* Posts by Fascist Nation

6 posts • joined 22 Jun 2014

'I thought my daughter clicked on ransomware – it was the damn Windows 10 installer'

Fascist Nation

Jeez, Roger Ellison, download the latest from WSUSOffline. Yes, it takes a couple of hours to complete the download (still less time than a MS Updater), but once downloaded when a newer version becomes available it only updates the changes (minutes). Transfer a copy to a flash drive and do the Win7 update installs in a matter of minutes.

http://download.wsusoffline.net/

https://www.youtube.com/watch?v=aXAOvbNJYyE - how to use and why it is head smacking important to you

And be sure to install GWX Control Panel on those old PCs before they ever see the Internet (hopefully not needed after July): http://ultimateoutsider.com/downloads/

Stop resetting your passwords, says UK govt's spy network

Fascist Nation

I hate to say they are correct but periodically forcing new passwords is BS. When y0ou do that y0ou make them easy to use affairs because you have to remember them. I'd rather use a password manager generating a long unique random ASCII sequence for every logon. Then all I need do is remember a long random master password.

What I hate are websites that force me to use short uncomplicated passwords, will not allow cut and paste submissions (you try tying in a long series of ASCII), use weak crypto to secure the transaction, and for logons that may involve a cell phone you are forced to use a simple password because of the pain of typing it in on a phone and even the limited ASCII.

How long is your password? HTTPS Bicycle attack reveals that and more

Fascist Nation
Thumb Down

Re: Down with 2FA

2FA sucks. It is poorly implemented. Either it is insanely inconvenient as hell. It relies on publicly acquired (by the site) information about me which clearly can be acquired by others with malicious intent. It asks the same questions all the other sites do so when one of them is hacked my answers are available (Unless they have been encrypted. How often not or with a weak easily hacked algorithm?) for them to grab my identity. https://krebsonsecurity.com/2015/12/2016-reality-lazy-authentication-still-the-norm/ The questions are often insanely obscure: The name of your 4th grade teacher? Or easy to find out: The name of the street you lived on ten years ago? My favorite: Your mother's maiden name? Like that isn't easily acquired.

Additionally, passwords are also lame. Sites with financial transactions I have conducted restrict maximum password length to 15 characters (very common). Restrict the password to alphanumeric or limited number of ASCII. Or allow a fairly large (up to 63 character) ASCII password, but will not allow cut and pasting in the re-type your password box when you first set up the password (or change it). Gosh thanks so much. Yes, I take the responsibility to use a password manager that (hopefully) randomly creates unique passwords of whatever length I specify. But sites make it impossible to use a secure password in the name of either their limiting storing space, incompetent coding or "for my security."

Who's right on crypto: An American prosecutor or a Lebanese coder?

Fascist Nation

How to enforce?

How do you enforce this...read punish the uncooperative? For any app that may encrypt communications of one sort or another:

Do you make it illegal to use an app without a backdoor? [punish the end user]

Do you make it illegal for an ISP to allow downloading an app without a backdoor? [punish the end user's ISP]

Do you make it illegal to create and app without a backdoor? [punish the programmer]

Do you make it illegal to post open source code to an app without a backdoor that anyone could download and compile and use? [punish the programmer and / or the end user; pesky free speech claim too]

Hear that sound? It's the Windows XP PC bubble popping

Fascist Nation

I'd be happy to take their machines off their hands to give to kids in homes without them. XP has been falling like a rock for seven months. Hacking hasn't helped.

Tech companies are raising their game (and pants) post-Snowden

Fascist Nation
Pirate

How can you trust security?

The problem is trust. We now KNOW the NSA has gone around and either strong armed or paid millions to major corporations as well as smaller app writers and Internet service providers to insert back doors for their access, turnover cryptographic algorithms, and record customer interactions for them.

We KNOW the NIST developed AES is back door hacked by the NSA via the NIST warning AES is no longer reliable. Guess NIST did not get the memo to lie about AES along with the memo to lie about WTC7.

We know that EVERY phone conversation is recorded, the ability to turn on all cell phone's microphones was hardwired via NSA into the GPS location chip installed in ALL cell phones sold in the USA. Even if the cell phone is turned off. Want to bet about the camera? We KNOW every keystroke going out on the Internet is intercepted.

So a person and a business can do all sorts of things to try and dick with the man, but the bottom line in security is you just do not know if you have gone far enough. And you do not know if the NSA is selling your company secrets to the Chinese, Ben Bernanke or whomever their masters or buyers are. You simply cannot be certain. Ever. That much you KNOW.

Biting the hand that feeds IT © 1998–2019