I disagree. It's really easy to increase key sizes (2048-bit, 4096-bit...) making brute forcing exponentially harder. Adding more GPUs in linear, same as increased speed.
Weak encryption (e.g. 512-bit RSA) can be cracked, and 1024-bit in theory (last I heard), but 2048-bit is still in the "not in the forseeable future".
The only way to change this is to create better algorithms, not faster hardware.
2009-2010: 0 of 68 passed (of course, this one just got started) 2007-2008: 2 of 66 passed 2005-2006: 5 of 54 passed 2003-2004: 14 of 63 passed 2001-2002: 2 of 29 passed
I don't think this bill has much chance of passing.
As many other posters have pointed out, this is not real 3D. If it were, I would be able to move to the side and look *behind* the characters in the show. Such information simply isn't there, and can't be faked. They can play games like with the colored glasses, but that's about it.
Now, if they could convert some of these movies to make them GOOD, that would be something.
I did a little writeup on this kind of thing a while back. Since all of the major browsers support a "proxy autoconfiguration" file, you simply a flat file on some server that returns a non-existent proxy address for URLs that you want to "block". So you don't need to use Opera's, just have someone run such a service and point your autoconfig there. A general "URL/IP Blacklist" could easily be built into browsers (as I'm sure there's a Firefox extension around for it).
On the other hand, I think it's nice that banks that I've never even heard of are nice enough to find me and let me know that my account needs to be reset. Now I'll have a place to put the $50M that I'm getting for helping the Prince of Nigeria!
You had a floppy drive spray fire? That's frickin' cool! Could you have it do it whenever you wanted? Seriously, you have this girl over, you want to impress her with the size of your hard drive or something -- she's not impressed, wants to go home -- then, just when she walks by your computer SHHHHHHHH!!! like out of a Godzilla movie (or Shadowgate), she gets sprayed with fire! I bet, after she recovered, she'd want a second date with such a 'dangerous' guy.
Obviously the preceeding story is fictional. No girl would have been over. It would have likely been your mom, who would have grounded you and taken away your 2400 baud modem for your crazy stunt.
1. MD5 is weak/broken. No MD5. Erase it from your vocabulary. Replace it with SHA-256 or better. 2. How many SSNs are there? At max, 1 billion (assuming they go 000-00-0000 to 999-99-9999). A reverse lookup directory of 1 billion 256-bit hashes would take around 36 gigabytes of disk space (if my math is correct). 3. If you add salt to it, then the salt becomes a secret key to the routine. Lose that key, and someone can re-create the lookup in a matter of hours (minutes?).
Really, you want to just create a unique identifier that doesn't mean anything else. SSN should be in a secured table somewhere ELSE that you'd join to if you needed it. Even better, SSN should be reserved for government use ONLY, but that's anotehr story.
My Response (I know you want to read it!)
on
Windows vs Mac Security
·
· Score: 2, Informative
Interesting read. I agree with most of his points, with comments on the following:
Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32 Most, if not all of the files can be identified through a simple Google search. It doesn't get Microsoft off the hook -- they should provide proper documentation, but such information is available.
Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage. Not all software. User-level installations should be possibly to non-restricted directories.
Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid. TCPView. Now you have it. And since Microsoft now owns Sysinternals, I guess they have it too.
Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these. This is not really Microsoft's problem. If no one can remember the features of the OS, it's their fault when they overlook them.
Apple's daemons have man pages, and third parties are duty-bound to provide the same. Admins also expect to be able to run daemons, with verbose reporting, in a shell for testing. Duty-bound? Sure, they probably all provide them because that's what everyone else does, but most Windows applications include a help file too.
Launchd can tripwire directories so that if they're altered unexpectedly, launchd triggers a response. I believe TripWire exists for Windows too.
The UNIX/POSIX API, standard command-line tools and open source tools leave malware unable to hide from a competent OS X administrator. It takes a new UNIX programmer longer to choose an editor than it does to write a console app that walks the process tree listing privileged processes. Finding the owners of open TCP/UDP ports or open files is similarly trivial. The "system" is not opaque. I may be wrong here, but aren't their other ways of injecting malware into a system than setting it up as a detectable process? I know on Windows machines there are a number of ways to get around a process walk -- does the same thing exist in *nix?
This article generated quite a few e-mails from readers who were perplexed or flat out could not believe the universe was just 13.7 billion years old yet 158 billion light-years wide. That suggests the speed of light has been exceeded, they argue. So SPACE.com asked Neil Cornish to explain further. Here is his response:
"The problem is that funny things happen in general relativity which appear to violate special relativity (nothing traveling faster than the speed of light and all that).
"Let's go back to Hubble's observation that distant galaxies appear to be moving away from us, and the more distant the galaxy, the faster it appears to move away. The constant of proportionality in that relationship is known as Hubble's constant.
"One seemingly paradoxical consequence of Hubble's observation is that galaxies sufficiently far away will be receding from us at a velocity faster than the speed of light. This distance is called the Hubble radius, and is commonly referred to as the horizon in analogy with a black hole horizon.
"In terms of special relativity, Hubble's law appears to be a paradox. But in general relativity we interpret the apparent recession as being due to space expanding (the old raisins in a rising fruit loaf analogy). The galaxies themselves are not moving through space (at least not very much), but the space itself is growing so they appear to be moving apart. There is nothing in special or general relativity to prevent this apparent velocity from exceeding the speed of light. No faster-than-light signals can be sent via this mechanism, and it does not lead to any paradoxes.
"Indeed, the WMAP data [on cosmic microwave background radiation] contain strong evidence that the very early universe underwent a period of accelerated expansion in which the distance been two points increased so quickly that light could not outrace the expansion so there was a true horizon -- in precise analogy with a black hole horizon. Indeed, the fluctuations we see in the CMB are thought to be generated by a process that is closely analogous to Hawking radiation from black holes.
"Even more amazing is the picture that emerges when you combine the WMAP data with [supernova] observations, which imply that the universe has started inflating again. If this is true, we have started to move away from the distant galaxies at a rate that is increasing, and in the future we will not be able to see as many galaxies as they will appear to be moving away from us faster than the speed of light (due to the expansion of space), so their light will not be able to reach us."
I've had the Samsung ML-1740 for a few years now. Only needed to replace the toner once. Crystal-clear printing (b&w) (no color -- who really needs that?). Toner is around $80. Expect to find the printer on sale for $99 at your local electronics megastore, or $149 regularly.
I've gone through (no joke) about 10 different [ink|bubble|dot-matrix] printers and the Samsung printer is MUCH better than anything else. Even the more expensive Lexmark laser printers don't have anything on Samsung.
Oh, but this is for home use. For office use, it's a bit slow.
Best thing about it? You don't need to install any crazy drivers. Just plain vanilla Windows print screens. Nothing that talks to you while it's printing or stays eternally in your tray.
I always have the same problem with my chain mail. Great against long swords, terrible against daggers and scimitar thrusts.
Still, I think this is way cool. Hell, paint it right on your skin and start a fight with somebody. Did you see the way that bullet bounced off the goo? Superman had this technology years ago, but now the army's got it. Hooray Science!
Didn't the Chinese government try this with Google? What's to prevent (other than the law) from having a thousand "myspace" proxies set up on other sites? Are they planning to content filter? Something in the browser? A guy with a big stick (no pun indended) standing near the computer, waiting for you to go to/.?
Seriously, this is messed up. I can see blocking pr0n, etc from public terminals, but Amazon?
Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.
More evil uses:
* Dump their usernames and passwords? (be creative... \d{3}-\d{2}-\d{4})
* Read their e-mail
* Steal their session cookies! (YAY!)
* Send those IRC transcripts to their significant others
Sure, you could be content with making all of their images progressively more fuzzy, eliminating every 300th character that comes across, or inserting ", dammit!" at the end of every other sentence. You could even insert an image tag inside of HTML to add your own advertisements to every web page they visit, or make them pay to continue to use the service. The possibilities are endless!
This is the problem with free/anonymous access points.
Of course, if they VPNed through, you wouldn't be able to do anything except for drop/add packets to the encrypted stream (no fun).
Slashdot Mirror
I disagree. It's really easy to increase key sizes (2048-bit, 4096-bit...) making brute forcing exponentially harder. Adding more GPUs in linear, same as increased speed.
Weak encryption (e.g. 512-bit RSA) can be cracked, and 1024-bit in theory (last I heard), but 2048-bit is still in the "not in the forseeable future".
The only way to change this is to create better algorithms, not faster hardware.
http://pv.fernuni-hagen.de/docs/fechnerb_attack.pdf
Out there in the universe is a silicon based civilization...
Are you referring to the Horta?
I still think Eliza is a real person.
You should probably check out some of the open source static analysis tools:
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
I wrote one that deals mostly with web applications:
http://www.yasca.org/
You should also get your hands on Acunetix Free Edition, which scans for XSS:
http://www.acunetix.com/cross-site-scripting/scanner.htm
Also grab yourself a copy of Software Security by Gary McGraw and Secure Programming with Static Analyis by Brian Chess and Jacob West.
Finally, if you want to outsource an assessment on the cheap (really), send me an e-mail.
You can view Senator Ford's bill records at: http://www.scstatehouse.gov/members/bios/0606818109.html
2009-2010: 0 of 68 passed (of course, this one just got started)
2007-2008: 2 of 66 passed
2005-2006: 5 of 54 passed
2003-2004: 14 of 63 passed
2001-2002: 2 of 29 passed
I don't think this bill has much chance of passing.
I thought Kirk shut down this machine already.
As many other posters have pointed out, this is not real 3D. If it were, I would be able to move to the side and look *behind* the characters in the show. Such information simply isn't there, and can't be faked. They can play games like with the colored glasses, but that's about it.
Now, if they could convert some of these movies to make them GOOD, that would be something.
I don't use pine, so I don't have any use for patches, but I've put up a mirror: http://archives.scovetta.com/pub/mirrors/pine_patc hes/.
I did a little writeup on this kind of thing a while back. Since all of the major browsers support a "proxy autoconfiguration" file, you simply a flat file on some server that returns a non-existent proxy address for URLs that you want to "block". So you don't need to use Opera's, just have someone run such a service and point your autoconfig there. A general "URL/IP Blacklist" could easily be built into browsers (as I'm sure there's a Firefox extension around for it).
On the other hand, I think it's nice that banks that I've never even heard of are nice enough to find me and let me know that my account needs to be reset. Now I'll have a place to put the $50M that I'm getting for helping the Prince of Nigeria!
Hell, hire me and I'll make all that lost productivity go away.
And you'd only charge them $1.9 billion for it! They could say that they're saving $100 million!!
I'd probably undercut you for maybe $1.7 billion, though.
There's a 'select' between the A and the Start.
You should go back and play a couple hundred more hours of Contra (or Life Force).
Dude, make up your mind!
and a floppy drive spray fire...
You had a floppy drive spray fire? That's frickin' cool! Could you have it do it whenever you wanted? Seriously, you have this girl over, you want to impress her with the size of your hard drive or something -- she's not impressed, wants to go home -- then, just when she walks by your computer SHHHHHHHH!!! like out of a Godzilla movie (or Shadowgate), she gets sprayed with fire! I bet, after she recovered, she'd want a second date with such a 'dangerous' guy.
Obviously the preceeding story is fictional. No girl would have been over. It would have likely been your mom, who would have grounded you and taken away your 2400 baud modem for your crazy stunt.
No!!!
1. MD5 is weak/broken. No MD5. Erase it from your vocabulary. Replace it with SHA-256 or better.
2. How many SSNs are there? At max, 1 billion (assuming they go 000-00-0000 to 999-99-9999). A reverse lookup directory of 1 billion 256-bit hashes would take around 36 gigabytes of disk space (if my math is correct).
3. If you add salt to it, then the salt becomes a secret key to the routine. Lose that key, and someone can re-create the lookup in a matter of hours (minutes?).
Really, you want to just create a unique identifier that doesn't mean anything else. SSN should be in a secured table somewhere ELSE that you'd join to if you needed it. Even better, SSN should be reserved for government use ONLY, but that's anotehr story.
Interesting read. I agree with most of his points, with comments on the following:
Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32
Most, if not all of the files can be identified through a simple Google search. It doesn't get Microsoft off the hook -- they should provide proper documentation, but such information is available.
Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage.
Not all software. User-level installations should be possibly to non-restricted directories.
Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid.
TCPView. Now you have it. And since Microsoft now owns Sysinternals, I guess they have it too.
Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these.
This is not really Microsoft's problem. If no one can remember the features of the OS, it's their fault when they overlook them.
Apple's daemons have man pages, and third parties are duty-bound to provide the same. Admins also expect to be able to run daemons, with verbose reporting, in a shell for testing.
Duty-bound? Sure, they probably all provide them because that's what everyone else does, but most Windows applications include a help file too.
Launchd can tripwire directories so that if they're altered unexpectedly, launchd triggers a response.
I believe TripWire exists for Windows too.
The UNIX/POSIX API, standard command-line tools and open source tools leave malware unable to hide from a competent OS X administrator. It takes a new UNIX programmer longer to choose an editor than it does to write a console app that walks the process tree listing privileged processes. Finding the owners of open TCP/UDP ports or open files is similarly trivial. The "system" is not opaque.
I may be wrong here, but aren't their other ways of injecting malware into a system than setting it up as a detectable process? I know on Windows machines there are a number of ways to get around a process walk -- does the same thing exist in *nix?
Oh my. I should have posted that anonymously.
My penance will be go to back and watch Star Wars 4 through 6 in a loop all weekend.
Can I re-apply for another Jedi card after?
TrueCrypt is your (our) only hope. They are Obi-Wan Kenobi.
I thought Luke was our (your) only hope, not Obi-Wan.
Whatever, dude -- I manipulated the bits on the hard disk with a little tiny magnet. Took forever to write out my term paper, and 'undo' was a bitch.
(from: http://www.space.com/scienceastronomy/mystery_mond ay_040524.html)
This article generated quite a few e-mails from readers who were perplexed or flat out could not believe the universe was just 13.7 billion years old yet 158 billion light-years wide. That suggests the speed of light has been exceeded, they argue. So SPACE.com asked Neil Cornish to explain further. Here is his response:
"The problem is that funny things happen in general relativity which appear to violate special relativity (nothing traveling faster than the speed of light and all that).
"Let's go back to Hubble's observation that distant galaxies appear to be moving away from us, and the more distant the galaxy, the faster it appears to move away. The constant of proportionality in that relationship is known as Hubble's constant.
"One seemingly paradoxical consequence of Hubble's observation is that galaxies sufficiently far away will be receding from us at a velocity faster than the speed of light. This distance is called the Hubble radius, and is commonly referred to as the horizon in analogy with a black hole horizon.
"In terms of special relativity, Hubble's law appears to be a paradox. But in general relativity we interpret the apparent recession as being due to space expanding (the old raisins in a rising fruit loaf analogy). The galaxies themselves are not moving through space (at least not very much), but the space itself is growing so they appear to be moving apart. There is nothing in special or general relativity to prevent this apparent velocity from exceeding the speed of light. No faster-than-light signals can be sent via this mechanism, and it does not lead to any paradoxes.
"Indeed, the WMAP data [on cosmic microwave background radiation] contain strong evidence that the very early universe underwent a period of accelerated expansion in which the distance been two points increased so quickly that light could not outrace the expansion so there was a true horizon -- in precise analogy with a black hole horizon. Indeed, the fluctuations we see in the CMB are thought to be generated by a process that is closely analogous to Hawking radiation from black holes.
"Even more amazing is the picture that emerges when you combine the WMAP data with [supernova] observations, which imply that the universe has started inflating again. If this is true, we have started to move away from the distant galaxies at a rate that is increasing, and in the future we will not be able to see as many galaxies as they will appear to be moving away from us faster than the speed of light (due to the expansion of space), so their light will not be able to reach us."
I've had the Samsung ML-1740 for a few years now. Only needed to replace the toner once. Crystal-clear printing (b&w) (no color -- who really needs that?). Toner is around $80. Expect to find the printer on sale for $99 at your local electronics megastore, or $149 regularly.
I've gone through (no joke) about 10 different [ink|bubble|dot-matrix] printers and the Samsung printer is MUCH better than anything else. Even the more expensive Lexmark laser printers don't have anything on Samsung.
Oh, but this is for home use. For office use, it's a bit slow.
Best thing about it? You don't need to install any crazy drivers. Just plain vanilla Windows print screens. Nothing that talks to you while it's printing or stays eternally in your tray.
Here is a ZDNet Review], my personal review, and their specifications.
ISO is nice because it sorts nicely:
2006-08-02 < 2007-07-07
I got used to it working with Peoplesoft and now it feels more natural than the oft-confusing 2/8/06 (8/2/06)?!
For visual dates, I'd like to see more "6 July 2005"-style, but we Americans would rather adopt the metric system than give up our date format.
I always have the same problem with my chain mail. Great against long swords, terrible against daggers and scimitar thrusts.
Still, I think this is way cool. Hell, paint it right on your skin and start a fight with somebody. Did you see the way that bullet bounced off the goo? Superman had this technology years ago, but now the army's got it. Hooray Science!
Didn't the Chinese government try this with Google? What's to prevent (other than the law) from having a thousand "myspace" proxies set up on other sites? Are they planning to content filter? Something in the browser? A guy with a big stick (no pun indended) standing near the computer, waiting for you to go to /.?
Seriously, this is messed up. I can see blocking pr0n, etc from public terminals, but Amazon?
Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.
More evil uses:
* Dump their usernames and passwords? (be creative... \d{3}-\d{2}-\d{4})
* Read their e-mail
* Steal their session cookies! (YAY!)
* Send those IRC transcripts to their significant others
Sure, you could be content with making all of their images progressively more fuzzy, eliminating every 300th character that comes across, or inserting ", dammit!" at the end of every other sentence. You could even insert an image tag inside of HTML to add your own advertisements to every web page they visit, or make them pay to continue to use the service. The possibilities are endless!
This is the problem with free/anonymous access points.
Of course, if they VPNed through, you wouldn't be able to do anything except for drop/add packets to the encrypted stream (no fun).