0

Activity code putty key generator ssh, puttygen is an key generator tool

While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. That would include live servers and any dev or staging servers. Add public key to bitbucket. Stage 3 – Added the SSH key to your BitBucket account. When I try to push a commit through it tells me permission denied (public key).

  • How to Programming with Bitbucket
  • Setup SSH Keys into BitBucket
  • Create and Link Vultr with ServerPilot Public Key to
  • C# - How to generate and validate a software license key
  • Private/Public Key SSH in Windows using freeSSHd and
  • Docker - Composer - Clone Git Repository (Bitbucket) On
  • Jx import: should support creating new repositories on
  • Set up ssh-key for bitbucket repo
  • Powerpoint 2020 Product Key Generator
  • Ssh - Reusing Private/Public Keys - Information Security
1

Serial key gitHub - steve-taylor/bitbucket-pipelines-java: Bitbucket

It improved security by avoiding the need to have password stored in files, and eliminated the possibility of a compromised server stealing the user's password. Nicolas Ross Nov 07, I am a new bitbucket user, and I try to use ssh rsa keys to connect via ssh to any repo in my. If you previously configured a SSH key then it will be listed (like mine). The way it works is let's say your client machine initiates a request to access a server. Log in to your Bitbucket account.

Permission denied (publickey)

Rrb chandigarh je answer key useful reference. Patch blade and soul. Quick links: Reference. Bramjnet windows 7 crack. Silca electronic key catalogue 5.0 https://zlatdetki.ru/forum/?download=208.

2

Using Atlassian bitbucket with Intellij-idea

SSH keys provide a simple and yet extremely secure way to connect to a remote computer or a server. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. Now click on SSH keys option. This is a safe service because it uses only public data; there is no need for login and password. With the patch below, everything works fine for me. Equivalently (more or less), I expect that your command-line test will work if you add the -tls1 option, viz.

Free Online Private and Public Key Generator

Keygen corel draw x4 torrent. Add Key again; Note, your public key in this file is in a different format from what BitBucket expects. How to add SSH keys into Bitbucket from your machi. Add yourself to sudo or wheel group admin account. Lil bibby crack 1 look at this.

3

How to Configure BitBucket Git Repository in your Eclipse

Unix & Linux: Add public key to remote server authorized keys without saving file there Helpful? First I wanted to use same public key in bb and gh with no luck. Add the copied key to the service and package repos as an "access key" (in the "Access keys" screen on those repos' admin panels).

Unix & Linux: Add public key to remote server authorized
1 Setting up Git and TortoiseGit with Bitbucket, Step by 81%
2 How To Use SSH Keys on Windows Clients (with PuTTY 75%
3 Add support for print preview in CEF (issue #123) 52%
4 Atlassian Universal Plugin Manager - Version history 97%
5 How to generate a SSH key and add your public key to the 87%
4
  • Now you can self-host BitBucket also with BitBucket Server
  • Linux Basics: How To Create and Install SSH Keys on the Shell
  • Multiple SSH keys for multiple Bitbucket/GitHub accounts
  • Connecting to Bitbucket Server via SSH – An Integrated World
  • Using Bitbucket for Git in Visual Studio 2020

Solved: How do I set up ssh public-key authentication so t

Download git from https. You are also able to add multiple SSH Key to your BitBucket account. Highlight entire public key within the PuTTY Key Generator and copy the text. Grasshopper rhino crack torrent web. Private download directory.

5

Tip of the Week: Using different SSH keys for multiple

Add the public key to the DI2E BitBucket Project. Complete the following steps to access the Git server using your private SSH key and a passphrase: Specify the path to the key file, for example C: \Users\key. Advanced system optimizer with key. It should contain upper case letters, lower case letters, digits, and preferably at. BMC Software Control-M 3, 530 views.

Malware stew cooked up on Bitbucket, deployed in attacks

You can decide how you are working as a team first and then let Jira work around you. Stash and Bitbucket have converged more than I expected, mostly because my recollection of Bitbucket was closer to Github than it actually is. But. Dynamic auto painter crack for gta. Facebook; Twitter; LinkedIn; 6 comments. 2 chainz crack video edit.

6
  • Generating Keys for Bitbucket with SSH-Keygen
  • Add local project to bitbucket Code Example
  • 2.4.1 RSA Public Key Encryption: Video
  • [PATCH general-docs] improve notes on pushing to Bitbucket
  • Microsoft Office 2020 Product Key Generator Rar
  • Solved: SSH KEY BITBUCKET - Atlassian Community
  • Using Bitbucket on Windows using TortoiseGit
  • Setup SSH key for multiple Github/Bitbucket accounts
  • Bitbucket - Where are my files after git add

Bi-Weekly Questions Thread [Edition #54] - 'Cabin Fever' Edition

Welcome to the vitahacks Bi-Weekly Question thread!


Please post all questions here instead of starting a new thread in the main board. THIS WILL BE ENFORCED

3.69-3.73 USERS: It is HIGHLY Recommended that you downgrade to 3.68 or lower. Plugin/Application support for 3.69+ is POOR. Other than h-encore^2/Modoru2.0 downgrade, DO NOT EXPECT SUPPORT for plugins/Applications running on 3.69+

Before you post a question please note:
-The vita hacking guide covers everything from 'what is homebrew' to hacking the vita and installing essential plugins
-For a comprehensive database of all available vita homebrew, please refer to VitaDB, or use the much improved VHBB application to download homebrew directly to your vita (VHBB is not currently supported)
-Rule #1 - "No discussion of piracy/backup/warez/dumps" is strictly enforced; there are other resources to discuss this subject matter

3.71 / 3.72 / 3.73 Users:
- h-encore^2 is here. Installation instructions can be found on The FloW's Github page here
-The 3.71 update broke Modoru (added checks in lv0). DO NOT use Modoru to downgrade from 3.71/3.72/3.73. You will softbrick your console. The softbrick will require you to restore your system with a PUP file from safe mode
-SKGleba has released 'Modoru 2.1' that will allow you to downgrade from 3.71/3.72/3.73.

3.69 / 3.70 Users:
-h-encore^2 replaces Trinity
-3.69/3.70 users can still safely downgrade with Modoru

Firmware Guide:
Vita Firmware Version Available Hack(s)
1.03-3.57 Update to *3.60 or 3.65
3.60 *3.60 Henkaku/Enso
3.61-3.63 Update to 3.65
3.65 *3.65 H-encore/Enso or 3.65 H-encore then downgrade to 3.60
3.67-3.68 H-encore or H-encore then downgrade to 3.60/3.65
3.69-3.70 h-encore**2 (with Modoru for downgrade)
3.71-3.73 h-encore^2 (with Modoru 2 for downgrade) MUST USE MODORU 2.1
*Recommended

3.73 Firmware notes:
-Very minor changes. See here (Credits to PSSDude for the report)

3.72 Firmware notes:
-3.72 firmware was released by Sony for...System stability?

3.71 Firmware notes:
-3.71 firmware was released by Sony to patch the Trinity exploit
-3.71 firmware also breaks Modoru by adding checks in lv0

3.70 Firmware notes:
-The Vita master key was changed in the 3.70 firmware release, shortly after it had been publicly "unveiled" by the vita hacking community
-Game decryption keys have not been changed with the 3.70 release (reF00D/compatibility packs have not been broken)

3.69 Firmware notes:
-3.69 firmware was released by Sony to patch the h-encore exploit

PSN Access for 3.60-3.68 Users:
-Open Henkaku settings and enable Version Spoofing and set 'Spoofed Version' = 3.73
-Setup your network with Henkaku DNS settings
Sync Legit Trophies? -YES
Online Multiplayer? - YES
PSStore Access for Purchase and Download? - YES
Use Vitacheat and TropHAX online? - At your own risk

Prevent your Vita from Updating:
-To disable the download of automatic firmware updates: Settings System Auto-Start Settings Uncheck "Download automatic update files"
-Setup your network with Henkaku DNS settings for an additional layer of update prevention. See here.
-If your console has downloaded the 3.69/3.70 update file, simply deleting the notification in LiveArea should remove the file from your system. Otherwise, firmware update files can be found in ud0:PSP2UPDATE/*
-Remember, unless you are running your vita in Demo mode, your console will not spontaneously install/update firmware software. There are legal reasons for this. Installation of any new software on your device requires your consent, (EULA).

Essential Vita Plugins/Homebrew Applications:
0syscall6 lv0 secure_kernel syscall6 patch - can replace reF00d (SKGelba SKGleba)
Adrenaline Software that converts the official Vita PSP emulator into a PSP 6.61 with custom firmware (The FloW)
DolcePolce PSTV blacklist hack, replacing Antiblacklist and Whitelist (Silica)
Download Enabler Allows the user to download any content from the vita web browser (The FloW)
ElevenMPV Vita music player that supports a wide variety of formats (joel16)
iTLS-Enso Adds TLS v1.2 to devices running Enso (SKGelba SKGleba)
LOLIcon is a true overclock application for the Vita (500MHz) (dots-tb)
Modoru Vita firmware downgrader (The FloW)
Modoru 2.1 Vita firmware downgrader, required for 3.71/3.72/3.73 users (SKGleba)
PSVShell Overclock application that supports per-app profiles; highly recommended (Electry)
reF00D Allows user to bypass firmware requirements on games and system applications (dots-tb)
rePatch Serves as a replacement for ux0:patch; can be used to load decrypted content on 3.60+; required for use of "compatibility packs" (dots-tb)
Save Manager For dumping and restoring decrypted save files (d3m3vilurr)
Shellbat A simple plugin that displays the battery percentage in LiveArea (nowrep)
Simple Account Switcher Allows the user to change/delete PSN accounts without a system restore (Silica)
Storage Manager A Kernel plugin that automatically mounts/redirects any storage device to any mount point; Popular plugin for mounting sd2vita (CelesteBlue)
VitaGrafix Allows user to change resolution and FPS caps on vita games (Electry)
vita-udcd-uvc Stream your vita to a computer using USB (xerpi)

Note on AutoModerator: AutoModerator seeks keywords in comments/questions that may indicate piracy, but is not always proficient. In order to keep it under control, we have been monitoring the Automod for faulty dismissal of posts/comments. If you believe Automod has made an error in deleting your question/comment, please contact me (u/Malazan1164BS) via PM, and I will review the question/comment and validate it (when possible).

This questions thread will become locked at 11:59 EST every-other Saturday, the day before the old version is replaced. This is to prevent unanswered questions from being deleted when a new questions thread is posted. The next lock will occur at 11:59PM EST, 4/19.

Thank you to all of the users that devote their time and effort to assist others with their questions. Continuing support would not be possible without you.
submitted by Malazan1164BS to vitahacks

7

The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster

This is a long one - TL;DR at the end!

If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players.
First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).

Why You Should Care About Breaches

The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.

But wait, why would anyone want to use my password? I'm nobody!

It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated.
By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account!
If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.

How You Can Protect Yourself

Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way.
First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!

Passwords

You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles.
Some notable choices to consider:
  • 1Password - recommend by Troy Hunt, creator of Have I Been Pwned
  • LastPass - I use this at work and it's generally good
  • BitWarden - free and open source! I use this at home and in some ways it's better than LastPass
  • KeePass (and forks) - free, open source, and totally offline; if you don't trust "the cloud" you can trade away some more convenience in exchange for taking full responsibility of your password security (and backups)
Regardless of which one you choose, any of them is 100x better than not using one at all.

Multi-Factor Authentication / Two-Factor Authentication (aka MFA / 2FA)

The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication).
Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc.
The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure.
Notable choices to consider:
  • Authy - probably the first big/popular one after Google Authenticator came out (I think) - NOTE: They let you use it on your desktop/browser, too, but this is TOO much convenience! Don't fall for that trap.
  • LastPass Authenticator - conveniently links up with a LastPass account, some sites support extra features (like not needing to type a code, just answer a phone notification)
  • Yubikey - A real physical MFA device! Some models are compatible with phones, too.
  • Duo - this one is more geared towards enterprise, but they have a free option
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one.
Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine.
There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.

What Does This Have To Do With GameDev?

Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).

Secure Your Code

Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover!
If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access.
Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository!
Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
  • Is my code doing anything "dangerous"? (system-level stuff, memory access, saving passwords anywhere)
  • Could someone get the keys to the kingdom (API key, server password, etc) by just opening Cheat Engine and looking at memory values? Or doing a strings/hex edit/decompile/etc on my game executable?
  • Am I using outdated libraries/framework/engine? Do they have any known security bugs?
A lot of these things cannot be solved automatically, unfortunately, but some of it can. If you are using Javascript for your game you likely will be using packages from npm - luckily they (recently) added security auditing for packages. For other languages you can look at tools like Snyk or some other alternatives to audit the libraries you use in your project. Unfortunately none that I know of are aimed at game dev in particular, but it's still important to use these tools when you can. In general, be aware of all of your code dependencies and what impact they can have on your game or your customers if there are security bugs. Impact can range from "can cheat in multiplayer" to "can get IP addresses of all players in the world" or even "can get all information I ever put on my server", etc.
In general you'll want to look into Secure Software Development Lifecycle (commonly SDLC) practices. Microsoft has some information on how they do it.

Secure Your Computer

I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.
  • Lock your computer when idle - use a password (or PIN or face unlock or whatever your OS uses) - no one should ever be able to walk up to your computer and use it if you're not looking, nor should they be able to get in if they grabbed your closed laptop off the table at starbucks (thanks u/3tt07kjt for reminding me of this one)
  • Use full disk encryption (especially on laptops)
  • Update your OS for security updates ASAP
  • Use anti-virus (yes, Windows Defender is fine) and keep it updated
  • Update your web browser ALWAYS (this is your 99% chance attack vector, so don't postpone it!)
  • Don't use software that has known, unfixed security problems - FileZilla is a famous example
  • Don't install browser extensions that you don't need - a LOT of extensions are either malware from the start or become malware later (my favorite emoji extension started mining bitcoins, FFS!) - check reviews regularly after extensions update
  • DO use adblock and privacy extensions - ads are a common attack vector - I recommend uBlock Origin and Privacy Badger at a minimum (note that some legit sites can break and so you'll have to fiddle with settings or whitelist)
  • Don't open suspicious or unknown links on e-mail, social media, discord, etc (be sure to hover over the links in this post before clicking them)
  • Don't open attachments, ever - unless you were expecting it from that person at that time
  • Don't fill out ANY forms (comments, login, registration, etc) on websites that don't have HTTPS (secure) connection - your browser will show this in the address bar, usually
  • In general, be suspicious of everything that comes from people you don't know - and even from people you do know if it was unexpected
  • E-Mail is (probably) the least secure form of communications ever invented - so try not to use it for sensitive things

Secure Your Website

I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
  • Use HTTPS (SSL/TLS) secure connections - it's FREE and EASY thanks to Let's Encrypt
  • Don't think your website needs HTTPS? You're wrong; check here if you don't believe me
  • KEEP EVERYTHING UPDATED - automate as much as you can
  • If you have control over the server, you MUST update the OS, the web server, and any backend application servers/languages/frameworks involved. Equifax breach was due to having out of date server software. BMG breach was worsened by having out of date server software. YOU MUST STAY UPDATED, ALWAYS
  • Don't store sensitive personal information - it's a huge pain to be PCI compliant, it's a huge fine if you mess it up - avoid storing any customer information that you don't actually need (see also: GDPR )
  • Use secure password storage - see OWASP Password Storage Cheat Sheet (thanks u/3tt07kjt) - do NOT reinvent the wheel, this has been solved already by smarter people than all of us combined
  • Follow OWASP Top 10 guidelines - especially if you built the website yourself
  • Do not allow access to SSH/Remote desktop/Database services from the whole world; the general public should only ever be able to reach ports 80 and 443 on your web server (and 80 should permanently redirect to HTTPS)
  • Use SSH keys instead of passwords on Linux servers
  • Don't run your own email server - it's just not worth it; use google apps for business, office 365, zoho, or something else for business email
  • Secure your domain registrar account! Don't lose your domain to a bad password or lack of MFA/2FA or an old email address! If your registrar doesn't support actual security then transfer to one that does. (namecheap, namesilo, google domains, amazon aws route53, even godaddy, the absolutely worst web company, has good security options)
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.

That's it, for now

I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.

TL;DR (y u words so much??)

  • Use a password manager so you can have different, random, secure passwords on every account on every website/service/game
  • Use MFA/2FA on every account, if possible
  • Lock your computer when idle/away
  • Use full disk encryption on laptops
  • Update your operating system (we all hate Windows Update, but it really is for our own good)
  • Use anti-virus (Windows Defender is fine)
  • Update your browser
  • Use good adblockeprivacy blocker browsers extensions
  • Don't use browser extensions that you don't really need (they could be a trojan horse of bitcoin mining later)
  • Don't trust anything sent by anyone, unless you were expecting it and know it's safe
  • E-mail is the least secure form of communications in use these days; don't trust it for sensitive things
  • Use source control for your game code (git, mercurial, etc)
  • Lock down access to your source code
  • Don't put secrets (passwords, API keys/tokens, social security numbers, credit card numbers) in your code repository
  • Don't do dumb things like store your AWS keys in your game for players to just find with simple tools
  • Check your code dependencies for security bugs, update them when needed
  • Use HTTPS on your website
  • Update your web server OS and software
  • Use secure password storage (don't reinvent this wheel, it's been solved by way smarter people)
  • Use SSH keys instead of passwords for Linux servers
  • Use a firewall to block the world from getting in with SSH/Remote desktop/database direct connections
  • Only allow your own IP address (which can change!) into the server for admin tasks
  • Don't run your own email server, let someone who knows what they are doing handle that for you
  • Secure your domain registrar account, keep email address up to date
... in general... in general... in general... I sure wrote those 2 words a lot.

Why Should I Trust This Post?

Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things.
If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products.
Edit: Fixed some typos and added some more links
More edit: added a few more points and links
submitted by exoplasm to gamedev