RefBan

Referral Banners

Monday, October 8, 2012

Your Giant Engagement Ring Looks Fucking Stupid, Jennifer Aniston


October 8th, 2012Top Story

Your Giant Engagement Ring Looks Fucking Stupid, Jennifer Aniston

By Drew Magary
Your Giant Engagement Ring Looks Fucking Stupid, Jennifer AnistonOh hey, here's a picture of Jennifer Aniston rocking a zillion-carat engagement ring that her fiance, Justin Theroux, "gave" her. Though I assume Aniston bought the ring herself six years ago and stashed it in a safety deposit box until the day she finally found a man who could properly pull off being dressed like a 1930s fighter pilot. This is a big rock. A huge rock. A very expensive, obnoxious, stupid fucking rock.
When it comes to engagement rings, there is a fine threshold between beautiful and gaudy, and Aniston just hopped inside an IROC and made skid marks on that threshold. Take a look at Kim Kardashian's old rock and see if you disagree. It's just as tacky. When you wear a diamond that big, you're essentially announcing to everyone that A) You have no sense of subtlety when it comes to flaunting your wealth and B) You enjoy blinding small children. A ring that big tells people that you're willing to throw your spine out of alignment just so that people can see you toting a fucking crystalline boulder around on your hand.
Plenty of people have argued against the very notion of engagement rings. They're a needless expense, they come from African mining monopolies that fix prices and pay their workers in severed limbs, they exist strictly as a means of generating hateful envy amongst friends, canary diamonds look like they've been stained with urine, etc. But even if you're like me and you still see some value in the custom, there's nothing about a nine-pound engagement ring that makes sense. It's just a shitty way of trying to have your love upstage the love of other, poorer human beings. And it looks stupid, just like Super Bowl rings do. Accessories are attractive on people when some sense of proportion is involved. It's not simply about the ring, but its relationship to the finger it rests on. And having a diamond that is literally WIDER than your finger is like walking around with bedazzled balloon animal jammed between your tits.
It also perpetuates the idea that ALL women need big rings, which means some poor schmuck out there is gonna have to pony up an extra month's salary just because his ladyfriend saw this ring while reading US Weekly while changing tampons and just had to have Jen's ring. Get a smaller ring, people. Use the difference to make a car payment or feed an AIDS baby. You don't need a neutron star hanging off your body.
[People. Photo: Getty.]
Number of comments

Fans Cheer for QB's Injury -- College QB's Home Vandalized -- Tebow Girlfriend Rumors -- WAGs of MLB Playoffs

Sports and Pop Culture Edition
 
The WAGs of the MLB Playoffs The WAGs of the MLB Playoffs
BleacherReport.com
Fans Cheer After Cassel Suffers Injury Fans Cheer After Cassel Suffers Injury
CBSSports.com
Reggie Bush's Girlfriend Hit with Pregnancy Rumors Reggie Bush's Girlfriend Hit with Pregnancy Rumors
BleacherReport.com
Search for Tim Tebow's Girlfriend Continues Search for Tim Tebow's Girlfriend Continues
BleacherReport.com
Georgia QB Aaron Murray's Home Vandalized Following Loss Georgia QB Aaron Murray's Home Vandalized Following Loss
ESPN.com
Casting Sports Movies That Need to Be Remade Casting Sports Movies That Need to Be Remade
BleacherReport.com
Hey Ump! Give Buster Posey a Little Space Hey Ump! Give Buster Posey a Little Space
BustedCoverage.com
OSU Band Delivers Epic Video-Game Halftime Show OSU Band Delivers Epic Video-Game Halftime Show
BleacherReport.com
WVU Fans Do What Most People Do After a Big Win... They Riot! WVU Fans Do What Most People Do After a Big Win... They Riot!
LostLettermen.com
Sapp Will Attempt to Buy Back Items Lost in Bankruptcy Sapp Will Attempt to Buy Back Items Lost in Bankruptcy
TMZ.com
Most Out-of-Nowhere Teams in Sports History Most Out-of-Nowhere Teams in Sports History
BleacherReport.com
Insane Fan Explains Himself Insane Fan Explains Himself
LostLettermen.com
Terry Bradshaw Officially Kills Gangnam Parody Terry Bradshaw Officially Kills Gangnam Parody
BleacherReport.com
Sports and Pop Culture Visit BleacherReport.com for more Coverage »
Get all the latest coverage:
Like us on
Facebook
Download
Team Stream App
Follow on
@BleacherReport
Subscribe on
YouTube
Follow B/R on
Google Plus

College Football Recruiting
Big Ten Basketball
College Basketball
NBA
NFL
We're looking for talented Sports and Pop Culture fans to write for Bleacher Report!

Sign Up To Write!
Bleacher Report Feel free to send any feedback or suggestions to feedback@bleacherreport.com.
If you no longer wish to receive this newsletter, you may manage your subscriptions.
If you no longer wish to receive any Bleacher Report newsletters, you may unsubscribe.
Copyright © 2011 Bleacher Report, 153 Kearny Street, 2nd floor, San Francisco, CA 94108


Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for You

October 8th, 2012Top Story

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for You

By Adam Dachis

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouEveryone and their mother has a password security strategy, some better than others. Choosing the right one means weighing security against convenience so you can stay safe without losing your mind. But what's the best balance? Is it the same for everyone? With the help of a security expert, I decided to find out.

Over the years, we've posted several password security tips, tricks and techniques ranging from the simply memorable to the perfectly paranoid. Although I've always used strong passwords, many of my coworkers went through great lengths to heighten their security far beyond mine. I knew my passwords needed an audit, but the security measures put forth by my colleagues seemed so frustrating and inconvenient. I wanted safety but without all the hassle. To find out the best combination of security and convenience, I decided to audit all the methods we recommend with the help of security and investigations expert Brandon Gregg. Before we can get started, however, we need to know what makes our passwords vulnerable.

The Three Variables That Contribute to Weak Passwords

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouBrandon explained that weak passwords have three variables, and each makes them more vulnerable:

  1. An easily guessed/cracked password: Brandon says, "With Amazon EC2, GPUs*, and software like Accessdata's Distributed Network Attack (DNA), guessing half a billion passwords per second is easy. My personal record is 370 million guesses per second—not crazy, but better than most Law enforcement agencies. It also appears that some sites, such as Twitter, allows these kinds of brute force attacks against user accounts as long as the 'password guess' is from randomized IP address each attempt." With so many guesses possible per second, you don't want an easily crackable password. Later in the post, we'll discuss which methods produce the most secure and reliable passwords.
  2. An easily forgotten password: Your passwords don't help you if you can't remember them. Brandon says, "Always resetting your hard-to-remember password just leads to more mistakes and exposures in the future."
  3. One password provides access to many sites: Using the same password for everything means that if a hacker cracks one of your accounts, they've cracked them all.

*GPUs or graphics cards are used to brute force passwords due to how they tackle parallel calculations. One GPU or clusters of GPUs can be made fairly cheaply and are multiple times faster at guessing passwords than their CPU brothers.

Eliminating one or two of the three variables doesn't require much effort, but removing all three causes the higher level of inconvenience I, and many people, hope to avoid. While no security strategy lacks vulnerabilities, in this post we'll audit several types of passwords, from weak and strong and methods of managing them to find out what's the best for convenience and what's the best for security.

The Four Levels of Password Security

Least Secure: Simple Alphanumeric Passwords

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouThe weakest type of password involves combinations of numbers and letters, or just one of each. It may be easy to remember a word, your phone number, or both, but these passwords are easy to crack. Existing software has no trouble guessing dictionary words, phone numbers, or even combinations of both—especially when the password is under eight characters.

That said, you won't forget a simple password. If you use it for every account you own, you won't have to remember much at all. Of course, this is extremely insecure. If using a simple and short password, especially across many accounts, you're not far off from using no password at all. For more on why weak passwords are easy to crack, read this.

Examples: charlie, hotstuff, 8675309, mary212

Somewhat Secure: Complex 8+ Character Passwords

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouComplex passwords require more effort to type, but they also require far more effort to hack. A complex password consists of at least eight characters. You should include capital and lowercase letters, at least one number, and at least one symbol (e.g. !, ?, @, etc.). You should also avoid a single dictionary word (e.g. pantomime → p@nt0m!me). Using a phrase as a starting point is better, but again, not perfect (e.g. "I love goats → iLuVg0@ts).

This method fails when you use a unique password for every site because you have to remember many, many complex strings of letters, numbers, and symbols.

Examples: t@lk4Ev3r!, iLuVg0@ts, b3stFr13ndS4eVer?!

Very Secure: A Common Complex Base Password with Unique Identifiers

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouYou can't easily remember a lengthy, complex password, so utilizing different ones for every account just doesn't work (unless you're also using a password manager, but we'll get to that later). Remembering just one, however, makes things much easier. It also makes your password less secure unless you add a unique identifier. That unique identifier can relate to the site so you won't forget it. For example, if you used iLuVg0@ts as your common base password and you wanted to create a password for Gmail, you could use iLuVg0@ts-gmail. Brandon prefers this method over others:

Having a common base password plus the site name actually removes all three variables. Due to length it won't be cracked by a dictionary or brute force attack. If Linkedin gets compromised your Gmail will remain safe and lastly you aren't going to forget your password. It's the best option available.

Examples: iLuVg0@ts-gmail, iLuVg0@ts-linkedin, iLuVg0@ts-facebook

Of course, if a savvy hacker managed to crack one password they might figure out the others. Brandon suggests:

In my own passwords I mix up the "site" password not with a direct label of GMAIL or LinkedIn, but with email for gmail or resume for linkedin. Something again that is easy to remember, but hard to guess if your account is compromised.

Examples: iLuVg0@ts-email, iLuVg0@ts-resume, iLuVg0@ts-friends

With common basename passwords, you have another secure option: using a three word phrase with spaces (e.g. "goats love gmail"). This method may seem less secure because it includes simple dictionary words, but it works because spaces are in play. (You can read more about the three word method here.) Brandon notes that this method sometimes fails because of how sites and applications restrict your password options:

The three word method is a good idea, but limited by many of the websites and applications you use. It solves the hard to crack problem and easily compromised issue, but not the easy to remember. Why, you ask? Most sites don't allow spaces as a special character, so you are stuck using "goats@love@gmail." Some sites even prevent the number of special characters you use, so you might have one application that allows password A and another that does not. The next thing you know you have five different password styles and you can't remember which style belongs to which login.

Examples: goats love gmail, goats@love@facebook, goats!love!pinterist

As mentioned, neither solution comes without vulnerabilities. If all your sites allow spaces or don't restrict special characters, the three word method offers greater simplicity. Either way, a common base password and a unique identifier offers both security and convenience.

Extremely Secure: Two-Factor Authentication and Passwords Even You Don't Know

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouNo password is more secure than a lengthy, complex string of characters that nobody knows. The obvious problem? You can't enter a password you don't know. Password managers like LastPass solve this problem by storing all your passwords in a single database, unlocked by one unique password of your choosing. Of course, as Brandon points out, this comes with one major flaw:

Personally, I am fearful of any password manager used to centralize my accounts. As someone who "monitors" many systems I can personally tell you that if I capture your LastPass master password it's like opening up a nicely wrapped present. I was only going to target your Twitter account, but you just gave me a one stop shop to all your accounts, even the banking accounts I had no idea you had. Thank you LastPass and the lazy user.

Using a password manager suffers from a similar vulnerability to using the same password for every site: you crack one, you crack them all. While LastPass, in particular, makes great efforts to keep your passwords safe, you're putting yourself at risk by using one password to rule them all. The solution? Two-factor authentication, something you may have heard about recently. Brandon explains how it works:

Two-factor authentication adds a layer of security that is almost impossible to bypass. After using one of the password options above, Google (and other sites) send a text message to your phone. Not only is it hard for hackers to obviously be watching your phone (unless this installed FlexiSPY or other cell monitoring tools) it gives you a heads up to being attacked. If you suddenly get a text message with an authorization code at 2:00 AM, it might be a sign your ex-girlfriend is trying to get into your account.

When using a password manager like LastPass, you should enable two-factor authentication or you are, as Brandon puts it, potentially offering up your passwords as a nicely wrapped present. While we often argue this method secures your accounts better than any method, it also creates the most inconvenience. You'll need to decided whether that inconvenience matters to you or not.

How Do I Choose the Best Password Security for Me?

Weighing Security Against Convenience: What Works, What Doesn't, and What's Best for YouSecuring your accounts means choosing a balance between convenience and protection. If you're willing to tolerate regular security checks and use randomly-generated passwords you don't know, you can put your paranoia to rest. Most Lifehacker writers and editors use this level of password security because they don't want to assume the risk and find little inconvenience in the extra effort. In fact, many adjusted to the new methods and haven't found two-factor authentication to be inconvenient at all. You may feel the same way.

Personally, I find this method excessive and too much of a burden. As a result, I've opted for our third level of security ("Very Secure") described above for two reasons. First, using a method that requires a password manager involves trusting someone else with your data. When you give someone else your data you take a risk that they may lose it or share it (whether intentionally or not). If you've ever told a friend a secret, you understand the potential risk. The only well-kept secret is the one you keep yourself. While you can't avoid sharing your information entirely, as that would lead to a horribly insulated life, I believe in keeping how much you share that information to a minimum. Second, I want reasonably easy access to my data and I'm okay with assuming some risk. As someone who's had his fair share of hardships, I don't believe in trying to live life risk-free. Bad things happen. We should take reasonable measures to prevent them, but sometimes they still happen. To me, a tiny bit of added security isn't worth the inconvenience.

What should you choose? Brandon sums up the decision-making process nicely:

Security is not always about who has the best alarms, tallest fences, or latest technology. There are many variables in security that often times people overlook including cost and convenience. We can lock down our computers, phones, and Internet with full encryption, bio-readers, and multi-level authorization, but if you don't assess your own realistic risk you can easily weigh yourself down by high costs and slow access. While two-factor authentication is currently one of the best methods of protecting your data, the added time for the second level of authorization can become a nuisance and maybe overkill. Are you afraid of China snooping in your Gmail? If not, no two-factor authentication is needed. Is there a real concern your savings account can be hacked? Use two-factor authentication on all banking sites that offer it. Better understand your risk to better choose the level of security you need.

The level of risk you want to take depends on your personal needs and the level of risk you're willing to take. Just remember—while you can implement extreme security protocols, nothing prevents the possibility of a hack. Everything is vulnerable. Back up your data. Keep a close eye on your accounts. Security involves more than locking everything down with good passwords. You should prepare yourself for the worst. In the meantime, however, lock down your accounts in a way that's secure enough for you and fits well into your life.

Special thanks to Brandon Gregg for his expert advice. Brandon has worked investigations for numerous Fortune 500 companies over the last 12 years investigating theft, fraud, organized crime, corporate espionage, and many high profile cases as well as being an educator, published author, and featured speaker on surveillance, computer forensics, complex investigations, and ethical hacking. You can find out more about him here.

Photos by edel (Shutterstock) andStock Elements (Shutterstock).

Number of comments