 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
clipka <ano### [at] anonymous org> wrote:
> Am 25.12.2013 13:39, schrieb Warp:
> > clipka <ano### [at] anonymousorg> wrote:
> >> What bank uses a sheet of single-use codes and thinks that it's safe?
> >
> > Well, much safer than a fixed password.
> >
> > You can't do anything with the sheet alone if you don't have the user's ID.
> > Granted, it's not impossible to acquire both, but if you don't store your
> > ID anywhere and instead have it memorized, it becomes difficult. (Basically
> > they would need to install some spyware in the computer you are using in
> > order to get the ID, and then physically steal the passcode sheet. Not
> > impossible, but not likely to happen.)
> Just two words:
> (1) Phising.
> (2) Man-in-the-middle attack.
Does not help to get the physical code sheet.
> (A) Each time you submit a transaction via browser, you get a
> transaction-specific authorization code via SMS to your mobile phone,
> including some essentials of the transaction (like the amount of money
> transferred, and the target bank account) to make sure that you and the
> bank are talking about the same deal.
I suppose SMS verification would add an additional layer of security.
> (B) You get a code generator from your bank. Typically this would be a
> combination of a bank card with a built-in chip, plus a card reader with
> a built-in display to make sure that the code is generated from the
> transaction details you desire.
How exactly is this different from a sheet of one-use codes?
(Except, you know, the obvious: That method requires you to connect
a special device and software to your computer and configure it
appropriately.)
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Am 26.12.2013 01:23, schrieb Warp:
> clipka <ano### [at] anonymousorg> wrote:
>> Am 25.12.2013 13:39, schrieb Warp:
>>> clipka <ano### [at] anonymousorg> wrote:
>>>> What bank uses a sheet of single-use codes and thinks that it's safe?
>>>
>>> Well, much safer than a fixed password.
>>>
>>> You can't do anything with the sheet alone if you don't have the user's ID.
>>> Granted, it's not impossible to acquire both, but if you don't store your
>>> ID anywhere and instead have it memorized, it becomes difficult. (Basically
>>> they would need to install some spyware in the computer you are using in
>>> order to get the ID, and then physically steal the passcode sheet. Not
>>> impossible, but not likely to happen.)
>
>> Just two words:
>
>> (1) Phising.
>
>> (2) Man-in-the-middle attack.
>
> Does not help to get the physical code sheet.
Does not /need/ to get the physical code sheet. If someone can get in
between your screen and the online banking portal, they can tamper with
the transaction details to transfer an entirely different amount of
money to an entirely different target bank account.
Note that HTTPS only protects the network transmissions, not your
browser output.
>> (B) You get a code generator from your bank. Typically this would be a
>> combination of a bank card with a built-in chip, plus a card reader with
>> a built-in display to make sure that the code is generated from the
>> transaction details you desire.
>
> How exactly is this different from a sheet of one-use codes?
> (Except, you know, the obvious: That method requires you to connect
> a special device and software to your computer and configure it
> appropriately.)
As the code is now generated from the transaction details, tampering
with them is much less attractive for an attacker: If they hide any
changes from the code generator, the code won't be valid for the
modified transaction. If they pass the changes to the code generator, a
cautious user will notice that the details have been tampered with
(provided of course that the code generator has an inbuilt display on
which it shows the transaction details before spitting out the code, and
it provides no attack vector between that display and the actual
cryptographic engine).
As for "the obvious", that's actually a no-issue: The stand-alone device
I mentioned does not need any software on your PC, and the only
"configuration" required is a one-time calibration for your display
size; from then on, use is as simple as holding the device's light
sensor array against a flickering animation displayed in your browser.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 24/12/2013 11:03, Orchid Win7 v1 nous fit lire :
> On 24/12/2013 08:18 AM, scott wrote:
>
>> Do you want GFLOPS or FPS?
>
> As well as that, I'm going to try to get CUDA to work again. I've got a
> few bits of software which *claim* to use your GPU to do compute-heavy
> work much faster. If only any of them actually *worked*...
The only cuda I ever saw in use is in boinc projects.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
lol
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 12/23/2013 03:41 PM, Warp wrote:
> Orchid Win7 v1 <voi### [at] devnull> wrote:
>> yet, it produces 2,200 GFLOPS (and has twice the RAM).
>
> It's not the size that matters. It's how you use it.
>
said by someone with a small graphics card? lol could /not/ resist that!!!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> I've just run one of my machines in VGA mode; OMG, what a difference.
>
> I especially enjoy how my monitor correctly displays the image, but
> utterly fails to compensate for the radically different aspect ratio...
>
>> Hope it's all fixed before Xmas.
>
> Are you kidding me? Chances of stuff getting delivered before Christmas
> are almost zero now, I would think...
Are there no computer parts stores in the UK?
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> On 22/12/2013 04:35 PM, Orchid Win7 v1 wrote:
>> Time to buy a new graphics card... :-(
>
> ...of course, the thing about buying a graphics card is, how much do you
> want to spend?
>
> the same thing as I had before. But with slightly more RAM.
>
> What exactly is the significance of the amount of on-board RAM? I
> realise it's used for holding texture data, but what happens if the data
> doesn't all fit? Does the program just point-blank refuse to work, or
> does it merely cause a reduction in performance?
I guess it depends on the game. some games will refuse to work at max
resolution, or with full textures and effects if they feel the HW won't
support it), others will plod along until something goes horribly (or
hilariously) wrong. I remember playing a shoot-em up game where
sometimes, tanks or jeeps would show up as bright pink because the
texture wouldn't fit in ram. (ex: in a field, tank is properly
rendered, because grass texture takes almost no room. In a city, the
building and rubble textures already fill up the card's ram, so when the
panzers roll in, OOPS, they're pink!)
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Am 25.12.2013 13:39, schrieb Warp:
>> clipka <ano### [at] anonymousorg> wrote:
>>> What bank uses a sheet of single-use codes and thinks that it's safe?
>>
>> Well, much safer than a fixed password.
>>
>> You can't do anything with the sheet alone if you don't have the
>> user's ID.
>> Granted, it's not impossible to acquire both, but if you don't store your
>> ID anywhere and instead have it memorized, it becomes difficult.
>> (Basically
>> they would need to install some spyware in the computer you are using in
>> order to get the ID, and then physically steal the passcode sheet. Not
>> impossible, but not likely to happen.)
>
> Just two words:
>
> (1) Phising.
>
> (2) Man-in-the-middle attack.
>
>>> Over here in Germany we're past that age. Codes dynamically generated
>>> from transaction details it is for us.
>>
>> How does that even work?
>
> There are two variants in use:
>
> (A) Each time you submit a transaction via browser, you get a
> transaction-specific authorization code via SMS to your mobile phone,
> including some essentials of the transaction (like the amount of money
> transferred, and the target bank account) to make sure that you and the
> bank are talking about the same deal.
So I now need to have a separate cell-phone contract just to be allowed
to pay my bills online?
I have a company-issued cell phone, and my employer allows me to make a
limited number of personal phone call per month, e.g. to let my family
know I'll be late for dinner, etc..., but I don't think they'd like it
If I started letting my bank send me confirmation requests to it.
Also, we lead a very boring life, so there not enough people outside of
work who need to reach us to justify having a personal cell phone on top
of our land line.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
lol
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Why so obsessed with Nvidia? B uy the latest ATI graphics cards, great
performance, maybe a little better than Nvidia and less expensive.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
