Results 781 to 810 of 957
Thread: xkcd
-
2020-11-18, 10:44 AM (ISO 8601)
- Join Date
- Aug 2007
Re: xkcd
It doesn't always work (the alternatives are broken links, or ending up in loops between two pages referencing each other), but there is a wikipedia metaarticle about it.
Grey WolfInterested in MitD? Join us in MitD's thread.There is a world of imagination
Deep in the corners of your mind
Where reality is an intruder
And myth and legend thrive
Ceterum autem censeo Hilgya malefica est
-
2020-11-18, 03:54 PM (ISO 8601)
- Join Date
- Nov 2006
- Location
- Watching the world go by
- Gender
-
2020-11-18, 08:22 PM (ISO 8601)
- Join Date
- Oct 2017
- Location
- CLASSIFIED
- Gender
Re: xkcd
Stop using good evidence and logic that makes sense to refute points, that's my job
Lots of people seem to use blue for sarcasm, I decided I should too
I have joined the ranks of the FFRPeople Here is my character.
Thank you to Linkele for creating my avatar!
-
2020-11-18, 08:27 PM (ISO 8601)
- Join Date
- May 2009
-
2020-11-19, 12:01 AM (ISO 8601)
- Join Date
- Dec 2004
- Location
- The Land of Angles
Re: xkcd
Huh?
Getting to Philosophy
Point and click
User (computing)
Computer
Sequence
Mathematics
Quantity
Counting
Number
Mathematical object
Concept
Abstraction
Rule of inference
Logical form
Philosophy.
Did you click on "Greek" in the Mathematics article? You're not supposed to click on things in parantheses.
-
2020-11-19, 11:32 AM (ISO 8601)
- Join Date
- Nov 2020
Re: xkcd
That seems intuitive- we're not on the metric system either, why should our wiki page follow the general rule?- but at the moment, unless I've missed something.:
United States of America redirects to United States
Country
State (polity)
Polity
Collective Identity
Belonginess
Emotion
Biology
Natural Science
Branches of Science
Sciences
Scientific Method
Empirical Evidence
Information
Uncertainty
Epistemology
Philosophy
-
2020-11-19, 11:05 PM (ISO 8601)
- Join Date
- Nov 2006
- Location
- Watching the world go by
- Gender
Re: xkcd
-
2020-11-20, 05:53 PM (ISO 8601)
- Join Date
- Aug 2011
- Location
- Sharangar's Revenge
- Gender
Re: xkcd
On today's strip, the mouse-over text had me laughing out loud. Trolling the phishers.
Warhammer 40,000 Campaign Skirmish Game: Warpstrike
My Spelljammer stuff (including an orbit tracker), 2E AD&D spreadsheet, and Vault of the Drow maps are available in my Dropbox. Feel free to use or not use it as you see fit!
Thri-Kreen Ranger/Psionicist by me, based off of Rich's A Monster for Every Season
-
2020-11-20, 08:17 PM (ISO 8601)
- Join Date
- May 2009
-
2020-11-21, 10:55 AM (ISO 8601)
- Join Date
- Nov 2006
- Location
- Watching the world go by
- Gender
Re: xkcd
So getting public records of mortgages and such is probably feasible, but (at least in the US) there are laws that prevent people from getting them collated into a nice pile without good reason. So somebody could feasibly get a pile of voting records from my home town to figure out what street I grew up on and they might be able to get marriage records from where my parents got married to get my mother's maiden name, but getting my street combined with my mother's maiden name is pretty much impossible without me giving them to someone (or searching my mother's facebook for who her parents/siblings are, but that is just crazy talk).
-
2020-11-21, 10:56 AM (ISO 8601)
- Join Date
- Dec 2013
- Gender
Re: xkcd
“Evil is evil. Lesser, greater, middling, it's all the same. Proportions are negotiated, boundaries blurred. I'm not a pious hermit, I haven't done only good in my life. But if I'm to choose between one evil and another, then I prefer not to choose at all.”
-
2020-11-21, 11:55 AM (ISO 8601)
- Join Date
- Nov 2006
- Location
- Watching the world go by
- Gender
Re: xkcd
The laws are supposed to stop the people who have the records from giving them out to people without a legitimate reason to have them, not just stop people without good reason to have them from getting them. As such they include severe punishments for credit reporting agencies who do not properly safeguard records.
-
2020-11-21, 12:10 PM (ISO 8601)
- Join Date
- Jan 2006
- Location
- Maryland
- Gender
Re: xkcd
I know when I bought my house I started getting piles of adds for mortgage insurance that tried to look as urgent as possible, but were probably rip-offs or scams. So that info is actively being used by SOMEONE.
Avatar by Glasswhistle
-
2020-11-21, 01:03 PM (ISO 8601)
- Join Date
- Jan 2007
Re: xkcd
I you got them in the snail mail then it is probable, but people doing the legwork and throwing those adds in the mailboxes simply might see that someone new moved in to a house that was for sale, so they naturally assumed that mortgage was involved.
If you get those adds on the internet, there is an even simpler answer: profiling. Any search on Google, any website you look at, is providing data on your activity. It does not have to have your name on it or be viewable by anyone personally. There are algorithms right now that can easily infer a lot about you and profile the ads you see based on the your history. You might have searched for various mortgage options, house offers, transport services or furniture. All those little pieces of data tell that you are very likely to have or are about to take a mortgage, so algorithms target you with on-topic ads.
There are pretty crazy stories about this. One that I remember was about Target, as thanks to all the data analysis they do on the customers they are able to tell for example, who is pregnant and pretty accurately predict, when the baby is due.In a war it doesn't matter who's right, only who's left.
-
2020-11-21, 01:19 PM (ISO 8601)
- Join Date
- Aug 2014
- Gender
Re: xkcd
Yes, I am slightly egomaniac. Why didn't you ask?
Free haiku !
Alas, poor Cookie
The world needs more platypi
I wish you could be
Originally Posted by Fyraltari
-
2020-11-22, 09:24 AM (ISO 8601)
- Join Date
- Nov 2006
- Location
- Watching the world go by
- Gender
Re: xkcd
Some of them are public (I think who owns land falls in to this category). Some of them are only released many years after they are made (like the census). Some of them can be accessed by anyone with a valid use (so lenders can send people pre-approved offers by looking at people's profiles as happened to PhantomFox). Enforcing that last one is the purview of the FTC in the US. Other nations have different laws and agencies to do that.
-
2020-11-22, 04:16 PM (ISO 8601)
- Join Date
- May 2016
- Location
- The Lakes
Re: xkcd
Because I put my purchases at a certain grocery chain on my friend's rewards card so she gets the rewards, there have been multiple times when they've somehow concluded that we're married and soon to have a child.
Those algorithms aren't as smart as they're made out to be.
Especially the online stuff, if you block all the ways that they associate your activity cross-site.It is one thing to suspend your disbelief. It is another thing entirely to hang it by the neck until dead.
Verisimilitude -- n, the appearance or semblance of truth, likelihood, or probability.
The concern is not realism in speculative fiction, but rather the sense that a setting or story could be real, fostered by internal consistency and coherence.
The Worldbuilding Forum -- where realities are born.
-
2020-11-22, 06:32 PM (ISO 8601)
- Join Date
- May 2009
-
2020-11-23, 06:01 AM (ISO 8601)
- Join Date
- Nov 2013
Re: xkcd
I've never understood why mother's maiden name is considered a good security question. My mother does genealogy and can trace the family back into the 1600s. Why they think a scammer can't trace back one generation is beyond me.
Almost anything you could ask would be more difficult, yet mother's maiden name is the most common.
-
2020-11-23, 08:35 AM (ISO 8601)
- Join Date
- Dec 2013
- Gender
Re: xkcd
“Evil is evil. Lesser, greater, middling, it's all the same. Proportions are negotiated, boundaries blurred. I'm not a pious hermit, I haven't done only good in my life. But if I'm to choose between one evil and another, then I prefer not to choose at all.”
-
2020-11-23, 08:43 AM (ISO 8601)
- Join Date
- Aug 2007
Re: xkcd
For the same reason passwords were considered a good security question. "When used right" a random password not used anywhere else is probably a decent enough security system, for small scale applications and protecting data most people aren't going to spend too much effort getting at. Equally, requiring two pieces of personal trivia they are unlikely to forget as a secondary check for password recovery works equally well (i.e. not much). It just does not scale at all - expecting human beings to come up with several dozen random passwords and rotate them is unrealistic, and expecting every service to have sufficient random trivia questions that apply broadly is equally unrealistic, as it turns out.
Grey WolfLast edited by Grey_Wolf_c; 2020-11-23 at 08:44 AM.
Interested in MitD? Join us in MitD's thread.There is a world of imagination
Deep in the corners of your mind
Where reality is an intruder
And myth and legend thrive
Ceterum autem censeo Hilgya malefica est
-
2020-11-23, 09:41 AM (ISO 8601)
- Join Date
- Nov 2013
Re: xkcd
"Name of first pet" works well for me because my first pet died before the Internet existed. Or at least, it died before the Internet was widely available to the public. So you have to guess what type of pet I had and then guess its name with zero information.
I wonder how many times that security question gets broken based on regional pet names, or pet names based on breed. If you start guessing Border Collie names in Yorkshire, the odds of hitting the jackpot with "Shep" are about 1 in 1.
The best solution I've seen is to not answer the question. You have a second easier to remember password that you use to answer security questions. You don't base this off any of the common questions, but something that is unique to you which would be impossible for a scammer to find out.
-
2020-11-23, 09:45 AM (ISO 8601)
- Join Date
- Jan 2007
Re: xkcd
So most of the internet security is equivalent to a cheap bike lock, where the general idea is that stealing the bike is not worth the effort of using a wire cutter. That makes sense actually and explains why people do use those cheap locks. Also relevant is this comics.
In a war it doesn't matter who's right, only who's left.
-
2020-11-23, 09:50 AM (ISO 8601)
- Join Date
- Dec 2013
- Gender
Re: xkcd
Theres a reason that, unlike in hollywood, the vast majority of actual illicit access to things comes from social engineering. No door ever designed will be as hard to break through as a solid wall, because by its very nature as a door it is designed to grant access under specific conditions. Thus, hacking mostly ends up being tricking or convincing somebody to tell you those conditions and then matching them. The human element will always be the weakest element in any security system.
“Evil is evil. Lesser, greater, middling, it's all the same. Proportions are negotiated, boundaries blurred. I'm not a pious hermit, I haven't done only good in my life. But if I'm to choose between one evil and another, then I prefer not to choose at all.”
-
2020-11-23, 11:55 PM (ISO 8601)
- Join Date
- Nov 2006
Re: xkcd
I think the idea was that, back in the early days, when simple security questions were being designed, something that would stop 99% of all trouble at little to no cost was considered "sufficient".
As for passwords, and password hint/recovery questions, the biggest problem is the lack of any education on what makes a good password. For years, dumb computer systems had 8 character passwords, just because. So people kinda learned by practice to use 6-8 letter "words". There has never been any sort of education on what to use instead.
Worse, there is no common "this makes a password" in industry. Every site seems to roll their own password code, even though that's the worst security mistake you can make. Programs that require you to not use special characters, because they can be fooled by the equivalent of
Code:" || "" == "
Code:"$dbpass" == "$userpass"
Since we don't have any sort of standard for "what constitutes a password", and no education for "what makes a good password", or any sort of "How to manage hundreds and hundreds of passwords" (hint: a password manager is *not* the answer, unless you want to be tied to one browser, and what happens when that browser wipes storage and forces you to start over -- ahem, Chrome), each user has to try to reinvent the hexagon when they don't even have a really round wheel.
As for security / recovery questions? There's a simple one:
Let the user specify both the question and the answer.
I can come up with something that gives me a hint to an answer, that will be indecipherable to anyone else. I can come up with dozens, if not hundreds, of such. I'm sure most people can do at least 10 such. Yet all of these sites want to ask something that even I don't know the answer to because my background is so different than typical people.
Rotating a password? That's not necessarily bad. Give users a warning that they will have to change it soon. Nope -- As soon as you log in, before you can even get to the information you wanted to get you, ** NOW, RIGHT NOW, THIS INSTANT, QUICKLY CHANGE YOUR PASSWORD BEFORE WE LET YOU SEE WHAT YOU NEED.
IN A HURRY? QUICK, STUFF ANYTHING IN, AND IT WILL AUTOMATICALLY BE SECURE BECAUSE WE ASSUME ALL PEOPLE ALWAYS KNOW A SECURE NEXT PASSWORD TO JUST USE AT ANY TIME, AND OF COURSE YOU HAVE TIME TO DO SOMETHING SECURE BEFORE GETTING THE INFORMATION THAT YOU REALLY NEED *NOW*.
Seriously: If I go onto my bank to check something about my account, that's only supposed to be a minute or so. I don't have 10 minutes to make up something new, different, memorizable, and unique enough. So it either gets written down, or I rotate among a few common "high security" passwords that I reuse at high security sites.
And that's been my solution. A few low-security passwords, a few mediums, a few highs.
I mean, we all know that password loss is because of user problems, right? End systems will always be secure, always keep that password in a proper salted hash, never in plain text, and never expose the password file, right? Never take the password data over plain http even if the webpage is https. Etc. Any leak must be the user's fault, so if someone logs in with your password, it must be your own doing and the company is not responsible, right?
Yea.
===
Side note: After observing my mother, I'm convinced that the problem starts with all these sites that say "Enter your account and password". At first, she wanted to know why all these sites wanted her chromebook information.
None of them say something like "Enter your account for oursite.com". Just "Enter your account". Like somehow, users are supposed to know WHICH account, or even IF there is an account.
It is *rare* for a site to start with "Enter your account name", then give you back something to prove that the site is who it claims to be -- such as a picture I sent to that site -- before asking for password. It isn't even usually possible (anymore) to enter a dummy bit of information on the first page, and real information on the next page.
Heck, real security would mean ** you never give the true answer on the first time, unless you do, and probably not on the second time. Maybe on the third time**.
Real security means ** assume that this is NOT really the site you want to talk to **. If you give the real information, and it's a fake site, you're in trouble. So give it junk, and if it seems to work, you know it's wrong. (Yes, MitM hacking has gotten better, so this is less likely to work -- if they can hijack your connection, they can probably talk to the real site at the same time).
What's that? "SSL will ensure this cannot happen"? Dear sweet beginner, SSL only ensures that the communication is not being spied on in the middle -- it does not guarantee that the person on the far end really is who you think it is. That can be foiled by any trusted root, anywhere in the world, that issues a bad certificate. But that will never, ever happen, right? Certainly not by any russia or china government root, right? And I haven't even looked at what DNS spoofing can do, or if you have a government mandated root DNS server that has different data.Not "fire at". I never used the word "at"
-
2020-11-24, 08:35 AM (ISO 8601)
- Join Date
- Feb 2015
Re: xkcd
In particular, I think "mother's maiden name" was carried over from its use as a disambiguator. When you are still assuming honesty, you can distinguish the "John Smith" whose mother was a Jones from the "John Smith" whose mother was a McGillicuddy. These days, birth date seems to be a more popular disambiguator.
Last edited by DavidSh; 2020-11-24 at 08:37 AM.
-
2020-11-24, 11:23 AM (ISO 8601)
- Join Date
- Jan 2007
- Location
- Switzerland
- Gender
-
2020-11-24, 05:12 PM (ISO 8601)
- Join Date
- Feb 2015
-
2020-11-24, 05:36 PM (ISO 8601)
- Join Date
- Nov 2013
-
2020-11-29, 04:53 PM (ISO 8601)
- Join Date
- Nov 2006
Re: xkcd
That's good to know.
Now, lets say I've got both a main computer, and I use firefox and chrome. And then, I've got an iphone, that only knows safari. And I need to use a chromebook at times.
How do I manage to synchronzie all of these, so that my unrememberable, non-written down, computer trusted passwords are usable on these other machines?
The real solution is some sort of physical key ring, a USB-thingie that, just like physical house keys, unlocks accounts. Now figure out how to make that safe when used on someone else's untrusted computer.Not "fire at". I never used the word "at"