One of Rachel Maddow’s viewers demonstrated today how incredibly easy it is to post a photo to someone else’s yfrog.com account without a password: The Maddow Blog - How one gal planted her boot on the throat of the internet and, with a mighty cry of ‘CAKE!’, slew it in 12 seconds.
1 |
Mocking Jay Wed, Jun 1, 2011 6:33:06pm |
I think he needs to stop treating it as a "joke" or "prank" It was a serious attack on his reputation.
| 2 |
albusteve Wed, Jun 1, 2011 6:36:10pm |
re: #1 JasonA
I think he needs to stop treating it as a "joke" or "prank" It was a serious attack on his reputation.
he might at least draw some attention to the lunacy and childish behavior of the press
| 3 |
webevintage Wed, Jun 1, 2011 6:36:16pm |
He just said "I wish" that the photo was him....
| 4 |
Alexzander Wed, Jun 1, 2011 6:39:35pm |
re: #1 JasonA
I think he needs to stop treating it as a "joke" or "prank" It was a serious attack on his reputation.
Agreed. His reputation and the reputation of many others.
| 5 |
Alexzander Wed, Jun 1, 2011 6:41:27pm |
Was that a more successful interview than Weiner's previous ones with CNN?
| 6 |
Mocking Jay Wed, Jun 1, 2011 6:42:12pm |
re: #5 Alexzander
Was that a more successful interview than Weiner's previous ones with CNN?
Well, at least Rachel didn't keep trying to get him to look at the crotch-shot...
| 8 |
Mocking Jay Wed, Jun 1, 2011 6:43:33pm |
She's showing video of that MA tornado. Holy crap...
| 9 |
William of Orange Wed, Jun 1, 2011 6:44:37pm |
re: #2 albusteve
he might at least draw some attention to the lunacy and childish behavior of the press
That would just feed the distraction to his real work; showing the hypocricy of Judge Thomas and his money-hungry wife. Wiener stays focussed on the things that matter the most.
| 11 |
albusteve Wed, Jun 1, 2011 6:45:51pm |
re: #9 William of Orange
That would just feed the distraction to his real work; showing the hypocricy of Judge Thomas and his money-hungry wife. Wiener stays focussed on the things that matter the most.
then he should forget interviews on national TV...they will only use it against him
| 12 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 6:45:55pm |
I really shouldn't. I really just shouldn't. But sometimes, when I get home and read stupidity I just must share. Apologies in advance.
“This Statue of Liberty was gifted to us by foreign leaders, really as a warning to us, it was a warning to us to stay unique and to stay exceptional from other countries. Certainly not to go down the path of other countries that adopted socialist policies,” Palin said to cheers from the crowd.
| 13 |
SanFranciscoZionist Wed, Jun 1, 2011 6:47:15pm |
re: #1 JasonA
I think he needs to stop treating it as a "joke" or "prank" It was a serious attack on his reputation.
I think if he acts like it was a big deal, he brings down accusations of acting out, making a big deal of it, etc., etc.
| 14 |
albusteve Wed, Jun 1, 2011 6:47:59pm |
re: #12 Stanley Sea
I really shouldn't. I really just shouldn't. But sometimes, when I get home and read stupidity I just must share. Apologies in advance.
the NFL strike has far more impact on the American psyche than Palin does
| 15 |
jaunte Wed, Jun 1, 2011 6:48:57pm |
Monica Hesse takes a small survey of her friends:
Listen up, fellas: Naked man-parts? Not so sexy.
| 16 |
freetoken Wed, Jun 1, 2011 6:50:37pm |
re: #14 albusteve
the NFL strike has far more impact on the American psyche than Palin does
Foreign leaders gave us the Statue of Liberty so that the NFL owners' freedom to make money is not destroyed by the socialist players union.
Channelling my inner Esther.
| 17 |
MittDoesNotCompute Wed, Jun 1, 2011 6:50:39pm |
re: #12 Stanley Sea
I really shouldn't. I really just shouldn't. But sometimes, when I get home and read stupidity I just must share. Apologies in advance.
“This Statue of Liberty was gifted to us by foreign leaders, really as a warning to us, it was a warning to us to stay unique and to stay exceptional from other countries. Certainly not to go down the path of other countries that adopted socialist policies,” Palin said to cheers from the crowd.
Palin is a brainless twit, wrapped in the American flag and spouting history that never happened...what a tool.
| 18 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 6:51:07pm |
re: #10 Alexzander
Anyone watching the hockey game?
I have friends watching. They have tix & are going back to Boston on Friday.
| 19 |
goddamnedfrank Wed, Jun 1, 2011 6:51:51pm |
re: #13 SanFranciscoZionist
I think if he acts like it was a big deal, he brings down accusations of acting out, making a big deal of it, etc., etc.
Legitimizing it, "lady doth protest too much," gabba gabba hey.
| 20 |
Mocking Jay Wed, Jun 1, 2011 6:51:54pm |
re: #13 SanFranciscoZionist
I think if he acts like it was a big deal, he brings down accusations of acting out, making a big deal of it, etc., etc.
Yeah, but the people who would say that are, at this moment, wondering why he hasn't called in the FBI yet.
| 21 |
ElCapitanAmerica Wed, Jun 1, 2011 6:52:29pm |
I created 10 fake twitter accounts (wanted to do 10 until twitter prevents me from doing more), then I enabled yfrog ... BUT ... it seems like yfrog has stopped posting the internal email name they use for now. Wonder if they're reacting to this.
Was hoping to see what the pattern is for the string, I have a feeling it's a static list of strings that is not very large in the first place.
| 22 |
goddamnedfrank Wed, Jun 1, 2011 6:53:04pm |
re: #20 JasonA
Yeah, but the people who would say that are, at this moment, wondering why he hasn't called in the FBI yet.
And if he called in the FBI they'd be wondering why he was wasting government resources.
| 23 |
b_sharp Wed, Jun 1, 2011 6:53:07pm |
re: #13 SanFranciscoZionist
I think if he acts like it was a big deal, he brings down accusations of acting out, making a big deal of it, etc., etc.
He can't win against the spin.
| 24 |
Dancing along the light of day Wed, Jun 1, 2011 6:53:34pm |
“Of the 237 reasons why women have sex,” Meston says, “not one was looking at a man’s genitals.”
LOL!
| 25 |
Charles Johnson Wed, Jun 1, 2011 6:54:02pm |
re: #21 ElCapitanAmerica
I created 10 fake twitter accounts (wanted to do 10 until twitter prevents me from doing more), then I enabled yfrog ... BUT ... it seems like yfrog has stopped posting the internal email name they use for now. Wonder if they're reacting to this.
Was hoping to see what the pattern is for the string, I have a feeling it's a static list of strings that is not very large in the first place.
I'm quite sure that yfrog's tech people are scrambling tonight.
| 26 |
engineer cat Wed, Jun 1, 2011 6:54:47pm |
sum kinda middle english soc net platform yclept 'yfrog'?
| 28 |
Mocking Jay Wed, Jun 1, 2011 6:55:13pm |
re: #22 goddamnedfrank
And if he called in the FBI they'd be wondering why he was wasting government resources.
Eggzactly.
| 29 |
webevintage Wed, Jun 1, 2011 6:55:55pm |
re: #24 Floral Giraffe
“Of the 237 reasons why women have sex,” Meston says, “not one was looking at a man’s genitals.”
LOL!
hahahahaha...
But seriously, I've got a list of guys who's junk I'd like to see...none has responded to my inquires on twitter.
| 30 |
b_sharp Wed, Jun 1, 2011 6:55:58pm |
re: #15 jaunte
Monica Hesse takes a small survey of her friends:
Listen up, fellas: Naked man-parts? Not so sexy.
They say that now, but after they see my naughty bits...
| 31 |
SanFranciscoZionist Wed, Jun 1, 2011 6:56:24pm |
re: #12 Stanley Sea
I really shouldn't. I really just shouldn't. But sometimes, when I get home and read stupidity I just must share. Apologies in advance.
WTF? Or, to say it in the language of that great socialist-policy-following nation that gave us Lady Liberty to begin with, ce qui la baise?
| 32 |
Charles Johnson Wed, Jun 1, 2011 6:56:52pm |
If I were in charge of yfrog, I'd be extremely unhappy about this ridiculous lapse in security.
| 33 |
SanFranciscoZionist Wed, Jun 1, 2011 6:57:00pm |
re: #14 albusteve
the NFL strike has far more impact on the American psyche than Palin does
Thanks be to God.
(The NFL is striking? My husband probably knew that.)
| 34 |
Mocking Jay Wed, Jun 1, 2011 6:57:33pm |
re: #32 Charles
If I were in charge of yfrog, I'd be extremely unhappy about this ridiculous lapse in security.
Which they've put forward as a feature?
| 35 |
SanFranciscoZionist Wed, Jun 1, 2011 6:57:35pm |
re: #20 JasonA
Yeah, but the people who would say that are, at this moment, wondering why he hasn't called in the FBI yet.
Yeah, but with those folks he can't win. Ever.
| 36 |
albusteve Wed, Jun 1, 2011 6:58:29pm |
re: #33 SanFranciscoZionist
Thanks be to God.
(The NFL is striking? My husband probably knew that.)
yes
| 37 |
SanFranciscoZionist Wed, Jun 1, 2011 6:58:51pm |
| 38 |
ElCapitanAmerica Wed, Jun 1, 2011 6:59:04pm |
re: #25 Charles
I'm quite sure that yfrog's tech people are scrambling tonight.
Yeah. I think the first visible change is not showing that internal email ... but I'm sure it's still using it.
I would also guess that temporarely they might start creating more complicated email addresses, but they really have to get rid of that "feature". It's just broken.
Disallow posting via MMS or email address and only allow from desktop via twitter login or mobile with their yfrog app; which I'm not downloading to test at all, these guys have proven not to be very bright in the security department.
BTW in original post meant to say I wanted to create 20 accounts, but twitter only let me do 10 (I used the same password btw with a nice simple gmail trick you can do).
| 40 |
austin_blue Wed, Jun 1, 2011 6:59:13pm |
re: #25 Charles
I'm quite sure that yfrog's tech people are scrambling tonight.
Ya think?
I am betting they are spinning up to about 1253 RPMs punching code right now.
This kind of publicity kills web sites. Who wants to be associated with them? Who wants their ads there?
| 41 |
austin_blue Wed, Jun 1, 2011 6:59:44pm |
re: #37 SanFranciscoZionist
Well, this impacts my life not at all. Unless my husband begins pining.
For the fjords?
| 42 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 6:59:55pm |
re: #29 webevintage
hahahahaha...
But seriously, I've got a list of guys who's junk I'd like to see...none has responded to my inquires on twitter.
That Batch dude!
| 43 |
webevintage Wed, Jun 1, 2011 7:01:05pm |
I made pie today...lemon chess pie....so yummy.
| 44 |
Alexzander Wed, Jun 1, 2011 7:01:39pm |
re: #32 Charles
If I were in charge of yfrog, I'd be extremely unhappy about this ridiculous lapse in security.
In your opinion is the major lapse the fact that the four or five digit part of the Yfrog email address is too short?
| 45 |
Mocking Jay Wed, Jun 1, 2011 7:02:48pm |
re: #44 Alexzander
In your opinion is the major lapse the fact that the four or five digit part of the Yfrog email address is too short?
Not all that random either, apparently.
| 46 |
albusteve Wed, Jun 1, 2011 7:03:03pm |
re: #37 SanFranciscoZionist
Well, this impacts my life not at all. Unless my husband begins pining.
it's a $9b business, substantial money...and Palins travels pale in comparison
| 47 |
Mocking Jay Wed, Jun 1, 2011 7:03:17pm |
re: #45 JasonA
Not all that random either, apparently.
Even then, I think it's a crappy security method.
| 48 |
Charles Johnson Wed, Jun 1, 2011 7:03:39pm |
re: #44 Alexzander
In your opinion is the major lapse the fact that the four or five digit part of the Yfrog email address is too short?
No. It's simply the WRONG way to implement security. 100% wrong. Obscurity is not security.
I'm actually shocked that a company with such a high profile is so lax about security. They're going to suffer because of this.
| 49 |
b_sharp Wed, Jun 1, 2011 7:04:55pm |
re: #37 SanFranciscoZionist
Well, this impacts my life not at all. Unless my husband begins pining.
I don't think there is an NFL team named the Fjords.
| 50 |
andres Wed, Jun 1, 2011 7:05:07pm |
re: #44 Alexzander
In your opinion is the major lapse the fact that the four or five digit part of the Yfrog email address is too short?
IMHO, it was that the address that sends to the Yfrog email wasn't validated. Some services I've seen this, they ask you to validate which emails you want to authorize to use the address.
| 51 |
webevintage Wed, Jun 1, 2011 7:05:11pm |
I love how Paul Ryan haz a sad because the President won't stop calling his plan "killing Medicare" and felt he needed to explain the plan to Obama like the man is a moron who can't read.
What a putz.
| 52 |
SanFranciscoZionist Wed, Jun 1, 2011 7:05:12pm |
re: #46 albusteve
it's a $9b business, substantial money...and Palins travels pale in comparison
Yes, but I think politics is funny, and football dull, so, well, there it is.
| 53 |
Alexzander Wed, Jun 1, 2011 7:05:32pm |
re: #47 JasonA
Even then, I think it's a crappy security method.
Does it include numbers and letters?
I doubt this feature is going away - the ability to easily submit content to your twitter feed is the lifeblood of the website. If anything, I expect to see more features in that vein. Perhaps with longer more random strings of digits.
| 54 |
Big Joe Wed, Jun 1, 2011 7:05:37pm |
| 56 |
Killgore Trout Wed, Jun 1, 2011 7:05:43pm |
Dan Wolfe (aka Patriotusa76) suddenly not tweeting much anymore.
| 57 |
Alexzander Wed, Jun 1, 2011 7:05:58pm |
re: #50 andres
Thats a good point. Def. should be validated.
| 59 |
andres Wed, Jun 1, 2011 7:06:04pm |
re: #48 Charles
No. It's simply the WRONG way to implement security. 100% wrong. Obscurity is not security.
I'm actually shocked that a company with such a high profile is so lax about security. They're going to suffer because of this.
For me, it's not surprising. "If it's working, don't mess with it" seems to be the mantra many sites have.
| 60 |
Mocking Jay Wed, Jun 1, 2011 7:06:09pm |
re: #53 Alexzander
Does it include numbers and letters?
I doubt this feature is going away - the ability to easily submit content to your twitter feed is the lifeblood of the website. If anything, I expect to see more features in that vein. Perhaps with longer more random strings of digits.
Actually, I think I've only seen letters so far.
| 62 |
albusteve Wed, Jun 1, 2011 7:07:12pm |
re: #52 SanFranciscoZionist
Yes, but I think politics is funny, and football dull, so, well, there it is.
football dull?...you must be a female that prefers to play with your garbage disposal on Sundays
| 64 |
windsagio Wed, Jun 1, 2011 7:08:01pm |
re: #62 albusteve
Did you ever read Hunter Thompson's essay on how the '60s packers ruined Football? You might enjoy it >
| 65 |
Charles Johnson Wed, Jun 1, 2011 7:08:02pm |
re: #53 Alexzander
Does it include numbers and letters?
I doubt this feature is going away - the ability to easily submit content to your twitter feed is the lifeblood of the website. If anything, I expect to see more features in that vein. Perhaps with longer more random strings of digits.
It doesn't matter how many digits you use. This is the wrong approach. Period. Web security 101.
| 66 |
b_sharp Wed, Jun 1, 2011 7:08:12pm |
re: #52 SanFranciscoZionist
Yes, but I think politics is funny, and football dull, so, well, there it is.
But politics is football, without the obvious fanny patting.
| 67 |
engineer cat Wed, Jun 1, 2011 7:08:22pm |
re: #43 webevintage
I made pie today...lemon chess pie...so yummy.
i'd checkmate you but my lips are too puckered up
| 68 |
Alexzander Wed, Jun 1, 2011 7:08:29pm |
re: #60 JasonA
Actually, I think I've only seen letters so far.
Hmmm. Well even with four digits I think that's still well over 300,000 possible combinations.
| 69 |
Mocking Jay Wed, Jun 1, 2011 7:08:41pm |
People... this has been the first business day since the story first broke. There needs to be a little patience here.
| 70 |
Our Precious Bodily Fluids Wed, Jun 1, 2011 7:08:58pm |
re: #15 jaunte
Monica Hesse takes a small survey of her friends:
Listen up, fellas: Naked man-parts? Not so sexy.
too long; didn't read version:
author of article at link asserts with anecdotal data that women generally want to see photos that suggest the man depicted in them neatly folds his laundry in a wicker basket, makes the bed and then puts rose petals on it fer cryin out loud, lovingly cleans out the storm gutter, and then cooks dinner. All of it shirtlessly, of course, while looking exactly like Josh Holloway.
In other words, no less unrealistic than the shit men look at.
| 71 |
SanFranciscoZionist Wed, Jun 1, 2011 7:09:02pm |
re: #62 albusteve
football dull?...you must be a female that prefers to play with your garbage disposal on Sundays
Female yes. Garbage disposal, no.
| 72 |
albusteve Wed, Jun 1, 2011 7:09:29pm |
re: #64 windsagio
Did you ever read Hunter Thompson's essay on how the '60s packers ruined Football? You might enjoy it >
yes, but it's satire...HT didn't know jack shit about football, or much else...not a big fan of his
| 73 |
Mocking Jay Wed, Jun 1, 2011 7:09:39pm |
re: #68 Alexzander
Hmmm. Well even with four digits I think that's still well over 300,000 possible combinations.
Click the link at the top. Click it. See how easy it is to do this.
| 74 |
Killgore Trout Wed, Jun 1, 2011 7:10:31pm |
| 76 |
Our Precious Bodily Fluids Wed, Jun 1, 2011 7:10:48pm |
re: #25 Charles
Nah, yfrog is ImageShack. They don't even give a shit about not giving a shit.
| 77 |
SanFranciscoZionist Wed, Jun 1, 2011 7:11:25pm |
re: #70 negativ
too long; didn't read version:
author of article at link asserts with anecdotal data that women generally want to see photos that suggest the man depicted in them neatly folds his laundry in a wicker basket, makes the bed and then puts rose petals on it fer cryin out loud, lovingly cleans out the storm gutter, and then cooks dinner. All of it shirtlessly, of course, while looking exactly like Josh Holloway.
In other words, no less unrealistic than the shit men look at.
Men doing stuff around the house is sexy.
That said, I'm intrigued that none of the examples they give of the 237 reasons women have sex seem to involve women being horny, which, for some reasons, remains our society's major taboo.
| 78 |
MittDoesNotCompute Wed, Jun 1, 2011 7:11:48pm |
re: #48 Charles
No. It's simply the WRONG way to implement security. 100% wrong. Obscurity is not security.
I'm actually shocked that a company with such a high profile is so lax about security. They're going to suffer because of this.
IMO, Imageshack (parent company of yfrog) has sucked for quite a while and for various reasons.
| 79 |
Mocking Jay Wed, Jun 1, 2011 7:12:23pm |
re: #77 SanFranciscoZionist
Men doing stuff around the house is sexy.
That said, I'm intrigued that none of the examples they give of the 237 reasons women have sex seem to involve women being horny, which, for some reasons, remains our society's major taboo.
Please tell us more.
| 82 |
webevintage Wed, Jun 1, 2011 7:13:51pm |
re: #77 SanFranciscoZionist
Men doing stuff around the house is sexy.
That said, I'm intrigued that none of the examples they give of the 237 reasons women have sex seem to involve women being horny, which, for some reasons, remains our society's major taboo.
This.
Guess what researchers, women like to have sex because *gasp* we like to have sex.
| 83 |
goddamnedfrank Wed, Jun 1, 2011 7:14:20pm |
re: #63 Timmeh
Can yfrog and/or Twitter confirm Weiner's story?
I'm sure they can, but yfrog/Imageshack especially may demand that he indemnify them against any claims of harm first.
| 84 |
Alexzander Wed, Jun 1, 2011 7:14:53pm |
re: #65 Charles
It doesn't matter how many digits you use. This is the wrong approach. Period. Web security 101.
Doesn't the number of digits increase the amount of time required for a 'brute force' attack? The digit system functions essentially the same way as a password, no? Maybe I've got this wrong.
| 85 |
Charles Johnson Wed, Jun 1, 2011 7:15:12pm |
re: #68 Alexzander
Hmmm. Well even with four digits I think that's still well over 300,000 possible combinations.
Which takes about 3 seconds for a computer script to crack.
Obscurity is not security.
| 86 |
laZardo Wed, Jun 1, 2011 7:15:23pm |
re: #81 albusteve
football makes women horny...fact
Except for the goalies, catching all those balls and everything...
/oh wait we're talking about lemonball here
| 87 |
Charles Johnson Wed, Jun 1, 2011 7:16:25pm |
re: #84 Alexzander
Doesn't the number of digits increase the amount of time required for a 'brute force' attack? The digit system functions essentially the same way as a password, no? Maybe I've got this wrong.
I'm going to keep saying it until it sinks in.
Obscurity is not security.
| 88 |
albusteve Wed, Jun 1, 2011 7:17:07pm |
field goals would drive my wife frantic...
'it's up...it's gooood!'
| 89 |
MittDoesNotCompute Wed, Jun 1, 2011 7:17:53pm |
re: #85 Charles
Which takes about 3 seconds for a computer script to crack.
Obscurity is not security.
Prime example here recently: Sony and the PlayStation Network (and some of their internal networks, IIRC).
| 90 |
ozbloke Wed, Jun 1, 2011 7:19:54pm |
re: #85 Charles
Which takes about 3 seconds for a computer script to crack.
Although that is a truth, it is also true that many sites will block access after 'x' amount of failed attempts within x amount of time. It helps a lot, it is something I have used since last century.
| 91 |
Dancing along the light of day Wed, Jun 1, 2011 7:20:14pm |
| 92 |
Mocking Jay Wed, Jun 1, 2011 7:21:10pm |
| 93 |
MittDoesNotCompute Wed, Jun 1, 2011 7:21:15pm |
| 94 |
albusteve Wed, Jun 1, 2011 7:22:59pm |
re: #92 JasonA
Not fallin' for it...
my sex life was outstanding and I was an around the house workaholic....pay attention
| 95 |
Alexzander Wed, Jun 1, 2011 7:23:01pm |
re: #87 Charles
I'm going to keep saying it until it sinks in.
Obscurity is not security.
If its 256-bit password (like the AES-256 one used to protect the Wikileaks "Insurance File"), it might not in principle be 'secure" in the sense of being impossible to brute force defeat. But in practice it is currently pragmatically secure.
The time it takes to crack a code is thought of in terms of how many possible correct passwords there could be. If you're looking at a 256-bit password with no knowledge of anything, trying to just enter every conceivable combination of 0s and 1s, you'd have a "time" of 2^256. Nobody measures the time it would take to crack one of these codes in hours, months, years, or centuries--it's too big for all of that, so they just use combinations. Trying to crack all of those combinations manually is called, aptly, a brute force attack, and in a 256-bit instance like this one, it'd take, roughly, a bajillion years to succeed (that being the scientific estimation). Even with all the supercomputers in the world working in concert, with a flawless algorithm for trying the different combinations, it would take hundreds of thousands of years. Your average dude with an Alienware? Forget about it.
| 96 |
MittDoesNotCompute Wed, Jun 1, 2011 7:23:35pm |
| 97 |
ElCapitanAmerica Wed, Jun 1, 2011 7:23:49pm |
re: #90 ozbloke
Although that is a truth, it is also true that many sites will block access after 'x' amount of failed attempts within x amount of time. It helps a lot, it is something I have used since last century.
You can't block this, it's an email message. You flood the system with emails, it's not a synchronous but an asynchronous process at all.
In other words, when you send email you don't do a synchronous request-response. You just send.
| 98 |
Charles Johnson Wed, Jun 1, 2011 7:23:57pm |
re: #90 ozbloke
Although that is a truth, it is also true that many sites will block access after 'x' amount of failed attempts within x amount of time. It helps a lot, it is something I have used since last century.
These kinds of access blocks are trivially easy to get around. Maybe you could get away with that last century, but not now.
| 99 |
andres Wed, Jun 1, 2011 7:25:04pm |
re: #95 Alexzander
If its 256-bit password (like the AES-256 one used to protect the Wikileaks "Insurance File"), it might not in principle be 'secure" in the sense of being impossible to brute force defeat. But in practice it is currently pragmatically secure.
But it's not the password that was vulnerable: it was the email address @yfrog.
| 100 |
laZardo Wed, Jun 1, 2011 7:25:24pm |
Oh boy, here we go.
Let me use the example Ron has actually used on occasion. He states that giving private business owners the right to display "no negros" as a condition of patronage is fully within their rights. He says, and quite clearly, that while this is unethical it is also an absolute right to do so, esp in a free market system. When social attitudes begin to shift, these businesses will automatically fail because nobody will support them anymore.
| 101 |
andres Wed, Jun 1, 2011 7:25:27pm |
re: #98 Charles
These kinds of access blocks are trivially easy to get around. Maybe you could get away with that last century, but not now.
Many script kiddies are still so last century.
| 103 |
Charles Johnson Wed, Jun 1, 2011 7:25:41pm |
re: #95 Alexzander
If its 256-bit password (like the AES-256 one used to protect the Wikileaks "Insurance File"), it might not in principle be 'secure" in the sense of being impossible to brute force defeat. But in practice it is currently pragmatically secure.
Sorry, you just don't know what you're talking about. This kind of thing is what I do, and I promise you that any web security expert would be horrified at the idea of using a public email address and expecting it to be secure.
It's not secure. Period. This is the wrong approach to security.
| 104 |
ElCapitanAmerica Wed, Jun 1, 2011 7:25:58pm |
re: #25 Charles
I'm quite sure that yfrog's tech people are scrambling tonight.
Charles;
Here's a screenshot of their first change. I managed to have one screen up before they removed the email from showing in the page, so was able to capture it.
yfrog "increasing" security ... well their version of "security"
| 105 |
albusteve Wed, Jun 1, 2011 7:26:11pm |
| 106 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 7:26:49pm |
From NPR (heard it on the drive home) Apparently the major feat was organization. One camera, continuous shot. Listen to the NPR story above the vid too, it's well worth your time!
If you were online over the Memorial Day weekend, you may well have seen The Grand Rapids Lip Dub.
Maybe you saw it after Roger Ebert called it "the greatest music video ever made."
| 107 |
engineer cat Wed, Jun 1, 2011 7:27:35pm |
wouldn't it be more likely that it was not the password itself that was hacked but that the system was hacked into in via some other route?
| 108 |
Our Precious Bodily Fluids Wed, Jun 1, 2011 7:27:53pm |
| 109 |
albusteve Wed, Jun 1, 2011 7:28:14pm |
re: #106 Stanley Sea
From NPR (heard it on the drive home) Apparently the major feat was organization. One camera, continuous shot. Listen to the NPR story above the vid too, it's well worth your time!
[Video]
I posted that days ago...my daughter helped produce it...didn't get much buzz
| 110 |
ElCapitanAmerica Wed, Jun 1, 2011 7:28:53pm |
re: #107 engineer dog
wouldn't it be more likely that it was not the password itself that was hacked but that the system was hacked into in via some other route?
There is no "password" guys. Adding a word to a generated email address is not a password, and if it was a password it wouldn't be a secure one.
| 111 |
Mocking Jay Wed, Jun 1, 2011 7:29:44pm |
re: #104 ElCapitanAmerica
Charles;
Here's a screenshot of their first change. I managed to have one screen up before they removed the email from showing in the page, so was able to capture it.
yfrog "increasing" security ... well their version of "security"
Mine is in the settings page now. They took it off the homepage. Fail.
| 112 |
laZardo Wed, Jun 1, 2011 7:30:34pm |
re: #105 albusteve
what's that?...and why is it purple?
It's the Wingnut tag. Simply put [wingnut ] and [ /wingnut ] without spaces around a block of text and you get
the purple.
| 113 |
ozbloke Wed, Jun 1, 2011 7:30:55pm |
re: #98 Charles
These kinds of access blocks are trivially easy to get around. Maybe you could get away with that last century, but not now.
To be sure we are talking about the same thing I use fail2ban.
To be bypassed the person logging in would have to avoid having the log file of the particular service written to.
Yes they can use multiple source ips, but then to they would have to slow the queries.
Because of this its easier for most to 'go somewhere else'.
Its still a maintained application, I lock out hundreds of brute force attacks per day across my internet facing servers.
| 114 |
Alexzander Wed, Jun 1, 2011 7:31:29pm |
I have relatives that write all of their emails in the wingnut font.
| 115 |
Cannadian Club Akbar Wed, Jun 1, 2011 7:31:30pm |
re: #112 laZardo
It's the Wingnut tag. Simply put [wingnut ] and [ /wingnut ] without spaces around a block of text and you get
What you talkin' 'bout Willis?
| 116 |
Cannadian Club Akbar Wed, Jun 1, 2011 7:32:41pm |
re: #114 Alexzander
I have relatives that write all of their emails in the wingnut font.
Not as bad as the idiots who leave out vowels. Or WhO wRiTe LiKe ThIs.
| 117 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 7:33:14pm |
re: #109 albusteve
I posted that days ago...my daughter helped produce it...didn't get much buzz
I saw them talking about your daughter's vid, but I missed it.
HOLY SHIT, I have tears in my eyes. Kudos to her.
| 118 |
Charles Johnson Wed, Jun 1, 2011 7:33:16pm |
re: #113 ozbloke
To be sure we are talking about the same thing I use fail2ban.
To be bypassed the person logging in would have to avoid having the log file of the particular service written to.
Yes they can use multiple source ips, but then to they would have to slow the queries.
Because of this its easier for most to 'go somewhere else'.Its still a maintained application, I lock out hundreds of brute force attacks per day across my internet facing servers.
Of course, because there are probably millions of antiquated scripts still using the brute force, hit it as fast as you can method. Spammers are much smarter than that now, and you're not going to catch them that easily.
| 119 |
ProGunLiberal Wed, Jun 1, 2011 7:33:28pm |
Pretty well known now, but Springfield, MA got struck by a nasty tornado. Another Major City struck by a tornado. Not even counting Memphis which suffered flood damage.
| 120 |
albusteve Wed, Jun 1, 2011 7:35:20pm |
re: #117 Stanley Sea
I saw them talking about your daughter's vid, but I missed it.
HOLY SHIT, I have tears in my eyes. Kudos to her.
yeah, it's a monster...that's her hometown and she's directer of special events at the GR Art Museum...and deep into all that goes with it...I am very proud of her and her hubby
| 122 |
albusteve Wed, Jun 1, 2011 7:36:31pm |
re: #117 Stanley Sea
I saw them talking about your daughter's vid, but I missed it.
HOLY SHIT, I have tears in my eyes. Kudos to her.
and thanks for putting that up again....the story behind it is nothing less than incredible
| 123 |
ElCapitanAmerica Wed, Jun 1, 2011 7:37:20pm |
re: #111 JasonA
Mine is in the settings page now. They took it off the homepage. Fail.
Oh boy, just checked, you're right. Hilarious!!!
In the meantime their CEO is misrepresenting the whole thing to the NY Times;
[Link: www.nytimes.com...]
Jack Levin, the chief executive of yFrog, the Twitter-affiliated image and video service that was used to upload the photo, said in an interview on Wednesday that his company did not have reason to believe that its user passwords were exposed or stolen. He said it was possible that the photo could have been sent from Mr. Weiner’s yFrog account through his Twitter password or through a yFrog password.
There is no need to "hack" any passwords. Is he deliberately lying or does he not know his own technology?
| 124 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 7:37:45pm |
re: #122 albusteve
and thanks for putting that up again...the story behind it is nothing less than incredible
It was a stay in your driveway story on NPR, then rush into the computer to watch it.
| 125 |
ozbloke Wed, Jun 1, 2011 7:38:35pm |
re: #118 Charles
Of course, because there are probably millions of antiquated scripts still using the brute force, hit it as fast as you can method. Spammers are much smarter than that now, and you're not going to catch them that easily.
Of course its not a single solution, but I was replying to the quote, 300,000 attempts could be made in 3 seconds.
| 127 |
Prononymous, rogue demon hunter Wed, Jun 1, 2011 7:40:45pm |
In modern mobile it is essentially a wild west. Sometimes features aren't fully tested before they are deployed. Be conscious of the possible pitfalls of new features.
I don't use the same passwords for sites anymore. I randomly generate them, use a unique one for each site, and change them periodically. That way one site being breached, which will happen eventually, won't give them direct access into your account at other sites.
| 128 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 7:40:55pm |
re: #122 albusteve
and thanks for putting that up again...the story behind it is nothing less than incredible
Steve, I am so glad I saw it. It was so fantastic.
| 129 |
Charles Johnson Wed, Jun 1, 2011 7:41:47pm |
re: #125 ozbloke
Of course its not a single solution, but I was replying to the quote, 300,000 attempts could be made in 3 seconds.
You still need to have protection against brute force dictionary and random letter attacks, but things have progressed a lot in the spammer world, and that's just not enough for reasonable security these days.
| 130 |
Dancing along the light of day Wed, Jun 1, 2011 7:42:32pm |
re: #129 Charles
Glad to have you "all over it" so I don't have to keep up!
I would totally fail.
| 131 |
albusteve Wed, Jun 1, 2011 7:42:51pm |
re: #124 Stanley Sea
It was a stay in your driveway story on NPR, then rush into the computer to watch it.
I was utterly floored...it was a secret to me until it was posted...my baby is in it too...I had to watch it a couple of times to find her tho...the city went nuts over the gig...what a cool thing eh?
| 132 |
ozbloke Wed, Jun 1, 2011 7:43:11pm |
re: #129 Charles
You still need to have protection against brute force dictionary and random letter attacks, but things have progressed a lot in the spammer world, and that's just not enough for reasonable security these days.
Agreed.
| 133 |
Charles Johnson Wed, Jun 1, 2011 7:44:22pm |
Not to brag, but I've been running LGF for close to ten years now, and we've never been hacked. It could still happen, but the reason why we've been secure is because I take these issues extremely seriously.
Yfrog obviously doesn't.
| 134 |
Dancing along the light of day Wed, Jun 1, 2011 7:45:02pm |
re: #133 Charles
Shhh, and knock on wood!
And, keep up the good work!
| 135 |
ProGunLiberal Wed, Jun 1, 2011 7:45:42pm |
A city of over 50,000 is considered significant. The cities that have gotten struck by a tornado this year are, in order-
Raleigh, NC
Fayetteville, NC
Wilson, NC
Jacksonville, NC
St. Louis, MO
Tuscaloosa, AL
Birmingham, AL
Minneapolis, MN
Joplin, MO
Springfield, OH
Moore, OK
Springfield, MA
Memphis, TN was flooded. This year has been absolutely vicious Natural Disaster-wise, with about $20 Billion in damage and 523+ dead before we get to Hurricane Season.
Speaking of which, look in the Gulf.
| 136 |
Dancing along the light of day Wed, Jun 1, 2011 7:47:25pm |
re: #135 ProLifeLiberal
Cities considered "insignificant" still impact peoples lives.
It's all related to Global Warming, and Climate Change.
Take that, deniers.
| 137 |
Kragar Wed, Jun 1, 2011 7:48:43pm |
re: #136 Floral Giraffe
Cities considered "insignificant" still impact peoples lives.
It's all related to Global Warming, and Climate Change.
Take that, deniers.
Its just God's wrath for voting for Obama, dontcha know?
| 138 |
Digital Display Wed, Jun 1, 2011 7:49:08pm |
There is only one web site in the world I need a password for.. And that is here so I feel pretty comfortable.. Otherwise I just read news and science sites.
| 139 |
Dancing along the light of day Wed, Jun 1, 2011 7:49:48pm |
re: #138 HoosierHoops
Charles is very trustworthy!
| 140 |
ElCapitanAmerica Wed, Jun 1, 2011 7:50:06pm |
re: #129 Charles
You still need to have protection against brute force dictionary and random letter attacks, but things have progressed a lot in the spammer world, and that's just not enough for reasonable security these days.
I think it is important to know that this is done by email and that is something fundamentally different than trying to login to an account via a synchronous process. The "speed" of the hack here is how fast your email system can send out emails, and how fast yfrog's mail serv can handle them.
Also, those other systems can do things like say lock out an account after so many retries. I'm not sure if they are doing that here, as they may treat these as legitimate email address failures. It's hard to know, because I've never seen anybody try to use a "secret" email address as a security feature!!!
BTW ... stay tuned finding out some more interesting bits about this ... :-)
| 141 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 7:50:26pm |
re: #131 albusteve
I was utterly floored...it was a secret to me until it was posted...my baby is in it too...I had to watch it a couple of times to find her tho...the city went nuts over the gig...what a cool thing eh?
Hell, Ebert called it the best music vid ever. I mean the helicopter? And a one camera shot. Extreme.
| 142 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 7:51:45pm |
I was very busy over the weekend, and then with work related stuff. As always seems to be the case when I have a short hiatus here, the world went yet another bit of insane.
Let me see if I have this correct.
A Representative Weiner, had a twitter account. Someone posted a picture of a brief clad penis on the twitter page apparently to a 20 year old college student. The offending member was erased from the page very rapidly, but not before Breitbart et al... get their filthy hands on it and make a stink.
OK...
1. Do real politicians actually have the time to tweet? Isn't that a staff thing? If it is not twitter but something else like twitter, isn't that even ore the case?
2. I would suspect there are any number of ways this could be set up.
3. Isn't it odd that Breitbart et al... were right there to get this. I mean I don't follow every tweet page out there. In fact, I follow none of them.
Seems a pretty obvious smear on the face of it, from a known smarmy smear merchant, who should be in court right now over the Sherrod slander.
All of that said...
OK We have the worst droughts in centuries in China. Texas is a drought, the Mississippi is flooding. Terrible storms are ripping apart America. Already there is a global food crisis that will cause millions to starve.
And we (as in this nation) are talking about a quickly deleted pic of a medium sized BVD clad penis posted on a site that the politician himself does not completely control.
It is at this point I conclude that America is too stupid to survive and we don't deserve to. All the hard work and sacrifice made by those who were much greater than we are, for this nation were in vain. It meant nothing. Nada. Nil. zip. The people who benefited from that hard work and sacrifice from Yorktown to Gettysburg to Normandy, are not worthy of the inheritance.
The world is broken and bleeding right now. Our economy is still shaky, though getting better. The calamities of climate are just really starting to get bad. The Mid-East is on the brink of war. Iran is about to build an atomic weapon.
And we (as in this nation) are talking about a quickly deleted pic of a medium sized BVD clad penis posted on a site that the politician himself does not completely control.
When the doom comes we had it coming.
| 143 |
ProGunLiberal Wed, Jun 1, 2011 7:53:26pm |
re: #136 Floral Giraffe
That doesn't even count the blizzards at the beginning of the year. That shut down Indianapolis and Chicago (among others). That raises the damage total to $24 Billion, with 563+ dead. And this Hurricane Season is expected to be real active. O_O
I hope Obama has his A+ Game ready for the next 5 months. This could suck.
| 144 |
Digital Display Wed, Jun 1, 2011 7:54:00pm |
re: #139 Floral Giraffe
Charles is very trustworthy!
yes..And has always shown Character and kindness towards me..A nobody on the net
| 145 |
Our Precious Bodily Fluids Wed, Jun 1, 2011 7:55:07pm |
re: #129 Charles
Public-key authentication has been available for decades and is damn near immune to brute force. A public-key system for everything, along with a reliable certificate authority would summon unicorns, make everyone attractive and wealthy, and cause everyone's children to be above-average.
Trouble is, it requires the end-user to be responsible. If you lose your private key, you're screwed.
| 146 |
Mocking Jay Wed, Jun 1, 2011 7:56:23pm |
Quick tip: use a combination of characters, numbers, upper and lowercase numerals.
Instead of making your password: President
Try using: pR3s!Den7
| 147 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 7:56:34pm |
re: #135 ProLifeLiberal
A city of over 50,000 is considered significant. The cities that have gotten struck by a tornado this year are, in order-
Raleigh, NC
Fayetteville, NC
Wilson, NC
Jacksonville, NC
St. Louis, MO
Tuscaloosa, AL
Birmingham, AL
Minneapolis, MN
Joplin, MO
Springfield, OH
Moore, OK
Springfield, MAMemphis, TN was flooded. This year has been absolutely vicious Natural Disaster-wise, with about $20 Billion in damage and 523+ dead before we get to Hurricane Season.
Speaking of which, look in the Gulf.
And a warmer gulf of mexico will feed more and larger tornadoes.
This has been predicted for some time.
When we, as in scientists who study this stuff, say that the effects of unmitigated climate change are catastrophic, we are not kidding.
Of course this is not catastrophic yet on the scale it will become. It is only locally catastrophic until the end of the next news cycle. The average American will not notice until a tornado bops him on the head, or a flood wipes him out or a drought effects him.
This is because the average American is greedy, selfish and stupid while arrogant and concerned only with what he sees in his own little ignorant day to day. This is not different from many other places. I am not just blaming America or Americans, but since America could be the lead in fixing this mess and is held back by the stupidity of these average Americans, they get a lot of my scorn.
Ohh hey... Penis pics at 11.... much more important.
| 148 |
Killgore Trout Wed, Jun 1, 2011 7:57:21pm |
Rojak man
| 149 |
What, me worry? Wed, Jun 1, 2011 7:57:23pm |
re: #142 LudwigVanQuixote
1. Do real politicians actually have the time to tweet? Isn't that a staff thing? If it is not twitter but something else like twitter, isn't that even ore the case?
As to this point, yes they do personally tweet. Remember Gabby Giffords was tweeting the day she was shot.
Many politicians like being so accessible. The ones, at least I think, who really do care about what they do.
| 150 |
albusteve Wed, Jun 1, 2011 7:57:30pm |
It is at this point I conclude that America is too stupid to survive and we don't deserve to.
I just knew you'd figure it out...time to hunker down
| 151 |
Mocking Jay Wed, Jun 1, 2011 7:57:59pm |
re: #147 LudwigVanQuixote
Ohh hey... Penis pics at 11... much more important.
I think it's to LGF's credit that we've at least moved on to an internet security discussion, though.
| 152 |
Digital Display Wed, Jun 1, 2011 7:58:12pm |
re: #144 HoosierHoops
yes..And has always shown Character and kindness towards me..I'm a nobody on the net
Clarification correction
| 153 |
Dancing along the light of day Wed, Jun 1, 2011 7:58:27pm |
re: #144 HoosierHoops
You're not a nobody.
FYI!
| 154 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 7:58:45pm |
re: #149 marjoriemoon
As to this point, yes they do personally tweet. Remember Gabby Giffords was tweeting the day she was shot.
Many politicians like being so accessible. The ones, at least I think, who really do care about what they do.
OK fine so they do tweet occasionally. But the point is that their staff no doubt does a lot of the tweeting themselves yes?
| 155 |
laZardo Wed, Jun 1, 2011 7:58:55pm |
Question, anybody got any sites for debunking the "regulation caused the financial crisis, so we need to deregulate more!" argument?
| 156 |
albusteve Wed, Jun 1, 2011 7:58:59pm |
re: #151 JasonA
I think it's to LGF's credit that we've at least moved on to an internet security discussion, though.
that's the gist of it...dicks are for pussies
| 157 |
Charles Johnson Wed, Jun 1, 2011 7:59:13pm |
re: #145 negativ
Public-private key authentication is definitely the best type of web security, but in a consumer app intended to accommodate non-techie users it's just not feasible.
There are still much better ways to approach this situation than a freaking secret email address. Good grief. It really does amaze me that a site with millions of users is so horribly insecure.
| 158 |
Killgore Trout Wed, Jun 1, 2011 7:59:32pm |
Mint frog is lonely, His chick has moved on.
| 159 |
ProGunLiberal Wed, Jun 1, 2011 7:59:37pm |
re: #151 JasonA
That, or that Mother Nature is beating the tar out of the US.
| 160 |
darthstar Wed, Jun 1, 2011 8:00:18pm |
re: #25 Charles
I'm quite sure that yfrog's tech people are scrambling tonight.
But the companies looking to acquire an image hosting site are drooling at the mouth at yfrog's sudden decline in value.
| 161 |
Slumbering Behemoth Stinks Wed, Jun 1, 2011 8:00:42pm |
re: #148 Killgore Trout
Rojak man
[Video]
I'd be worried the dude might lose a finger tip or two if the CD skipped.
| 162 |
Dancing along the light of day Wed, Jun 1, 2011 8:00:43pm |
re: #154 LudwigVanQuixote
Probably, I listen to a talk show, regularly, that has a "main tweet" to keep the publicity up, and the host occasionally posts. At least they are honest about it. I suspect many are not.
| 163 |
albusteve Wed, Jun 1, 2011 8:01:03pm |
re: #158 Killgore Trout
Mint frog is lonely, His chick has moved on.
LOL...you crack me up sometimes
step in and take care of your charges...lead
| 164 |
Targetpractice Wed, Jun 1, 2011 8:01:41pm |
re: #157 Charles
Public-private key authentication is definitely the best type of web security, but in a consumer app intended to accommodate non-techie users it's just not feasible.
There are still much better ways to approach this situation than a freaking secret email address. Good grief. It really does amaze me that a site with millions of users is so horribly insecure.
It seems like every social networking site that tries to be "user friendly" ends up being an internet security nightmare.
| 165 |
What, me worry? Wed, Jun 1, 2011 8:01:42pm |
re: #154 LudwigVanQuixote
OK fine so they do tweet occasionally. But the point is that their staff no doubt does a lot of the tweeting themselves yes?
Well no. Obama I'm sure has staff tweeting, but there are definitely Congresscritters who like being hands-on. Weiner said he enjoys being close to his constituents this way, I read the other day. Bill Nelson (FL) updates his Facebook page pretty frequently and you can leave messages for him there too.
| 166 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 8:01:52pm |
re: #151 JasonA
I think it's to LGF's credit that we've at least moved on to an internet security discussion, though.
Ohh absolutely. LGF did what it does best. It debunked a bit of media idiocy.
LGF is in general vastly better than average discussion.
My problem is that average seems to be stuck, on all of the problems in the world, going on and on about a medium sized BVD clad anonymous penis.
| 167 |
Dancing along the light of day Wed, Jun 1, 2011 8:01:56pm |
| 168 |
ElCapitanAmerica Wed, Jun 1, 2011 8:03:14pm |
I have a list of the words they use to append, no repeats yet but the words are not complicated and the "rules" they use for them are make it easy to narrow down their "dictionary".
I'm pretty sure these are repeated of course and are not unique per user, but haven't gotten a repeat so can't prove that ... yet.
| 169 |
albusteve Wed, Jun 1, 2011 8:03:15pm |
re: #166 LudwigVanQuixote
Ohh absolutely. LGF did what it does best. It debunked a bit of media idiocy.
LGF is in general vastly better than average discussion.
My problem is that average seems to be stuck, on all of the problems in the world, going on and on about a medium sized BVD clad anonymous penis.
small potatos...we are all gonna drown soon anyway, right?
time to party
| 170 |
laZardo Wed, Jun 1, 2011 8:03:26pm |
re: #166 LudwigVanQuixote
My problem is that average seems to be stuck, on all of the problems in the world, going on and on about a medium sized BVD clad anonymous penis.
It's still Hump Day over there, isn't it?
| 171 |
Dancing along the light of day Wed, Jun 1, 2011 8:03:52pm |
| 172 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 8:04:00pm |
re: #170 laZardo
Yes it is.
| 173 |
What, me worry? Wed, Jun 1, 2011 8:04:25pm |
He tweets too. I should have known :)
[Link: twitter.com...]
| 174 |
Charles Johnson Wed, Jun 1, 2011 8:05:25pm |
re: #166 LudwigVanQuixote
Ohh absolutely. LGF did what it does best. It debunked a bit of media idiocy.
LGF is in general vastly better than average discussion.
My problem is that average seems to be stuck, on all of the problems in the world, going on and on about a medium sized BVD clad anonymous penis.
I think this is actually pretty serious. It was an attempt to take down one of the most effective Democrats against the Republican reactionary agenda. Weiner is calling it a "prank," but it's much more than that.
| 175 |
goddamnedfrank Wed, Jun 1, 2011 8:07:02pm |
re: #154 LudwigVanQuixote
OK fine so they do tweet occasionally. But the point is that their staff no doubt does a lot of the tweeting themselves yes?
Depends on the congressman:
BLITZER: Do you do all of your own personal tweeting or do your staff members do it for you?
WEINER: I do, with some limited exceptions that - we have a firm that does mass mail for us that sometimes links to it, but it's me, it's got my voice. I was tweeting at the moment this happened –
| 176 |
prairiefire Wed, Jun 1, 2011 8:07:26pm |
re: #146 JasonA
Quick tip: use a combination of characters, numbers, upper and lowercase numerals.
Instead of making your password: President
Try using: pR3s!Den7
How the hell will I remember that?
| 178 |
ElCapitanAmerica Wed, Jun 1, 2011 8:10:08pm |
BINGO, now I've found 3 words that differ only by 1 character, used for different users ...
| 179 |
b_sharp Wed, Jun 1, 2011 8:10:23pm |
re: #177 Stanley Sea
Damn Canucks.
Whoa there girl. It's been a Canuck game forever, so a team named Canucks has to win it eventually.
| 180 |
Charles Johnson Wed, Jun 1, 2011 8:11:38pm |
re: #178 ElCapitanAmerica
BINGO, now I've found 3 words that differ only by 1 character, used for different users ...
You should create an LGF Page to document your findings.
| 181 |
Targetpractice Wed, Jun 1, 2011 8:11:52pm |
re: #174 Charles
I think this is actually pretty serious. It was an attempt to take down one of the most effective Democrats against the Republican reactionary agenda. Weiner is calling it a "prank," but it's much more than that.
It's a hit job, character assassination in the Digital Age. And, once again, the guy leading the charge is a slimeball whose credibility is not being called into doubt due to the "juiciness" of the "scandal."
| 182 |
Simply Sarah Wed, Jun 1, 2011 8:12:01pm |
re: #176 prairiefire
How the hell will I remember that?
You shouldn't try. There's no reason to make passwords silly like that. Just make it multiple words or the like and it'll be secure.
| 183 |
Mocking Jay Wed, Jun 1, 2011 8:12:39pm |
re: #176 prairiefire
How the hell will I remember that?
The key is to make up something that you will remember.
| 184 |
Mocking Jay Wed, Jun 1, 2011 8:13:42pm |
re: #182 Simply Sarah
You shouldn't try. There's no reason to make passwords silly like that. Just make it multiple words or the like and it'll be secure.
It was an extreme, yeah, but a little mixing helps if you're using common dictionary words.
| 185 |
prairiefire Wed, Jun 1, 2011 8:13:46pm |
| 186 |
b_sharp Wed, Jun 1, 2011 8:15:23pm |
The group attempting to win politically through character assassination of Dems is the same group using the same tactics against climate scientists.
Exposing their basic dishonesty is not a luxury, but a necessity.
| 187 |
Simply Sarah Wed, Jun 1, 2011 8:17:04pm |
re: #184 JasonA
It was an extreme, yeah, but a little mixing helps if you're using common dictionary words.
Well, even using something like "this_is_my_password_man" would actually be basically 100% secure in even the most extreme situations. Yes, they're common words, but it's a lots of words and characters. Brute force attacks won't scratch that, statistically...although you can probably still do better with the words.
| 188 |
Lidane Wed, Jun 1, 2011 8:17:16pm |
Evening, Lizards!
Today was my first day back as a productive member of society. It was far more tiring than I remember. Still, I like the office I'm in so far, and am looking forward to seeing where this internship goes. :D
| 189 |
ElCapitanAmerica Wed, Jun 1, 2011 8:17:26pm |
re: #180 Charles
You should create an LGF Page to document your findings.
Was thinking about that, trying to get more information.
I'm wondering if I should post the words that I found they're using or just describe how they're composed and how some of them differ ...
| 190 |
Page 3 in the Binder of Women Wed, Jun 1, 2011 8:17:47pm |
re: #179 b_sharp
Whoa there girl. It's been a Canuck game forever, so a team named Canucks has to win it eventually.
haha, no offense. Bruins!
| 192 |
Our Precious Bodily Fluids Wed, Jun 1, 2011 8:27:37pm |
re: #176 prairiefire
How the hell will I remember that?
Come up with your own mnemonic system.
Take an easily-remembered phrase like "May The Force Be With You."
There are numerous ways to turn that into a password that you can remember, and which is practically impossible to guess.
One example:
MAY becomes "mae". On second thought, let's make it "m@e"
THE becomes "d"
FORCE becomes "4z"
BE becomes "B"
WITH becomes "w/"
YOU becomes "yE". On second thought, let's make it "y3".
So now your password is: "m@ed4zBw/y3"
Want a different password for each login? BANK becomes "bNk". Or maybe "b&K". Now it's "m@ed4zBw/y3b&K"
Of course, that also assumes one is smart enough not to use those password reset "security questions" like "What was your mother's maiden name" and so forth.
If I ever figure out a way to implement public-key authentication that is usable by lazy idiots and also immune to social engineering, I'll be astonishingly rich for 5 minutes, at least until some patent troll comes along and sues me for infringing on his patented "having a bit of software that does something" process.
| 193 |
Almost Killed by Space Hookers Wed, Jun 1, 2011 8:28:49pm |
re: #174 Charles
I think this is actually pretty serious. It was an attempt to take down one of the most effective Democrats against the Republican reactionary agenda. Weiner is calling it a "prank," but it's much more than that.
You are of course right. My complaint is that America is so backwards that this could even do that.
Or perhaps better said, America is so backwards that something this stupid could be an attempt to take down one of the most effective Democrats and at a time where the fellow was obviously asking questions about things that are serious - like the honesty of a supreme court justice with questionable and undisclosed finances.
I am upset that serious questions of corruption on the high court get a snooze while a BVD clad penis that was taken down instantly get all this light and heat.
| 194 |
Charles Johnson Wed, Jun 1, 2011 8:31:39pm |
re: #189 ElCapitanAmerica
Was thinking about that, trying to get more information.
I'm wondering if I should post the words that I found they're using or just describe how they're composed and how some of them differ ...
Post them. Their idea of security needs to be completely exposed, so they'll stop putting their users at risk.
| 195 |
Simply Sarah Wed, Jun 1, 2011 8:32:54pm |
re: #192 negativ
Come up with your own mnemonic system.
Take an easily-remembered phrase like "May The Force Be With You."
There are numerous ways to turn that into a password that you can remember, and which is practically impossible to guess.
One example:
MAY becomes "mae". On second thought, let's make it "m@e"
THE becomes "d"
FORCE becomes "4z"
BE becomes "B"
WITH becomes "w/"
YOU becomes "yE". On second thought, let's make it "y3".So now your password is: "m@ed4zBw/y3"
Want a different password for each login? BANK becomes "bNk". Or maybe "b&K". Now it's "m@ed4zBw/y3b&K"
That's both way over the top and not really all that safe. You're adding complexity when there's no real need while at the same time you're making it probably easy to find a password for other log-ins if someone gets their hands on one or two others and finds the pattern. Like I said above, you don't need symbols and numbers, you just need a long, multiple word password. That adds enough complexity to prevent brute force. It just can't be something like your name. >.>
Alone in a Bathroom: The Fear and Uncertainty of a Post-Roe Medication Abortion Angel tucked two white pills into each side of her mouth, bracing herself as they began to dissolve. Her deepest fears and anxieties took over. Angel had wanted to talk to a doctor before she took the pills to ...
Cheechako
They Were Desperate to Get Pregnant. Then IVF Gave Them Extra Embryos. One morning last spring, Ashley Harrolle put her 1-year-old daughter down for a nap and went to the kitchen. She pulled up her fertility clinic’s contact information. It was time to make the call. In a freezer several hundred ... CheechakoJoe Bacon ✅
March FavoritesYou've seen these all already but looking back, just because. These are my favorite shots of this last month. That 1937 Zeiss Sonnar is such a gloriously wonderful bit of glass. Thanks for looking.
William Lewis
Russia’s New Combat Robots Blown Up by Drones Near Avdiivka When we landed on the moon, I thought about how science fiction had become real. Now, the robot wars have begun. It's more poignant somehow on the ground than in the missile wars we have in the air as ...
Rightwingconspirator
Why Did More Than 1,000 People Die After Police Subdued Them With Force That Isn’t Meant to Kill? An investigation led by The Associated Press has found that, over a decade, more than 1,000 people died after police subdued them through physical holds, stun guns, body blows and other force not intended to be lethal. More: Why ... CheechakoKGxvi
Abortions Outside Medical System Increased Sharply After Roe Fell, Study Finds The number of women using abortion pills to end their pregnancies on their own without the direct involvement of a U.S.-based medical provider rose sharply in the months after the Supreme Court eliminated a constitutional right to abortion, according ... Cheechako
Detroit Local Powers First EV Charging Road in North America The road, about a mile from Local 58's hall, uses rubber-coated copper inductive-charging coils buried under the asphalt that transfer power to a receiver pad attached to a car's underbelly, much like how a phone can be charged wirelessly. ...
Backwoods Sleuth
Texas County at Center of Border Fight Is Overwhelmed by Migrant Deaths EAGLE PASS, Tex. - The undertaker lighted a cigarette and held it between his latex-gloved fingers as he stood over the bloated body bag lying in the bed of his battered pickup truck. The woman had been fished out ... Cheechako
