Blurblogs
Global
Popular
Log in
Wandal's blurblog
1 story
·
0 followers

Authorization
Friday April 19th, 2013 at 4:07 AM

25 Comments and 63 Shares
Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few minutes of inactivity it automatically switches to my brother's.
Read the whole story
Wandal
3886 days ago
reply
Share this story
Delete
25 public comments
agcornejo
3869 days ago
reply
Lol
Snellville, Georgia
redknightalex
3877 days ago
reply
Or one could practice physical security as well as digital security. Around this time of year, every student's laptop is stolen.
Northeastern US
waxis
3884 days ago
reply
Let's hear it for sandboxing!
Arizona
oliverzip
3885 days ago
reply
Sigh. And I felt so secure.
Sydney, Balmain, Hornsby.
beslayed
3887 days ago
reply
//
ktgeek
3887 days ago
reply
Once again, xkcd gives me a great comic for security presentations...
Bartlett, IL
PaulPritchard
3887 days ago
reply
Heh
Belgium
bogorad
3887 days ago
reply
+acda: please do enlighten me how one's gonna hijack my active SSL-session that's on a laptop that auto-locks when my face is not visible through its webcam? :)
Barcelona, Catalonia, Spain
gmuslera
3887 days ago
Someone sends you a PDF exploiting an acrobat vulnerability (to put an example of making someone's else code run as your user), that takes out your browser cookies/sessions/whatever (or just install a keylogger), and sent them to someones else email. Not being admin/root don't enable them to modify the system in ways that your plain user can't, but can do everything else.
bogorad
3887 days ago
I don't use adobe's PDF software ;)
GrimMeeper
3887 days ago
so maybe I get a picture of you?
acksed
3887 days ago
They don't. They call your bank after cracking the weak password on your email account for the details, reading your FB page for your birthdate, phone number, relatives and location/address, then authorise a bank transfer.
tedder
3888 days ago
reply
my brother sent this to me this morning.
Uranus
shamgar_bn
3888 days ago
reply
love this...
Wake Forest, North Carolina
jobiasrkd
3888 days ago
reply
But video card drivers are serious business!
Edmonton, Canada
deezil
3888 days ago
reply
Ha!
Shelbyville, Kentucky
norb
3888 days ago
reply
hahaha
clmbs.oh
dianaschnuth
3888 days ago
reply
Ain't that the truth.
Toledo OH
sfringer
3888 days ago
reply
Always a great viewpoint on serious topics!
North Carolina USA
adamgurri
3888 days ago
reply
welp
New York, NY
acdha
3888 days ago
reply
Lovely example of why so much security advice is rearranging the proverbial deck chairs. The model for the future is privilege separation within an account – a la Apple's sand boxing – but even that is woefully inadequate until, say, compromising your browser on your favorite l0lcat site doesn't let an attacker reuse your banking credentials.
Washington, DC
petrilli
3888 days ago
The problem is that at some point, everything depends on a single lynchpin of security. For example, I use approximately 5,000 different passwords, but they're all stored in a single repository that's protected with a very long pass phrase. But, compromise the phrase, or the encryption protocol itself, and BOOM, all for not. Unfortunately, diffuse security risks are difficult to achieve in practice if your goal is ease-of-use. There's a freaking Nobel prize in there somewhere.
skarlso
3882 days ago
@petrilli the problem is that you are storing them in one place :-) either distribute to multiple location or store them in you head. I have a powerful mnemonic to store my 100+ passwords in my head. Hopefuly that can't be cracked. Yet.
manuelp
3888 days ago
reply
Clever as usual :D
Universe
Dowser
3888 days ago
reply
Huvudet på spiken, igen.
Trosa, Sweden
stavrosg
3888 days ago
reply
...
Rodos, Greece
bobdvb
3888 days ago
reply
One I think Linus would sympathise with I think!
Down from 51.5, left of 0.25
popular
3888 days ago
reply
One I think Linus would sympathise with I think!
thebassman
3888 days ago
reply
Too funny, yet so true.
Barrie, Ontario, Canada
growler
3888 days ago
reply
eggzactly
bogorad
3888 days ago
truecrypt + auto-lock should be mandatory
acdha
3888 days ago
bogorad: I'm trying to tell whether you missed the point or are joking. TrueCrypt, FileVault, etc. are good ideas for physical security but they don't help when an active session is compromised, which is by far the dominant threat these days.