The man behind 'System Shock', 'Thief' and 'Deus Ex' needed badly a new project out of the Eidos umbrella. Let's hope they don't destroy the Source engine the way they did with the Unreal engine in Thief III and Deus Ex II (well, at least Thief III was rather good).
Anyone that has played Thief sure remember the haunts mumbling "Flames, nothing but flames, burning my flesh..." in the cathedral level. Not only that, when you disturbed them, they started shouting "Join us!! Join us now!!!".
Try to stand calm in a corner of a room with four of those haunts in "search-mode". Eric Brosius, the sound designer, did a fantastic job with Thief and System Shock 2, other of my favourites. Also very scary.
Those two, Thief and System Shock 2, should definitely be topping the list of the scariest games ever made. Weird none of those designers even mention them.
The craddle level in Thief 3 was "good" too... Just my two cents.
Disabling unwanted services, intalling all the patches and having a good anti-virus, (correctly configured) firewall and anti-spyware kept me safe during years. Don't need SP2 if it doesn't add nothing useful (winfirewall is crap, and security control center, blah...) and limit my internet connection (raw sockets off and TCP connection limit). I think that a smart user keeps a better security track record than a normal user with SP2. Let's face it, SP2 doesn't add much to security, maybe 'Execute Disable' bit for buffer overruns.
Sorry, but would you add an 'upgrade' that disables some parts of your car (raw sockets) and make you drive slower? (TCP connection limited to 10 open connections) Plus add another junk like windows firewall... My SP1 is up to date in patches and running fine. There are more drivers killed by SP2 than SP1. Ask yourself why a lot of business didn't make jump to SP2 when it was 'offered' by MS. And about 'random'... sorry, but my computer has not been rebooted (by me) in weeks, and it's XP. Also I don't remember any random reboot or BSOD. Maybe is that I have a CS degree and know what i'm doing.
1) It's not FUD. Zotob.A it's already in the wild, if everyone had SP2 it shouldn't, right?. 2) There are a lot of windows systems out there that are not XP SP2. I have XP SP1 and i'm not going to get that.. 'upgrade' (but I have all the patches including the one mentioned in the article, so I'm safe).
Of all the features of Vista this was the only one I didn't like, a powerful script system easy to program and with access to all the system, 'ideal for sysadmins'. It's like putting a big sign that says 'hack meeee!!! hack me hard!!!'. Let's face it, Microsoft it's not good at all when it comes to security. If all that hard work in Monad could have been spent in making a CSS compliant IE... what a shame. Promise a revolution, then deliver XP service pack 3.
P.D: I only ask one thing to Microsoft, please make Monad easy to disable if in the future it's included in a service pack. And don't use it for critical things like updates or whatever...
Btw, for the next windows use the codename 'Empty Shell' to be closer to the truth.
Sorry, but I won't give my bandwidth to other people just to help media companies. If I do, I will leverage their annual costs for bandwidth but get no benefit. Remember 'Steam' from VALVe?, yeah, internet distribution will make games cheaper. (rolleyes) Where!!? When!!? Not again. There must be a real compensation to the users. Not only to the companies.
This wasn't how Brad Pitt and Morgan Freman discovered John Doe's apartment in seven? looking at library records? Those goverment people watch a lot of movies, better watch over 'Blockbuster' records to find who they are... sweet vengeance.
This attack is not related to the size of the hash, but rather to an error in the algorithm that allows you to compute two blocks with identical hashes easily.
I did not say anything about hash size. The article says that _first_ one has to find random collisions for MD5 and in the case of high order SHA finding random collisions is, right now, almost impossible. With MD5 you can find a collision in a few hours with a normal PC. So it's not that it just produces a bigger hash, it has nothing to do with that.
I don't know the design of SHA-256, but unless it altered significantly from SHA-1 I'd expect to see an attack against it along these lines in the next 2-3 years
SHA is a family of functions, all of them different (different constants and functions) but based in MD4 structure (except SHA-224 and SHA-384, obtained from truncating SHA-256 and SHA-512) so what applies to SHA-1 it's probably not true for the rest of the family. Even if they share the same 'structure' the problem is still 'to find collisions'. Finding collisions in SHA-1 and SHA-256 requieres a very different approach.
A new design *is* required to fix this problem.
No, it's not. The problem now is that it's easy to find collisions in MD5 because it's now a weak algorithm with only 64 rounds. SHA-1 has 80 rounds and still no one has found a real method to find collisions in SHA-1, only partial attacks with a 40 round SHA-1. The article says thay 'once you've found collisions...'.
(Tiger) was certainly designed to be resistant to the family of attacks currently being used on MD5 and SHA1
Tiger is based in another 'structure' so MD5 and SHA-1 attacks doesn't even apply to Tiger.
A new competition would be good
I still think that it's not a good idea. We have a lot of hash funcions (most of them are unbroken), some of them are 'standards', changing the whole thing would only be a complete mess.
but almost. MD5 it's obsolete now and SHA-1 have been phased out. While things like this demonstrate some "probable but yet to be seen" attacks and in theory are good to see the weak spot of this kind of hash functions, the fact is that by now every serious cryto soft must be using high order sha, like SHA-256 or SHA-512 or stronger has functions like Tiger or Whirpool. There is no real threat. Some people said here in/. that Schneier wants a new competion, well, that's good, but not really necessary as SHA was designed with this kind of problems in mind (every hash funcion has collisions, you can't avoid that) that's why there are high order SHA funtions.
While I and probably every other PC user on earth are trying to reduce power usage and noise, this guy go the exact opposite. Weird. But, it's probably the perfect case for a dual intel p4.;-)
Well, booting from the windows cd and using the admin tools didn't help. Also another supposedly "powerful" third party tools couldn't. So yes, I think something really fucked up the partition. I knew about another copy of the MFT, but was in the same useless state as the first (or so the programs said), go figure. Nothing happened with the hard disk, I'm using it right now.
Fortunately I had a backup of the important data and a lot of patience to reinstall everything.
I don't care if it's blue or red, I don't want to see another one in my entire life.
Well, actually Microsoft should care what people use, specially if Mozilla and Firefox are the cause of IE decline. And I use PNG for every graphic in my website AND some of them have transparent backgrounds, if you want to make them "compatible" with IE you have to tweak the PNG with TweakPNG . Take a look. Actually you can't make it transparent, but can set the background color to match the color of your background. They'll be transparent in Mozilla and color-match in IE.
"Implementing transparency support for PNG images required a significant amount of modification to the image decoding and display pipeline in IE along with a significant amount of new functionality added to the PNG decoder."
also known as...
"we fixed the fucking PNG transparency 'bug' in IE, so stop whinning and kiss our asses."
Too late Microsoft, I switched to the Mozilla suite loooong time ago...
AFAIK when you decompress a file the "on-access" antivirus should catch it first. Most resident antivirus have an option to scan files on creation and on access, so it's not really a big problem. Some antivirus like Kaspersky scan even the RAR if you put the resident scanner to scan ALL files. And if you try to execute a file inside a RAR with programs like WinRAR it first creates the file in the windows temporal directory (C:\Windows\temp) prior to execution, and that leads to my first point, the scanner should get it first.
I really think there's nothing to worry with this, just be sure that your antivirus has the latest signature update.
Really, with Ion closed, Amy Hennig of Crystal Dynamics gone, and Warren Spector "missing in action", the future of both "Legacy Of Kain" and "Thief" franchises is uncertain. I don't know what's happenning inside Eidos, but from around two years they've been making wrong moves, one after another... They've earned the title of the worst MIB in the whole industry.
In that case you will be doing the same i'm doing NOW with my two computers, one of them don't even has a monitor, only a HD, CD-Burner, printer, Ethernet and a keyboard (just to boot, because I control it with TightVNC, boots without monitor but won't boot without a keyboard). I'm talking about a second hand 95$ computer, Pentium III 733. Anyone can made a cheap setup like mine, and do the same thing you're telling. You don't have to pay for new memory, motherboard and CPU to do that kind of things.
The reason for multiple cores is to take advantage of concurrency, but there are a few programs that can exploit that now. Because almost all programs are single-threaded. So, you don't really have a point here. There's no reason to buy a multiple-core cpu until programmers start to release software that can take advantage of that.
Slashdot Mirror
The man behind 'System Shock', 'Thief' and 'Deus Ex' needed badly a new project out of the Eidos umbrella. Let's hope they don't destroy the Source engine the way they did with the Unreal engine in Thief III and Deus Ex II (well, at least Thief III was rather good).
Anyone that has played Thief sure remember the haunts mumbling "Flames, nothing but flames, burning my flesh..." in the cathedral level. Not only that, when you disturbed them, they started shouting "Join us!! Join us now!!!".
Try to stand calm in a corner of a room with four of those haunts in "search-mode". Eric Brosius, the sound designer, did a fantastic job with Thief and System Shock 2, other of my favourites. Also very scary.
Those two, Thief and System Shock 2, should definitely be topping the list of the scariest games ever made. Weird none of those designers even mention them.
The craddle level in Thief 3 was "good" too...
Just my two cents.
Disabling unwanted services, intalling all the patches and having a good anti-virus, (correctly configured) firewall and anti-spyware kept me safe during years. Don't need SP2 if it doesn't add nothing useful (winfirewall is crap, and security control center, blah...) and limit my internet connection (raw sockets off and TCP connection limit).
I think that a smart user keeps a better security track record than a normal user with SP2. Let's face it, SP2 doesn't add much to security, maybe 'Execute Disable' bit for buffer overruns.
Sorry, but would you add an 'upgrade' that disables some parts of your car (raw sockets) and make you drive slower? (TCP connection limited to 10 open connections) Plus add another junk like windows firewall... My SP1 is up to date in patches and running fine. There are more drivers killed by SP2 than SP1. Ask yourself why a lot of business didn't make jump to SP2 when it was 'offered' by MS.
And about 'random'... sorry, but my computer has not been rebooted (by me) in weeks, and it's XP. Also I don't remember any random reboot or BSOD. Maybe is that I have a CS degree and know what i'm doing.
Wrong
1) It's not FUD. Zotob.A it's already in the wild, if everyone had SP2 it shouldn't, right?.
2) There are a lot of windows systems out there that are not XP SP2. I have XP SP1 and i'm not going to get that.. 'upgrade' (but I have all the patches including the one mentioned in the article, so I'm safe).
Of all the features of Vista this was the only one I didn't like, a powerful script system easy to program and with access to all the system, 'ideal for sysadmins'. It's like putting a big sign that says 'hack meeee!!! hack me hard!!!'. Let's face it, Microsoft it's not good at all when it comes to security. If all that hard work in Monad could have been spent in making a CSS compliant IE... what a shame. Promise a revolution, then deliver XP service pack 3.
P.D: I only ask one thing to Microsoft, please make Monad easy to disable if in the future it's included in a service pack. And don't use it for critical things like updates or whatever...
Btw, for the next windows use the codename 'Empty Shell' to be closer to the truth.
Sorry, but I won't give my bandwidth to other people just to help media companies. If I do, I will leverage their annual costs for bandwidth but get no benefit. Remember 'Steam' from VALVe?, yeah, internet distribution will make games cheaper. (rolleyes) Where!!? When!!?
Not again. There must be a real compensation to the users. Not only to the companies.
Well, you could do it, but now it's only prior art.
100 million suspects.
Hand up! Also it taked ages to encode a song in my old pentium 90. Ahhh.. the old days...
I can see the original post and the dupe in the front page at the same time!!! Woaaa! This time you really have raised the bar for future dupes!
This wasn't how Brad Pitt and Morgan Freman discovered John Doe's apartment in seven? looking at library records?
Those goverment people watch a lot of movies, better watch over 'Blockbuster' records to find who they are... sweet vengeance.
This attack is not related to the size of the hash, but rather to an error in the algorithm that allows you to compute two blocks with identical hashes easily.
I did not say anything about hash size. The article says that _first_ one has to find random collisions for MD5 and in the case of high order SHA finding random collisions is, right now, almost impossible. With MD5 you can find a collision in a few hours with a normal PC. So it's not that it just produces a bigger hash, it has nothing to do with that.
I don't know the design of SHA-256, but unless it altered significantly from SHA-1 I'd expect to see an attack against it along these lines in the next 2-3 years
SHA is a family of functions, all of them different (different constants and functions) but based in MD4 structure (except SHA-224 and SHA-384, obtained from truncating SHA-256 and SHA-512) so what applies to SHA-1 it's probably not true for the rest of the family. Even if they share the same 'structure' the problem is still 'to find collisions'. Finding collisions in SHA-1 and SHA-256 requieres a very different approach.
A new design *is* required to fix this problem.
No, it's not. The problem now is that it's easy to find collisions in MD5 because it's now a weak algorithm with only 64 rounds. SHA-1 has 80 rounds and still no one has found a real method to find collisions in SHA-1, only partial attacks with a 40 round SHA-1. The article says thay 'once you've found collisions...'.
(Tiger) was certainly designed to be resistant to the family of attacks currently being used on MD5 and SHA1
Tiger is based in another 'structure' so MD5 and SHA-1 attacks doesn't even apply to Tiger.
A new competition would be good
I still think that it's not a good idea. We have a lot of hash funcions (most of them are unbroken), some of them are 'standards', changing the whole thing would only be a complete mess.
Users announce publicly that "Users Will Not Be In Longhorn"...
It seems that next-gen windows is not next-gen after all. What's left? "Windows graphics foundation v2.0" and ".NET"?
but almost. MD5 it's obsolete now and SHA-1 have been phased out. While things like this demonstrate some "probable but yet to be seen" attacks and in theory are good to see the weak spot of this kind of hash functions, the fact is that by now every serious cryto soft must be using high order sha, like SHA-256 or SHA-512 or stronger has functions like Tiger or Whirpool. There is no real threat. Some people said here in /. that Schneier wants a new competion, well, that's good, but not really necessary as SHA was designed with this kind of problems in mind (every hash funcion has collisions, you can't avoid that) that's why there are high order SHA funtions.
While I and probably every other PC user on earth are trying to reduce power usage and noise, this guy go the exact opposite. Weird. But, it's probably the perfect case for a dual intel p4. ;-)
Well, booting from the windows cd and using the admin tools didn't help. Also another supposedly "powerful" third party tools couldn't. So yes, I think something really fucked up the partition. I knew about another copy of the MFT, but was in the same useless state as the first (or so the programs said), go figure. Nothing happened with the hard disk, I'm using it right now.
Fortunately I had a backup of the important data and a lot of patience to reinstall everything.
I don't care if it's blue or red, I don't want to see another one in my entire life.
...fucked the MFT (master file table) of my windows partition and I lost everything. I can't imagine what a 'really bad errors' RSOD will make.
I can imagine it, instead printing really useless data about the error, it will say:
Owned!
Well, actually Microsoft should care what people use, specially if Mozilla and Firefox are the cause of IE decline. And I use PNG for every graphic in my website AND some of them have transparent backgrounds, if you want to make them "compatible" with IE you have to tweak the PNG with TweakPNG . Take a look. Actually you can't make it transparent, but can set the background color to match the color of your background. They'll be transparent in Mozilla and color-match in IE.
Ok? Smart-ass....
"Implementing transparency support for PNG images required a significant amount of modification to the image decoding and display pipeline in IE along with a significant amount of new functionality added to the PNG decoder."
also known as...
"we fixed the fucking PNG transparency 'bug' in IE, so stop whinning and kiss our asses."
Too late Microsoft, I switched to the Mozilla suite loooong time ago...
AFAIK when you decompress a file the "on-access" antivirus should catch it first. Most resident antivirus have an option to scan files on creation and on access, so it's not really a big problem. Some antivirus like Kaspersky scan even the RAR if you put the resident scanner to scan ALL files.
And if you try to execute a file inside a RAR with programs like WinRAR it first creates the file in the windows temporal directory (C:\Windows\temp) prior to execution, and that leads to my first point, the scanner should get it first.
I really think there's nothing to worry with this, just be sure that your antivirus has the latest signature update.
Really, with Ion closed, Amy Hennig of Crystal Dynamics gone, and Warren Spector "missing in action", the future of both "Legacy Of Kain" and "Thief" franchises is uncertain. I don't know what's happenning inside Eidos, but from around two years they've been making wrong moves, one after another... They've earned the title of the worst MIB in the whole industry.
ahhh... the good old times...
I mean, this is supposed to be "Stuff that matters"?
In that case you will be doing the same i'm doing NOW with my two computers, one of them don't even has a monitor, only a HD, CD-Burner, printer, Ethernet and a keyboard (just to boot, because I control it with TightVNC, boots without monitor but won't boot without a keyboard). I'm talking about a second hand 95$ computer, Pentium III 733. Anyone can made a cheap setup like mine, and do the same thing you're telling. You don't have to pay for new memory, motherboard and CPU to do that kind of things.
The reason for multiple cores is to take advantage of concurrency, but there are a few programs that can exploit that now. Because almost all programs are single-threaded. So, you don't really have a point here. There's no reason to buy a multiple-core cpu until programmers start to release software that can take advantage of that.