Post Feed
Comment Feed

About Me

My MP3 Player

Dream Theater - Systematic Chaos Story of the Year - Page Avenue Tool - 10,000 Days Harry Potter and the Half-Blood Prince - (audio book)

New Comments

2017 Archives

July All Archives...

Blog Archives for December 2011

Bank Website Security

Saturday, December 17th, 2011 - Comments (0) in Computers, Life

Banks can't really afford to screw around with their website security. With viruses and spyware recording keystrokes on users' computers, money can disappear from accounts in the blink of an eye. So banks need to go a few steps further than just requiring a username and password on their websites to protect accounts.

One of the banks I'm currently with used to require a username and basically two different passwords. The second one, called a security key, having to be "typed" on a virtual keyboard using the mouse. I think this was a very good technique to combat things like key-loggers and spyware.

So in an effort to keep things fresh, in November they changed how the security key works. Now instead of requiring you to click in the whole key, they ask for the characters at 3 seemingly random places in the key:

hsbc's security key question

Sure this mixes it up and I'm sure their intent was to have you type different characters each time, but I'm not sure this is an upgrade. First, instead of requiring a really long string of characters now they're down to 3. Second, my security key is rather long and intricate and trying to figure out what the 6th or 18th or 19th character is in my head is practically impossible. This forces me to write it down, which breaks the first rule of passwords: you don't write them down!

The last problem I have with this setup has to do with the data the bank stores. In order to authenticate people the bank needs to have your password stored in their system. More accurately, they should have a one-way hash of your password. So when you login they hash the password you supply and see if the resulting string matches what they have in their database. This way they don't know your password and more importantly if they were to be compromised, your password is still safe. With this new security key mechanism they either need to have your password stored in plain-text or have a hash of every possible 3 digit combination of the key. Either way it seems your password could be easily figured out if you had access to the data on their end.

Return to Quake

Saturday, December 3rd, 2011 - Comments (0) in Computers, Life

quake 2Depending on how well you know me or when we met, you might know that I used to play a game called Quake 2. This game was released back in the late nineties when I was still in high school but I didn't start playing online against other people until freshman year at college.

Back then I played mostly what is commonly called free-for-all (FFA). This is where you and a bunch of other people just try to kill each other as often and as fast as possible, there isn't any organization to it. There really isn't much skill involved in this; it's fun but mostly aim and luck. I was always pretty good at FFA, but I always wanted to be a good duel player. Playing against just one other person requires so much more skill and strategy to be successful. I didn't duel much back then because I was bad at it and didn't have the patience to slowly improve my skills.

Life happened and I stopped playing sometime around 2002, much to Rachelle's pleasure. A few months ago I looked around on Youtube for a q2 video I remember seeing a long time ago and was shocked to find that there was still a small Q2 scene going! Most of the videos on Youtube were from different seasons of EDL, the European Duel League, which currently in its 10th season. I also discovered a bunch of servers in the US hosted by that are actually somewhat active.

I really don't have a lot of time to play now with Claire and everything going on, but I do play when I can and I'm actively trying to improve my game. The biggest problem I ran into is that everyone left who is still playing has been so for years and is very good. For the most part the game is fun but when you're playing someone who destroys you 30-0, it can be hard to keep a good attitude, especially when they're not very nice about it.

This is the video that inspired me. It's basically just a highlight reel from the season 4 (2007) of the European Duel League:

I actually signed up for season 10 of EDL that is going on right now. Even though it's a European thing anyone can play, you just need to be able to play against people on the other side of the world. This presents its own challenges. I'm not kicking-ass and chewing bubblegum, but I'm neither in the lowest division nor worst in my division. I'm just looking to have fun.

Most Friday nights there is an event called King of the Hill (KOTH) where anyone can sign-up to play a little mini-tournament. Obviously you play to win, and if you win your match you play again against the next guy. The last player standing wins. It's seeded so that okay players go first and the really good guys play toward the end. This video was taken during my third match (having won the first two) against a rather good player from Europe. Even though I lost I was thrilled that I played that well. A few days later I played Jakzah again and he destroyed me 10-0. Maybe I just got lucky. I've been using the name "Claire" when playing for lack of a better one.