Welcome Guest.   Make a donation to an author on the site July 30, 2014, 10:10:26 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 ... 123 124 125 126 127 [128] 129 130 131 132 133 ... 191 Next
3176  Main Area and Open Discussion / General Software Discussion / Re: Google Chrome continues to ruin standard user interface on: February 24, 2011, 07:01:52 AM
It's for CLI users and pure keyboard users. My guess is that just as the KDE file manager combined both file browser and web browser, Chrome will do this + a terminal.

...Isn't that the exact same (high level of integration) behavior that had everybody pissed-off at Microsoft (rampant security hole) about 5 or 6 years ago?
3177  Other Software / Developer's Corner / Re: To persist with Windows 2000 support? on: February 24, 2011, 06:56:46 AM
You can get VS2003 from there, but can you get the VCToolkitSetup.exe for the VC2003 Toolkit package?

Nope, I missed that distinction earlier ... embarassed ... Only the full VS.NET 2003 is available.
3178  Main Area and Open Discussion / General Software Discussion / Re: Most Pirated Software? on: February 24, 2011, 06:33:39 AM
Autodesk Autocad - Hardware keyed ...
Isn't that for non-USA versions only? Or is the dongle-protection introduced there also?

Yepper it's here in the US too. I've got a client that has had fits trying to keep their fully legal copy running because of the stupidly unstable Sentinal Hardware Key driver.
3179  Other Software / Developer's Corner / Re: To persist with Windows 2000 support? on: February 23, 2011, 06:58:01 PM
(I don't think there's any way to get 2003toolkit from MS?)

Oh hell yeah, the MSDN goes all the way back to Visual C++ v1.52. Granted you need a subscription (not cheap) but they are still available.
3180  Main Area and Open Discussion / General Software Discussion / Re: Instantly Increasing Password Strength on: February 23, 2011, 06:49:30 PM
WeRntf,Y3t!

Easy to Remember (for me), and I'd wager quite difficult to guess, even for the table.
Good question - a quick google does suggest that the easy-to-find publicly available tables don't even reach 10 characters for the larger character sets, and those tables are already huge and take a while to generate. But do keep in mind that criminals have access to very large botnets, and people have started renting Amazon EC2 servers (including GPU acceleration) for nefarious deeds. I definitely wouldn't feel too safe with a passphrase lower than 10 characters with a large character set.

And it does seem it takes a while (for a single box) to process passphrases, even with rainbow tables - but anybody serious enough to have serious tables are going to have more than a single box available.

Quite true, But what are they really after? HBGary was completely torched in less that 24 hours. So there is an obvious time requirement involved. It their case the Low-Hanging-Fruit was also pay dirt ... So there was really no point in continuing. The object is to get as many of the accounts as possible, in the shortest time possible. So it is not really required to out run the bear, just the rest of the hunting party... smiley

Besides even if you do manage to memorize a 8,000 character password ... If they really want you specifically, that badly ... Well, the term Rubber-Hose Cryptography comes to mind...
Indeed, and that's one of my favorite XKCDs. You have to balance your security based on who's likely to try to attack you. I protect my digital signature / online-banking stuff with longer passphrases than forum logins, simply because attackers would be more interested in spending energy on something they can have real financial gain from.

That said, access to a forum or account account can be valuable as well - interesting information can sometimes be gathered form such access, either directly or through social engineering. And if the user has used the same passphrase in multiple locations, well...

Guilty as charged ... I stole the line from you.  cheesy

And password reuse is definitely to be avoided, usually by using fsekrit.
3181  Main Area and Open Discussion / General Software Discussion / Re: Most Pirated Software? on: February 23, 2011, 06:20:30 PM
IMO


Autodesk Autocad - Hardware keyed and hard to use for beginners
Virus software (various) - Who ever updates that?
Microsoft Windows (XP-Vista-7) - Comes with machine and update requirements scare off most of the casual folks
Nero Burning - This is a good candidate, but isn't that expensive

Microsoft Office - Oh Yeah
Adobe Photoshop - Oh Yeah

These two are very popular, way expensive, and are still easy to casual copy if a bit of common sense is used.
3182  Main Area and Open Discussion / General Software Discussion / Re: Instantly Increasing Password Strength on: February 23, 2011, 06:05:48 PM
Anything else done to reduce the complexity or length in order to make it more suitable for human use will reduce the level of security.

Exactly, any rule or technique you develop only doubles the attackers work/rainbow table, ie they test their search space once with the rule, and once without. So they simply use two computers instead of one.

Okay, but... To everything there is a point called a bit too far. If you do go with a really long mixed case alphanumeric password with garbage characters. you not only encourage, but basically force over half of the users to jot said password on a sticky note. ... And your Uber fortress gets hacked by the cleaning lady.

How random is random enough? If a popular phrase is used for a pass phrase, well that's reasonable to assume it won't last too long. But if the phrase used is some comic line your grandfather quipped at a family event one time that's not so predictable.

Now it has been mentioned that common/popular/most likely work combinations both can and are used in many of the (let's say...) High-end Rainbow Tables. Okay, but what about word fragments used as a mnemonic for the string? Here's an example:

A popular phrase and long standing joke around our house, is a quote of mine that was originally said when I was trying to lighten the mood when an auto repair was going quite badly. The quote was "We Are Not Totally F***ed ...Yet!"

So if I was to use that (which I don't), for a mnemonic it would go something like this:
We Are Not Totally F***ed ...Yet!

-or-

WeRntf,Y3t!

Easy to Remember (for me), and I'd wager quite difficult to guess, even for the table.


Here's the thing, and it's a very critical and key point. Who is cracking what, and why. Lets say it's HacKeRtasTic group X. and they are digging into Evil Bank Y.

Now they got into Evil Bank Y's server and dumped the user tables (yada, yada, yada...) ... And they want to get (lets say) 10,000 user accounts to post online to shame Evil Bank Y, And they also have an order for 10,000 more accounts for the ID theft folks...For a total order of 20,000 accounts needed, out of the (lets say) 100,000 accounts the bank has.

Now regardless of what can be done (even in an evil geek's wet dream) there are still some things that are just flat not cost effective. The tables are going to instantly pop on the first wave of (low-hanging-fruit) idiot simple passwords. Then the harder ones, and the harder ones ... And after a while the CPU time (cost) vs. the Cracked Hash (win) is going to skew...a lot. And that will most likely happen long after the "Order Requirement" of 20,000 accounts have been passed by a country mile.

Besides even if you do manage to memorize a 8,000 character password ... If they really want you specifically, that badly ... Well, the term Rubber-Hose Cryptography comes to mind...
3183  DonationCoder.com Software / Post New Requests Here / Re: IDEA: Internet Explorer Address Bar Search Utility on: February 23, 2011, 11:37:04 AM
(I could be wrong, but...) You really don't need a tool, unless you're going to be doing a large number of them at once. It's really just a matter of doing a search on the given target site to see how they pass in the search string to what. Then set the @ value to that string, give it a new alias, and reapply the new .reg patch file.
3184  Main Area and Open Discussion / Living Room / Re: Black ops: how HBGary wrote backdoors for the government on: February 23, 2011, 11:16:28 AM
So, the moral of this story is: Never use a production db server for a honeypot...  cheesy
3185  Main Area and Open Discussion / Living Room / Re: Power Ranger Punches Kid for Accusing Him of Stealing Gloves on: February 23, 2011, 11:08:21 AM
Atheist also, but...
I think it might be a good idea to put that pic in a spoiler, considering dc's

Um, Yeah ... Not everybody is going to find that funny.


On a side note, isn't Tapping Out just a Pro Sports way of crying uncle/ to concede the match and avoid further injury?
3186  Main Area and Open Discussion / Living Room / Re: Black ops: how HBGary wrote backdoors for the government on: February 23, 2011, 08:35:53 AM
Security companies that get hacked by SQL injection deserve it.

Damn Straight! ...Love the cartoon, I'll be laughing about that (Little Bobby Tables) for the rest of the day.
3187  Main Area and Open Discussion / General Software Discussion / Re: Windows 7 SP1 released on: February 23, 2011, 08:20:25 AM
They had an update mid way through last month that suddenly decided my Win7 computer was suddenly non-genuine.

You got that one too?!? I thought I was special...  Sad

It showed up on my Win7 x64 Pro dev machine about the same time, but revalidated after a reboot or two (I'm thinking at some point it reinstalled part of the WGA stuff, but I wasn't really paying attention).
3188  Main Area and Open Discussion / Living Room / Re: Black ops: how HBGary wrote backdoors for the government on: February 23, 2011, 07:01:55 AM
http://lcamtuf.blogspot.c...1/02/world-of-hbgary.html

Linked in the above post is a link to the details of the attack, how hbgary got compromised: http://arstechnica.com/te...ry-of-the-hbgary-hack.ars

Wow - That's completely mind blowing - I will never feel guilty for harping about the 80/20 rule ever again.
3189  Main Area and Open Discussion / General Software Discussion / Re: Windows 7 SP1 released on: February 22, 2011, 06:57:30 PM
I'm just after the with SP1 install images to eliminate a few hours of update downloading on reinstalls. smiley

Other than that I don't recall hearing of anything earth shatteringly new in it.
3190  Main Area and Open Discussion / General Software Discussion / Re: Windows 7 SP1 released on: February 22, 2011, 03:37:34 PM
MSDN seems a bit busy - transfer not starting... (hehe)
3191  Main Area and Open Discussion / Living Room / Re: SSD usage recommendations on: February 22, 2011, 12:52:17 PM
They were SSD's. There is a link at the bottom to a pdf of the quite detailed research paper.
3192  Main Area and Open Discussion / Living Room / Re: SSD usage recommendations on: February 22, 2011, 12:41:46 PM
Zoiks! That is a bit of a disturbing revelation. Apparently the only truly safe way to dispose of an old thumb-drive is with a hammer...  undecided
I wonder if thumbdrives employ over-provisioning? The recent fast ones might have taken a few clues from how SSDs work, but I wouldn't be too worried with older/slower drives.

It seemed (to me) to be what the closing statement of the article was implying:
Quote from: From the Article
Right now, SSDs are most often encountered in USB thumb drives, and it's not unusual for them to hold as much as 32 GB of data. An increasing number of laptops by default ship with SSDs installed as the primary storage mechanism. Flash storage underpins that vast majority of smartphones, as well.

Sure it could be a bit of a (sensational) stretch ... But there are just some conversations I don't want to have... Wink
3193  Main Area and Open Discussion / General Software Discussion / Re: Why is Software for Hardware Always Sucky? on: February 22, 2011, 12:26:55 PM
I've rather assumed that it's because those companies are hardware oriented and see user interface software as just a last minute chore that has to be undertaken before rushing to market.

I always assumed it was to be flash, i.e. you couldn't possibly interact with our shiny new hardware through some drab efficient interface, here use our custom UI.

Put these two together and I'd say that nails it. Engineering is guilty of the first one, and marketing the second.
3194  Main Area and Open Discussion / Living Room / Re: SSD usage recommendations on: February 22, 2011, 07:00:52 AM
Zoiks! That is a bit of a disturbing revelation. Apparently the only truly safe way to dispose of an old thumb-drive is with a hammer...  undecided
3195  Main Area and Open Discussion / Living Room / Re: The Plot Thickens... on: February 22, 2011, 06:50:42 AM
Maybe they need to have the women stare at the men's crotches to have the same effect.

I was wondering about that one myself - invalid "test" - a break in eye contact is usually more a sign of weakness/uncertainty. It's not going to un-nerve anybody; especially a guy...as we're chronically "thick" about subtleties.
3196  News and Reviews / Official Announcements / Re: March 2011 DonationCoder.com Fundraiser Celebration -- Pledges? on: February 21, 2011, 06:06:09 PM
But what if we say that everyone who donates (either a new donation or sending existing donationcredits to site account) can enter into a drawing to have an idea turned into an application?

...I hate to be a pest...But does that mean we can do the 50/50 thing?
3197  Main Area and Open Discussion / General Software Discussion / Re: Google set to steal Opera's thunder yet again, decides to eliminate url bar on: February 21, 2011, 11:44:53 AM
Let us not forget the fact that Chrome forced every major browser to have an overhaul in their interface in the attempt of mimicking Chrome's slightly more screen real estate

Fact? Really? ...So, it didn't have anything to do with the vertical resolution of the suddenly mandatory wide-screen monitors causing the real estate shortage to start with? Which forced everybody individually to dive at the same obvious solution.
3198  Main Area and Open Discussion / Living Room / Re: Cute jokes' thread on: February 21, 2011, 11:23:30 AM
huh Content seems to be unviewably (behind the "fence")
3199  Main Area and Open Discussion / Living Room / Re: Too many facebook friends linked to anxiety on: February 20, 2011, 09:57:50 AM
DonationCoder is my home online and facebook is about as relevent as some celebrity gossip from ten years ago.

+1  Thmbsup
3200  DonationCoder.com Software / DC Member Programs and Projects / Re: new software - dst on: February 20, 2011, 08:08:35 AM
This is a project I play with from time to time, It's a windows service that pings a listening app with info about the sending machines status. It's a bit crude but shows the basics of the back and forth socket handling stuff. It's written is pure Win32 API C++. Hopefully it may be helpful.

[attach=1]
Pages: Prev 1 ... 123 124 125 126 127 [128] 129 130 131 132 133 ... 191 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.071s | Server load: 0.02 ]