|
Quote: At its core, WebAuthn is an API that allows websites to communicate with a security device to let a user log into their service. This security device can range from a FIDO security key that you simply plug into a USB port on your computer to a more complex biometric device that allows for an additional level of verification. The important thing is that WebAuthn is more secure than the weak passwords people end up using for most websites, and it’s simpler than having to remember a string of characters in the first place. In other words... we are going to be forced to buy more stuff and make someone rich.
Quote: The important thing is that WebAuthn is more secure than the weak passwords people end up using for most websites, and it’s simpler than having to remember a string of characters in the first place. I think the biggest problem is not really the "weak password" of the user, but the "weak authentication of the sites".
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
So, if you want to get to all of person X's accounts, just steal their authentication device. Brilliant.
|
|
|
|
|
A simple lack of time is blamed for a lack of security governance in open-source projects. "Given enough eyeballs, all bugs are shallow."
|
|
|
|
|
No, it's the primary job of the PROGRAMMER to at least MAKE THE EFFORT to implement secure code. If they were doing that, the "governance" wouldn't be such a big f*ckin deal. Relying on someone else to cover your ass is a recipe for disaster.
In the world of open-source, it's the job of the project owner/maintainer to verify/reject code that is not secure enough. If they don't want (or have time for) that responsibility, they should relinquish control of the project to somebody that willingly accepts it.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Kent Sharkey wrote: "Given enough eyeballs, all bugs are shallow to hackers ."
FTFY
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Intel makes good on its 2017 promise; the USB-IF is still terrible at naming things. I guess this means Apple will have to come up with a new semi-standard connector?
|
|
|
|
|
Should developers spend time learning frameworks, or focus the bulk of their attention on languages and other, fundamental skills? Does anyone want to write another implementation of quicksort?
|
|
|
|
|
See sig.
Latest Article - Web Frameworks - A Solution Looking for a Problem?
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Holograms. Emotive, life-like digital human beings. Washing machine repairs directed from miles away. And that 6G! Ooo, my!
|
|
|
|
|
How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it. They did make half an operating system
|
|
|
|
|
Our romance with new technologies always seems to follow the same trajectory: We are by turns mesmerized and adoring, disappointed and disheartened, and end up settling for less than we originally imagined. Depends on what's in the box
See also: Betteridge's Law, part 2 (for today)
|
|
|
|
|
Recently Fabien Sanglard wrote an excellent post where he deciphered a postcard sized raytracer, un-packing the obfuscated code and providing a fantastic explanation of the maths involved. I really recommend you take the time to read it! But it got me thinking, would it be possible to port that C++ code to C#? "Limbo lower now, how low can you go?"
See also: Betteridge's Law, part 1 (for today)
|
|
|
|
|
No, because it's not deterministic.
|
|
|
|
|
By 2017, Mozilla had made two previous attempts to parallelize the style system using C++. Both had failed. You get reddish stains on your keyboard?
|
|
|
|
|
Argentina native Santiago Lopez is the first person to surpass $1 million in rewards on HackerOne, a bug bounty platform that offers money in exchange for finding security vulnerabilities in IT systems from participating companies. Yeah, well I found a dime in a parking lot yesterday
|
|
|
|
|
Kent Sharkey wrote: Argentina native Santiago Lopez is the first person to surpass $1 million in rewards on HackerOne Probably other guys earn more than he, but they do it exploiting the security holes and / or selling what they find off-record in the black market
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Microsoft is using artificial intelligence to implement this feature, with image recognition so that Excel users don’t have to manually input hardcopy data. The feature will be available to Microsoft 365 users. ... ... ... No, I don't have any idea why either.
Edit: fixed headline
modified 3-Mar-19 11:40am.
|
|
|
|
|
I can think of a couple of useful cases
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
Making progress towards .norm[^] files, I see
|
|
|
|
|
While tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals, according to the 2019 Webroot Threat Report. Yes, but all the good stuff is on the bad domains (Present company not included)
|
|
|
|
|
Quote: After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt.
It only takes one hole to compromise a system.
|
|
|
|
|
The release earlier this month of a preview Windows 10 build that isn't due until 2020 was a little strange. At the time, Microsoft said vaguely that it was because of features that "require a longer lead time," with no indication of what those features are. It's going to take them that long to work the bugs out?
Of course I'm kidding - they won't take the bugs out
|
|
|
|
|
The new cryptocurrency would be integrated with Facebook's WhatsApp messaging platform, allowing ordinary WhatsApp users to send electronic cash to friends and family across international borders. It's all about the Facebucks
And I'm sure it won't be involved in any criminal activity or privacy violations.
|
|
|
|
|
Is that when a blockchain becomes a trackchain?
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
Will there be an "unchain" button if I want a refund?
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
|
|
|
|