MD5 is still susceptible to dictionary attacks. So you better choose random characters as your pass if you plan on using HTTP Auth. Somebody needs to petition to get SRP as the new Secure Remote Password mechanism.
If you don't secure your data transmission you might as well not login. You might as well just go all plaintext, because a man-in-the-middle attack could be used to inject whatever your trying to secure with your "secure password only" approach anyways.
Yes, but Lindows probably will;-). Is Linux kernel 2.6.0 stable yet? We need all the ammo we can get at this point. The Linux vs. Windows war has officially started.
How about this:
Multitrack Editor/Recorder: Audacity
Music Generation: Buzz Tracker
Both free, both great tools. Although, Buzz is not in active development, but it has an active hacker community and has been extended in that way, and it has a couple bazillion plugins for it.
Virtual PC? You'd just end up running Windows in it, so whats the point? Use Wine, it gets you drunk and lets you use your computer to run programs expecting a virus-infested environment.
Oh god, somebody please startup some form of petition website against this. Verisign is evil. Verisign wants to ensure their eternal control over the internet and now our government. Why are we letting them do this? And why has nobody started up an open source alternative yet?
Let me make a correction to the above post though. On line 15 DO NOT take away Read rights. That would make it to where the intended recipient couldn't read the file to begin with so nothing would happen.
Yeah, but at least you can save GIFs in the current version of Gimp for Windows. Every PNG I tried saving failed on both my laptop and my 2k desktop at work, but GIFs worked without a hitch.
They call this a success (from the article): After a smooth countdown and nominal engine ignition, the thirteen-foot long P-2 quickly accelerated up a 60-ft launch rail and entered stable flight. Several seconds later it abruptly pitched ninety degrees and demonstrated unstable operation until finally transitioning into a ballistic terminal descent. The subsequent impact with the desert floor destroyed student payloads provided by a USC/JPL team and another from Cerritos High School, but the aft section with the aerospike survived relatively intact.
Oh yeah, and I also used the Codewarrior debugger service (is that what its called?) to find out everyone's password, and to change administrative options and stuff. It was great.
Wow, you were a real asshole. All I did was encrypt a bunch of the computers harddrives (mid-90s macs), with the password "You'll never know", and erased some yearbook pages. Fun.
Also as a side note if you hate GIFs then you can substitute transparent PNGs for them. I know the crowd I'm pitching too. I just didn't because I couldn't get GIMP for Windows to save to a transparent PNG for some reason.
Well, this is what I did too my friends Win2k machine at work:
Recipe for a Directrix Desktop:
1) Ensure Active Desktop is enabled 2) Ensure you have Administrative rights and he doesn't (not required but helps) 3) Download a nice pornographic background (or other equally funny image at your discretion) 4) Download a nice fun transparent gif 5) Open the "c:\Documents and Settings\%his_profile_name%\Application Data\Microsoft\Internet Explorer" Folder 6) Edit the Desktop.htt (system,hidden) file, its basically an HTML file 7) Change the image that is listed in it, to the image you downloaded in step 3 (this is easiest if you copy the image into the same directory as this document) 8) Copy and paste a "snow script" [javascript google search for it], into it and make sure and copy your image from 4, to the name of the "snow.gif" (or whatever its called in the script you downloaded, also easiest if you copy the image into the same directory as this document) 9) Save and exit the editor 10) Right click on the Desktop.htt file and go to properties 11) Click the General tab and make sure Read-only is checked, and hit Apply ===== The rest of these steps assume you have ===== Administrative rights [may not be required though] ====== You might want to back up at this point ===== so you can pull this on somebody else too 12) Click on the Security tab (In the file properties box) 13) Click on the Advanced Button 14) Uncheck Inherit from parent..... blah blah, and hit the Copy button, then hit OK 15) Edit each item in the list and make sure all rights are denied 16) Add yourself to the list, and make sure all rights are granted to you 17) Hit OK 18) Click on the desktop and hit F5 19) ???? 20) Profit!
It should be noted that there has never been a flaw discovered with SSL (well besides just long running brute force computation for the host private key, and long running brute force computation for the negotiated Diffie-Hellman key using vulnerabilities in the encryption layer). Just flaws with certain implementations of SSL. The most recent one (I believe) being the timing attack against SSL implementations that short-circuitted the key checking function when the first incorrect bit was encountered, allowing a malicious host to keep firing off fake keys and measuring response time to determine which bits were off.
SQL injection is a major issue with lots of websites (although for some I've visited its been kind of a feature;-) ). I personally would suggest just setting up proper MVC seperation. Through chrooted non-superuser jails, creation of a DMZ, only piping information back and forth from your DMZ to your intranet through a system with only port forwarders in place for the services you need and nothing else, and try using RPC or CORBA instead of SQL from your webservers. Also, a good suggestion for User/Pass verification over an insecure network is to use SRP. Just some tips. Have fun.
Because you can easily, cheaply set up an ethernet bridge to wherever the you want the tunnel to go. IP goes anywhere. And, yes, I realize you need a physical medium for a signal to transmit over "duh". Routing it over IP allows ubiquitous access. Any computer can be the destination, not just whats on the other end of the CAT5. It doesn't have to be IP encapsulated, but it sure does help. And it probably doesn't hurt. Also, if you're using USB remotely, I really doubt latency is much of an issue with what you are doing (because you probably can't get too high bandwidth piping USB to begin with).
Has anyone noticed that this thing looks exactly like the GBA->Gamecube linkup. And if it is the same (physically) than that means its going to be perpetually pushing in the L+R buttons on my GBA-SP. Pisses me off. (Side note the problem is not present in the original GBA).
Theres no need to cram in a physical network requirement when IP runs over just about everything. 6 and 1/2 dozen of another. Its all just some form of USB tunnel.
Slashdot Mirror
MD5 is still susceptible to dictionary attacks. So you better choose random characters as your pass if you plan on using HTTP Auth. Somebody needs to petition to get SRP as the new Secure Remote Password mechanism.
If you don't secure your data transmission you might as well not login. You might as well just go all plaintext, because a man-in-the-middle attack could be used to inject whatever your trying to secure with your "secure password only" approach anyways.
Why would they care who wins and who doesn't?
By stable I meant the current isn't a test.
Yes, but Lindows probably will ;-). Is Linux kernel 2.6.0 stable yet? We need all the ammo we can get at this point. The Linux vs. Windows war has officially started.
How about this:
Multitrack Editor/Recorder: Audacity
Music Generation: Buzz Tracker
Both free, both great tools. Although, Buzz is not in active development, but it has an active hacker community and has been extended in that way, and it has a couple bazillion plugins for it.
How do people find this good? Right now in XML you can just declare your namespace to be anything. So now you have to pay for it? Fuck that.
Virtual PC? You'd just end up running Windows in it, so whats the point? Use Wine, it gets you drunk and lets you use your computer to run programs expecting a virus-infested environment.
Oh god, somebody please startup some form of petition website against this. Verisign is evil. Verisign wants to ensure their eternal control over the internet and now our government. Why are we letting them do this? And why has nobody started up an open source alternative yet?
Let me make a correction to the above post though. On line 15 DO NOT take away Read rights. That would make it to where the intended recipient couldn't read the file to begin with so nothing would happen.
Yeah, but at least you can save GIFs in the current version of Gimp for Windows. Every PNG I tried saving failed on both my laptop and my 2k desktop at work, but GIFs worked without a hitch.
No X++ would mean you added a patch to X but are still using the old version. Now ++X on the other hand...
They call this a success (from the article):
After a smooth countdown and nominal engine ignition, the thirteen-foot long P-2 quickly accelerated up a 60-ft launch rail and entered stable flight. Several seconds later it abruptly pitched ninety degrees and demonstrated unstable operation until finally transitioning into a ballistic terminal descent. The subsequent impact with the desert floor destroyed student payloads provided by a USC/JPL team and another from Cerritos High School, but the aft section with the aerospike survived relatively intact.
Oh yeah, and I also used the Codewarrior debugger service (is that what its called?) to find out everyone's password, and to change administrative options and stuff. It was great.
Wow, you were a real asshole. All I did was encrypt a bunch of the computers harddrives (mid-90s macs), with the password "You'll never know", and erased some yearbook pages. Fun.
Also as a side note if you hate GIFs then you can substitute transparent PNGs for them. I know the crowd I'm pitching too. I just didn't because I couldn't get GIMP for Windows to save to a transparent PNG for some reason.
Well, this is what I did too my friends Win2k machine at work:
..... blah blah, and hit the Copy button, then hit OK
Recipe for a Directrix Desktop:
1) Ensure Active Desktop is enabled
2) Ensure you have Administrative rights and he doesn't (not required but helps)
3) Download a nice pornographic background (or other equally funny image at your discretion)
4) Download a nice fun transparent gif
5) Open the "c:\Documents and Settings\%his_profile_name%\Application Data\Microsoft\Internet Explorer" Folder
6) Edit the Desktop.htt (system,hidden) file, its basically an HTML file
7) Change the image that is listed in it, to the image you downloaded in step 3 (this is easiest if you copy the image into the same directory as this document)
8) Copy and paste a "snow script" [javascript google search for it], into it and make sure and copy your image from 4, to the name of the "snow.gif" (or whatever its called in the script you downloaded, also easiest if you copy the image into the same directory as this document)
9) Save and exit the editor
10) Right click on the Desktop.htt file and go to properties
11) Click the General tab and make sure Read-only is checked, and hit Apply
===== The rest of these steps assume you have
===== Administrative rights [may not be required though]
====== You might want to back up at this point
===== so you can pull this on somebody else too
12) Click on the Security tab (In the file properties box)
13) Click on the Advanced Button
14) Uncheck Inherit from parent
15) Edit each item in the list and make sure all rights are denied
16) Add yourself to the list, and make sure all rights are granted to you
17) Hit OK
18) Click on the desktop and hit F5
19) ????
20) Profit!
It should be noted that there has never been a flaw discovered with SSL (well besides just long running brute force computation for the host private key, and long running brute force computation for the negotiated Diffie-Hellman key using vulnerabilities in the encryption layer). Just flaws with certain implementations of SSL. The most recent one (I believe) being the timing attack against SSL implementations that short-circuitted the key checking function when the first incorrect bit was encountered, allowing a malicious host to keep firing off fake keys and measuring response time to determine which bits were off.
;-) ). I personally would suggest just setting up proper MVC seperation. Through chrooted non-superuser jails, creation of a DMZ, only piping information back and forth from your DMZ to your intranet through a system with only port forwarders in place for the services you need and nothing else, and try using RPC or CORBA instead of SQL from your webservers. Also, a good suggestion for User/Pass verification over an insecure network is to use SRP. Just some tips. Have fun.
SQL injection is a major issue with lots of websites (although for some I've visited its been kind of a feature
Because you can easily, cheaply set up an ethernet bridge to wherever the you want the tunnel to go. IP goes anywhere. And, yes, I realize you need a physical medium for a signal to transmit over "duh". Routing it over IP allows ubiquitous access. Any computer can be the destination, not just whats on the other end of the CAT5. It doesn't have to be IP encapsulated, but it sure does help. And it probably doesn't hurt. Also, if you're using USB remotely, I really doubt latency is much of an issue with what you are doing (because you probably can't get too high bandwidth piping USB to begin with).
Has anyone noticed that this thing looks exactly like the GBA->Gamecube linkup. And if it is the same (physically) than that means its going to be perpetually pushing in the L+R buttons on my GBA-SP. Pisses me off. (Side note the problem is not present in the original GBA).
Theres no need to cram in a physical network requirement when IP runs over just about everything. 6 and 1/2 dozen of another. Its all just some form of USB tunnel.
Its an obvious Microsoft tactic. Cripple the user so they'll be forced to upgrade.
Google search for "USB over IP".
Its kind of a Microsoft tactic. Cripple the user so they'll be forced to upgrade.
Are you talking about a computer or your sex life?