Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Our password hashing has no clothes (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "Software developers have long relied on using a salt to add randomness to passwords before they’re hashed and stored in the database. The theory has always been that the unpredictability of the salt protected passwords by making them too computationally expensive to crack as it ruled out techniques such as rainbow tables which rely on pre-computed hashes. But the hardware of today – particularly GPUs – have now progressed to the point where cracking even salted passwords using fast hashing algorithms like MD5 and SHA is trivial, as this article demonstrates."
Security

Submission + - Interview with the man behind Comantra, the "cold call virus scammers" (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "If you live in a western country and have a landline telephone with a listed phone number, chances are you’ve been “cold called” by someone on the other side of the world with an introduction that goes something like this:

"Hello, I am from the Microsoft technical support division and I am calling you because we have detected some problems with your computer. This is very important – I need you to go and turn your computer on right away..."

It doesn’t matter if you have a computer, in fact it doesn’t matter if you’ve never even touched a computer because these calls are totally random. It's a scam intended to prey on the fear of unsuspecting people who can be convinced there are genuine problems with their PC. I decided to contact the man behind the company which most frequently features in these scam calls and surprisingly, he agreed to answer some questions about his business."
Censorship

Submission + - Browsing the broken web: a software developer behind the Great Firewall of China (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "Whilst we’ve long known that China takes a fairly aggressive stance on internet censorship, I thought a visit to Shanghai this week would pose a good opportunity to look at just how impactful this was to software developers behind the Great Firewall of China. It turns out that the access control policies make life very difficult at all sorts of levels when accessing simple technology resources we use every day from other countries. But I also found an amazing level of inconsistency with sites and services intended to be off limits being accessible via other means. It’s an interesting insight into how our developer peers can and can’t work in the country with the world’s largest internet population."
Security

Submission + - Scamming the scammers – catching the virus call centre scammers red-handed (troyhunt.com) 1

Submitted by
troyhunt
troyhunt writes: "It seems those scammers who keep cold-calling unsuspecting victims in an attempt to convince them their PC is infected with viruses just won’t let up. The scam is now rampant across the globe and it often ends with innocent victims being parted with cash for “fixes” they don’t need and their machine being left in a state where it can be remotely controlled at the scammers’ will. But this time the tables are turned; the entire episode is caught on video including the software products installed by the scammer and his attempt to extract payment from the “victim”. The video wraps up after the call is over with a look at what was installed and what the “problems” actually were."
Security

Submission + - Breaking CAPTCHA with automated humans (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "We’ve all become accustomed to dealing with CAPTCHAs during the signup process for all sorts of different online accounts where the service owner wants protection from automation via bots. The basis of CAPTCHA is that it takes a human to solve; but what if we automate the humans? And then multithreaded them to work in parallel? Turns out the entire process can be implemented very easily and very cheaply such that CAPTCHAs can be circumvented for a fraction of a cent each."
IOS

Submission + - Secret iOS business; what you don't know about you (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "After a bit of analysis of iOS network behaviour, it turns out today’s apps are doing some pretty nasty things under the convers. Excessive bandwidth consumption, data logging of even the most mundane tasks to remote services and glaring security vulnerabilities that don’t exist in their browser-based counterparts. There’s a seedy underbelly of very bad app design just under that shiny Apple veneer."
Privacy

Submission + - The Westfield's iPhone app privacy smorgasbord (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "We’ve all become used to being monitored by centre management when we come and go from car parks, but what Westfield hasn’t told anyone is that their new iPhone app allows anyone to monitor the movements of any vehicle. The service behind the app serves up a veritable smorgasbord of number plates easily consumable by anyone with an internet connection."
Security

Submission + - The science of password selection (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "We all know by now that most people do a pretty poor job of choosing passwords, but what’s behind the selection process? What’s the inspiration for choosing those short, simple passwords that so often adhere to such predictable patterns? It turns out there’s a handful of classic routes that people follow to consistently arrive at the same poor choices – and some of them are pretty shocking."
Security

Submission + - A brief Sony password analysis (troyhunt.com)

Submitted by
troyhunt
troyhunt writes: "So the Sony saga continues. As if the whole thing about 77 million breached PlayStation Network accounts wasn’t bad enough, numerous other security breaches in other Sony services have followed in the ensuing weeks, most recently with SonyPictures.com where a significant portion of the database was publicly disclosed a few days back.

With all this customer data now unfortunately out there for public viewing, I thought it would be interesting to do some analysis on password practices. There are some rather alarming (although not entirely surprising) findings including:

36% of passwords appear in a common password dictionary.
50% of passwords are 7 characters or less.
67% of accounts on both Sony and Gawker use the same password.
82% of passwords are lowercase alphanumeric of 9 characters or less.
99% of passwords don’t contain a single non-alphanumeric character."

Comment Automate your backups offsite (Score 1) 680

by troyhunt (#34959940) Attached to: How Do You Store Your Personal Photos?

There are plenty of easy ways to find the additional local capacity, but in terms of backups, IMHO any practice that requires you to manually perform tasks is setting you up for failure. You'll forget to put that backup disk at your mother in laws or you'll carry a few weeks of extra risk because you've been busy or any number of other reasons. And as for keeping backups at home, there's the risk of burglary, fire, flood, four horses of the apocalypse etc, etc.

There are some great online backup services these days that take care of the whole thing for you. Point it at your data, define a backup schedule and let it run. SugarSync gets some good feedback. Personally, I've found Mozy very good and for the sake of $5 per month for unlimited storage, I reckon it's a bargain. Here's my setup: http://troy.hn/bhP4F9

In terms of network and speed, even from Australia (typically slower connection to US based services), I pushed up over 100GB in about 4 days recently. A combination of fast, cheap bandwidth, unlimited storage and a reasonable rate of data collection makes this perfect for the scenario you describe.

Slashdot Top Deals

Any circuit design must contain at least one part which is obsolete, two parts which are unobtainable, and three parts which are still under development.

Close