If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2007-02-18
Member since:2007-03-26
I never did such thing.
You were the one playing devils advocate with theoretical attacks on the method I was suggesting to generate passwords and kept responding why such attacks don't currently exist.
I always focused on attacks that are already in use today - and you'd know that if you bothered to read the f--king links I provided.
so don't you even dare blame me because you're too technologically inept to hold even the most basic conversation on pen testing. After all, you said yourself you're ignorant to such matters at the start of this discussion - pity you didn't stop to listen to someone more experienced than yourself instead of acting like a prick.
But, at least I should be grateful as it's egotistical novices like yourself that keep me employed - and trust me when I say that I get paid well to fix the f--k ups that you pseudo-techies make
Edited 2012-11-13 11:50 UTC
Member since:2007-03-26
I probably should apologize for the crappy tone of me recent posts. But in all seriousness, the confusion is entirely at your end. You kept confusing the different stages of the process and raising hypothetical arguments of attacks (which you're somehow now blaming me for?)
If you did a little research into this you'd see the circular arguments you keep raising, and then when you started accusing me of the above, well it's no wonder I lost my temper.
I'm sure you've had similar arguments with people where they've failed to grasp basic concepts then accused you of switching contexts because they were incapable of wrapping their heads around the basic theory you were trying to outline.
You don't strike me as unintelligent, so this clearly isn't beyond you; however the arguments you raise made little sense. So I really do suggest you do a little reading up on security blogs (and I mean ones written by respected pen testers - there's a lot of idiots out there who publish grossly misleading (and often down right inaccurate) information). It's scary just how sophisticated some attacks are (which is why I'm a huge advocate of using key based systems to do away with passwords; and using automatic firewalling for the few systems that are dependent on password authentication).
Even just outside of my main job, I do some freelance consultancy and it's pretty alarming just how many servers are exposed to easy attacks due to the administrators running default config (eg no adaptive firewalling, chroot sandboxing, user separation, insecure daemon defaults (eg server tokens enabled in apache) and running local daemon listener on 0.0.0.0).
Security is quite an in-depth and highly specific subject, so it grinds my gears when bad / outdated advice is given so publicly, or when good advice is ignored (particularly if it appears to be ignored purely out of pride).
Anyway, rant over 
Why does Google get so much credit in the technology industry? Why, despite the company's many obvious failings, do many geeks and enthusiasts still hold a somewhat positive view on the all-knowing technology giant? A specific talk at Google I/O this week provides the answer.
OSNews is a sponsor of this year's O'Reilly OSCON in Portland, Oregon, USA. A lucky OSNews reader will win a free three-day pass, including two tutorials days. To win the pass, post a comment on this story saying something about Open Source Software or OSCON. We'll pick a winner at random next week. If you don't have an OSNews account, you may email us your entry. Part of the conference is the 9th annual Open Source Awards, and today the 16th is the deadline for nominations. If you'd like to nominate an outstanding open source contributor, do it here. Read on for more information about OSCON. Update: The 20% discount code for OSNews readers is "OSN."
"Windows is indeed slower than other operating systems in many scenarios, and the gap is worsening." That's one way to start an insider explanation of why Windows' performance isn't up to snuff. Written by someone who actually contributes code to the Windows NT kernel, the comment on Hacker News, later deleted but reposted with permission on Marc Bevand's blog, paints a very dreary picture of the state of Windows development. The root issue? Think of how Linux is developed, and you'll know the answer.
This is one of those news items that's fun to write, fun to read, fun to comment on, and where no one will be able to say anything unkind. It's all just one big ball of awesome fluffiness. TuneTracker, the BeOS radio automation software, has just released something very special: TuneTracker System 5, the first version designed entirely and specifically for Haiku. In fact, it actually includes Haiku in the software package. Better yet, TuneTracker also unveiled several system-in-a-box products - which have Haiku and TuneTracker pre-installed.
Exactly twenty years ago, a document was published that played a huge role in establishing the web as we know it today. Twenty years later, and this simple and straightforward document is proof of an irrefutable fact: while closed technologies can change markets, open technologies can change the world.
Oh multitasking. That staple of computing that got thrown out the window with many modern smartphones. We got some rudimentary thing in its place - but even as multitasking on phone and tablets improves, its user-visible side remains cumbersome. Windows 8 has a neat implementation, and now it's time Android follows in it footsteps.They're here! Whether that excites you or not remains to be seen, but the Galaxy S4, which will most likely become the best selling Android smartphone of the year by a huge margin, has been reviewed by all the major sites, and there's lots of interesting conclusions in there - although I think most of you will get the gist.Nokia has posted its quarterly results for the first quarter of 2013, and just like the quarters that came before, there's not a whole lot of good news in there. The rise in Lumia sales still can't even dream of making up for the sales drop in Symbian phones, and when broken down in versions, the sales figures for Windows Phone 8 Lumias in particular are very disappointing. In North America, Nokia is getting slaughtered.The day has finally come: Google has started shipping Google Glass to the lucky few early adopters. Now that it's shipping, Google has also unveiled a lot more about the API and the specifications of the device itself. While the company had already given out substantial details at earlier occasions, there are still a few surprises here.
Almost exactly three years ago, I wrote about why OSNews was no longer OSNews: the alternative operating system scene had died, and OSNews, too, had to go with the times and move towards reporting on a new wave of operating systems - mobile, and all the repercussions that the explosion of smartphones and tablets have caused. Still, I was wondering something today: why aren't we seeing alternative operating systems on mobile?
Member since:
2007-03-26
Clearly you haven't a fucking clue what you're talking about if that's the conclusion you came to.
I've provided evidence to substantiate my claim but I guess you'd rather remain stupid. And good for you - every community needs an idiot.