|
Collateral Damage posted:If sites use md5 for password hashing that's a problem with the site, not with your password. If you md5 hash your passwords then NO password is secure because even 20 random letters and numbers can be brute forced in a couple of hours. But a lockout policy fixes the brute forcing issue? I am dealing with this same topic at work currently.
|
# ? May 21, 2014 14:14 |
|
|
# ? May 16, 2024 06:20 |
|
Moey posted:But a lockout policy fixes the brute forcing issue?
|
# ? May 21, 2014 14:16 |
|
On the topic of password requirements, systems should not be vulnerable to brute-forcing in the first place. Three tries = lockout.
|
# ? May 21, 2014 14:25 |
|
martyrdumb posted:On the topic of password requirements, systems should not be vulnerable to brute-forcing in the first place. Three tries = lockout. Multiple people in the thread have explained that it is in reference to attacking hashed passwords where the hashes have been stolen via sql injection or similar compromise.
|
# ? May 21, 2014 14:27 |
|
martyrdumb posted:On the topic of password requirements, systems should not be vulnerable to brute-forcing in the first place. Three tries = lockout. So it takes me what, 600ms max per thread per user to denial of service the system?
|
# ? May 21, 2014 14:53 |
|
itt people bad at security
|
# ? May 21, 2014 15:20 |
|
EAT THE EGGS RICOLA posted:itt people bad at security Hey I have a Security+ certification and I'll have you know...
|
# ? May 21, 2014 15:26 |
|
EAT THE EGGS RICOLA posted:itt people bad at security I know enough about security to know I don't know enough about security and I best leave it to someone who does.
|
# ? May 21, 2014 15:43 |
|
Collateral Damage posted:We're not talking about brute forcing a login prompt. We're talking about someone who's already stolen the list of hashed passwords and can brute force them offline at their leisure. Ah. I am stuck in this argument at work for login prompts with a lockout of 3 attempts....
|
# ? May 21, 2014 16:06 |
|
I hate conference room audio in every way shape and form! Go with expensive Polycom units that sound great? Nope gently caress you! Random sales guy teleconferencing in from an open convertible driving 70 mph on the high way in a construction zone cant be heard well. Go test and roll out a new unit. Tiny room with a little Jabbra speaker that works well in small areas? No gently caress you again! We need to be able to be heard at a whisper while hanging from above the ceiling tiles in the corner of the room. I'm just so tired of dealing with it. We've tested units that sound great when your on a good connection, I cant fly all over the country and test audio from lovely reception areas. Just because joe blow marketing genius cant be heard well doesnt mean there is a problem with the unit.
|
# ? May 21, 2014 16:11 |
|
Moey posted:Ah. I am stuck in this argument at work for login prompts with a lockout of 3 attempts.... An increasing delays for each failed login is better.
|
# ? May 21, 2014 16:29 |
|
I just had a user walk out of my office in a huff, believing that he is the one who has been wronged. He walked into my office -- for some reason this new batch of users is allergic to email or the loving telephone, half of them walk down here to talk to me -- and started to ask me a question, but stopped a couple words in and picked up a USB A/B cable from my surplus and stood there looking at it. It took me several attempts to get him to tell me what it was he was trying to accomplish, so I could tell him if that cable would help. It turns out his son broke his DSi XL power adapter and he thought the connector looked like that. I've never owned any of the XLs, but I've owned every other model of DS ever released, and they all had proprietary adapters. I told him that, and that that wasn't going to work. Obviously it isn't my job to fix someone's DS, but whatever, I can do a quick favor. Having heard this reply, he stands there silently in my office staring at the cable. I then have this conversation several more times, explaining each time that it will not work, that Nintendo uses nonstandard, proprietary connectors for their handhelds, but that yes, if he really wants to he can take that cable with him and test it. Each time I grow increasingly exasperated, and he asks me why I'm in a bad mood today. I wasn't before he walked in, but I reply that I don't like it when people walk in and help themselves to my equipment, and that I don't like it when people ask my advice and won't take it. He says "Okay, I won't come down anymore" and puts down the cable and walks out, clearly miffed, while I remind him that he's welcome to take the cable if he wants it. (As an aside, I've never owned an XL, like I said, but Googling appears to support me -- the DSi XL charger is still a proprietary connector, right?)
|
# ? May 21, 2014 16:38 |
|
Yeah, the DSi XL uses the same connector as the DSi, 3DS and 3DS XL.
|
# ? May 21, 2014 16:49 |
|
Is saving a customer's credit card information that they give you over the phone in a .wav file legal?
|
# ? May 21, 2014 16:51 |
|
SlayVus posted:Is saving a customer's credit card information that they give you over the phone in a .wav file legal? Do you live in a one-party state or the person was aware that you were recording the call? If so, yes.
|
# ? May 21, 2014 16:54 |
|
SlayVus posted:Is saving a customer's credit card information that they give you over the phone in a .wav file legal? I doubt it's illegal, but I am pretty sure it's a clear PCI violation.
|
# ? May 21, 2014 16:57 |
|
guppy posted:I just had a user walk out of my office in a huff, believing that he is the one who has been wronged. I don't know about anything other than the DS Lite, but the DS Lite can absolutely be charged using a USB to DS connector cable, which can be readily found on ebay for a very low price. Don't need to buy a dodgy crappy charger again. I also saw a guy mod his DS Lite - unsoldered the proprietary connector and soldered on a mini USB connector. Fit perfectly in place. Why didn't you do this first time round, Nintendo? (Although micro would be even better).
|
# ? May 21, 2014 16:57 |
|
My favorite co-worker is leaving. ...this means I am basically the only person that knows the grandfathered product lines from an engineering level.
|
# ? May 21, 2014 16:57 |
|
Collateral Damage posted:Lockouts are dumb and just add more workload to your helpdesk when users inevitably get their accounts locked out every time they've changed their password. Is this even possible in a natively in a Windows domain?
|
# ? May 21, 2014 17:02 |
|
guppy posted:I just had a user walk out of my office in a huff, believing that he is the one who has been wronged. Ah, yes, the "Tell me what I want to hear" school of asking for advice. The best way to endeer yourself to IT. My favorite one is some variation on the following conversation, which happens about twice a year: : I want a gaming laptop. Which one should I get. : The one I got. IdeaPad y510p. : I dunno, that looks like it costs a lot. Can't I buy <insert some hideously cheap, underpowered, usually Dell laptop here> : No, it's not powerful enough. If you want to game on a laptop, you're gonna pay bucks. : I dunno.... *two weeks later* : I bought the Dell, but I get a really bad framerate in <Insert game here> on Ultra. I've got a really good processor, can you help me fix this? Neito fucked around with this message at 17:23 on May 21, 2014 |
# ? May 21, 2014 17:12 |
|
HalloKitty posted:I don't know about anything other than the DS Lite, but the DS Lite can absolutely be charged using a USB to DS connector cable, which can be readily found on ebay for a very low price. It's the other end of the cable that concerns me. I know you can buy a cable to charge off USB, but you still need the proprietary DS connector on the other end.
|
# ? May 21, 2014 17:16 |
|
guppy posted:I just had a user walk out of my office in a huff, believing that he is the one who has been wronged. Did our company provide this nintendo to you? No? We don't support personal hardware. Get out.
|
# ? May 21, 2014 17:36 |
|
jre posted:
|
# ? May 21, 2014 17:47 |
|
Neito posted:Ah, yes, the "Tell me what I want to hear" school of asking for advice. The best way to endeer yourself to IT. Step 1: Sell the Dell Step 2... Meanwhile, regarding biometrics: a former client of mine went fingerprint scanner, while also keeping the policy that passwords must be rotated at least once a month and may not be reused for at least a year. It's been 8 months or so.
|
# ? May 21, 2014 17:49 |
|
Lum posted:
hosed up fingerprint buddy! I've literally never had a biometric scanner work on my fingers. Something about years of playing bass (possibly the constant friction between fingertips and textured steel cables) just renders them utterly useless.
|
# ? May 21, 2014 18:11 |
|
So what, you have to use a different finger every month? Or is the password in addition to the biometrics.
|
# ? May 21, 2014 18:11 |
|
Kurieg posted:So what, you have to use a different finger every month? Or is the password in addition to the biometrics. This would be hilarious. No repeat passwords for 12 months. November and December feature toeprints every year.
|
# ? May 21, 2014 18:13 |
|
Paladine_PSoT posted:hosed up fingerprint buddy! I've literally never had a biometric scanner work on my fingers. Something about years of playing bass (possibly the constant friction between fingertips and textured steel cables) just renders them utterly useless. I haven't touched a violin for six years, but I still have a permanent indent in my left index finger caused by the tiny, high tension strings. Then I started playing bass and now my fingers hosed up in different ways. I don't really know the technology behind smartphones/tablet touchscreens, but I find my fingers don't work that well on them. Do you have any issues with touchscreen devices? I don't know if I'm a mutant or if it's from all the finger abuse. I've never used a biometric device either so I can't really compare like that.
|
# ? May 21, 2014 18:20 |
|
Renegret posted:I haven't touched a violin for six years, but I still have a permanent indent in my left index finger caused by the tiny, high tension strings. Then I started playing bass and now my fingers hosed up in different ways. Just above average fat fingering reducing my accuracy. I can't use swype.
|
# ? May 21, 2014 18:49 |
|
So a call came in: Quicksand's company called me up and wants to hire me for a new position for several clients in Edmonton. After two phone interviews, one was a couple of months ago, we are at the references stage. Wooo
|
# ? May 21, 2014 18:51 |
|
blackswordca posted:So a call came in: This would make my incredibly aggravating day worth suffering through
|
# ? May 21, 2014 18:55 |
|
blackswordca posted:So a call came in: Dude, I'm pulling harder for you to get this than I am for me to get a job.
|
# ? May 21, 2014 18:59 |
|
blackswordca posted:So a call came in: Hope this comes through for you. If it does please get one of those spy pen camera things to record your bosses' reaction to your departure.
|
# ? May 21, 2014 19:26 |
|
kensei posted:My favorite co-worker is leaving. The situation you're describing is called "leverage." Time to ask for a raise.
|
# ? May 21, 2014 19:28 |
|
Che Delilas posted:The situation you're describing is called "leverage." Time to ask for a raise. Funny you should mention that. There was a meeting on my calendar with the VP my boss reports to for a Six Month Review on the position I have now (that meeting just ended). I am getting the bump I asked for (I have already transitioned to another role, and am just worried that I will get sucked back into supporting or helping with some of that outdated stuff.)
|
# ? May 21, 2014 19:39 |
|
I keep seeing the word biometric, and it's just reminding me that our biometric insurance physicals are coming up. The CEO is on a huge health kick all of a sudden, and we used to be able to just get a physical from the doctor or clinic of our choice. This year, they're bringing in people to do the physicals here. Apparently they'll be testing our BMI, cholesterol, blood-glucose, and tobacco and drug usage. Drug users are terminated, tobacco users have to pay double insurance premiums. Hopefully if I quit smoking literally today, it'll be cleared out of my system by the end of July and I'll still be able to afford my health insurance
|
# ? May 21, 2014 20:39 |
|
larchesdanrew posted:I keep seeing the word biometric, and it's just reminding me that our biometric insurance physicals are coming up. The CEO is on a huge health kick all of a sudden, and we used to be able to just get a physical from the doctor or clinic of our choice. This year, they're bringing in people to do the physicals here. Apparently they'll be testing our BMI, cholesterol, blood-glucose, and tobacco and drug usage. Drug users are terminated, tobacco users have to pay double insurance premiums. Hopefully if I quit smoking literally today, it'll be cleared out of my system by the end of July and I'll still be able to afford my health insurance What. The. gently caress.
|
# ? May 21, 2014 20:44 |
|
larchesdanrew posted:I keep seeing the word biometric, and it's just reminding me that our biometric insurance physicals are coming up. The CEO is on a huge health kick all of a sudden, and we used to be able to just get a physical from the doctor or clinic of our choice. This year, they're bringing in people to do the physicals here. Apparently they'll be testing our BMI, cholesterol, blood-glucose, and tobacco and drug usage. Drug users are terminated, tobacco users have to pay double insurance premiums. Hopefully if I quit smoking literally today, it'll be cleared out of my system by the end of July and I'll still be able to afford my health insurance I recommend a polite, "No thank you" to this offering.
|
# ? May 21, 2014 20:49 |
|
larchesdanrew posted:I keep seeing the word biometric, and it's just reminding me that our biometric insurance physicals are coming up. The CEO is on a huge health kick all of a sudden, and we used to be able to just get a physical from the doctor or clinic of our choice. This year, they're bringing in people to do the physicals here. Apparently they'll be testing our BMI, cholesterol, blood-glucose, and tobacco and drug usage. Drug users are terminated, tobacco users have to pay double insurance premiums. Hopefully if I quit smoking literally today, it'll be cleared out of my system by the end of July and I'll still be able to afford my health insurance Habitual tobacco takes about a month to clear out, don't use nicotine replacement therapy like the patch or the gum because that will show up as if you were smoking. You have to do it cold turkey. I wonder if you enter a smoking cessation program if they can touch your rates, as actively seeking treatment for addiction grants protection from retaliation based on said addiction treatment. JohnnyCanuck posted:What. Indeed. I'm more annoyed by BMI measurement as that's a massive shitheap of a metric. Before submitting any information regarding your physical, you could always be a dick and insist on seeing the HIPPA compliance need and followthrough for storage of all physical related information. cholesterol and glucose levels are protected (though drug test results aren't)
|
# ? May 21, 2014 20:52 |
|
|
# ? May 16, 2024 06:20 |
|
larchesdanrew posted:I keep seeing the word biometric, and it's just reminding me that our biometric insurance physicals are coming up. The CEO is on a huge health kick all of a sudden, and we used to be able to just get a physical from the doctor or clinic of our choice. This year, they're bringing in people to do the physicals here. Apparently they'll be testing our BMI, cholesterol, blood-glucose, and tobacco and drug usage. Drug users are terminated, tobacco users have to pay double insurance premiums. Hopefully if I quit smoking literally today, it'll be cleared out of my system by the end of July and I'll still be able to afford my health insurance Wow gently caress that.
|
# ? May 21, 2014 21:05 |