Welcome Guest | Sign In
Salesforce Industries Summit
E-Commerce Times TechNewsWorld CRM Buyer LinuxInsider

TechNewsWorld Talkback

ECT News Community   »   TechNewsWorld Talkback   »   Re: October's Scary Security Surprises

Re: October's Scary Security Surprises
Posted by: Richard Adhikari 2011-10-18 10:12:37
See Full Story

October is national cybersecurity awareness month -- so says the U.S. Department of Homeland Security, which asserts Americans have a shared responsibility in increasing the resiliency of the nation and its online infrastructure. Perhaps other federal bodies and departments should visit that website, beginning with the United States Air Force. The USAF has issued a statement to "correct" recent reports that servers supporting drone aircraft piloted remotely over Afghanistan were infected with malware.

Sony security..
Posted by: Kagehi 2011-10-18 12:55:43 In reply to: Richard Adhikari
Well, they could do what Steam does, and have it so you can "only" access via a client, which hashes data on your machine, such that it won't let you log in some place else without a code also sent to your email. Oh, wait.. that left me locked out of the damn client for 3 days, while I argued with my new ISP over why they hell I couldn't get access to the old email address, and there is no way to change the address, unless you can log into Steam. Stupidly, they "can" reset the account, so you can get in without the secondary verification, only... then what the hell is the point, if someone uses the same password for their email as they did the game, for example, and the email is in the DB, along with the password and account info? In fact, you have to, if for some reason you completely forget the exact spelling, or something, of what you put in for the "security questions".

Its not too clear to me how an extra step "helps", unless you define "help" as rendering the account useless to the owner in some percentage of cases. It would be just as easy to require the password be at least 14 characters (or some such), then store half of it in the DB, and half in a second, on a different server, so you can't steal all of it at one time, or something. But, that then undermines reliability, since you now have "two" login servers that can go down.

The answer, seems to me, to be to stop making stupid ass mistakes, like putting the servers where they are easy to get at from the net.
Jump to:
When considering a new smartwatch, which feature set is most important to you?
Alerts and Notifications
Calls and Messaging
Clock and Time Tracking
Contactless Payments and Banking
Design and Personalization
GPS and Maps
Health and Fitness
Music and Video