On 2 January 2012 03:01, ianG i...@iang.org wrote:
When I was a rough raw teenager doing this, I needed around 2 weeks to
pick up 5 letters from someone typing like he was electrified. The other 3
were crunched in 4 hours on a vax780.
how many samples? (distinct shoulder surf events)
Bernie Cosell ber...@fantasyfarm.com writes:
On 31 Dec 2011 at 15:30, Steven Bellovin wrote:
Yes, ideally people would have a separate, strong password, changed
regularly for every site.
This is the very question I was asking: *WHY* changed regularly? What
threat/vulnerability is
Hi All,
I was reading CAPTCHA: Using Hard AI Problems For Security by Ahn,
Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
I understand how recognition is easy for humans and hard for computer
programs. Where is the leap made that CAPTCHA is a [sufficient?]
security device to
On 01/02/2012 06:58 PM, Jeffrey Walton wrote:
I was reading CAPTCHA: Using Hard AI Problems For Security by Ahn,
Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf).
I understand how recognition is easy for humans and hard for computer
programs.
But is that really true?
My
On Mon, Jan 02, 2012 at 08:03:07PM +0100, Marcus Brinkmann wrote:
Computer programs today are limited by attention of experts (programmers,
researchers). What does hard for computer programs actually mean then? Is
there a theoretical boundary that limits the abilities of computer programs to
The reason I ask is Wiseguy Tickets Inc and their gaming of
Ticketmaster's CAPTCHA system to buy tickets [1]. Eventually, Wiseguy
Tickets was indicted, and the indictment included a an assertion,
[Wiseguy Tickets Inc] defeated online ticket vendors' security
mechanisms [2]. I'm not convinced
On 2012-01-02, Marcus Brinkmann wrote:
My personal experience with CAPTCHAs is that they are increasingly
hard to decipher for humans. Has the scale already tipped over in
favor of computer programs?
On this one I'm not ready to take any sides, but I'd like to remind you,
too, that a given
Would a security system that does not model a human attacker really
qualify as a security system?
If it's man-controlled it certainly does, like a ballistic missile blocking
device is also security/safety.
In real life security is also an analog kind of thing. Something becomes
more secure.
I'd like to add to this conversation, as a side note, that a new type of
security has (fairly) recently emerged: legal security. It's illegal to
break in, so we don't need security. Quite common in convenience stores,
people's homes and now, the Internet. Some will find that this sort of
security
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them.
We've had someone talk on-list about a significant amount of failed remote
ssh login attempts.
From: lodewijk andré de la porte lodewijka...@gmail.com
I'd like to add to this conversation, as a side note, that a new type of
security has (fairly) recently emerged: legal security. It's illegal to
break in, so we don't need security. Quite common in convenience stores,
people's homes and
My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
self-checkouts.
Anyone so inclined could walk in, load up a cart, walk up to a
self-checkout, check maybe half the items in the cart, pay for them and
leave, with no one the wiser until the physical inventory didn't
On 3/01/12 09:06 AM, lodewijk andré de la porte wrote:
I'd like to add to this conversation, as a side note, that a new type
of security has (fairly) recently emerged: legal security. It's
illegal to break in, so we don't need security.
Right. But it needs to be a break in, not a trespass.
On Mon, Jan 2, 2012 at 4:25 PM, Randall Webmail rv...@insightbb.com wrote:
My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
self-checkouts.
[...]
Wal*Mart is not stupid. They know full well that a certain percent of
shoppers will indeed walk out with a certain
On 2012/1/2 lodewijk andré de la porte lodewijka...@gmail.com:
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them.
This may make sense in specific
On Sun, Jan 01, 2012 at 03:16:39AM -, John Levine wrote:
Well, on more than a few occasions, I've observed cases
where users have accidentally entered their password into the
username field (either alone, or with the username preprended).
Of course, the login attempt fails and, more to
On Mon, Jan 2, 2012 at 7:12 PM, Craig B Agricola cr...@theagricolas.org wrote:
On Sun, Jan 01, 2012 at 03:16:39AM -, John Levine wrote:
Where's this log? Wherever it is, it's on a system that also has their
actual password.
If I wanted to reverse engineer passwords, this doesn't strike
On Mon, 2 Jan 2012, lodewijk andr?? de la porte wrote:
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them.
We've had someone talk on-list about a
Ticket sellers and scalpers have been been fighting since long before
there was an Internet.
To do much better than slow down the scalpers Ticketmaster would have
to either do a lot of work (with payments system providers' help) to
ensure that payments are not anonymous and that the there is one
On Mon, Jan 02, 2012 at 09:40:36PM -0500, Jonathan Katz wrote:
Say passwords are chosen uniformly from a space of size N. If you never
change your password, then an adversary is guaranteed to guess your
password in N attempts, and in expectation guesses your password in N/2
attempts.
If
On Mon, Jan 2, 2012 at 9:08 PM, John Levine jo...@iecc.com wrote:
[...]. One of the advantages of having a working legal system is so
that we can live reasonable lives with $20 locks in our doors, rather
than all having to spend thousands to armor all the doors and windows,
like they do in
On Mon, 3 Jan 2012, John Levine wrote:
Scalping can be very profitable, with markups of $100 per ticket not
unsusual, so if I were a scalper, I'd have a network of web proxies,
to make it hard to tell that they're all me, a farm of human CAPTCHA
breakers in Asia who cost maybe 5c per CAPTCHA,
Randall Webmail rv...@insightbb.com writes:
My neighborhood Wal*Mart has pretty much eliminated cashiers in favor of
self-checkouts.
Anyone so inclined could walk in, load up a cart, walk up to a self-checkout,
check maybe half the items in the cart, pay for them and leave, with no one
the wiser
=?UTF-8?Q?lodewijk_andr=C3=A9_de_la_porte?= lodewijka...@gmail.com writes:
Our cozy dutch supermarkets are trying self-checkout systems themselves. They
sometimes check carts with what's scanned. My dad's theory was that people
are so afraid to have forgotten that they'd most likely scan their
From: Peter Gutmann pgut...@cs.auckland.ac.nz
To: cryptography@randombit.net, rv...@insightbb.com
Sent: Tue, 03 Jan 2012 01:51:26 -0500 (EST)
Subject: Re: [cryptography] CAPTCHA as a Security System?
Randall Webmail rv...@insightbb.com writes:
My neighborhood Wal*Mart has pretty much eliminated
On Tue, Jan 03, 2012 at 01:57:10AM -0500, Randall Webmail wrote:
There is one girl (and it is always a girl) who is at the control center.
She comes to the checkout station to override the system when the shopper
scans beer. No one watches to see if you scan every item in your cart.
From: Thor Lancelot Simon t...@panix.com
To: Randall Webmail rv...@insightbb.com
Cc: Crypto List cryptography@randombit.net
Sent: Tue, 03 Jan 2012 01:58:46 -0500 (EST)
Subject: Re: [cryptography] CAPTCHA as a Security System?
On Tue, Jan 03, 2012 at 01:57:10AM -0500, Randall Webmail wrote:
27 matches
Mail list logo