|
'Longhorn' was an appropriate name - given the amount of bullsh!t you had to deal with.
Software Zen: delete this;
|
|
|
|
|
Facebook CEO Mark Zuckerberg is off to a slow start in his mission to bring virtual reality to the masses, so perhaps it's appropriate his company's next VR headset will be called Quest. Just in case you need a case of motion sickness
|
|
|
|
|
I can see a new Privacy update being issued that allows FB to tap your brain so they can provide you with ads that are relevant to your interests...of course!
I may not be that good looking, or athletic, or funny, or talented, or smart
I forgot where I was going with this but I do know I love bacon!
|
|
|
|
|
VirusTotal Enterprise offers significantly faster and more customizable malware search, as well as a new feature called Private Graph, which allows enterprises to create their own private visualizations of their infrastructure and malware that affects their machines. Get all your viruses in a single bowl of VirusTotal
|
|
|
|
|
Oh VirusTotal. They are so great.
Sometimes I get curious and submit a link from an email I just received. Of course, VirusTotal always tells me that the thing is clean.
I am perfectly sure that I can detect malware far better than that crappy site.
Oh sanctissimi Wilhelmus, Theodorus, et Fredericus!
|
|
|
|
|
Project Zero accuses Linux distributions of leaving users exposed to known kernel vulnerabilities for weeks. See: Linux is the new Windows (and Windows is also the new Windows)
|
|
|
|
|
Not just kernel patching, many distros are amazingly behind in updates. The slowness of Debian versions is pretty astonishing, until you deal with RHEL and CentOS!
|
|
|
|
|
Joe Woodbury wrote: RHEL and CentOS Red Hat gets certified by some American authority. That takes time, but you can be sure that the NSA will then know how to deal with that OS. CentOS is just a re-branded Red Hat.
Oh sanctissimi Wilhelmus, Theodorus, et Fredericus!
|
|
|
|
|
Roslyn is the codename-that-stuck for the open-source compiler for C# and Visual Basic.NET. Here’s how it started in the deepest darkness of last decade’s corporate Microsoft, and became an open source, cross-platform, public language engine for all things C# (and VB) "Just sit right back and you'll hear a tale, a tale of a fateful trip"
|
|
|
|
|
Yes, this is new info although it sounds somewhat familiar.
Are long passphrases the answer to password problems? | CSO Online[^]
article said: Kevin Mitnick, chief hacking officer for KnowBe4, Inc. (my full-time employer) kills that supposed fact with his latest video. In it, he cracks a 17-character, complex password in 31 seconds. Because of this, Mitnick recommends using simple, long passphrases (also known as “PassSentences”) 25 characters or more, something like, “I like to go to the beach to get wet.” Kevin also recommends using a good password manager to manage your passphrases.
Quote: It’s good, sound advice. I agree with most of it. The only part I’m not sure about is the 25-character-minimum requirement. The reason is that while using 25-character or longer passwords might make password cracking (i.e., password hash cracking and password guessing) harder to pull off, it increases the risk that users will reuse the same password across different security domains, which is what NIST’s latest advice is trying to prevent.
Use a password manager (like cyapass.com) and creating 25 character or longer passwords is no problem.
I suppose we will always have passwords.
I like this solution that Microsoft is proposing with yubikey FIDO2 etc.
Watch the video -- it is very cool how it works:
Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices - Microsoft 365 Blog[^]
If it really worked that way.
|
|
|
|
|
DoD's been doing PKI with a similar system (smartcards instead of USB keys) for over a decade. It is very portable and works well, and for the life of me I cannot figure out why there aren't more commercial identity providers out there with a larger client base.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
The only thing I can think of is that people will forget them at home and then complain to admins and the admins will be annoyed so they don't implement. Most people have badges to get in there buildings, maybe they could make it all part of the same thing?
|
|
|
|
|
|
raddevus wrote: Most people have badges to get in there buildings, maybe they could make it all part of the same thing? One of the departments here does that, the employee's ID badge has a smart chip in it that can be used to log into their PC.
Unfortunately, everyone else is squabbling among themselves trying to figure out which standard and provider to use for 2FA. Card vs USB vs Soft Token, etc. Been going on for a couple of years now.
|
|
|
|
|
RJOberg wrote: everyone else is squabbling among themselves trying to figure out which standard and provider to use
Yeah, it's too bad when good tech gets ignored because of subtle differences and warring factions of users / managers.
|
|
|
|
|
The only problem with the smart cards is that it doubles as your military id and I cannot tell you how many times people left their's in their computer when they left for the day and one of us had to drive all the way out to the main gate to bring it to them the next day. Even I did it once or twice.
if (Object.DividedByZero == true) { Universe.Implode(); }
|
|
|
|
|
Dude, the Cyber Challenge even has a bit about that! For shame!
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
And there are women hitting on guys in it. Yeah, yeah, "inviting to lunch", talking about "music".
|
|
|
|
|
raddevus wrote: Use a password manager (like cyapass.com)
shameless plug.
|
|
|
|
|
It has to be done.
|
|
|
|
|
raddevus wrote: Use a password manager I find it interesting that there are lots of people here on CP that are against using the cloud for security reasons but have no problem handing over every single password they have to a single source.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
011111100010 wrote: against using the cloud for security reasons but have no problem handing over every single password they have to a single source On a related thread, one of the professors I had a programming security course with in college advocated 25+ character passwords with the standard suggestions, unique for every site/system, change regularly, etc., plus didn't contain any complete or commonly used slang words*. This was over 10 years ago, so it should have been reasonably strong against systems of the time.
The final part of his advice was to write the password with the site, date created/changed, etc. in a spiral notebook, and NOT save it to a file on your PC. Then stick that notebook in a locked desk drawer.
His reasoning behind that was if someone had physical access to your PC, it was as good as compromised anyway. They could copy your hard drive and brute force it or any number of other attack types. It sounded** like good advice at the time, but it certainly didn't travel well.
* He never mentioned checking for non-English slang, I wonder if that would matter...
** Not saying it WAS good advice, just that it sounded that way to someone who was still learning security theories. Yes, keyloggers were still a weak point against this method.
|
|
|
|
|
I'll repeat what I said to OP about saving pwds in cloud:
raddevus: That's why my password manager (http://cyapass.com) does not save your passwords anywhere.
That is not hyperbole. With C'YaPass your password is generated every time from:
1. your site key
2. the pattern you draw
The final output is a SHA-256 hash which you use as your password (64 characters long).
And...the site keys you create to remember which site you use the password at are stored only on your machine and you can manage them yourself. Never stored in the cloud. You (the user) own everything and it is open source too.
|
|
|
|
|
011111100010 wrote: lots of people here on CP that are against using the cloud for security reasons but have no problem handing over every single password they have to a single source.
I do too.
That's why my password manager (http://cyapass.com) does not save your passwords anywhere.
That is not hyperbole. With C'YaPass your password is generated every time from:
1. your site key
2. the pattern you draw
The final output is a SHA-256 hash which you use as your password (64 characters long).
And...the site keys you create to remember which site you use the password at are stored only on your machine and you can manage them yourself. Never stored in the cloud. You (the user) own everything and it is open source too.
You are the perfect foil for my marketing message. Thanks!
|
|
|
|
|
raddevus wrote: it is open source too. Which makes it easy to figure out how to hack so once someone has access to your computer, whoops.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|