Slashdot Mirror


User: X0563511

X0563511's activity in the archive.

Stories
0
Comments
10,035
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,035

  1. Re:It's illegal on Post-Suicide Account Cracking? · · Score: 1

    /boot, which (usually) contains the grub files (the has is stored in the grub menu config file) is USUALLY readable to all. Ubuntu/debian and friends usually store that as /boot/grub/menu.lst. The password hash is saved in the line "password --md5 HASHVALUEHERE" or, without hash, as "password PASSWORDVALUE" and the boot stanzas are proteced with "lock" if they require the password to be used.

    Thanks for the link to the MD5 collision info. Indeed, it still works for passwords.

  2. Re:This is a classic case of... on Whitehouse Emails Were Lost Due to "Upgrade" · · Score: 1

    It's even better because exchange DOES have a retention system. File -> Archive. Hell theres ways for IT to force a retention policy down from group policy!

    Blatant lies.

  3. Re:It's illegal on Post-Suicide Account Cracking? · · Score: 1

    That I understand. But any user who can get into the system enough to read /boot can read that hash, and if they break it they could (probably) set init as anything they want, which could exploit a potential flaw on some kind of security scheme.

    If I knew what said flaw in hypothetical scheme was, it wouldn't be so much of an issue. I'm just wondering if the hash itself is safe.

    but that brings up another point... what stops someone from booting from something else and just editing the grub config to remove the password? Doesn't seem that there is any real way to secure a system on boot from local access.

  4. Re:It's illegal on Post-Suicide Account Cracking? · · Score: 1

    Hmm, that is good to know. I assume the MD5 hash you can save the grub password as is safe?

  5. Re:It's illegal on Post-Suicide Account Cracking? · · Score: 1

    You are assuming Ubuntu. All other distros that I've used (several) need a root password to access level 1.

  6. Re:Cracking root password not necessary on Post-Suicide Account Cracking? · · Score: 1

    The summary (did not read the article) states that there was no warning and good indications that accidental death was a possibility. They are after answers, not insights to his mindset.

    Just mount the partition with a liveCD, edit /etc/shadow (or /etc/passwd if he's a moron, which I doubt) and put your own password hash in.

    Of course if the drive is encrypted, you are most likely SOL.

  7. Re:Started the download 20 minutes ago on Ubuntu 8.04 Released · · Score: -1, Flamebait

    Thanks jerks. I had been running hardy off the archive for a week, and was just installing an apache/php/postgres stack when you all decided to crap up the archives.

  8. Re:Don't use public terminals on Best Way To Avoid Keyloggers On Public Terminals? · · Score: 1

    I don't think you understood what he just said.

    He has a little key fob that generates a passphrase based on time and some hidden magic (RSA). The server has one too, with the same hidden magic. Hence, both you and the server will know it, nobody else will until you use it, but once used it's worthless.

    It's like a digital OTP.

    Example

  9. Re:Simple solution on Best Way To Avoid Keyloggers On Public Terminals? · · Score: 1

    Get an old-ass laptop with wireless (USB/PCMCIA/MiniPCI doesn't matter) and an ethernet port. Set up ip-forwarding, and stick it between the work laptop and the wireless access point. If your even more paranoid, tunnel the connection to the work laptop to somewhere else (ie, home) so that it is virtually impossible to discern where you actually connected the damn thing (latency being the only real way)

    How will they know you didn't just plug it in the wall? The only drawback would be the space for the extra hardware, and looking like a tool while using.

  10. Re:I don't type on Best Way To Avoid Keyloggers On Public Terminals? · · Score: 1

    He/She didn't give her/his domain, and presumably if it's never linked to, it will never get indexed. Google doesn't (does it?) randomly try URLs to find sites to index!

  11. Re:Time to Roll Out The Crypto on Laptops Can Be Searched At the Border · · Score: 1

    I'm not trying to prevent them from seeing sensitive, data, I want to prevent them from seeing any at all! I don't care what they are looking for, I don't want them in any of my business unless they have a warrant! Leaving holes like this are just asking for abuse - witness customs violating and stealing laptops at the border. Yes, I chose those words particularly.

  12. Re:Accountability on Sacha Baron Cohen Wikipedia Entry Creates Circular References · · Score: 1

    Get your shit together and write your text with the citation at the same time. You don't write a paper for class, then a week after it's graded give the professor your bibliography, do you?

  13. Re:Corruption? on "Judicial Scandal" In Pirate Bay Case · · Score: 1

    Since my () key broke, I've had to improvise.

  14. Re:fubar on NULL Pointer Exploit Excites Researchers · · Score: 3, Informative

    about:plugins is what you want. Why this isn't linked or otherwise brought to light, I don't know. I discovered this by trial/error and/or boredom.

    On mine, I see this:

    Shockwave Flash
            File name: NPSWF32.dll
            Shockwave Flash 9.0 r47

  15. Re:This is great news.... on Sun May Begin Close Sourcing MySQL Features · · Score: 1

    Explain that to Thomson Course Technology :/

  16. Re:This is great news.... on Sun May Begin Close Sourcing MySQL Features · · Score: 1

    We are using the MS SQL enterprise manager in class (database security) and it bothers me that all this is going on and I really don't have much of a clue what it is doing. I recognize that I'm unusual in that I'd rather spend an assload of time doing it all myself with the documentation and know what is done.

  17. Re:This is great news.... on Sun May Begin Close Sourcing MySQL Features · · Score: 1

    Maybe it's just because I'm not your average bear... but (as a complete DB newbie) I had no trouble discovering and understanding the point of that "su postgres" step. I like the idea that the database is unusable until I say otherwise.

  18. Re:I agree on Hardy Heron Making Linux Ready for the Masses? · · Score: 1

    I don't like that either. But what I don't like more is all the hand-holding that gets in my way when I know what I want and how to do it.

  19. Re:And Microsoft was the biggest offender. on Microsoft Designed UAC to Annoy Users · · Score: 2

    Well, unfortunately the internet - and computers in general, are complicated systems. Cry me a river.
    </elitist-bastard>

  20. Re:FIOS availability on Comcast Blocks Web Browsing · · Score: 1

    It's not so much the digging, but watching them yard the orange tubing through said holes... Kind of comical. I watched a team of three tug a bit too hard and nearly fell back into passing traffic (which was ~ 45-50 mph)

  21. Re:Scare tactics on UK Banking Law Blames Customers For Insecure OS · · Score: 1

    Well, hopefully the impending PCI DSS will compel merchants and processors to wise up. Hopefully. For now, I think I'll have my nightmares...

  22. Re:Stress reduced by gaming or by doing something on Computer Games Make Players Less Violent · · Score: 1

    (Aargh, why are headings limited to 50 chars?)


    To help prevent people from breaking up the posts by putting half of their reply in the subject...
  23. Re:Scare tactics on UK Banking Law Blames Customers For Insecure OS · · Score: 1

    The merchant doesn't own the decrypting appliance. The backend merchant sends data to the frontend, who formats and forwards to the backend processor, who then talks to the banks. If the backend has been compromized, your PIN is the least of your worries.

    At least that's how it's done in my world.

  24. Re:first post on 11 Innovation Lessons From the Creators of World of Warcraft · · Score: 1

    I've been playing for two months and I haven't breached level 20 yet. Maybe if you play the game for hours on end...

  25. Re:Scare tactics on UK Banking Law Blames Customers For Insecure OS · · Score: 1

    Well the merchant does not have their key - neither does the network. The key is injected into a tamper-sensitive system in the pinpad prior to being shipped. If the battery dies, case is opened, or a strong enough shock (physical) is applied, the pinpad will "dump" it's keys. One of our recent pinpads actually has the pin-containing circuit board encased in a roughly .75"x1"x2" block of solid silicon - try getting through that while not opening the case enough to trigger the keydump...