Skip navigation
Help

Joe Mullin

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Megan Geuss


List your passwords alphabetically, so it's easy for you and others to find them!

Give three password crackers a list of 16,000 cryptographically hashed passwords and ask them to come up with the plaintext phrases they correspond to. That's what Ars did this week in Dan Goodin's Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331.” Turns out, with just a little skill and some good hardware, three prominent password crackers were able to decode up to 90 percent of the list using common techniques.

The hashes the security experts used were converted using the MD5 cryptographic hash function, something that puzzled our readers a bit. MD5 is seen as a relatively weak hash function compared to hashing functions like bcrypt. flunk wrote, "These articles are interesting but this particular test isn't very relevant. MD5 wasn't considered a secure way to hash passwords 10 years ago, let alone now. Why wasn't this done with bcrypt and salting? That's much more realistic. Giving them a list of passwords that is encrypted in a way that would be considered massively incompetent in today's IT world isn't really a useful test."

To this, Goodin replied that plenty of Web services employ weak security practices: "This exercise was entirely relevant given the huge number of websites that use MD5, SHA1, and other fast functions to hash passwords. Only when MD5 is no longer used will exercises like this be irrelevant." Goodin later went on to cite the recent compromises of "LinkedIn, eHarmony, and LivingSocial," which were all using "fast hashing" techniques similar to MD5.

Read 14 remaining paragraphs | Comments

0
Your rating: None


Bradley Manning.

Wikimedia Commons

Over the course of two hours in a military courtroom today, Bradley Manning explained why—and in precise detail, how—he sent WikiLeaks confidential diplomatic cables and "war logs." Bradley's 35-page statement, read over the course of a few hours this afternoon, followed the news that he had pleaded guilty to 10 lesser counts among the many charges against him. The admissions were not part of a plea bargain; Manning still faces trial in June on the most serious charges, such as "aiding the enemy."

The Guardian's Ed Pilkington sets the scene:

Manning was flanked by his civilian lawyer, David Coombs, on one side and two military defence lawyers on the other. Wearing full uniform, the soldier read out the document at high speed, occasionally stumbling over the words and at other points laughing at his own comments.

The American people had the right to know "the true costs of war," Manning said in court today today. He continued:

Read 11 remaining paragraphs | Comments

0
Your rating: None

Savvy Internet users know that all the great stuff they get from the Internet for "free"—the searches, the social networks, the games, even the news—isn't really free. It's an exchange, where companies are able to take user data, sell it to advertisers, and make money that allows them to give themselves a paycheck while keeping you afloat in free digital services.

So that data you're giving away online is worth something, but have you ever taken a stab at figuring out how much? A just-released privacy add-on for Firefox and Chrome, Privacyfix, gives it the old college try. Both Congress and the executive branch have been talking more about online privacy in the past couple years.

The estimates for Google and Facebook are imprecise, as the program's creator, Privacy Choice founder Jim Brock, readily admits. "We wanted people to understand, it is a value exchange" when they use these sites, said Brock.

Read 7 remaining paragraphs | Comments

0
Your rating: None

Scott Jones

Oracle v. Google

A few minutes after the Oracle v. Google verdict, the ten jurors filed out to the elevator. A group of several reporters, including me, had hunkered down close to the elevators to wait for the jury as they walked out. Several Oracle lawyers stood farther back, also eager to hear from the ten men and women who had dealt their side a major setback.

A court security guard, who had been outside the jury room throughout deliberations, walked the jurors straight to the elevator, saying the jurors didn't want to talk to anyone. That wasn't quite true. The foreman of the jury, Greg Thompson, stopped and answered reporters' questions for about twenty minutes, while Oracle lawyers listened quietly to his answers.

Thompson's brief chat with reporters revealed that the jury had a strong pro-Google bent during both the patent phase, which Google won, and the copyright phase, which ended with a split verdict.

Read more | Comments

0
Your rating: None