Mxx's discussions
Explore our other sites
  • kotaku
  • quartz
  • theroot
  • theinventory
    Mxx's discussions
    mxxcon
    Mxx
    mxxcon
    PostsDiscussionsSaved ArticlesFollowers (0)Following (0)

    Vote: about:blank

    @p1k0: actually, i'd love to see a white-hat security audit of LastPass. It still feels like a black box to me. Not being open-source and not knowing whats going on their servers, it's a bit unnerving..

    @gameguy15: one thing is that KeePass is potentially more secure. for example, you can encrypt your KeePass database in such a way that it will require literally 5 seconds of cpu time to decrypt it, and there is no way around that. so if somebody manages to get your database file and tries to brute-force it, each and

    @B_Dizz: kinda neat, but extremely insecure. Excel's password protection is not secure. it is not computationally expensive and does not prevent brute-forcing. Tools like KeePass actually use cryptographically proven algorithms and have special means to prevent brute-forcing. just look at this page [keepass.info]

    VOTE: KeePass

    @sunnydayz: that's an interesting project but it only works if you are not attentive enough to notice that are you on a non-https site or your ssl cert is for [ijjk.com] instead of [paypal.com]

    @Cordfucious of Tech Clan: but during the original setup you have to supply your login to mint/yodlee. with xauth you wouldn't have to supply your bank login to anybody but your bank.

    @Ustler: what you can do is you can educate users to understand the difference between a real cert and a faked one. you can educate users to understand that the presence of ssl cert doesn't make it all clear.

    @Ustler: on that topic, i think Lifehacker should publish an article covering all the relevant aspects of SSL. educte users what self-signed it, how the whole signing process works, how to check if the site you visit has a legitimate cert, etc etc.

    @Jason_Owens you are a bit overestimating vulnerability of using open wifi hostspots.

    @CasualSubversive: even on open wifi your mint info is protected since all logged in traffic is handled over SSL-encrypted session.

    @DaveyNC: this is why [Mint.com] and financial institutions MUST implement XAuth(or similar) protocol ASAP! it allows one site to get authorized data on your behalf, without you having to give up passwords to those sites. and you have control to determine if it's read/read-write/modify/delete, and at any moment you

    @Midnite1: i strongly disagree that NOD32 has "the most" false positives. NOD32 is very accurate, one of the best engines there is. but it is not "the least" and not "the most" accurate.

    VOTE: Last.FM

    @strabes: it is somewhat of a two-edged sword. you don't get iphone-specific sites(which in many cases have less functionality), but at the same time you get a full desktop version optimized for mobile device.