I think you mistake what a salt value is. The salt value should be different for every password stored in the database so that a rainbow table can't be generated at all. It forces the attacker to crack each password in the database separately.
As for the encryption keys, again, as soon as they have access to the database they have the hash values for the admin users and can start acting as an admin on the site. Once that happens a good attacker can leverage that to even greater access to the system, either by cracking the admin user's passwords and seeing if they used the same one on the servers or by leveraging admin tools, which often have less security than the front end.
So, like I said, the salt values are probably on the database table since they have to have one salt per user, and the encryption keys are less likely to be compromised but the safest assumption would be that they have been since they now have some damn good leverage to continue exploiting the servers.
That's assuming random distribution among the 3000 most common words. How non-randomly distributed the real world usage becomes is basically the entire strength of the scheme. A 9 character password should be strong by the pure math. In the real world, it's probably "password1" and will get cracked within 10 tries.
Assume they got the salt values, since those are stored in the database with the hash almost every time.
The encryption keys are more of a question mark, but if an attacker is able to get your databases and deface your site, it's probably a good bet that they got your keys as well.
Nothing really. SELinux helps you implement least privilege, but that's about it. There are many, many more aspects to securing a network and what's on it than just least privilege.
There's nothing special about iPods. They're a digital music player, just like every other digital music player out there. People have modded them for many years now, and many of these same "hacks" were done using portable CD and tape players well before then. None of this is remotely interesting, even to those of us who enjoy such hacks.
Unless you take off your anti-apple blinders for a minute and realize that the ipod changed the digital landscape. To say that they're a digital music player is backwards: the rest of the world would say digital music players are bad ipods.
Like them or hate them, apple and the ipod revolutionized the tech world.
The reason that it's a criminal law is because there's damage done to society as a whole. By your line of reasoning murderers would never have to do any jail time.
Where did they get the user's biometric faceprint from? Probably from their photos, in which case I would argue that they shouldn't be using a trade secret that results in information they would have to disclose by law. Either that or else they should transform the faceprint into something that wouldn't reveal the information they want to keep secret.
I disagree. Yes, clearly the company will cut your job if they need to the same way that you might leave your job if you need to. However, some companies will go out of their way to treat you well and with respect. These types of companies deserve your loyalty.
Not all companies are this way and not all teams are this way, but there are companies worth being loyal to.
It's an identifier. Security through obscurity is where methods, processes and algorithms are hidden in an attempt to create security. It's the difference between having a vault door with a lock and having a hidden door with no lock.
Passwords and private keys are very specific pieces of information that use algorithms to make it mathematically (almost) impossible to figure out. Obscure processes and methods and algorithms, on the other hand, are negligibly easy to find out when it comes to computers. Computers are too powerful to hide something from them (with a few exceptions mentioned above). Relying on obscurity is a fools game in those circumstances.
Exactly. They should add space telescopes to the price index so that we have a clearer understand of inflation. Bastards in Washington are screwing us by not including this shit.
They don't allow spaces in their passwords and every password needs to be able to be typed into a touch device like the iPhone or iPad. They could definitely do more in this area.
My understanding was that you can copy a quantum state, it's just a destructive copy. Also commonly known as "teleportation" do the sensationalist press.
The internet is such a hostile place to move your data anyways military grade isn't any different, they just do it in a way that makes it difficult for it to moved to the right spots.
In theory military grade could be a thing for IT. It could be strong encryption, dedicated and untappable links, quantum cryptography, etc. However, making something considerably more secure while also keeping up with the pace of development in IT is next to impossible.
It seems to me that there's a glut of new programmers who are of varying degrees of skill. It used to be that to be a programmer required a lot of work and people who weren't passionate and talented gave up. Now you have courses that sugar coat it, they try to find the easiest language and they graduate people who can't code a lick.
In other words, the best programmers are as good as they used to be, but there are more and more bad programmers out there dragging the average down.
Slashdot Mirror
I think you mistake what a salt value is. The salt value should be different for every password stored in the database so that a rainbow table can't be generated at all. It forces the attacker to crack each password in the database separately.
As for the encryption keys, again, as soon as they have access to the database they have the hash values for the admin users and can start acting as an admin on the site. Once that happens a good attacker can leverage that to even greater access to the system, either by cracking the admin user's passwords and seeing if they used the same one on the servers or by leveraging admin tools, which often have less security than the front end.
So, like I said, the salt values are probably on the database table since they have to have one salt per user, and the encryption keys are less likely to be compromised but the safest assumption would be that they have been since they now have some damn good leverage to continue exploiting the servers.
That's assuming random distribution among the 3000 most common words. How non-randomly distributed the real world usage becomes is basically the entire strength of the scheme. A 9 character password should be strong by the pure math. In the real world, it's probably "password1" and will get cracked within 10 tries.
Assume they got the salt values, since those are stored in the database with the hash almost every time.
The encryption keys are more of a question mark, but if an attacker is able to get your databases and deface your site, it's probably a good bet that they got your keys as well.
Nothing really. SELinux helps you implement least privilege, but that's about it. There are many, many more aspects to securing a network and what's on it than just least privilege.
Put the trailer in Detroit?
When you put it like that, my life's work sounds like mere homocide.
You discover new math. You invent notation. Programming languages are the latter.
There's nothing special about iPods. They're a digital music player, just like every other digital music player out there. People have modded them for many years now, and many of these same "hacks" were done using portable CD and tape players well before then. None of this is remotely interesting, even to those of us who enjoy such hacks.
Unless you take off your anti-apple blinders for a minute and realize that the ipod changed the digital landscape. To say that they're a digital music player is backwards: the rest of the world would say digital music players are bad ipods.
Like them or hate them, apple and the ipod revolutionized the tech world.
Exactly. I'm over security for part of a fairly major website and our customers are starting to get after us for not disallowing iframes of our site.
What if they weren't?
The reason that it's a criminal law is because there's damage done to society as a whole. By your line of reasoning murderers would never have to do any jail time.
Where did they get the user's biometric faceprint from? Probably from their photos, in which case I would argue that they shouldn't be using a trade secret that results in information they would have to disclose by law. Either that or else they should transform the faceprint into something that wouldn't reveal the information they want to keep secret.
I disagree. Yes, clearly the company will cut your job if they need to the same way that you might leave your job if you need to. However, some companies will go out of their way to treat you well and with respect. These types of companies deserve your loyalty.
Not all companies are this way and not all teams are this way, but there are companies worth being loyal to.
Someone should create a mashup...
It's an identifier. Security through obscurity is where methods, processes and algorithms are hidden in an attempt to create security. It's the difference between having a vault door with a lock and having a hidden door with no lock.
Passwords and private keys are very specific pieces of information that use algorithms to make it mathematically (almost) impossible to figure out. Obscure processes and methods and algorithms, on the other hand, are negligibly easy to find out when it comes to computers. Computers are too powerful to hide something from them (with a few exceptions mentioned above). Relying on obscurity is a fools game in those circumstances.
Discarding scientific knowledge because of a book written originally for a nomadic group of shepherds is ridiculous.
Discarding the moral teachings that have been handed down over thousands of years is equally ridiculous.
Probably. It looks like they use webtrends to do their web analytics, and any analytics package worth its salt will give them a bounce rate.
The way Apple is going, with a chance of achieving a monopoly in the tablet market
That ship has sailed, my friend. The monopoly is here.
Exactly. They should add space telescopes to the price index so that we have a clearer understand of inflation. Bastards in Washington are screwing us by not including this shit.
They don't allow spaces in their passwords and every password needs to be able to be typed into a touch device like the iPhone or iPad. They could definitely do more in this area.
My understanding was that you can copy a quantum state, it's just a destructive copy. Also commonly known as "teleportation" do the sensationalist press.
Agreed. StarCraft is a sport the same way that FarmVille is a video game. It might fit technical definitions, but it's not the same thing.
The internet is such a hostile place to move your data anyways military grade isn't any different, they just do it in a way that makes it difficult for it to moved to the right spots.
In theory military grade could be a thing for IT. It could be strong encryption, dedicated and untappable links, quantum cryptography, etc. However, making something considerably more secure while also keeping up with the pace of development in IT is next to impossible.
Mine did. He often had hard-to-find errors after the first several digits after the decimal point. He often had rounding errors as well.
It seems to me that there's a glut of new programmers who are of varying degrees of skill. It used to be that to be a programmer required a lot of work and people who weren't passionate and talented gave up. Now you have courses that sugar coat it, they try to find the easiest language and they graduate people who can't code a lick.
In other words, the best programmers are as good as they used to be, but there are more and more bad programmers out there dragging the average down.