Create an Account
username: password:
 
  MemeStreams Logo

Worthersee's MemeStream

search

Worthersee
Picture of Worthersee
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Worthersee's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
PHPBB Password Analysis
Topic: Technology 2:38 pm EST, Feb  7, 2009

Recently, a popular website "phpbb.com" was hacked. The hacker published approximately 20,000 user passwords from the site. This is like candy to us security professionals, because it's hard data we can use to figure out how users choose passwords. I wrote a program to analyze these passwords looking for patterns, and came up with some interesting results.

This incident is similar to one two years ago when MySpace was hacked, revealing about 30,000 passwords. Both Wired and InfoWorld published articles analyzing the passwords.

The striking different between the two incidents is that the phpbb passwords are simpler. MySpace requires that passwords "must be between 6 and 10 characters, and contain at least 1 number or punctuation character". Most people satisfied this requirement by simply appending '1' to the end of their passwords. The phpbb site has no such restrictions, the passwords are shorter and rarely contain anything more than a dictionary word.

It's hard to judge exactly how many passwords are dictionary words. A lot of things like "xbox" or "pokemon" are clearly words, but not in an English dictionary. I ran the phpbb passwords through various dictionary files, and come up with a 65% match (for a simple English dictionary) and 94% (for "hacker" dictionaries). The dictionary words were overwhelmingly simple things, like "apple" or "orange", rather than complex words like "pomegranate".

PHPBB Password Analysis


Bill Gates releases mosquitoes into audience
Topic: Society 1:37 pm EST, Feb  5, 2009

"Bill Gates just released mosquitos into the audience at TED and said, 'Not only poor people should experience this.'"

Note to self... don't ever attend a preso given by bill g.

Bill Gates releases mosquitoes into audience


A night of drinks
Topic: Miscellaneous 1:21 pm EST, Feb  4, 2009

Dan Kaminsky was in Atlanta yesterday. We and some of the usual suspects met for food and drinks at the Vortex in midtown. Some odd/funny things were said, and To keep track, I kept SMSing myself so I could preserve these for posterity.

Chris: I'm going to create Nemisis-oasis. Its the inverse of Match.com and Facebook. You type in what you like and it finds someone that you would absolutely hate.
Dan: Its like a Fuck You Cupid!

Tom: (handing me a girlie drink) Here Billy, this will make hair grow on your vagina.

(I have no context for this next quote. I have no idea why Tom said this)
Tom: I can only get off if the sheep is from Luxembourg
Billy: I'm totally putting this on Memestreams... how do you spell Luxembourg?

Tom: (About a computer scientist at a recent conference) They're proof that every now and then Appalachia produces something good. So its: Bucked Toothed Redneck, Bucked Toothed Redneck, Bucked Toothed Redneck, Cryptographer, Bucked Toothed Redneck...

You know you've been out drinking with Billy when you wake up with a receipt in your pocket that says:

23 WASHINGTON APPLE, 1 UP, 1 UP,
1 UP, 1 UP, 1 UP, 1 UP, 1 UP,
1 UP, 1 UP, 1 UP, 1 UP, 1 UP,
1 UP, 1 UP, 1 UP, 1 UP, 1 UP,
1 UP, 1 UP, 1 UP, 1 UP, 1 UP,
1 UP

A night of drinks


Axe Ad Fail
Topic: Miscellaneous 11:55 am EST, Jan 31, 2009

That won't compile.

Axe Ad Fail


PolitiFact | The Obameter: Tracking Barack Obama's Campaign Promises
Topic: Miscellaneous 4:33 pm EST, Jan 28, 2009

PolitiFact has compiled about 500 promises that Barack Obama made during the campaign and is tracking their progress on our Obameter. We rate their status as No Action, In the Works or Stalled. Once we find action is completed, we rate them Promise Kept, Compromise or Promise Broken.

PolitiFact | The Obameter: Tracking Barack Obama's Campaign Promises


ARCH ENEMY - We Will Rise
Topic: Miscellaneous 3:40 pm EST, Jan 28, 2009

Stereotype fools
Playing the game
Nothing Unique
They all look the same
In this Sea of Mediocrity
I can be anything
Anything I want to be

I am the Enemy
I am the Antidote

We Will Rise
Above

I would marry her

ARCH ENEMY - We Will Rise


Protocols And Performance
Topic: Technology 9:30 am EST, Jan 27, 2009

I’m working on a book for Addison/Wesley entitled " Protocols And Performance: A Web Server In Three Acts (plus supporting cast)". The book will lead the reader through the history of the HTTP protocol by building three separate web servers: HTTP 0.9-1.0, HTTP 1.1, and HTTP “2.0”. During the process of putting these different servers together the reader will
continually evaluate their performance and stability using statistical
analysis methods.

As the story unfolds there will also be tales from other HTTP alternatives,
internet bodies, and other protocols in development at the time. These will
be told from the point of view of HTTP as a player in the story.

A big part of the book is teaching modern protocol design using scientific
analysis, reusable libraries, modern techniques, and confirming that these
new approaches are valid with evidence. This means taking on existing
myths and dogma pushed by many proponents and also looking at other project’s
bad code.

This seems like it will be a great book that I'll want to get when it's finally published. Addison/Wesley seems to try and publish technical books that involve story telling rather than just technical reference books. Good stuff.

Protocols And Performance


OCR and Neural Nets in JavaScript
Topic: Technology 12:33 pm EST, Jan 24, 2009

Now, the captchas provided by the site aren't very "hard" to solve (in fact, they're downright bad):

But there are many interesting parts here:

1. The HTML 5 Canvas getImageData API is used to get at the pixel data from the Captcha image. Canvas gives you the ability to embed an image into a canvas (from which you can later extract the pixel data back out again).
2. The script includes an implementation of a neural network, written in pure JavaScript.
3. The pixel data, extracted from the image using Canvas, is fed into the neural network in an attempt to divine the exact characters being used - in a sort of crude form of Optical Character Recognition (OCR).

Oh Javascript devs, what will you think of next.

OCR and Neural Nets in JavaScript


Nozzle: detecting heap spraying attacks - Microsoft Research
Topic: Technology 5:29 pm EST, Jan 22, 2009

Heap spraying is a new security attack that significantly increases the exploitability of existing memory corruption errors in type unsafe applications. With heap spraying, attackers leverage their ability to allocate arbitrary objects in the heap of a type-safe language, such as JavaScript, literally filling the heap with objects that contain dangerous exploit code. In recent years, spraying has been used in many real security exploits, especially in Web browsers.

We propose Nozzle, a runtime monitoring infrastructure that detects attempts by attackers to spray the heap. Nozzle uses lightweight emulation techniques to detect the presence of objects that contain executable code. To reduce false positives, we developed a notion of global “heap health”.

Ben Livshits vs. Mark Dowd
The ultimate showdown. The ultimate destiny.

Nozzle: detecting heap spraying attacks - Microsoft Research


Nothing is original
Topic: Miscellaneous 1:11 pm EST, Jan 17, 2009

Nothing is original


(Last) Newer << 1 - 2 - 3 - 4 - 5 - 6 - 7 ++ 17 >> Older (First)
 
 
Powered By Industrial Memetics
RSS2.0