This is just proof that you can put any sort of crap to great music such as John Williams and make it look interesting. How many movies has he saved, anyway?
Says one who has never had a life ending event....;)
Re:From the last Slashdot article and FYI:
on
Revisiting DIY HERF Guns
·
· Score: 2, Informative
but sometimes a person will pull into the left lane and either maintain the same speed as the right lane (two-lane scenario, for simplification), or so minimally faster that it will take several miles before they pass the car on their right.
Just so you know, this is illegal in Kansas, as of July 1st. They will be issuing warnings for a year, and then start ticketing.
No you don't have to send it back, but a MITM attack could still sniff passwords. PAP can store passwords salted, yes. The problem I ran into was that the people running the modems said, CHAP, nothing else. That requires plaintext at the radius server.
I'm suspecting sleep apnea for myself. Sleepiness, brain fog, slow thinking, lack of willpower, even mild depression... all can be caused by it. I'm seeing a doctor about it next week. I wonder if it ties into Alzheimer's now. My grandfather had both.
The only reason for CHAP to exist is so that you can avoid sending the password in plaintext over an unencrypted channel. Proper encryption fixes that problem without introducing the greater problem of requiring plaintext password storage.
True, the better solution would be to use PAP over a VPN or SSL tunnel, but have fun convincing the large telcos or modem concentrators to do that. We were given no other option than CHAP.
I think that was about the time I began to lose interest in sysadmin and network admin stuff.
I can't believe this still happens. They shouldn't even be storing the passwords anywhere, even in their primary database, much less an Excel spreadsheet. Use a one was hash with salt, folks!
While having it in an excel document is unexusable, there is a real reason why password are stored as plain text, and I hated it as a sysadmin. Look up CHAP vs PAP authentication... Basically, PAP sends the password in plain text across the wire from the modem server to the radius server, which can then look up the salt, hash it, and then verify the password.
However, since this means sending passwords in the clear, most modem concentrators (most ISP's resell for a handful of large telcos that operate the modems nowdays) prefer to use CHAP, which hashes the password with something at the terminal server and sends both to the radius server. In order for the radius server to authenticate the session, it must have access to the original plain text to hash with the provided salt. Thus, the ISP must store all passwords in plaintext somewhere.
That said, it should be stored in a hardened and dedicated server that only handles the storage (sql or ldap) and the radius server. Any billing interaction should only be to update the password, never to read. And it should never be put into a excel or word doc!
My problem is that I cannot seem to set defaults for files without an extension. Some perl scripts for example that look like commands, leave off the.pl extension. My mac wants to execute them instead of opening them in a text editor.
Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.
If you think that, please don't go into the security industry. The greatest threat to a corporate network is from you local network and "trusted" users. This bug just makes it easier.
What SMB problems? My MBP connects just fine to all te shared drives around, and when I connect to a new network, it shows all the available shares very quickly.
Compare that to a XP install that repeatedly tells me that "I don't have the necessary permissions" to view the public, no password share.
Thank you for that, and I would also like to ask, where is a picture of the supposed false alarm? Wouldn't the article be more informative if they had included that? I'm curious to know how it could even look the same.
Slashdot Mirror
This is just proof that you can put any sort of crap to great music such as John Williams and make it look interesting. How many movies has he saved, anyway?
Says one who has never had a life ending event.... ;)
but sometimes a person will pull into the left lane and either maintain the same speed as the right lane (two-lane scenario, for simplification), or so minimally faster that it will take several miles before they pass the car on their right.
Just so you know, this is illegal in Kansas, as of July 1st. They will be issuing warnings for a year, and then start ticketing.
No you don't have to send it back, but a MITM attack could still sniff passwords. PAP can store passwords salted, yes. The problem I ran into was that the people running the modems said, CHAP, nothing else. That requires plaintext at the radius server.
I'm suspecting sleep apnea for myself. Sleepiness, brain fog, slow thinking, lack of willpower, even mild depression... all can be caused by it. I'm seeing a doctor about it next week. I wonder if it ties into Alzheimer's now. My grandfather had both.
That's almost exactly my experience with Bell here in Kansas. :(
The only reason for CHAP to exist is so that you can avoid sending the password in plaintext over an unencrypted channel. Proper encryption fixes that problem without introducing the greater problem of requiring plaintext password storage.
True, the better solution would be to use PAP over a VPN or SSL tunnel, but have fun convincing the large telcos or modem concentrators to do that. We were given no other option than CHAP.
I think that was about the time I began to lose interest in sysadmin and network admin stuff.
Most isp's have just one password for the account.
That would require a user to know two passwords, which is 2 more than they are capable or remembering.
With CHAP or PAP?
Unfortunately, that's not the case. CHAP authentication requires cleartext passwords to be stored. See my other post
Yes, really. It's called CHAP authentication, and it requires plain text passwords. see my other post
I can't believe this still happens. They shouldn't even be storing the passwords anywhere, even in their primary database, much less an Excel spreadsheet. Use a one was hash with salt, folks!
While having it in an excel document is unexusable, there is a real reason why password are stored as plain text, and I hated it as a sysadmin. Look up CHAP vs PAP authentication... Basically, PAP sends the password in plain text across the wire from the modem server to the radius server, which can then look up the salt, hash it, and then verify the password.
However, since this means sending passwords in the clear, most modem concentrators (most ISP's resell for a handful of large telcos that operate the modems nowdays) prefer to use CHAP, which hashes the password with something at the terminal server and sends both to the radius server. In order for the radius server to authenticate the session, it must have access to the original plain text to hash with the provided salt. Thus, the ISP must store all passwords in plaintext somewhere.
That said, it should be stored in a hardened and dedicated server that only handles the storage (sql or ldap) and the radius server. Any billing interaction should only be to update the password, never to read. And it should never be put into a excel or word doc!
...new website was using Java on the backend or something. .... Does your product work reliably?
See.... the answer to that *was* in the ad. :P
Yes I jest. Maybe...
My problem is that I cannot seem to set defaults for files without an extension. Some perl scripts for example that look like commands, leave off the .pl extension. My mac wants to execute them instead of opening them in a text editor.
Agreed -- it IS rather bad, but generally speaking you're not expecting attacks from inside your LAN. As Windows vulnerabilities go, this isn't horrible in a practical sense.
If you think that, please don't go into the security industry. The greatest threat to a corporate network is from you local network and "trusted" users. This bug just makes it easier.
What SMB problems? My MBP connects just fine to all te shared drives around, and when I connect to a new network, it shows all the available shares very quickly.
Compare that to a XP install that repeatedly tells me that "I don't have the necessary permissions" to view the public, no password share.
Turn off the lights in the hold as you transport, and the shipping is free!
All of a sudden, they'll be expected to shut up, sit still, and listen for hours to a boring instructor with his whiteboard and PowerPoint slides.
erm, if I homeschooled my kids, that would not be much of a change.... *sigh*
Best troll I've seen in a long time... ;)
But anyone in that position knows that those assurances aren't worth the air breathed to utter them.
And the lack of those assurances at any value says even more. No wonder they jumped.
If you're really going to be that pedantic, Goose is a fictional character and is not alive, and therefore can never die.
Are we done yet? ;)
Thank you for that, and I would also like to ask, where is a picture of the supposed false alarm? Wouldn't the article be more informative if they had included that? I'm curious to know how it could even look the same.
Well, if he wasn't the original, then they remembered to shop the hand in the first but not the second... talk about mixed race.... lol
If MS is doing this, it isn't part of standard XML, AFAIK.
Let me say it again: This patent isn't about XML, SGML, CSS, etc. It's pretty specific,
It's an index. maybe a precompiled parse tree. Hardly innovative.