Jump to content

Windows 8 - Deeper Impressions


JorgeA

Recommended Posts

Last I knew, Redmond was in Washington State. If my memory serves me correctly, Washington legalized Mary juina the last election. Could it be that the folks in Redmond really jumped on the band wagon and are having laced brownies and smelly smoke breaks? It's the only reason I can come up with for their attitudes and moves of late.

:D:lol:

--JorgeA

Link to comment
Share on other sites


Go ahead, get yourself that 32GB Windows RT device and put your whole life in the Cloud:

Whether you want it or not, your most important information, such as social security numbers (or the equivalent of your locality) and banking information, is already online and vulnerable to the same sort of breech. If what Evernote communicated is accurate, people with non-trivial passwords are not at significant risk of account breech, but all customers are particularly vulnerable to phishing attacks.

I feel for regular people who aren't security experts and try to navigate this stuff. If it weren't for things like KeePass and LastPass, password management would be untenable, and even then laypeople aren't in a position to evaluate the efficacy of said products. There's no choice but for most people to fly blind, and they become frustrated listening to conflicting advice on the matter.

Edited by HalloweenDocument12
Link to comment
Share on other sites

Yeah, I posted that in line with our earlier warnings against putting ever more of our information in the cloud.

Certainly (sad to say) there's already a lot of our personal and confidential data online. IMO, though, the risks of deliberately adding to it outweigh any benefits by far!

Here's a related article. The link may not work unless one is a subscriber to the online edition (I retyped the quote from the printed version), but it speaks to this trend of people relying increasingly on cloud services:

Chromebooks' main advantage is cost. Take the most popular model from Samsung, which retails for $249. It has Google's free operating system, insteaad of expensive Microsoft Windows, and a cheap Samsung processor, instead of a pricey Intel chip. Samsung also cuts the cost of the device by not including much storage. That is less of an inconvenience than it seems given users are storing more of their files, photos and music remotely with services like Google Drive or Dropbox.

:ph34r:

--JorgeA

EDIT: typo

Edited by JorgeA
Link to comment
Share on other sites

Whether you want it or not, your most important information, such as social security numbers (or the equivalent of your locality) and banking information, is already online and vulnerable to the same sort of breech. If what Evernote communicated is accurate, people with non-trivial passwords are not at significant risk of account breech, but all customers are particularly vulnerable to phishing attacks.

This time ONLY SEEMINGLY OT:

http://blogs.securiteam.com/index.php/archives/1068

http://blogs.securiteam.com/index.php/archives/1906

And some comments:

jaclaz

Link to comment
Share on other sites

Interesting piece of spin there.

You will notice he says -

a habit... it's like smoking[/b

The clear implication that using Google search is a bad habit.

Tut Tut MrWeicz ....

bphlpt

The line I loved in that article was this one by Microsoft Senior Online Services Director Stefan Weitz:

Quote

He effectively admits, though, that the campaign did not have a major impact, commenting that using Google search is "a habit... it's like smoking[. It's hard to get folks to stop doing it."

Link to comment
Share on other sites

I keep notes on every restricted password system I use, Evernote included. The notes say that its limitations are 62 characters, and apparently the only special characters allowed are '-' and '_'. This still allows for over 300 bits of entropy but the 62 character limitation is a little strange. Why not 64?

I once had a bank account that used my SSN as a login with a 4 number PIN, which was set to my birthday by default and was active without me setting it up. That was probably the most absurd password scenario I've ever seen. The PIN had to be 4-numbers because it had to match the ATM system (for some reason), but I was able to change my username (but not without calling them). Though SSNs are only 9 numbers, the system accepted something like 12 or 16 alphanumeric characters, so I gave them a randomly generated string. I asked them WTF they were thinking with a system like this and they basically said it's (somehow) cheaper for their fraud department to reimburse customers than to change their system. This was back when online banking was kind of new.

Edited by HalloweenDocument12
Link to comment
Share on other sites

Whether you want it or not, your most important information, such as social security numbers (or the equivalent of your locality) and banking information, is already online and vulnerable to the same sort of breech. If what Evernote communicated is accurate, people with non-trivial passwords are not at significant risk of account breech, but all customers are particularly vulnerable to phishing attacks.

This time ONLY SEEMINGLY OT:

http://blogs.securiteam.com/index.php/archives/1068

http://blogs.securiteam.com/index.php/archives/1906

And some comments:

jaclaz

I've mentioned this before... A password is only good so that you can access your stuff and someone else can't guess it and get to your stuff. This was fine for quite some time, but in this age of daily website hacks (which reveal that developers and admins take great shortcuts) many passwords just get revealed. No need to have to guess. Only the secure ones are hashed properly, but even some can just be cracked anyways. So for example if you had an account at one of these sites that got their database dumped, it means having a secure password really had made no difference.

Link to comment
Share on other sites

So for example if you had an account at one of these sites that got their database dumped, it means having a secure password really had made no difference.

That's why having a unique, strong password at every site is the only realistic measure of protection. Unfortunately, this is impossible for nearly everybody without using password management tools. The real danger is reusing passwords and having it revealed at one of the weakly guarded sites you referred to. And then there's social engineering. I'll say that some site or service I use gets compromised about once per quarter, so the danger is real. Also, keep in mind that when a site is compromised, the secret questions and answers float away in cleartext, so one essentially needs to treat them like unique passphrases.

Link to comment
Share on other sites

Also, keep in mind that when a site is compromised, the secret questions and answers float away in cleartext, so one essentially needs to treat them like unique passphrases.

Oh great, the problem is even worse than I thought.

--JorgeA

Edited by JorgeA
Link to comment
Share on other sites

The article is well worth reading. For readers in a hurry, here are the five reasons (explanations in the article). Most of them echo points we have made in this thread:

1. Metro, aka Modern: An ugly, useless interface.

2. Windows 8 brought nothing innovative to the desktop.

3. Developers hate it.

4. Legacy Windows 7 users aren't moving.

5. Tablet, smartphone, and desktop competition.

--JorgeA

Link to comment
Share on other sites

Interesting piece of spin there.

You will notice he says -

a habit... it's like smoking

The clear implication that using Google search is a bad habit.

Tut Tut MrWeicz ....

Good point. I hadn't noticed that!

So we could use the same tactic and say, "using Windows 8 is a bad habit"... :whistle:;)

--JorgeA

Link to comment
Share on other sites

So for example if you had an account at one of these sites that got their database dumped, it means having a secure password really had made no difference.

That's why having a unique, strong password at every site is the only realistic measure of protection. Unfortunately, this is impossible for nearly everybody without using password management tools. The real danger is reusing passwords and having it revealed at one of the weakly guarded sites you referred to. And then there's social engineering. I'll say that some site or service I use gets compromised about once per quarter, so the danger is real. Also, keep in mind that when a site is compromised, the secret questions and answers float away in cleartext, so one essentially needs to treat them like unique passphrases.

A hardcopy of passwords locked in a file cabinet works for me! :whistle:

Link to comment
Share on other sites

Stardock now released a tool which should be part of Windows 8:

ModernMix is a revolutionary new program that lets you run Windows® 8 "Modern" apps in a window on the desktop.

Windows 8 Modern apps, also known as Metro or RT apps, will use the full screen on your display regardless of how much of the screen they really need. As a result, that weather app, mail program or stock ticker is going to use the entirety of your computer display.

mm_after.png

mm_pintasks.png

wndcontrols.png

http://www.stardock.com/products/modernmix/features.asp

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...