Post by Locutus deBorg on Feb 23, 2016 12:38:53 GMT -6
Google Log in page Epic security failure !
I don't know what clown(s) there developed this I know it's been out for a while but I've managed to avoid it for a long time as the previous style log in page would be presented to me as I have all google domains disable / denied in NoScript
however, they seem to be rolling this out more aggressively and it's a failure of epic proportions:
what's the problem with the new log in page
it reveals whether or not an email address exists and if the email address is "recognized" by the login window
displaying an in use address openly in the log in window before a password is even attempted that's a security failure
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
It really doesn't matter too much which logon dialog you use; the bigger issue is that a hacker could use the compromised one. What annoys me the most about the new Google login page is that logging in is now a two-step process. Previously, Firefox would automatically fill in the email address and password, and all I'd have to do was click the [Sign in] button. Now I have to click [Next] and then click [Sign in]. Security-wise, there's not much difference; a hacker could fish for valid email addresses with the old system by using the [Create account] button and checking for email address availability.
Microsoft, is Windows 10 the best you could do? Really? After promising to listen to our feedback, what a letdown!
Post by Locutus deBorg on Feb 24, 2016 1:04:26 GMT -6
at least with this login dialog an invalid / unrecognized / unassigned email address didn't matter and valid / assigned email addresses was never shown when the password or email address was incorrect it simply stated that the email or password was invalid / incorrect
I never allow my browsers to store anything at all, no logins no passwords no downloads no cookies no flash cookies AKA LSO Super cookies : Better Privacy Firefox addon nukes 'em etc.
which is also why I'll never use IE for anything because it can't be 100% cleaned on exit the only version of IE I do anything with is IE6 on XP / Win2K and that's just to browse the local file system with the system account I do it that way so 100% of indexing attributes can be removed from all files & folders on the entire C:\ with the properties dialog
with Firefox I have to leave site settings alone or the S&D immunizations vanish and must be reapplied but occasionally I'll dump that as well and reapply the immunizations
Was on the phone with a friend and we dicked around for about 20 minutes seeing what funny email addresses were assigned eg. derfuhrer is assigned meinfuhrer is assigned meinkamph is assigned jumpinthelake is assigned etc.
would never have been able to do this with the above dialog. before the new dialog you had to actually attempt to send an email to an address to find out if it existed now they tell us with no more effort other than a bit of typing
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
Someone probably said "two stage authentication is better than one", and small-minded managers ran with it. Oversimplification will be the end of rationality in a world where details matter.
It seems to me that the most significant security issue here is that people would even consider creating a Google account in the first place.
Okay, maybe that's a bit extreme, but you have to admit it's hard for your cloud account to be compromised if you don't have one.
"Just say no."
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Locutus deBorg on Feb 25, 2016 1:19:54 GMT -6
you can create a yahu, joogle, etc. account with entirely fictitious info, always use browser to access it, and never keep browser history
but having your own domain and email address(es) on that domain requires using real PII data and that real PII data is accessible by anyone who wants to look for it
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
<Rick> Good video. It's almost hard to believe that at one time Windows 98 was the resource hog, but even then, it still ran circles around what Windows 10 can do on today's modern hardware and look a heck of alot better doing it.
May 25, 2021 22:55:12 GMT -6
<Rick> As stated elsewhere, So much for the launch of Windows 11, "The Great Crash." Myself, I had a hard time getting into the site listed above, when I did get in, the video was partly done and then it crashed. There has been many other reports of crashing.
Jun 24, 2021 9:52:33 GMT -6
*
<Rick> I see Microsoft has been very quick to pull down reports of site crashing regarding the Launch of Windows 11 on the Microsoft Insiders forum.
Jun 24, 2021 9:57:31 GMT -6
*
<Rick> The rebroadcast is working okay.
Jun 24, 2021 11:00:25 GMT -6
<Rick> With reports of people being able to install the dev-edition of Windows 11 on machines not meeting spec, I thought I would give it a what-the-heck try. Lucky me, I'm caught in the downloading, doesn't meet spec, clearing, re-downloading loop on my machine!
Jul 2, 2021 7:08:46 GMT -6
<Rick> I've recently purchased a license for ArcaOS from www.arcanoae.com/ to play with. First impressions, it's still OS/2, but it now has a Linux twist to it.
Jul 2, 2021 7:32:53 GMT -6
*
<dozrguy> laptop shit out and am stuck buying a new one. os win11 as fucked as win10 was?
Oct 2, 2021 12:56:10 GMT -6
<Rick> Let's see ..., my impression of Windows 11 is that it is a spruced up version of Windows 10 requiring a 64-bit processor plus a piece of security hardware that is less than 4 years old in order for it to run.
Oct 4, 2021 18:25:49 GMT -6
*
<Rick> On the plus side, Microsoft is supposed to be supporting Windows 10 for some time to come for those of us still using systems with I7 or older processors.
Oct 4, 2021 18:44:35 GMT -6
*
<dozrguy> i tried installing win10 om the 'shitout' pc this morning usung media creation. EPIC FAIL! went into an endless bootloop. win7 reinstalled just fine
Oct 21, 2021 11:23:38 GMT -6
<dozrguy> STILL so much bullshit and so little time for the kiddie ideas from the hill. My new laptop (MSI GE 11-UH461) would be an awesome "10" machine but because of Winblows I can only give it a "2"......wasted $3500
Oct 27, 2021 9:36:47 GMT -6
<Rick> Hello. Just checking in.
Mar 17, 2022 10:46:54 GMT -6
<isidroco> Each new w10 update adds >100000 useless files to \Windows\Servicing\LCU\Package_for_RollupFix... folders. Even in a SSD takes time to delete that stuff. In each version they manage to worsen stuff.
Mar 27, 2022 16:14:51 GMT -6
*
<dozerguy> still traffic here?
Oct 9, 2022 17:32:44 GMT -6
<Rick> No, there does not seem to be very much traffic these days. I still check in from time to time.
Oct 9, 2022 20:08:58 GMT -6