Monday, August 11, 2014

Last Call For The Keys To The Kingdom

As an IT professional I can attest to the conclusions in this Wired article on passwords.  They're not very secure for two big reasons: one, they're not random enough (and cracking software has gotten very good at guessing) and two, it's a lot easier to just steal all the passwords at once from the server because they're not encrypted.

Here’s an example: some systems force you to chose an eight-character password, using capital letters, numbers and at least one number. That sounds pretty secure, but it’s not. The word P@ssw0rd fits these criteria and password cracking tools such as JohntheRipper or hashcat will guess it in minutes. That’s because they use something called “mangling rules” which take dictionary words and substitute letters such as a for @ or s for $. 
“The cracking software that’s out there has known about all of these tricks for more than a decade,” says Herley. “A lot of the password completion policies don’t push people toward randomness and things that will pass 10^14 guesses, they push people toward predictable strategies that will not.” 
Try out enough password-strength checkers, and you’ll get the impression that more is always better when it comes to password. But that’s not really the case, Herley says. Randomness is the key. But the problem—and it’s a near-fatal one—is that humans are really, really bad at generating random passwords. So maybe we should just expect our passwords to suck, and concentrate on protecting accounts in other ways–like with two-factor authentication, where you have to use a password in tandem with something like a fingerprint, a text message, or a random number generated on a device you lug around.

Two-factor authentication should really be standard by now, but it's not.  It's too inconvenient and costly to implement it for all users across an entire system about 99% of the time.  That's not going to change until the costs of not having enforced two-factor authentication for all users (like hackers stealing account info and the lost business it causes) exceed the costs of implementing it.

It's getting to that point for Apple and Google now.  They offer it and really should make it standard.  You'll see more and more companies going to two-factor authentication and soon as losses from password hacking and "social engineering" mount into the billions.

The counter-argument is that no system can ever be 100% secure as long as people have to access it and it has access to the internet, so there does have to be a limit on it.  But I'm betting sometime soon your IT department will be rolling out two-factor authentication, and not just for remote users.

When Liberals Don't Vote In Midterms...

...Democrats run like Republicans to capture the conservative voters that do show up.  That's the lesson of 2010 that Democrats are putting into play in 2014. 

Faced with a treacherous political environment, many Democrats are trotting out campaign ads that call for balanced budgets, tax cuts and other more traditionally GOP positions. Some of them are running in congressional districts that just two years ago broke sharply for President Barack Obama. 
The Republican-flavored ads provide an early glimpse of how Democrats will wage their 2014 campaign. Democrats, hampered by Obama’s rising unpopularity and the tendency for conservatives to turn out at higher levels than liberals in midterm years, face the reality that swing congressional districts favorable to them in 2012 will be far less so in 2014.

Whether the Democrats running in those districts can survive what party strategists acknowledge is a deteriorating national political environment will largely hinge on how well they can appeal to more conservative voters. 
It’s a different kind of electorate,” said Ben Tulchin, a San Francisco-based Democratic pollster. “If you’re running in a competitive district as a Democrat in a nonpresidential year, you want to strike a more moderate tone.”

Moderate tone my ass.  Democrats are running Tea Party campaigns because Tea Partiers are the only people who regularly vote in midterms.  The rest of voters, especially liberals, stay home and complain about why there are no liberals in Congress.

Colorado Democrat Andrew Romanoff, who’s running in a district that Obama won in 2012 and 2008, has started airing a commercial that strikes a tea party theme. It highlights his record as speaker of the state House of Representatives when, he says, he helped balance the state’s budget. 
“It’s really pretty simple. You don’t buy things you can’t pay for,” Romanoff states. 
As Romanoff narrates, a graph of the nation’s soaring debt pops up on the screen. The image looks strikingly similar to one that appears in a Web video Wisconsin Rep. Paul Ryan released in 2011 to sell his controversial budget plan, though a Romanoff spokeswoman insisted that the campaign hadn’t borrowed from the former GOP vice presidential contender. 
New Hampshire Rep. Ann McLane Kuster, whose district broke for Obama by a yawning 11-percentage-point margin in 2012, is running an ad that touts her support for small-business tax cuts while showing her touring a local microbrewery. Separately, former Iowa state Sen. Staci Appel, in a district Obama won by 4 percentage points two years ago, underscores her record of fighting overspending in state government, a populist theme often heard from tea party-aligned conservatives.

So yes, because liberals stay home and don't vote, the electorate is conservative.  Democrats run as conservatives to get their votes, because conservatives are the ones voting.  We're not.

If liberals don't give a damn about voting in midterms,why should Democrats give a damn about liberals who don't vote?


State Of Destruction

The real political prize for Republicans in 2014 isn't Harry Reid's Senate majority leader chair, but dozens of state legislatures and several governor's mansions that could flip into the hands of the GOP in November, which could give them total control of a number of purple states in 2015.  If you thought things were bad at the state level before in places like Ohio, Florida, and North Carolina is total GOP control of the state, wait until places like Colorado, Iowa, and Nevada fall.

At a time when Democrats and Republicans in control of statehouses are using their authority to push through ambitious policies that by contrast highlight the paralysis in Washington, the potential for further Republican gains has raised the possibility of deepening the policy divide between red and blue states. Republicans now control 59 of the 99 partisan legislative chambers, and have complete political control — both legislative houses and the governor’s mansion — in 23 states, while Democrats control 13. The total number of states ruled by a single political party, 36, is the highest in six decades.

Officials from both parties say there are two states that the Republicans might be able to add to the list of places where they enjoy complete control — Iowa and Arkansas. (There are no similar opportunities for Democrats.) Given that, Republicans this year are also looking to pick off individual chambers as a way of increasing their negotiating ability with Democratic governors and statehouses, or to block Democrats from passing legislation.

Republicans are looking to take over senates in Colorado, Iowa, Oregon, Maine and Nevada, and houses in Kentucky, New Hampshire and West Virginia. Republicans could emerge with complete control of the legislatures in New Hampshire and Kentucky, though both of those states have Democratic governors.

That would mean that the only thing keeping Obamacare alive through Kynect in Kentucky would be Dinosaur Steve.  And if Democrats are unable to win next year when Beshear steps down, you can kiss Kynect goodbye, as Republicans here have vowed to dismantle the program if they take over.

They hope these victories will help them push through legislation that has been stymied by Democrats until now, such as pressing the kind of restrictions on labor organizing the party passed in Wisconsin, or rolling back gun laws in Colorado. In Iowa, Republicans are looking to eliminate a tax on manufacturing and enact a ban there on telemedicine abortions, where women in rural areas obtain abortion pills after videoconference consultations with faraway doctors.

Matt Walter, president of the Republican State Leadership Committee, which is spearheading the statehouse efforts, said, “The pattern is crystal-clear at this point, and Wisconsin is the best example of it: That ability to drive your agenda when you are completely in control of state government will absolutely continue to play out.”

If Republicans end up controlling two-thirds of state legislative chambers, the country is going to suffer greatly.  No matter how you feel about voting for Democrats in the Senate, you'd better get to the polls for your state legislature elections, and push that lever for the D side.

StupidiNews!