you've almost certainly already lost whatever those passwords protect.
Remember that most Windows network protocols rely on the client to hash the password and transmit the hash over the network, which means that an attacker can use the password hash directly to login over the network.
You define the standard before it's implemented, but you don't finalise it. A standard with no implementations is a draft or a proposal. You can't tell if it's sane until you try to implement it.
Yep, that is what W3C's Candidate Recommendation phase is for.
AFAIK the reason CSS 2.1 was created in the first place was that no browser actually fully implemented CSS 2.0 to the letter due to the many problems with the spec. And remember CSS 2.1 did not exist when IE6 was released.
And BTW most of them depends on CSS 2.1 to be at least Proposed Recommendation in order for them to become Recommendation (look in the Normative References section). For example, CSS3 Color was also made Recommendation today.
Yea, I know. I think what we need to do to solve this and many other problems is to move away from maximizing "shareholder value" (stock price), which is fundamentally flawed.
As I said in another Slashdot comment, NTLMv2 uses the same raw password hash as NTLM. Don't confuse protocol changes with password hash changes. And note that if you already have the raw password hash, you can log in via network directly using it anyway.
AFAIK the NT hash already does. Up to 255 UTF-16 chars. Note that IMEs are not allowed for passwords though in Windows, as it would defeat password masking.
NTLMv2 did not change the password hash scheme. Don't confuse the protocol changes with the hash changes. It did prevent the even weaker LM hash from being transmitted in certain areas, I think. Of course, the fact that the password hash is transmitted in the first place means you can log in directly over the network already without the cracking.
Yea, what do you mean by "thinking like sales people"? FYI, when I read about sales people being money motivated, I knew something was fundamentally flawed.
Slashdot Mirror
It is not just about donations.
It is possible. For example, there are already more than one employer who allow employees to criticize their products.
It reminds me of those who boycott companies because their CEO has a political opinion they disagree with.
This reminds me I posted an old comment months ago on some of the common HR problems:
http://news.slashdot.org/comments.pl?sid=2082332&cid=35811494
In particular, iOS 4 and later supports data protection, and how secure do you think it is with only 10000 values possible for a passcode?
I still remember this:
http://www.reddit.com/r/technology/comments/hh9h6/damn_you_apple_apple_macs_as_little_as_three/
you've almost certainly already lost whatever those passwords protect.
Remember that most Windows network protocols rely on the client to hash the password and transmit the hash over the network, which means that an attacker can use the password hash directly to login over the network.
The campus was abandoned a few years later when the company was forced to sell out to a competitor.
Wonder what it is currently used for, or if it is still abandoned.
You define the standard before it's implemented, but you don't finalise it. A standard with no implementations is a draft or a proposal. You can't tell if it's sane until you try to implement it.
Yep, that is what W3C's Candidate Recommendation phase is for.
unlike the usual practice of just implement some parts and call it supported (*cough* html5 *cough*)
And over time the browsers implement more parts. There is a reason why the WHATWG decided to call HTML a living standard.
Yea, W3C tried this with CSS 2.0 in 1998, and the fact that no browsers fully implements it is exactly why CSS 2.1 was created in the first place.
AFAIK the reason CSS 2.1 was created in the first place was that no browser actually fully implemented CSS 2.0 to the letter due to the many problems with the spec. And remember CSS 2.1 did not exist when IE6 was released.
And BTW most of them depends on CSS 2.1 to be at least Proposed Recommendation in order for them to become Recommendation (look in the Normative References section). For example, CSS3 Color was also made Recommendation today.
And also from "legacy" MBAs that was taught horrible stuff from for example Jack Welch.
Yea, I know. I think what we need to do to solve this and many other problems is to move away from maximizing "shareholder value" (stock price), which is fundamentally flawed.
As I said in another Slashdot comment, NTLMv2 uses the same raw password hash as NTLM. Don't confuse protocol changes with password hash changes. And note that if you already have the raw password hash, you can log in via network directly using it anyway.
AFAIK HMAC-MD5 is used by NTLMv2 for transmitting the password hashes over the network.
AFAIK the NT hash already does. Up to 255 UTF-16 chars. Note that IMEs are not allowed for passwords though in Windows, as it would defeat password masking.
NTLMv2 did not change the password hash scheme. Don't confuse the protocol changes with the hash changes. It did prevent the even weaker LM hash from being transmitted in certain areas, I think. Of course, the fact that the password hash is transmitted in the first place means you can log in directly over the network already without the cracking.
Yea, what do you mean by "thinking like sales people"? FYI, when I read about sales people being money motivated, I knew something was fundamentally flawed.
And even if Sony itself don't do this, other sites do. This is a fundamental flaw with that approach.
An easy way would be to use different passwords.
Also see this post on Yfrog's insecure "random" email address generation that likely played a role in the hack:
http://littlegreenfootballs.com/page/248630_yfrog_secret_email_addresses_a
Yea, even celebrities aren't perfect and I have been saying that for a while now. In fact, I have a list of several other bad practice in HR that commonly cause problems:
http://news.slashdot.org/comments.pl?sid=2082332&cid=35811494
In this case it is Google Apps.