Berkeley CSUA MOTD:Entry 45856
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/12/25 [General] UID:1000 Activity:popular
12/25   

2007/3/2 [Computer/SW/Security] UID:45856 Activity:nil
3/2     Paypal has a new security key:
        http://preview.tinyurl.com/ytr6zn (consumerist.com)
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2024/12/25 [General] UID:1000 Activity:popular
12/25   

You may also be interested in these entries...
2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil
9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...
2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil
6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
Cache (4072 bytes)
preview.tinyurl.com/ytr6zn -> consumerist.com/consumer/paypal-security-key/original-video-paypal-security-key-first-look-240770.php
What it looks like, how it works, how to get it, and whether it's worthwhile. The thing with account security is it's not the first thing that gets ya, it's like AIDS, it's all the other assholes the first asshole sells your account to that really rapes ya. I wish credit card companies would adopt a system like this and bundle it with credit cards. That way you would need the physical card with the unique ID to use it online. meghannmarco: I always knew there was something creepy about Ben and now we know: Ben has John Stamos tied up in his apartment. On topic: Now, if only Paypal would start treating their custoemrs right.... B says: Credit cards and other financial institutions are required by law to have what they call "dual factor" authentication for online access. What it means is in order to access your account you need to provide your username/password and information that's only available on some physical thing, like your atm/credit card. For situations where there is no card, they'll require a security key like this one. The fact is that there are so may Phishing emails, being used. If you get tricked into giving up your PayPal/eBay login information your screwed. With this, if they do not have that Key number, they are not getting in. If you do happen to give that key number they will have less than 30 seconds to use that number or the information is useless. This will also make it more difficult for phishers to generate an authentic login page. mefirst says: Ben-- Have you ever had a friend die from AIDs? If your'e going to enter scary territory while attempting to be funny, you should do it with appropriate levity for your surroundings--and I think a $5 piece of plastic to let you sit at home and click buttons for payment on other plastic objects is not worth the attempt at humor. What I'm saying is -- I doubt you'd yell nigger fuck faggot in a crowded theater. Besides, the comment fell flat--all it points out is you're angry about your sexual partners--why are *they* assholes? unless you're also being jovial about rape, in which case I guess any point in reasoning is about pointless. I wish I felt so much indignation about my shiny objects, must be nice up there. dalasv says: I guess I really don't understand how anyone could get taken in a phishing scam. I mean why not just always log in at the actual paypal homepage? Every email you get from "paypal" asking you to log in is always a phishing email, so you can pretty much just ignore them all. Of course, I'm on a Mac, so maybe there are some PC Malware tricks that I am unaware of. And yeah, everyone saying paypal should give these away is right. Still, a lot of less savvy users can and do get taken in by those e-mails. I do see a day when the two-factor identification via token will get out of hand, but for now I really love my PayPal key. nweaver, I'm not sure that "PUBLIC key cryptography" means what you think it means. I used AIDS based on its mechanics: an attack that weakens your immune system, allowing for other diseases to infect. AIDS victims don't die from AIDS, they die from pneumonia, and the like. I could've said, "it's like an immuno-defficiency virus," but I think the point might've been lost... But if every site wanted to use this idea you'd need a huge keychain to keep everything sorted out. I'm glad to see you're intrested in your customer's best security intrest. Unfortunately this implementation as it currently exists will not work as more vendors attempt the same approach. Overall we need a new version that supports two-factor keys across multiple financial (or otherwise) sources on one portable device. To leave a comment, please login with a username and password. Username: Password: Confirm password: E-mail: (optional, for password recovery) Remember me on this computer? We only allow in a commenter if the debut contribution is interesting, substantial or highly amusing. Your comment will only appear once (or if) you're added to the membership list. Check your username and password above, and click submit again.