I know you're trying to be funny, but the first thoughts that come to my mind when I saw this were:
1. This means at some point we'll be able to control electronics with our brain. 2. This means at some point electronics will be able to control us.
I/O is a funny thing like that. Who is telling who what to do?
Don't forget the 3 barriers for spyware neurosoftware:
- Turn on your neurofirewall - Have your anti-neurovirus resident protection on (makes you think three times slower, but you're at least safe) - Always keep the cyber-implants up to date with Automatic Updates on to protect from exploits floating in the wi-max connection around you
- and always#@f...po4j...0sok.... just a moment I have to reboot, something weird going on
- Oh, yes. Don't forget to vote for Bush Jr. Jr. on the upcoming elections.
Dear US politicians, immigrants are human beings as well. My brother comes this fall to study in a US university, and this proposal is hummilating to him and any visitor to country.
They are definitely crossing a line here, and you can bet the rest of the world (sheesh, can you imagine that, we have an opinion) will not take this lightly.
When you whine next time how come Vista doesn't have built-in the OneCare service or doesn't have this and that feature, remember this article and think again why it doesn't.
Adobe is wrong in this instance. They've opened the format for anyone to implemement since it's good for them gaining market share and ubiquity.
Now that Microsoft wants to add PDF support like thousands other 3-rd party PDF writer products out there (including OpenOffice), Adobe threatens with suit.
PDF is either an open format for anyone to implement, or licensed. You can't open it but threaten to sue if you don't like who implements it.
This is known and actually a feature, which can be turned off
What kind of a feature is it, if everybody complain about it.
Plus turning caching off doesn't solve Firefox's speed. Part of the problem is bad memory management and coding, part of it is slow rendering engine, and part is the fact all tabs share a single thread, so when one takes more CPU, the whole window freezes.
Those are software design mistakes, and calling them various funny names, like "features" won't solve the fact we've actual problems with it.
How do you write a jump instruction for my handmade bytecode-interpretted vm? And doesn't the CRC, which I run inlined tests of throughout my code, of the file change when you modify that instruction?
You have a full-blown hand-made bytecode interpreter now? Let me guess how this is gonna continue:
ME: I whip out my advanced lexical analyzer and break your bytecode into well laid out PDF specification
YOU: I point a laser gun at you, and it's loaded.
ME: Batman comes through the window to help me.
YOU: Superman comes makes a hole through the ceiling and comes to help me.
ME: Superman? What, we'll f*cking use Superman to break into encrypted files? At least Batman is ok with technology.
YOU: Batman is just a geek: strip the technology off and what remains is a middle-aged guy with obsession over flying mice.
Interesting, what will happen if I open the compiled version of this code and change just one byte to JMP instruction to get a rough equivalent of this:
All the people who are explaining it to you know what they are talking about. Think.
To say that you had to drop to AC?
I also know what I'm talking about, given this is my job.
The MD5 hash "solution" can be hacked immediately in 4 easy ways:
1. The password is still the same since the virus author knows is, hence it's not generated randomly on the spot: so the first company/guy to find the password (for an md5 hash it's not hard to find a collision) spreads it around the internet.
2. patch a jump command in the trojan code so that it jumps to the decrypt code without comparing the hash
3. make up a password, hash it, and change the hash in the binary to your hash. then use your password
4. skip this altogether and extract the files directly by analyzing the format of the storage (if it's a popular format, even better).
That was easy, no. Let's compare it to what are your options if the file is actually encrypted with a strong and long key:
1. you have a working model of a quantum computer in front of you with enough q-bits to handle the key size, and you use it to hack the encryption using brute force attack.
2. you pay the extortion fee and await responce from the extortionist
If this is beyond understanding for all of you, maybe you should stop arguing and listen.
GP was suggesting a less-lame way to hardcode a password. The extortionist knows the password, having hardcoded it.
A password to what? Since MD5 hashes are not reversible, the software itself can't obtain back the key it should use for the crypting.
Again, we're not talking remote login system, but cryptography, two different things. And with crypting a file, the software that crypts, needs to know the exact key it'll use. It can't use a hash.
Just a wild observation there buddy, but mighn't the extortionist already know the password? Why would he need to get it from the virus?
Because, "buddy", the weakness we're discussing is that the password used is in the code and the same on all machines.
If it's randomly generated for each machine, the extortionist no longer knows the password. If it's not, then it's easy to break by analyzing the code, like it happened.
You clearly didn't get it, go back and read again, the big hint comes here:
Store an md5 hash of the password...
Oh I get it pretty well, but what you're missing is the context. We're talking not a login scheme of a remote server, but encypting a file locally with a cryptographic key.
If you don't have key, you have nothing to encrypt it with. The program may try to request a login, but you can close it and seek the file with the actual data and parse it directly since it's not encrypted.
And if it's encrypted, you can't encrypt data with a password using just its hd5 hash. Or if you would use the hash itself.. then there's no point in hashing it at all.
Store an md5 hash of the password, then hash the input and compare it to the stored hash. No visible password or easy method to reverse the hash to get the password.
Yea... NOONE gets the password this way, even the extortionist. That's quite some plan there, tiptone..:)
Actually it didn't. It said it won't play XBox games at all, and very close to release it announced it'll play some, with more to come... and this is what happened.
Or the buyer is lying and using the stuff on the hard drive to extort a free laptop, GENIUS!
I really have gone from thinking one thing or another, but have remained static that I would need more information to make a decision, and that there are only TWO people who know the truth; the buyer and seller. The rest is an exercise in assumption which I exercised liberally.
As a start you may notice the seller has status -2 and his account was terminated, while the buyer has over 70 good experiences with customers and one negative.
You could also read up on the rest of the information and apply critical thinking.
But if you don't you can speculate around aimlessly, like you do.
Google, CNET, YouTube and now Yahoo: they all use Flash as their video player, as well as thousands of other big news and entertainment sites.
Who would've thought that Flash will become the most popular vehicle for delivering video on the Internet?
All of a sudden, the EU's ruling that media player competition does not stand a chance because of the WMP built into Windows seems overexaggerated (not that it wasn't overexaggerated before..).
hopefully with open source products, however, patches will be available much more quickly since anyone could write the patch. in fact, since people tend to be competitive in nature, there will probably be people out there dying for things like this to happen so they can be the l337 programmer to fix it.
Not so easy, don't forget that the patches have to be reviewed by some central authrority (like the guys that started the product? dunno), otherwise it'll be just as easy to sneak in a backdoor or a whole trojan in the patch itself.
Slashdot Mirror
I know you're trying to be funny, but the first thoughts that come to my mind when I saw this were:
.... just a moment I have to reboot, something weird going on
1. This means at some point we'll be able to control electronics with our brain.
2. This means at some point electronics will be able to control us.
I/O is a funny thing like that. Who is telling who what to do?
Don't forget the 3 barriers for spyware neurosoftware:
- Turn on your neurofirewall
- Have your anti-neurovirus resident protection on (makes you think three times slower, but you're at least safe)
- Always keep the cyber-implants up to date with Automatic Updates on to protect from exploits floating in the wi-max connection around you
- and always#@f...po4j...0sok
- Oh, yes. Don't forget to vote for Bush Jr. Jr. on the upcoming elections.
Dear US politicians, immigrants are human beings as well. My brother comes this fall to study in a US university, and this proposal is hummilating to him and any visitor to country.
They are definitely crossing a line here, and you can bet the rest of the world (sheesh, can you imagine that, we have an opinion) will not take this lightly.
It was pretty clear the first time I watched a Flash video.
;)
Yes, I kinda meant before video was part of Flash
I'm happy you're happy with Flash. Flash 9 for Linux (with F8 support) is coming pretty soon, can't wait myself.
Heard of that cool new things Segway?
When you whine next time how come Vista doesn't have built-in the OneCare service or doesn't have this and that feature, remember this article and think again why it doesn't.
Adobe is wrong in this instance. They've opened the format for anyone to implemement since it's good for them gaining market share and ubiquity.
Now that Microsoft wants to add PDF support like thousands other 3-rd party PDF writer products out there (including OpenOffice), Adobe threatens with suit.
PDF is either an open format for anyone to implement, or licensed. You can't open it but threaten to sue if you don't like who implements it.
This is known and actually a feature, which can be turned off
What kind of a feature is it, if everybody complain about it.
Plus turning caching off doesn't solve Firefox's speed. Part of the problem is bad memory management and coding, part of it is slow rendering engine, and part is the fact all tabs share a single thread, so when one takes more CPU, the whole window freezes.
Those are software design mistakes, and calling them various funny names, like "features" won't solve the fact we've actual problems with it.
Gad! Whatever could motivate people who are compensated so well to scrap computers and sell parts at a flea market?
What could motivate them to sell it is one thiing, but what motivated them to sell it with the data on is surely harder to explain.
Of course in a moment of doubt, always lean towards the simplest answer: the guy who did it was a really stupid mofo.
Tell that to the Cable TV industry ;) Oh, and quit misusing the word "pirate", please.
Pretty smart, except Cable TV is a one-way stream, I bet your TV doesn't communicate with your Cable provider using personalized login and settings
You just have a card to decrypt a set of incoming channels and that's it.
How do you write a jump instruction for my handmade bytecode-interpretted vm? And doesn't the CRC, which I run inlined tests of throughout my code, of the file change when you modify that instruction?
You have a full-blown hand-made bytecode interpreter now? Let me guess how this is gonna continue:
ME: I whip out my advanced lexical analyzer and break your bytecode into well laid out PDF specification
YOU: I point a laser gun at you, and it's loaded.
ME: Batman comes through the window to help me.
YOU: Superman comes makes a hole through the ceiling and comes to help me.
ME: Superman? What, we'll f*cking use Superman to break into encrypted files? At least Batman is ok with technology.
YOU: Batman is just a geek: strip the technology off and what remains is a middle-aged guy with obsession over flying mice.
ME: Bats are NOT MICE, DUH!!
If they waste more electricity, are more noisy and increase the likelyhood for fatal accidents, count me in!
if( e == f(inputPassword) )
passwordWasCorrect();
else
sorryWrongPassword();
Interesting, what will happen if I open the compiled version of this code and change just one byte to JMP instruction to get a rough equivalent of this:
Dear suv4x4,
All the people who are explaining it to you know what they are talking about. Think.
To say that you had to drop to AC?
I also know what I'm talking about, given this is my job.
The MD5 hash "solution" can be hacked immediately in 4 easy ways:
1. The password is still the same since the virus author knows is, hence it's not generated randomly on the spot: so the first company/guy to find the password (for an md5 hash it's not hard to find a collision) spreads it around the internet.
2. patch a jump command in the trojan code so that it jumps to the decrypt code without comparing the hash
3. make up a password, hash it, and change the hash in the binary to your hash. then use your password
4. skip this altogether and extract the files directly by analyzing the format of the storage (if it's a popular format, even better).
That was easy, no. Let's compare it to what are your options if the file is actually encrypted with a strong and long key:
1. you have a working model of a quantum computer in front of you with enough q-bits to handle the key size, and you use it to hack the encryption using brute force attack.
2. you pay the extortion fee and await responce from the extortionist
If this is beyond understanding for all of you, maybe you should stop arguing and listen.
Ah! Live version...
I though you had it installed... O:)
Yea, but how could I install it without a CD-ROM is still an interesting question I suppose...
I think you are missing a really big point.
Such as?
GP was suggesting a less-lame way to hardcode a password. The extortionist knows the password, having hardcoded it.
A password to what? Since MD5 hashes are not reversible, the software itself can't obtain back the key it should use for the crypting.
Again, we're not talking remote login system, but cryptography, two different things. And with crypting a file, the software that crypts, needs to know the exact key it'll use. It can't use a hash.
Just a wild observation there buddy, but mighn't the extortionist already know the password? Why would he need to get it from the virus?
Because, "buddy", the weakness we're discussing is that the password used is in the code and the same on all machines.
If it's randomly generated for each machine, the extortionist no longer knows the password. If it's not, then it's easy to break by analyzing the code, like it happened.
You clearly didn't get it, go back and read again, the big hint comes here:
Store an md5 hash of the password...
Oh I get it pretty well, but what you're missing is the context. We're talking not a login scheme of a remote server, but encypting a file locally with a cryptographic key.
If you don't have key, you have nothing to encrypt it with. The program may try to request a login, but you can close it and seek the file with the actual data and parse it directly since it's not encrypted.
And if it's encrypted, you can't encrypt data with a password using just its hd5 hash. Or if you would use the hash itself.. then there's no point in hashing it at all.
Store an md5 hash of the password, then hash the input and compare it to the stored hash. No visible password or easy method to reverse the hash to get the password.
:)
Yea... NOONE gets the password this way, even the extortionist. That's quite some plan there, tiptone..
Said it would play every XBox game
Actually it didn't. It said it won't play XBox games at all, and very close to release it announced it'll play some, with more to come... and this is what happened.
That's some nerve to quote this from the article:
...
Moore's comments shouldn't be misunderstood. MS will be adding to its backwards compatibility list
and still call the article
Microsoft Dismisses Xbox Compatibility
Can someone explain to me wha is the business model of those services?
:)?
From what I see I download a player where I can play commercial music of the sort I like for free, with CD quality and no ads...
There are Google Ads on the site, but I can just not go on the site and play free music forever... The player doesn't seem to contain ad/spy ware.
Where's the "catch"
Or the buyer is lying and using the stuff on the hard drive to extort a free laptop, GENIUS!
I really have gone from thinking one thing or another, but have remained static that I would need more information to make a decision, and that there are only TWO people who know the truth; the buyer and seller. The rest is an exercise in assumption which I exercised liberally.
As a start you may notice the seller has status -2 and his account was terminated, while the buyer has over 70 good experiences with customers and one negative.
You could also read up on the rest of the information and apply critical thinking.
But if you don't you can speculate around aimlessly, like you do.
Google, CNET, YouTube and now Yahoo: they all use Flash as their video player, as well as thousands of other big news and entertainment sites.
Who would've thought that Flash will become the most popular vehicle for delivering video on the Internet?
All of a sudden, the EU's ruling that media player competition does not stand a chance because of the WMP built into Windows seems overexaggerated (not that it wasn't overexaggerated before..).
hopefully with open source products, however, patches will be available much more quickly since anyone could write the patch. in fact, since people tend to be competitive in nature, there will probably be people out there dying for things like this to happen so they can be the l337 programmer to fix it.
Not so easy, don't forget that the patches have to be reviewed by some central authrority (like the guys that started the product? dunno), otherwise it'll be just as easy to sneak in a backdoor or a whole trojan in the patch itself.
Shut down your computer
:)
Disconnect (fully, both data and power) the cdrom/dvd
Boot your dapper again...
Tell me something about it...
I believe the CD I burned from the ISO might not work if I turn off my CDROM from power and cable