10-15-2020, 12:10 PM | #16 |
Grand Sorcerer
Posts: 5,442
Karma: 100408738
Join Date: Apr 2011
Device: pb360
|
|
10-15-2020, 12:55 PM | #17 | |
Grand Sorcerer
Posts: 27,933
Karma: 198500000
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Quote:
But all the precautions in the world might not help when someone gets their hands on hardware (either though outright theft or employee negligence) I control what I can control, and honestly don't worry a lot about the rest (except for being very particular about the number of sites that I will purchase anything from). I had an account with B&N a long, long time ago, but I've heard nothing from them about this breach. More than likely, that's because I was registered using an email address that's no longer active, and very probably using a credit card I no longer have. *shrug* |
|
Advert | |
|
10-15-2020, 01:09 PM | #18 |
Wizard
Posts: 1,814
Karma: 13416550
Join Date: Nov 2010
Device: Kobo Clara HD, iPad Pro 10", iPhone 15 Pro
|
I tried Yubikey for a while, but found it to be too annoying due to not working in all browsers, on all OSes, so I gave up on that and just use TOTP now.
I use KeePass for my password databases, with multiple databases to segregate the risk a bit if one is compromised. I sync the databases myself, and don't use browser plugins for auto-filling the fields. This works for me, though a few "security features" of some websites make it very difficult at times, for example sites that won't let you paste into the password field, or sites that accept one long password when changing your password, but then won't let you type the same password when trying to log in, or sites that say "you have to use special characters, but not that one!" meaning that I have to generate a few times to get one that'll pass, or sites that have stupidly short maximum lengths, like 8-12 characters (when NIST suggests 12 as the minimum), or even special character requirements at all, they should just require LONG passwords, without any complexity rules since complexity rules actually reduce the possible entropy and reduce the size of the search space for brute force attacks. |
10-15-2020, 01:31 PM | #19 |
Grand Sorcerer
Posts: 27,933
Karma: 198500000
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
I've not run into any snags with Yubikey yet. Of course I only ever use one browser on only 2 OSes. Plus I rarely have emergencies where I absolutely NEED to easily access all of my stuff away from the home/work environment. Also, Yubikey is typically only one of my 2FA options. If I ever run into an emergency where I need to access my stuff with uncooperative OSes/software, there's still the authenticator app backup.
|
10-18-2020, 08:07 PM | #20 |
Enthusiast
Posts: 48
Karma: 50000
Join Date: Nov 2017
Device: Nook, Kindle
|
So, more days later and a number of NOOK/BnCloud features are still not working, or working intermittently.
For example, Search on an author like "Patterson" will never complete. Synchronization still seems to be spotty. More interesting seems to be the lack of notice - if a service drops and a handful of people notice, will it ever come back? |
Advert | |
|
10-19-2020, 06:54 AM | #21 | |
Grand Sorcerer
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
|
Quote:
Doesn't speak well of Nook's relevance. As is, some folks are still waiting to hear from Daunt. Not the best example of corporate leadership. |
|
10-19-2020, 12:08 PM | #22 | |
Addict
Posts: 393
Karma: 6700000
Join Date: Jan 2012
Location: Gimel
Device: tablets
|
Quote:
Today, any self-respecting hacker worthy of the name, has a toolchain that is equal to what is available to any TLA. Defining security threats, and threat models is more important than it has been in the past. However, the starting point should be that the resources that were once exclusive to TLAs with an extremely high budget, are now available to virtually anybody who has the forwithall to utilize them. That means that one needs to assume that the CIA is the least competent threat to one's security, not the most competent. ### Rephrasing. If somebody wants to target you, they can get more data about you today, from commercial vendors, than the entire range of Five Eye Intelligence Agencies, plus the Chinese Intelligence Agencies, alongside their puppet states, plus the Russian Intelligence Agencies could have obtained about you, as recently as five years ago. If your concern is drive-by attacks, the tools used today are from nation-state TLAs. |
|
10-19-2020, 12:15 PM | #23 | |
Addict
Posts: 393
Karma: 6700000
Join Date: Jan 2012
Location: Gimel
Device: tablets
|
Quote:
The only long term result of biometric authentication, is that nothing will be authenticated, or securable. |
|
10-19-2020, 12:42 PM | #24 | |
Grand Sorcerer
Posts: 7,196
Karma: 70314280
Join Date: Dec 2006
Location: Atlanta, GA
Device: iPad Pro, iPad mini, Kobo Aura, Amazon paperwhite, Sony PRS-T2
|
Quote:
The 50's were before my time, but ever since online started, the computer security issue is the same as every day security issues, useless someone has a strong reason to go after you, you just need enough security to discourage the casual thief. So, you hide your valuables and don't leave your car door unlocked, even though someone could break out your window, or pop the lock. Unless someone has a reason to think that you have something worth stealing, as long as you have a good firewall at home and keep the firmware up to date, you don't have much to worry about. There is simply too much low hanging fruit with people who don't have firewalls or don't keep their firmware up to date. When you are using public WiFi, then VPN is a good idea. Hackers either go after targets of opportunity (i.e. totally unprotected machines at the airport, Starbucks or some such thing), or machines that might yield significant value, such as a large corporation. It's like a co-worker once commented about someone who bragged about having a gun in every room in case of home invasion. If you have to worry that much, then you live in the wrong neighborhood. People who do that sort of thing usually do it because it makes them feel good, not because it's actually needed. I've been online since the early 80's. In all that time, I've never been hacked and I've never had a virus. It's just a case of taking normal precautions and not doing something stupid. I've had firewalls since I built my own on a unix box back in the 90's (the firewall on the typical router is fine now) and I've used anti-virus since Norton was state of the art. I don't click on links in e-mails. Just simple stuff. |
|
10-19-2020, 01:25 PM | #25 | |
Bibliophagist
Posts: 39,678
Karma: 154147704
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
|
Quote:
To me, the definition of low hanging fruit was one genius who had a telco modem with two LAN ports. One of them was wired to his wireless router but he decided to plug his computer into the second LAN port bypassing the router since "I thought it would be faster". You can probably guess what happened when an unpatched Windows computer was exposed directly to the Internet. |
|
10-19-2020, 02:14 PM | #26 |
Grand Sorcerer
Posts: 27,933
Karma: 198500000
Join Date: Jan 2010
Device: Nexus 7, Kindle Fire HD
|
Hung an unused NT server directly on the internet back in the late 90s just as a test. Pretty sure someone was knocking on the door after about 20 minutes. There was a fully functional ftp server (full of warez content) operating inside of 12 hours.
|
10-19-2020, 05:20 PM | #27 | |
Grand Sorcerer
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
|
Quote:
Current biometrics are a transition phase before they get around to DNA and brainwave logins. No security is perfect. But unless you're a politician's relative, there's a limit to how far the bad buys will go to steal your credit card info. They prefer low hanging fruit like businesses that don't patch known VPN vulnerabilities for 18 months. |
|
10-19-2020, 05:25 PM | #28 | |
Grand Sorcerer
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
|
Quote:
Today it wouldn't last 12 seconds with all the robotools scanning out there. |
|
10-19-2020, 06:49 PM | #29 |
Bibliophagist
Posts: 39,678
Karma: 154147704
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos
|
|
10-19-2020, 07:08 PM | #30 |
Grand Sorcerer
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Barnes & Noble Book in my T1? | MickeyC | Sony Reader | 6 | 11-25-2014 04:43 PM |
Conflict between Barnes & Noble and Simon & Schuster continues | charmian | News | 14 | 03-24-2013 11:48 PM |
[Old Thread] Problem reading converted EPUB & PDB on Barnes & Noble eReader | webfolk | Calibre | 3 | 01-09-2012 10:08 PM |
Neo Barnes & Noble from the UK | Fith | BeBook | 5 | 04-26-2010 05:20 PM |
Barnes & Noble | mycart | Introduce Yourself | 5 | 02-03-2010 12:14 PM |