Cracking Windows passwords in seconds
If your passwords consist of letters and numbers, beware.
Swiss researchers released a paper on Tuesday outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds, from 1 minute 41 seconds.
The method involves using large lookup tables to match encoded passwords to the original text entered by a pereson, thus speeding the calculations required to break the codes. Called a time-memory trade-off, the situation means that an attacker with an abundance of computer memory can reduce the time it takes to break a secret code.
The results highlight a fact about which many security researchers have worried: Microsoft's manner for encoding passwords has certain weaknesses that make such techniques particularly effective, Philippe Oechslin, a senior research assistant and lecturer at the Cryptography and Security Laboratory of the Swiss Federal Institute of Technology in Lausanne (EPFL), wrote in an e-mail to CNET News.com.
"Windows passwords are not very good," he wrote. "The problem with Windows passwords is that they do not include any random information."
Oechslin outlined a way to take advantage of that lack of randomness on Tuesday when he published a paper and a Web demonstration of the technique. The research builds on previous work showing that encryption algorithms can be sped up with the help of large lookup tables. Increasing the size of the lookup tables reduces the amount of time, on average, that it takes to search for a password.
The researcher used a 1.4GB lookup table and a single computer with an AMD 2500+ processor and 1.5GB RAM to offer people a way to test the process online.
http://lasecpc13.epfl.ch/ntcrack/
http://zdnet.com.com/2100-1105_2-5053063.html
Thursday, July 24, 2003
Online Photo Resource Guide™
These days, there are a lot of ways to put photo albums on the web for free, or almost free, or for some kind of subscription fee. The intent of these sites is to allow consumers to upload pictures, invite friends to view them, send photo greeting cards, and sell ancillary merchandise and services.
These sites vary in their restrictions on amount of storage and their promises of retention, but hey! as long as they're free, sign up as often as you like. There is a definite trend for free sites to run out of money and either be acquired, disappear, or convert to some sort of subscription model, not necessarily in a manner convenient to their current customers. If you expect any of these sites, paid or free, to preserve your precious photos for ever, you are very foolish indeed. See thecasualty list if you doubt. My prediction; more instability until the price structure has more relationship to reality. The retail price of storage is around $1/Gb, so how can anyone expect to correct $50/yr for a few megabytes of storage? These sites do have expenses, but they're not primarily for storage.
The list is in approximate order of preference, from the viewpoint of a consumer seeking mass storage; but each site has special merits and demerits, so your preferences may differ.…
http://www.andromeda.com/people/ddyer/photo/albums.html
These days, there are a lot of ways to put photo albums on the web for free, or almost free, or for some kind of subscription fee. The intent of these sites is to allow consumers to upload pictures, invite friends to view them, send photo greeting cards, and sell ancillary merchandise and services.
These sites vary in their restrictions on amount of storage and their promises of retention, but hey! as long as they're free, sign up as often as you like. There is a definite trend for free sites to run out of money and either be acquired, disappear, or convert to some sort of subscription model, not necessarily in a manner convenient to their current customers. If you expect any of these sites, paid or free, to preserve your precious photos for ever, you are very foolish indeed. See thecasualty list if you doubt. My prediction; more instability until the price structure has more relationship to reality. The retail price of storage is around $1/Gb, so how can anyone expect to correct $50/yr for a few megabytes of storage? These sites do have expenses, but they're not primarily for storage.
The list is in approximate order of preference, from the viewpoint of a consumer seeking mass storage; but each site has special merits and demerits, so your preferences may differ.…
http://www.andromeda.com/people/ddyer/photo/albums.html
eFXservices.com -- Quickstart
An Internet service that is an extraordinary experience for photo or image manipulation. No application software or plug-ins are needed to use this service. A digital image or photo on the Net (or photo from eFXservices Albums), a fast connection to the Internet, and the latest browser is the only requirement. To enhance productivity, feature rich Net services for photo movement and photo management, considered essential, has been provided. All the services for manipulation, movement and management run remotely on a web server somewhere on the Internet.
Quickstart.
You can start using the service with a (fast) Internet connection and latest browser. The demo has Albums from which you may select photos and images for use in eFXservices. Of course you may also upload your own digital photos later. Please use the latest Microsoft Internet Explorer (Ver. 4.X or higher) or Netscape Communicator (Version 4.X or higher). In the demonstration system we do not store any photos that you may have upload photos and we clean up (restore) our Albums after you leave. So go ahead … we hope you have a great experience.
http://efxservices.com/quickstart.html
An Internet service that is an extraordinary experience for photo or image manipulation. No application software or plug-ins are needed to use this service. A digital image or photo on the Net (or photo from eFXservices Albums), a fast connection to the Internet, and the latest browser is the only requirement. To enhance productivity, feature rich Net services for photo movement and photo management, considered essential, has been provided. All the services for manipulation, movement and management run remotely on a web server somewhere on the Internet.
Quickstart.
You can start using the service with a (fast) Internet connection and latest browser. The demo has Albums from which you may select photos and images for use in eFXservices. Of course you may also upload your own digital photos later. Please use the latest Microsoft Internet Explorer (Ver. 4.X or higher) or Netscape Communicator (Version 4.X or higher). In the demonstration system we do not store any photos that you may have upload photos and we clean up (restore) our Albums after you leave. So go ahead … we hope you have a great experience.
http://efxservices.com/quickstart.html
Wednesday, July 23, 2003
SCO Copyright Claims Questioned
Eben Moglen, a professor at Columbia Law School and general counsel for the Free Software Foundation, told eWEEK in an interview on Monday that those business Linux users who are not modifying, copying or distributing the Linux kernel can not be targeted for copyright infringement.
"Possession of infringing material is not a copyright violation because the copyright owner doesn't have an exclusive right to possess the work. The copyright statute gives the copyright holder exclusive power to copy, modify and distribute the work, so those people copying, modifying or distributing in violation of the owner's exclusive rights are infringing. Those who aren't copying, modifying or distributing are not in violation," he said.
Just using infringing code was no more of a copyright violation than possessing a photocopied book, he said. That act of copying and distributing is the infringement. "So end users will probably look at this situation and assume that SCO is not talking to them, including the 1,500 global CEOs who received letters from SCO [warning them that Linux was an unauthorized derivative of Unix and warning them of potential legal liability].
"The vendors will also probably look at SCO's UnixWare license proposal and say that under Section 7 of the GNU General Public License they can't take that license and will have to decide whether there is an infringement they need to obey or simply to disregard these moves as a nuisance," he said.
But SCO on Monday made clear that it was going after business and enterprise Linux users rather than the Linux distributors and vendors such as Red Hat Inc. and SuSE Inc. SCO CEO Darl McBride and David Boies, his chief legal counsel from Boies, Schiller & Flexner LLP, made it clear that SCO intends to use every means possible to protect the company's Unix source code and to enforce its copyrights.…
http://www.eweek.com/article2/0,3959,1200766,00.asp
Eben Moglen, a professor at Columbia Law School and general counsel for the Free Software Foundation, told eWEEK in an interview on Monday that those business Linux users who are not modifying, copying or distributing the Linux kernel can not be targeted for copyright infringement.
"Possession of infringing material is not a copyright violation because the copyright owner doesn't have an exclusive right to possess the work. The copyright statute gives the copyright holder exclusive power to copy, modify and distribute the work, so those people copying, modifying or distributing in violation of the owner's exclusive rights are infringing. Those who aren't copying, modifying or distributing are not in violation," he said.
Just using infringing code was no more of a copyright violation than possessing a photocopied book, he said. That act of copying and distributing is the infringement. "So end users will probably look at this situation and assume that SCO is not talking to them, including the 1,500 global CEOs who received letters from SCO [warning them that Linux was an unauthorized derivative of Unix and warning them of potential legal liability].
"The vendors will also probably look at SCO's UnixWare license proposal and say that under Section 7 of the GNU General Public License they can't take that license and will have to decide whether there is an infringement they need to obey or simply to disregard these moves as a nuisance," he said.
But SCO on Monday made clear that it was going after business and enterprise Linux users rather than the Linux distributors and vendors such as Red Hat Inc. and SuSE Inc. SCO CEO Darl McBride and David Boies, his chief legal counsel from Boies, Schiller & Flexner LLP, made it clear that SCO intends to use every means possible to protect the company's Unix source code and to enforce its copyrights.…
http://www.eweek.com/article2/0,3959,1200766,00.asp
USING FLASH AS AN XML PROXY
by Phillip Perkins
Microsoft provides an ActiveX tool, the XMLHTTP component, for sending
data to Web servers within a client HTML page. Or, if you don't want to
use Microsoft technology, you can create a Java proxy to handle this
exchange of information. Another tool you might want to consider is Flash.
Flash can send XML data to Web servers through the XML object. This
object contains two methods for sending XML data to the server: send() and
sendAndLoad(). The first method sends the XML contents in the current XML
object to the Web server. The second method sends the current contents to
the server and loads the result XML to an XML object.
The only thing left is to interact with the data in the current HTML
page. You can use fscommand() to call JavaScript (or VBScript) functions
within the HTML page from Flash. If you know how to use this functionality,
you can create an XML proxy for your XML data.
From Builder.com Web Development Zone newsletter.
Phillip Perkins is a contractor with Ajilon Consulting. His experience
ranges from machine control and client/server to corporate intranet
applications.
http://www.geocities.com/phil_perkins_1/Flash/xml_proxy.zip
by Phillip Perkins
Microsoft provides an ActiveX tool, the XMLHTTP component, for sending
data to Web servers within a client HTML page. Or, if you don't want to
use Microsoft technology, you can create a Java proxy to handle this
exchange of information. Another tool you might want to consider is Flash.
Flash can send XML data to Web servers through the XML object. This
object contains two methods for sending XML data to the server: send() and
sendAndLoad(). The first method sends the XML contents in the current XML
object to the Web server. The second method sends the current contents to
the server and loads the result XML to an XML object.
The only thing left is to interact with the data in the current HTML
page. You can use fscommand() to call JavaScript (or VBScript) functions
within the HTML page from Flash. If you know how to use this functionality,
you can create an XML proxy for your XML data.
From Builder.com Web Development Zone newsletter.
Phillip Perkins is a contractor with Ajilon Consulting. His experience
ranges from machine control and client/server to corporate intranet
applications.
http://www.geocities.com/phil_perkins_1/Flash/xml_proxy.zip
Free TechRepublic Downloads -- Tools & Executables
90 Downloads in "Tools & Executables"
Sorted by Date
http://www.techrepublic.com/download_browse.jhtml;jsessionid=13Q1IZ2KXSUPHTQQACQCFEY?browseParam=tools_exe&category=Tools+%26+Executables&total=90
90 Downloads in "Tools & Executables"
Sorted by Date
http://www.techrepublic.com/download_browse.jhtml;jsessionid=13Q1IZ2KXSUPHTQQACQCFEY?browseParam=tools_exe&category=Tools+%26+Executables&total=90
Tuesday, July 22, 2003
Windows XP Internet Connection Sharing
Internet Connection Sharing (ICS) enables a Windows computer to share its Internet connection with computers on local area networks. It's been around since Windows 98 SE, and with the launch of Windows XP, it's only gotten better.
Windows XP ICS has some notable advantages over the versions of ICS in Windows 98 Second Edition and Windows Me:
It's easier to set up. There's no software to install, and it doesn't add any network components or protocols.
It's much more reliable and much less likely to cause network problems.
You can create a Network Bridge connecting two or more local area networks and share the Internet connection with the computers on all of them. This is especially useful if your XP computer is connected to both a wired and wireless network.
ICS client computers can use XP's Internet Gateway to monitor and control the server computer's Internet connection. If you have a dial-up connection, you can connect and disconnect when deciding whether to enable ICS.
However, XP ICS is missing some features of those earlier versions. You can't disable the DHCP server, change the server computer's IP address, or change the range of addresses allocated by the DHCP server.
http://www.practicallynetworked.com/sharing/xp_ics/
Internet Connection Sharing (ICS) enables a Windows computer to share its Internet connection with computers on local area networks. It's been around since Windows 98 SE, and with the launch of Windows XP, it's only gotten better.
Windows XP ICS has some notable advantages over the versions of ICS in Windows 98 Second Edition and Windows Me:
It's easier to set up. There's no software to install, and it doesn't add any network components or protocols.
It's much more reliable and much less likely to cause network problems.
You can create a Network Bridge connecting two or more local area networks and share the Internet connection with the computers on all of them. This is especially useful if your XP computer is connected to both a wired and wireless network.
ICS client computers can use XP's Internet Gateway to monitor and control the server computer's Internet connection. If you have a dial-up connection, you can connect and disconnect when deciding whether to enable ICS.
However, XP ICS is missing some features of those earlier versions. You can't disable the DHCP server, change the server computer's IP address, or change the range of addresses allocated by the DHCP server.
http://www.practicallynetworked.com/sharing/xp_ics/
Monday, July 21, 2003
Update: New Bill Cracks Down Further On File-Sharing
A bill pending before the House of Representatives would make the intent to share a copyrighted file grounds for prosecution, virtually eliminating the burden of proof from law-enforcement agencies.
The proposed bill, submitted by Rep. John Conyers (D-MI) and co-sponsored by Howard Berman (D-CA) would modify the U.S. Title Code, adding the stipulation that if a user makes accessible a copyrighted file to a file-sharing service without permission he can be charged with up to ten counts of copyright violations.
The bill also would require file-sharing services to alert users that they are downloading "enabling software", or software that could be used to share copyrighted works. The bill would require file-sharing services to stipulate that downloading the P2P application could pose a privacy and security risk to the user's computer. Other language in the bill would crack down on the practice of supplying false information to domain name registrars.
The bill is formally titled the "Author, Consumer, and Computer Owner Protection and Security (ACCOPS) Act", a copy of which can be found on the Electronic Frontier Foundation's web site. ACCOPS is designed "to encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes."
The bill is designed to protect the entertainment industry, Conyers said in a statement.
"Digital piracy is one of the biggest problems facing creators of copyrighted content," Conyers said. "Even though the artists, authors, actors, movie companies, software developers, publishers, and record studios create this country's number one export, they are suffering because people are taking advantage of technology to share and obtain their valuable content for free."
"On top of that, much of this new technology is creating security and privacy risks for everyday computer users," Conyers added. "While existing laws have been useful in stemming this problem, they simply do not go far enough. That is why Congressman Berman, myself and other Judiciary Committee members are introducing legislation to give consumers, law enforcement, and content creators the tools they need to protect their rights."
The bill would modify Section 506 of Title 17 of the U.S. code, the highly complex document which forms the basis of federal law.
The clause in question currently states that users will be subject to penalties "by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000".
But under the proposed bill, simply placing the file into a folder or other collection of files accessible to the file-sharing application would apparently be enough to break the law. The bill does not require proof that the work was actually disseminated to other individuals.…
http://www.extremetech.com/article2/0,3973,1197594,00.asp
A bill pending before the House of Representatives would make the intent to share a copyrighted file grounds for prosecution, virtually eliminating the burden of proof from law-enforcement agencies.
The proposed bill, submitted by Rep. John Conyers (D-MI) and co-sponsored by Howard Berman (D-CA) would modify the U.S. Title Code, adding the stipulation that if a user makes accessible a copyrighted file to a file-sharing service without permission he can be charged with up to ten counts of copyright violations.
The bill also would require file-sharing services to alert users that they are downloading "enabling software", or software that could be used to share copyrighted works. The bill would require file-sharing services to stipulate that downloading the P2P application could pose a privacy and security risk to the user's computer. Other language in the bill would crack down on the practice of supplying false information to domain name registrars.
The bill is formally titled the "Author, Consumer, and Computer Owner Protection and Security (ACCOPS) Act", a copy of which can be found on the Electronic Frontier Foundation's web site. ACCOPS is designed "to encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes."
The bill is designed to protect the entertainment industry, Conyers said in a statement.
"Digital piracy is one of the biggest problems facing creators of copyrighted content," Conyers said. "Even though the artists, authors, actors, movie companies, software developers, publishers, and record studios create this country's number one export, they are suffering because people are taking advantage of technology to share and obtain their valuable content for free."
"On top of that, much of this new technology is creating security and privacy risks for everyday computer users," Conyers added. "While existing laws have been useful in stemming this problem, they simply do not go far enough. That is why Congressman Berman, myself and other Judiciary Committee members are introducing legislation to give consumers, law enforcement, and content creators the tools they need to protect their rights."
The bill would modify Section 506 of Title 17 of the U.S. code, the highly complex document which forms the basis of federal law.
The clause in question currently states that users will be subject to penalties "by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000".
But under the proposed bill, simply placing the file into a folder or other collection of files accessible to the file-sharing application would apparently be enough to break the law. The bill does not require proof that the work was actually disseminated to other individuals.…
http://www.extremetech.com/article2/0,3973,1197594,00.asp
The firewall in a multilayer security approach
What a firewall can and can’t do
A firewall can be hardware- or software-based. The tightest security is obtained when the two options are used in combination. Yet, even in this approach, a firewall system has its limits:
It can’t protect the enterprise from attacks and threats from within your network.
Virus protection is limited without additional software and specialized technologies.
A firewall can’t protect an organization from attacks that avoid a firewall—an external hack via a dial-up account can fully compromise the entire security plan.
Firewall technology, obviously, also can’t protect organizations from employee carelessness or mistakes with passwords and unauthorized access. Only specific tools and policy guidelines on expected computer use and access can thwart those issues.
membership recquired (free)
http://www.techrepublic.com/article.jhtml?id=r00520030131mbr01.htm&fromtm=e044-1
What a firewall can and can’t do
A firewall can be hardware- or software-based. The tightest security is obtained when the two options are used in combination. Yet, even in this approach, a firewall system has its limits:
It can’t protect the enterprise from attacks and threats from within your network.
Virus protection is limited without additional software and specialized technologies.
A firewall can’t protect an organization from attacks that avoid a firewall—an external hack via a dial-up account can fully compromise the entire security plan.
Firewall technology, obviously, also can’t protect organizations from employee carelessness or mistakes with passwords and unauthorized access. Only specific tools and policy guidelines on expected computer use and access can thwart those issues.
membership recquired (free)
http://www.techrepublic.com/article.jhtml?id=r00520030131mbr01.htm&fromtm=e044-1
How to make sure a firewall does its job
If you think deploying a firewall is the start and end of the security effort, you’re right—at least from the point of view from crackers, virus pushers, and other assorted bad guys.
Getting a firewall to do what it promises—protect the network that sits behind it—doesn’t begin with an equipment purchase and end with the plug-in. In fact, the plug-in is when the real work begins. As one technical coordinator says, “it’s a never-ending job.” Firewall implementation starts with a full security assessment and continues with constant vigilance over the solution put in place.
membership recquired (free)
http://www.techrepublic.com/article.jhtml?id=r00520030129cww01.htm&fromtm=e044-1
If you think deploying a firewall is the start and end of the security effort, you’re right—at least from the point of view from crackers, virus pushers, and other assorted bad guys.
Getting a firewall to do what it promises—protect the network that sits behind it—doesn’t begin with an equipment purchase and end with the plug-in. In fact, the plug-in is when the real work begins. As one technical coordinator says, “it’s a never-ending job.” Firewall implementation starts with a full security assessment and continues with constant vigilance over the solution put in place.
membership recquired (free)
http://www.techrepublic.com/article.jhtml?id=r00520030129cww01.htm&fromtm=e044-1
Take a peek inside this administrator's virtual toolbox
A nice collection of applications, utilities, hardware, and other tools used to troubleshoot, perform routine maintenance, enforce security, measure performance, test software, and execute countless other administrator tasks, along with a short description of each with the hope that some of these could prove useful for you as well.
http://www.techrepublic.com/article.jhtml?id=r00220020417tmg01.htm&fromtm=e064&_requestid=94290
A nice collection of applications, utilities, hardware, and other tools used to troubleshoot, perform routine maintenance, enforce security, measure performance, test software, and execute countless other administrator tasks, along with a short description of each with the hope that some of these could prove useful for you as well.
http://www.techrepublic.com/article.jhtml?id=r00220020417tmg01.htm&fromtm=e064&_requestid=94290
Subscribe to:
Posts (Atom)
Posts
