thereby generating the same keystream --- that is, when the same password is used to encrypt documents, which most likely will be the case. Who would want to make a new passphrase every time a document needed to be edited?
Still the point remains, if MS had implemented RC4 correctly, this would not be a problem.
no, it IS Microsoft encryption. Beware of Microsoft, not RC4 (arcfour) or RSA. RC4 is the same as it's always been, which is a quite secure 128-bit stream cipher, when implemented correctly.
What Microsoft manages to do is totally screw up the key handling. Specifically, MS Office keeps setting the "initialization vector" to the same value -- OVER and OVER -- thereby generating the same keystream.
This is not some obscure issue here, this is fundamental to any stream cipher algorithm, and public-key encryption in general.
What this is, is another prime example of MS employing developers and project managers who don't have a clue what they're doing, at least in the area of cryptography. Windows 95, for example, had a simple XOR function as its "encryption" scheme. ANY second-year computer science student knows better than that.
Now lets see if MS will actually take responsibility for it's mistake, or like the parent poster, blame it on the encryption algorithm which has been understood as basic cryptography for over 15 years.
You're much more likely to have your identity stolen offline (72% of the cases)
yeah, thats true if youre one of the 72% of americans who rely on paper statements for your financial accounts.
But if you're one of the 28% of americans who make financial transactions online, well, then...
you more or less have equal probability to have your identity stolen WHETHER OR NOT you use paper or electronic transactions.
The manner in which you REDUCE your likelihood to have your identity stolen, is directly related to the amount of security preventions used when dealing with your finanacial transactions and records thereof.
man who'd have thought our federal government was so clueless.
keep your.WMV files for the windows users, in a prominent position, since 93% of your visitors should be clicking this.
but add a *secondary* link, with a basic.MPG for your 7% non-windows users, in a not-so-prominent position.
This way, Grampa Charlie can point and click on the WMV files without having to call tech support, and the Linux/Mac/etc. users can view the MPG any way they feel like, and not have to install yet another media player.
so yeah maybe standard MPEG-1 files have poor compression, but they work well, and only 7% of the people should be using these links
it's called metaphorical comparison. It's an abstract logical tool.
But don't worry, Luca. In your late teens and early 20's, your brain will physiologically be more able to handle abstract concepts, and you will have to rely on concrete expressions less often.
all you people screaming about parasite lawyers and such, need to step back a second.
the law has to protect individuals and corporations against slander, and give recourse to those who would be damaged by false attacks.
you can't have your cake and eat it too. the law has to apply to everyone equally. Okay, so technically Atriks are spammers. But are they outside the law, as it's written?. thats a whole different accusation which needs to be evaluated.
the point is this guy (according to the article) called their CEO a "criminal". thats a big accusation there. sounds like this guy didnt know when to stop. apparently he posted a bunch of rants on various websites.
If he was just "complaining to ISPs" he wouldnt need a lawyer. But calling a CEO and his well financed business a "criminal", "spam gang", etc. on prominent websites... thats gonna require some good legal defense.
but no matter, he got his PayPal donation site/.ed thats a score any way you look at it.
i was 9 or 10, and my first real computer (as in not one that used the TV) was my friend's dad's computer.
first thing we found was his pr0n. It was printout lenghtwise across 7 or 8 pages of that computer paper with the perforated holes along each edge, and green and white stripes... in ASCII characters so that if you stood back, you could see this nude lady standing in full frontal.
wow!
then I found the "Star Trek" game that printed in ASCII on screen, and you were a little asterisk that got chased around the "galaxy" by klingon ships and whatnot. text based battles, basically you had to keep your shield % up and not let your weapons overheat.
i printed out the source code (along with the pr0n) and took it home with me. I tried to "port" it to my friends TRS-80, but never got very far.
my parents didnt see the value of computers then, and i wasnt motivated enough to fight them to get me one. so i just goofed off on friends computers trying to write D&D text adventures, but mostly just generated a plethora of characters that never got used.
Slashdot Mirror
sorry, one clarification to the above:
thereby generating the same keystream --- that is, when the same password is used to encrypt documents, which most likely will be the case. Who would want to make a new passphrase every time a document needed to be edited?
Still the point remains, if MS had implemented RC4 correctly, this would not be a problem.
no, it IS Microsoft encryption. Beware of Microsoft, not RC4 (arcfour) or RSA. RC4 is the same as it's always been, which is a quite secure 128-bit stream cipher, when implemented correctly.
What Microsoft manages to do is totally screw up the key handling. Specifically, MS Office keeps setting the "initialization vector" to the same value -- OVER and OVER -- thereby generating the same keystream.
This is not some obscure issue here, this is fundamental to any stream cipher algorithm, and public-key encryption in general.
What this is, is another prime example of MS employing developers and project managers who don't have a clue what they're doing, at least in the area of cryptography. Windows 95, for example, had a simple XOR function as its "encryption" scheme. ANY second-year computer science student knows better than that.
Now lets see if MS will actually take responsibility for it's mistake, or like the parent poster, blame it on the encryption algorithm which has been understood as basic cryptography for over 15 years.
You're much more likely to have your identity stolen offline (72% of the cases)
yeah, thats true if youre one of the 72% of americans who rely on paper statements for your financial accounts.
But if you're one of the 28% of americans who make financial transactions online, well, then...
you more or less have equal probability to have your identity stolen WHETHER OR NOT you use paper or electronic transactions.
The manner in which you REDUCE your likelihood to have your identity stolen, is directly related to the amount of security preventions used when dealing with your finanacial transactions and records thereof.
man who'd have thought our federal government was so clueless.
its simple: offer two different formats.
.WMV files for the windows users, in a prominent position, since 93% of your visitors should be clicking this.
.MPG for your 7% non-windows users, in a not-so-prominent position.
keep your
but add a *secondary* link, with a basic
This way, Grampa Charlie can point and click on the WMV files without having to call tech support, and the Linux/Mac/etc. users can view the MPG any way they feel like, and not have to install yet another media player.
so yeah maybe standard MPEG-1 files have poor compression, but they work well, and only 7% of the people should be using these links
"This allows for Kazaa-style searching..." ... of your internet activity?
IF you think of Phishers AS petty thieves ...
NOW they're MORE LIKE an organized unit.
it's called metaphorical comparison. It's an abstract logical tool.
But don't worry, Luca. In your late teens and early 20's, your brain will physiologically be more able to handle abstract concepts, and you will have to rely on concrete expressions less often.
you win
you could dust off your old Shadowbane toons.
theyd have to delete the logs eventually. im sure that would be moderately annoying.
we could collectively ping them indefinitely.
children start standing in line at 3 am, wait all morning long, to finally be told that "there are no more WoW games, now go home!"
all you people screaming about parasite lawyers and such, need to step back a second. the law has to protect individuals and corporations against slander, and give recourse to those who would be damaged by false attacks. you can't have your cake and eat it too. the law has to apply to everyone equally. Okay, so technically Atriks are spammers. But are they outside the law, as it's written?. thats a whole different accusation which needs to be evaluated. the point is this guy (according to the article) called their CEO a "criminal". thats a big accusation there. sounds like this guy didnt know when to stop. apparently he posted a bunch of rants on various websites. If he was just "complaining to ISPs" he wouldnt need a lawyer. But calling a CEO and his well financed business a "criminal", "spam gang", etc. on prominent websites... thats gonna require some good legal defense. but no matter, he got his PayPal donation site /.ed thats a score any way you look at it.
you sound like you're proud to have been a belligerent tech support for some as-yet-nameless ISP?
I am not the faulty one. Please try my new Chutney flavored Slushy.
i was 9 or 10, and my first real computer (as in not one that used the TV) was my friend's dad's computer. first thing we found was his pr0n. It was printout lenghtwise across 7 or 8 pages of that computer paper with the perforated holes along each edge, and green and white stripes... in ASCII characters so that if you stood back, you could see this nude lady standing in full frontal. wow! then I found the "Star Trek" game that printed in ASCII on screen, and you were a little asterisk that got chased around the "galaxy" by klingon ships and whatnot. text based battles, basically you had to keep your shield % up and not let your weapons overheat. i printed out the source code (along with the pr0n) and took it home with me. I tried to "port" it to my friends TRS-80, but never got very far. my parents didnt see the value of computers then, and i wasnt motivated enough to fight them to get me one. so i just goofed off on friends computers trying to write D&D text adventures, but mostly just generated a plethora of characters that never got used.
> Sure, fanatic believers on such theories and beliefs can't go both ways; either the one is true, or the other.
why must one of them be true? i vote for neither.