I was recently reading this question, where the accepted answer claims that it is easy for attackers to bypass rate limiting that is based on IP, which makes any sort of IP rate limiting to prevent a brute force attack much less useful. But, if it is based on the account that is a victim, then it becomes very easy for an attacker to block access to a victim’s account. What is the best way to defend against both DOS attacks and online brute force attacks (and anything else that is in this same category)?
Simply sleeping for, for example, 1 second isn’t sufficient because the attacker can simply put in more requests before the first one finishes (1 second latency, but unbounded throughput, and throughput is what matters for brute force). If subsequent requests are blocked until the first one finishes, then they must be blocked per-IP or per-user, which produces the same problem.
2FA isn’t always a good solution either, because, for worse, many people fail to use it.
The dueling rules on P.159 of the core book states:
The first time their opponent becomes Compromised or unmasks during a duel, a character may immediately execute a finishing blow.
Does this mean you get to perform a finishing blow the first time each happens or one happens?
EG. Tonbo Testdummy gains enough strife to become compromised so Kitsu killhappy immediately performs a Finishing strike. Unfortunately they are forced to keep enough Strife Symbols to become compromised their self. Tonbo-san Unmasks to avoid the dice penalty for remaining compromised and potentially get a better roll. Does Kitsu-san get to attempt a second finishing blow?
Self-explanatory. I’ve combed through the DCC core rulebook but I couldn’t find a clarification on what a magic weapon’s bonus actually applies to.
So I am building my first D&D character, it’s a Barbarian Mountain Dwarf, and I’m trying to figure out what weapons he is proficient with, but in the Barbarian section it says that he his proficient with Simple and Martial weapons. Does that mean he is proficient with all weapons? And if not, then what weapons does it mean?
I somewhat know the difference between multi-programming and multi-tasking but I want to know that is it possible to use both methods on the same computer?
I was looking at the Blade Barrier spell, and I was wondering does the spell have a ‘front’ and a ‘back’? The spell description states:
The wall provides three-quarters cover to creatures behind it
Does this refer to creatures who are behind the ‘back’ of the blade barrier, or does this apply to any creature shooting another creature on the other side of the wall?
Plot the equation
y = 2x - 7, where
x goes from
Question: On image
x axis looks more elongated than
y axis (contain more values on image length). How to make both
y axises look in same scale?
For the following grammar, how can I include both precedence and associativity of operators:
S -> S|S
S -> SS
S -> S*
S -> (S)
S -> a|b
Note: In the first rule
S -> S|S, the symbol
| is the OR symbol and not two rules.
At level 18, Rogues get the Elusive class feature, which says:
No attack roll has advantage against you while you aren’t incapacitated.
However, if you have both advantage and disadvantage, they cancel out, and you are considered to have neither.
That being the case, if you have both advantage and disadvantage, and you attack a level 18 Rogue, does Elusive steal the advantage entirely and leave you with disadvantage? Or do they cancel out before Elusive is applied, causing you to roll a single d20?
When logging into iCloud via the web, a prompt is sent to your phone (with a map showing the origin of the web request). The user can then choose to allow or deny this request. After choosing to allow the request, a prompt is displayed on the phone which needs to be entered on the web client.
Does this exist just to prevent people from just reflexively pressing ‘allow’ on prompts, or does it actually improve security from a cryptographic point of view?