SHA1 for cryptographic purposes.
I don't think it's GIT's intent to cryptographically prove that nobody has injected a modified commit in your history while going through extreme effort to mask that single-commit modification.
Netflix Ditches Silverlight With HTML5 Support In IE11
What exactly is your point? Because most of the users are apathetic to DRM, it needs to stay?
If you can sufficiently obfuscate a jail around your life such that you don't notice it in your daily doings, it belongs there? Of course not.
DRM solves no problems, but it CREATES a LOT of them. Here's something that solves problems: Get rid of it.
Google Aims To Cull Child Porn By Algorithm, Not Human Review
You are walking a dangerous road, friend.
Before you talk, you should think about all the angles. Think about what it means to flag someone as suspicious, think about how easy it is to make someone look suspicious, think about how easy it would be for someone who doesn't like YOU to make YOU look suspicious, and think about how easy it would be to sabotage anything on the internet when all it takes to "temporarily" censor something is a child-porn flag.
Before you think I'm conflating things, before you start spouting a reply, please step away from the keyboard, take ten minutes, and consider the fact that the world isn't black-and-white. Issues aren't all trivial, and in almost all of the cases, it's better to let the criminals go if it means you won't risk the innocent be jailed or permanently marked by association.
Hatred and short-sightedness are very dangerous. Only your rational thinking can curb that. Please be smarter.
SOPA Creator Now In Charge of NSF Grants
Gather a fair distribution of your country's residents into a room and ask them to stand on the left if they believe the 1B$ should go to researching alternative energy and on the right if it should go to preventing terrorism.
There is an inherent flaw in democracy that you cannot ignore; the majority vote will most commonly be undereducated. That's only normal and not because your population is stupid, they're just not experts in what they're voting for.
Similarly, I won't expect promising results from having random people on the street prioritize my iteration planning.
When you're desperately holding onto democracy in the conviction that it will lead you to an ideal society, you're either blinding yourself from this truth or you have a very limited opinion on what is ideal. Unfortunately, though, I suspect Churchill was on to something here, "It has been said that democracy is the worst form of government except all the others that have been tried.". Perhaps we should be researching forms of government instead.
SOPA Creator Now In Charge of NSF Grants
Be careful in your defence of democracy: You may well find the sensible interests are the minority.