IMO, the important thing about this article is they finally reveal the source document their claims came from. This is important, especially because of the kind of comments the last Ars Technica article about this lawsuit had.
AFAIK, the NT password hash is up to 255 UTF-16 characters (two bytes per character) hashed using MD4, which is even weaker than SHA1 or MD5. Not that you necessarily need to crack the hash, because many Windows networking protocols lets you pass it directly.
Yep, quotes from http://www.theregister.co.uk/2009/04/08/sun_bonuses_ibm/ : "However, IBM operates in the real world of profit and loss, and sources told The Reg categorically that IBM failed to get a satisfactory answer on which, if any, of Sun's software makes money." "Only if Sun accepts the full facts, and quits playing the kind of Silicon Valley game that has given Web 2.0 services like Digg ridiculous assumed valuations based on nothing more than number or users and potential future revenues can Sun's own future resume in earnest, with IBM."
Well, that is another topic altogether, but I think part of the problem is that the number of edits don't measure how good an editor is any more than the number of lines of code measure how good a programmer is.
To be more precise, the problem here is not the "one IP address = one person", but the fact that one person can dynamically change the IP address to another address, making banning a fixed address only cause trouble for another person who happens to later been assigned that address. But yes NAT can make all edits from an entire network appear to come from the same IP address, making the problem even worse.
That would require changes on the ISP side, and customers would have to manually type IP addresses assigned from the ISP. Technical users can easily do so, but the average user of course don't know what an IP address is. BTW, if you think the fundamental conflict between dynamic IP assignment and IP-based blocking is bad enough, wait until NAT makes all edits on a specific network come from the same IP address.
I'm not sure how, since from what I've seen on the Linux side of things a driver or even OS-level update should allow any WiFi card to handle any form of encryption as long as it can see the network
I don't think so. You are probably thinking of hostap, which I think do all encryption/decryption in software, but only work with Intersil Prism cards with firmware that can support it.
Anyway, I think it is because older 802.11b cards can't do AES in hardware.
The hack consisted of accessing wireless POS terminals from the car park
By cracking WEP, BTW. Any other real-world incident that involved WEP cracking you have encountered? BTW, I found this paper on "IVs to Skip for Immunizing WEP against FMS Attack" from 2008, which seems to be a better attempt at skipping weak IVs than before. Of course it is still better to use WPA if you can.
Slashdot Mirror
Yep, the new MacBook Air performs better than the old MacBook Air having processors of the same speed:
http://www.anandtech.com/show/3991/apples-2010-macbook-air-11-13inch-reviewed/6
Guess why.
Personally, I think direct response is a better idea, but of course you must check this is present before taking advantage of it.
IMO, the important thing about this article is they finally reveal the source document their claims came from. This is important, especially because of the kind of comments the last Ars Technica article about this lawsuit had.
Or use it because it is patched faster.
Yep, only A and your C are the right solutions IMO.
Or passphrases.
But the reason I mention it in the first place is because MD4 is even weaker than MD5.
AFAIK, the NT password hash is up to 255 UTF-16 characters (two bytes per character) hashed using MD4, which is even weaker than SHA1 or MD5. Not that you necessarily need to crack the hash, because many Windows networking protocols lets you pass it directly.
So guessing 20 characters times about 7 bits/char (unless you're going all UTF-8 on us)
AFAIK, the NT password hash is up to 255 UTF-16 characters hashed using MD4.
Don't forget the AMD 386DX-40 too.
If I had mod points, I would mod this off-topic, because it is.
Hell you can't even run Solaris on someone elses hardware and BUY! support.
False now:
http://www.oracle.com/us/products/servers-storage/solaris/non-sun-x86-081976.html
Yep, what really matters is how it compares with say RHEL.
Yea, I know. I think The Register covered it a lot.
Yep, quotes from http://www.theregister.co.uk/2009/04/08/sun_bonuses_ibm/ :
"However, IBM operates in the real world of profit and loss, and sources told The Reg categorically that IBM failed to get a satisfactory answer on which, if any, of Sun's software makes money."
"Only if Sun accepts the full facts, and quits playing the kind of Silicon Valley game that has given Web 2.0 services like Digg ridiculous assumed valuations based on nothing more than number or users and potential future revenues can Sun's own future resume in earnest, with IBM."
Not anymore, they finally created this:
http://www.oracle.com/us/products/servers-storage/solaris/non-sun-x86-081976.html
Well, that is another topic altogether, but I think part of the problem is that the number of edits don't measure how good an editor is any more than the number of lines of code measure how good a programmer is.
Oh, I forgot that at least in theory you can set a DHCP server to always assign the same IP, removing the configuration hassle.
the REASON it's a problem is because a person can change their IP address...
Exactly what I have said!
What I mean by "Really?" is that is there any real evidence that says it is true?
To be more precise, the problem here is not the "one IP address = one person", but the fact that one person can dynamically change the IP address to another address, making banning a fixed address only cause trouble for another person who happens to later been assigned that address. But yes NAT can make all edits from an entire network appear to come from the same IP address, making the problem even worse.
That would require changes on the ISP side, and customers would have to manually type IP addresses assigned from the ISP. Technical users can easily do so, but the average user of course don't know what an IP address is. BTW, if you think the fundamental conflict between dynamic IP assignment and IP-based blocking is bad enough, wait until NAT makes all edits on a specific network come from the same IP address.
Google probably owns the "souls" (online personalities) of its employees more than any country in the world.
Really?
Yea, what smartphone is SharpFang using and how old is it?
I'm not sure how, since from what I've seen on the Linux side of things a driver or even OS-level update should allow any WiFi card to handle any form of encryption as long as it can see the network
I don't think so. You are probably thinking of hostap, which I think do all encryption/decryption in software, but only work with Intersil Prism cards with firmware that can support it.
Anyway, I think it is because older 802.11b cards can't do AES in hardware.
The hack consisted of accessing wireless POS terminals from the car park
By cracking WEP, BTW. Any other real-world incident that involved WEP cracking you have encountered? BTW, I found this paper on "IVs to Skip for Immunizing WEP against FMS Attack" from 2008, which seems to be a better attempt at skipping weak IVs than before. Of course it is still better to use WPA if you can.