1 story
·
0 followers

Authorization

25 Comments and 63 Shares
Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few minutes of inactivity it automatically switches to my brother's.
Read the whole story
Wandal
4185 days ago
reply
Share this story
Delete
25 public comments
agcornejo
4169 days ago
reply
Lol
Snellville, Georgia
redknightalex
4176 days ago
reply
Or one could practice physical security as well as digital security. Around this time of year, every student's laptop is stolen.
Northeastern US
waxis
4183 days ago
reply
Let's hear it for sandboxing!
Arizona
oliverzip
4184 days ago
reply
Sigh. And I felt so secure.
Sydney, Balmain, Hornsby.
beslayed
4186 days ago
reply
//
ktgeek
4186 days ago
reply
Once again, xkcd gives me a great comic for security presentations...
Bartlett, IL
PaulPritchard
4187 days ago
reply
Heh
Belgium
bogorad
4187 days ago
reply
+acda: please do enlighten me how one's gonna hijack my active SSL-session that's on a laptop that auto-locks when my face is not visible through its webcam? :)
Barcelona, Catalonia, Spain
gmuslera
4187 days ago
Someone sends you a PDF exploiting an acrobat vulnerability (to put an example of making someone's else code run as your user), that takes out your browser cookies/sessions/whatever (or just install a keylogger), and sent them to someones else email. Not being admin/root don't enable them to modify the system in ways that your plain user can't, but can do everything else.
bogorad
4187 days ago
I don't use adobe's PDF software ;)
GrimMeeper
4186 days ago
so maybe I get a picture of you?
acksed
4186 days ago
They don't. They call your bank after cracking the weak password on your email account for the details, reading your FB page for your birthdate, phone number, relatives and location/address, then authorise a bank transfer.
tedder
4187 days ago
reply
my brother sent this to me this morning.
Uranus
shamgar_bn
4187 days ago
reply
love this...
Wake Forest, North Carolina
jobiasrkd
4187 days ago
reply
But video card drivers are serious business!
Edmonton, Canada
deezil
4187 days ago
reply
Ha!
Shelbyville, Kentucky
norb
4187 days ago
reply
hahaha
clmbs.oh
dianaschnuth
4187 days ago
reply
Ain't that the truth.
Toledo OH
sfringer
4187 days ago
reply
Always a great viewpoint on serious topics!
North Carolina USA
adamgurri
4187 days ago
reply
welp
New York, NY
acdha
4187 days ago
reply
Lovely example of why so much security advice is rearranging the proverbial deck chairs. The model for the future is privilege separation within an account – a la Apple's sand boxing – but even that is woefully inadequate until, say, compromising your browser on your favorite l0lcat site doesn't let an attacker reuse your banking credentials.
Washington, DC
petrilli
4187 days ago
The problem is that at some point, everything depends on a single lynchpin of security. For example, I use approximately 5,000 different passwords, but they're all stored in a single repository that's protected with a very long pass phrase. But, compromise the phrase, or the encryption protocol itself, and BOOM, all for not. Unfortunately, diffuse security risks are difficult to achieve in practice if your goal is ease-of-use. There's a freaking Nobel prize in there somewhere.
skarlso
4182 days ago
@petrilli the problem is that you are storing them in one place :-) either distribute to multiple location or store them in you head. I have a powerful mnemonic to store my 100+ passwords in my head. Hopefuly that can't be cracked. Yet.
manuelp
4187 days ago
reply
Clever as usual :D
Universe
Dowser
4187 days ago
reply
Huvudet på spiken, igen.
Trosa, Sweden
stavrosg
4187 days ago
reply
...
Rodos, Greece
bobdvb
4187 days ago
reply
One I think Linus would sympathise with I think!
Down from 51.5, left of 0.25
popular
4187 days ago
reply
One I think Linus would sympathise with I think!
thebassman
4187 days ago
reply
Too funny, yet so true.
Barrie, Ontario, Canada
growler
4187 days ago
reply
eggzactly
bogorad
4187 days ago
truecrypt + auto-lock should be mandatory
acdha
4187 days ago
bogorad: I'm trying to tell whether you missed the point or are joking. TrueCrypt, FileVault, etc. are good ideas for physical security but they don't help when an active session is compromised, which is by far the dominant threat these days.