Typical Fed exuberance...pay twice as much for something that you can find in the private sector for half price.
The extra cost pays for the USPS black programs in the name of national security
Typical Fed exuberance...pay twice as much for something that you can find in the private sector for half price.
The extra cost pays for the USPS black programs in the name of national security
It's very real. Lifelock is pointless. It only monitors for fraud and does nothing to correct any damage done unless you prove to them, most likely in court on your dime, that the damage was due to a "defect in their service". It is spelled out in their terms of service. You should contact Experian, Equifax, and Transunion immediately to put a credit freeze on your credit reports. Beware of the fraud alert option because it expires every 90 days and technically is only valid if you demonstrate fraud with documentation (i.e. police report). You should also buy identity theft insurance, not to be confused with credit monitoring services, so that somebody else takes care of and pays for repairing your identity records and credit reports if your identity is stolen.
I got a pile of them. Every time I go on a trip of a week or more they hold my mail at the Post Office and when I get back, they give me one of those across the counter. My guess is the Licensing Division gets them by the gross every time the mail gets dumped on them.
We got enough to focus on without bringing up odd bits.
FWIW, the post office didn't want them back and they are great to store odd junk in. Tougher than they look. I have seen people use them as planter boxes for strawberries. Never rot.
Actually SHA can and is used as a one way encryption function to hide plaintext passwords in storage. (much like how LM hashes of passwords on older windows systems)
It's the impetus for a rainbow table.
We Know PW were sent in clear. The end.
If you want to be technical SHA does not encrypt as it is not reversible and no passwords are stored anywhere.
Hence "one way function" as I described....as I said that is the impetus for a rainbow table which matches the produced hashes with plaintext input....so yes if the hashes are stored (without a salt) they can be "broken" using most of the online tables (there are petabytes of them online). The term encryption and hashing as so fudged up that security industry even sometimes interchanges the terms (right or wrong).
Sorry to belay this point....hashes ARE USED to authenticate users in certain OS's when the plaintext passwords are not TRANSMITTED over the wire. The client enters a pass on the workstation, it get's hashed and MATCHED to the hashes stored on the OS...the HASH becomes the defacto password (even though it's NOT the password and only a cryptographic representation of the password)
and yes....in the 7rr case....the passwordswere going over in the clear.
The singular username and password used by all of the data entry people was being sent in the clear.
Sorry to belay this point....hashes ARE USED to authenticate users in certain OS's when the plaintext passwords are not TRANSMITTED over the wire. The client enters a pass on the workstation, it get's hashed and MATCHED to the hashes stored on the OS...the HASH becomes the defacto password (even though it's NOT the password and only a cryptographic representation of the password)
and yes....in the 7rr case....the passwords were going over in the clear.
Guess what we know that. Really we do.
The public need to hear a simple message " the passwords were not protected at all"
They do not need to hear " there is a controversy about the way the passwords are protected.".
So if you are here to help KISS if you here to cover up firvthe administration by confusing the lay press and the public -- good job..
If you are trying to impress somebody--- its not working really.
Please don't insinuate that I'm here to muddle anything for the administration. That's pretty low.
Fair enough. But the effect on the lay press will be the same. Personally I do no think you are doing intentionally this is why I put it second. There is a time for nuanced tech discussions and there is a time to be so direct that even the Sun can figure it out.
I do appoligise if I offended you. It was more of a counter factual suggestion and a way of sending a message to the sun that no honest reporter could miss the message " the passwords were not protracted at all"
I hope we are good, you were not the target of my sarcasm. sorry.
Besides... facebook's security is vastly better than what's being described here.