|
Choroid wrote: Steve thanks for the information in the reply No prob
Choroid wrote: Google's making changes on a daily bases while they are testing this new feature I like how Google works. They're bold when it comes to experimenting with such a myriad of things. Choroid wrote: CD What's CD? Does that stand for something?Choroid wrote: Lot of info about Google's/YouTube's cross-origin-resource-sharing policy I bet there is. Reading the Terms of Service on YouTube alone would take a month. I don't want to know anything about their CORS policy. It scares me.
One thing I learned about Google is that by default, they disallow google.com from being placed within an iFrame located on a different origin. That makes sense.
Upon inspecting the iFrame, you will see a message sent by Google in response to the iFrame's HTTP request headers. The message says something along the lines of: This page can't be loaded. No request header value for "Some-Google-Header-X" was sent in the HTTP GET request. I forget the name of that header, but I bet if you found out how to get a valid code for that header, it just might work.
Make a simple HTML page and write an iFrame element within the body. Set the iFrame's "src" attribute to "https://google.com". Open the HTML page in a browser. The iFrame will fail to load. Hit Ctrl + Shift + I (in Chrome) to view the devtools/console panel. Take a look at the response header for the iFrame. It should specify the name of the header required in order for Google.com to load within the iFrame. Do a Google search using that header's name and you just might find something to address the problem. That would be my next try.
|
|
|
|
|
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^]
Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things:
1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination.
2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Very interesting picture. Any four consecutive digits appear to be highly used.
|
|
|
|
|
Yeah - it's surprising how much human beings can skew what you might assume was pretty random data!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
We're all a bunch of skew be do's.
These numbers are interesting (7410, 7942, 8520) since they don't seem to follow any pattern.
|
|
|
|
|
No pattern? 7410 goes down one side of a standard keypad, while 8520 goes down the middle.
|
|
|
|
|
Totally missed that. Thanks!
|
|
|
|
|
I was looking at physical distances between keys and I see that in most cases where each value is far from the next value they tend to be "more rare".
Or, stated another way, "if your finger is already there, you probably pick something closeby".
If you typed a 2 you probably type a 1 or 3 or maybe 5 next. The physical layout of the keypad does a lot to "force" certain combinations, I think.
|
|
|
|
|
That's what I get for responding to a stale screen and not updating before I post. Wasn't trying to steal thunder or anything.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
7410 is down the left hand side of the number keys pad of a full size keyboard. 8520 is the middle, it gets zero too since the zero key is usually a double width key.
No idea about the 7942 though.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
I’m begging you for the benefit of everyone, don’t be STUPID.
|
|
|
|
|
This message has been flagged as potential spam and is awaiting moderation
|
|
|
|
|
Banks (in India, most probably elsewhere too) block the login after three incorrect PIN entries (to unlock which the customer has to complete some formalities after visiting a bank branch). So, the customer has at least some protection.
|
|
|
|
|
In Switzerland and surely other western European countries (France for sure), PINs are 6 digits, also with a three-try limit, after which the card is swallowed (in an ATM) and simply blocked until the bank issues another PIN or even a new card.
|
|
|
|
|
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
|
|
|
|
|
They are not necessarily safer, just a lot more convenient.
I think the banking industry (where PIN are used a lot ) weighted the pros and cons of 4 or 5 digits PIN and decided that there is a risk, but it's manageable.
Also, I can't imagine having an ATM with a full keyboard and my dad trying to enter his password.
CI/CD = Continuous Impediment/Continuous Despair
|
|
|
|
|
Your pasword must contain ...[^]
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Sanskrit, Cyrillic, Latin, Chinese, and Arabic characters should be enough for everyone!
FYI, you'd be amazed at how hard it is for most applications/websites/passwords to deal with 2 different sets of alphabets.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
obermd wrote: I have yet to understand how PIN numbers are more secure than passwords.
It is most likely a numeric pin and not a password because manufacturing and maintaining a numeric keypad ATM machine is far more economical than producing one with a full fledged QWERTY keyboard. It almost always comes down to the costs.
|
|
|
|
|
obermd wrote:
I have yet to understand how PIN numbers are more secure than passwords. Face it, there are only 10,000 combinations, yet even an alphabetic, case insensitive, PIN would have 456,976 combinations. I would expect being able to brute force a pin number, regardless of length, would be easy for modern computers that can break 128-bit key based encryption systems in hours.
I wondered that too for a long while. If you dig into the various places where PINs are used, you will find that anywhere a PIN is used, there is strong protection behind it to back it up.
PINs generally have very strong limitations on how many times you can get them wrong (i.e. 3 times) -- because failure lockout reset can be controlled externally by more secure methods (2FA, MFA, big brother style behavior pattern matching, etc.)
Offline attacks toward a PIN tend not to work because the PIN is not the primary secret. So the use limitation of the PIN protects the use of the much stronger public/private key encryption which protects the actual data you wish to protect.
Credit/debit cards have those cryptography chips now -- those hold the public/private key encryption, locked into read-only memory in nanometer scale size, and the PIN protects the use of that strong encryption, any funny business using it -- and that strong encryption becomes invalid -- it's new card time.
|
|
|
|
|
OriginalGriff wrote: 1234
"That's amazing. I've got the same combination on my luggage."
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
"I've lost the bleeps. I've lost the creeps. And I've lost the sweeps."
|
|
|
|
|
"How many assholes have we got on this ship anyway?"
YO!
Software Zen: delete this;
|
|
|
|
|
"I am your father's brother's, nephew's, cousin's, former roomate."
"What does that make us?"
"Absolutely nothing."
|
|
|
|
|
I use the last 4 digits of old phone numbers I've had, like from my childhood.
I'm not likely to forget them, and good luck tying them to me.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
honey the codewitch wrote: good luck tying them to me.
My phone number (number*s*, now that I've joined the club and carry a phone) has had the same last 4 digits for my entire life...
If I used that as my PIN, anyone who knows my phone number would have a pretty good chance at guessing it.
|
|
|
|
|