Main Area and Open Discussion > Living Room
After PSN. Who's next?
superboyac:
This is exactly why I go out of my way to avoid cloud services. Especially passwords...I don't see how people are comfortable storing ALL of their passwords in the cloud with another company. I don't care what they say about encryption and security...it just doesn't seem wise to me.
-superboyac (May 05, 2011, 08:57 AM)
--- End quote ---
The cloud is just so damn comfortable for certain things, especially for us geeks who are using multiple devices and computers.
But I agree with your concerns. Even if cloud service companies try to do everything to keep our stuff safe, there are still people operating these companies, and people just make mistakes. Also, while one can prove mathematically that encryption is safe, there is still all this technology around it that is not free of bugs.
-phitsc (May 05, 2011, 09:06 AM)
--- End quote ---
That's why in the previous months I was asking so many questions about how to seamlessly connect to my own server using mapped drive letters. I was trying to set up my own private cloud. But it's so freaking complicated and seemingly impossible without enterprise equipment or software. If I could set up a home server, and I can map folders/drives to other computers with a reliable connection, I don't need cloud services.
Lashiec:
I guess they should change their motto, huh?
"LastPass. The TWO last passwords you'll ever need" :D
Security breach or not, the PSN and SOE fiascos should be the wakeup call for many companies to thoroughly review their security infrastructure, specially after the several high-profile incidents that occurred during the past months. So props to LastPass for acting when someone cries wolf.
40hz:
I guess they should change their motto, huh?
"LastPass. The TWO last passwords you'll ever need" :D
-Lashiec (May 05, 2011, 09:20 AM)
--- End quote ---
As they will whoever finally succeeds in hacking LastPass. ;D
Sad truth is, something like LastPass is such a visible and high value target for a team of criminal hackers that it's only a matter of time and resources.
Even encryption is becoming less and less effective as advances in hardware and clustering technologies are bringing capabilities that were once the domain of multi-million dollar supercomputers down to the desktop level. Most cryptography will eventually go the way of the dodo bird.
Nobody can even dismiss '"brute force" cracking techniques as being impractical any more. Today's multicore CPUs make it an extremely workable crack for most passwords people are able to commit to memory. One decent computer plus some free software (easily found and downloaded from the web) can get you past 99% of the passwords most people come up with. Even the so-called "strong" passwords. 10 or more characters? Piece of cake! Mix of uppercase, lowercase, numbers and symbols? No problem - got it covered! No "dictionary" words? Don't make us laugh...
Dangerous world out there. Watch where you put your keys. :huh:
---
P.S. I had a client's employee lock him out of a set of company spreadsheets after the employee was informed he might get laid off. Must have thought doing that would get him some job security rather than realizing it's a felony in many places. This employee used a complex 16-character highly randomized password to lock those files.
It took an i3 laptop and some open source freeware less than ten minutes to crack it.
Hayduke Lives! :Thmbsup:
tomos:
I was not forced to change my master password, but I did. It proceeded to re-encrypt everything.
now though, when I log in, I'm getting this message:
-------------------------------------
An error has been encountered while loading your site
Please relogin
------------------------------------
it is recognising the new password - it actually briefly showed my page on one attempt, but with most text not showing & with some weird unicode characters. I dont even know if I have a backup of this stuff :-\ (but I did just recently import most of it from Roboform).
So I suspect a problem with their re-encryption...
-tomos (May 05, 2011, 08:33 AM)
--- End quote ---
^ this is sorted now -
NOTE: they no longer store your password, which I guess is safer - but I dont know if it now works as renegade describes:
Instead of storing salt and the like, the database had strong encryption and was only ever decrypted on the client. (IIRC) If you ever forgot your password, you were screwed though because YOU were the only one that ever had access to it. As such, warnings were BIG and LOUD. :)
-Renegade (May 05, 2011, 05:30 AM)
--- End quote ---
phitsc:
Nobody dismisses '"brute force" cracking techniques as being impractical any more. Today's multicore CPUs make it an extremely workable crack for most passwords people are able to commit to memory.
-40hz (May 05, 2011, 09:55 AM)
--- End quote ---
Check this out concerning brute force cracking of passwords. Was posted just recently somewhere.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version