Forgot your password?
typodupeerror

Comment: Re:Unsalted hashes are worse. (Score 3, Insightful) 212

by bugg (#40245683) Attached to: MD5crypt Password Scrambler Is No Longer Considered Safe

Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.

Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.

Comment: Re:Some american tell me (Score 2) 256

by bugg (#36474214) Attached to: Iowa Rejects Video Privacy Protection For Cows

IANAL, but I believe your employer is obligated to provide you with a safe working environment, doubly so with regards to your membership in protected classes. If an employer permits a hostile working environment, especially one that unduly affects people who are members of protected classes (in this case, women) it is a form of illegal discrimination and you most certainly do have recourse.

You can't hire the KKK, let them turn your workplace into a de facto Klan meeting, and let them intimidate or harm new employees who happen to be non-white or non-protestant. The employer is responsible for that. If they weren't, the provisions against workplace discrimination in the CRA would be very hard to enforce, because this is precisely how it would be done (hell, this is roughly how it was done during many years of Jim Crow).

You have to realize that in the cases that prompted this legislation - Blackwater and other defense contractors - you have employers recruiting cowboy-mentality young men, arming them with weapons, and teaching them that might-makes-right and that not all people have rights that you are obligated to respect. They create an environment where human rights abuses are tolerated if not encouraged, and this extends all the way down to their own workers and sexual assault.

Comment: Re:Strange (Score 2) 395

by bugg (#36166642) Attached to: When AIM Was Our Facebook

The internet wasn't being used by nearly as many people in the 1990s, especially the early to mid-90s, as it is today. It is hard to compare across decades without pausing to realize that. A lot of the differences have to do with the amount of business and commerce that happens on the internet, as well as the work done by AOL (and to a lesser extent massive ISPs like Earthlink) to market the internet for the masses.

Most of the people I knew on the internet used IRC, but that's clear selection bias: most of the people I knew who used the internet I knew via the internet, and met via IRC. Not everyone used it regularly, but in other communities (mailing lists, and the like) people generally knew what IRC was and how to connect to it. Lots of communities had and have IRC servers. Slashnet, anyone?

Comment: Re:DD-WRT + QoS (Score 1) 520

by bugg (#35972112) Attached to: Ask Slashdot: Best Way To Leave My Router Open?
The trouble with relying on QoS is that this won't help a lot of users (particularly not-the-fastest DSL users) when someone, say, joins a torrent: the incoming requests will end up swamping the DSL modem's uplink. That is, the congestion is not between the client and the AP, it's between your next-hop and your modem. Your wireless AP's QoS controls are helpless to regulate this traffic. Slowing down the traffic between the AP and the client will maybe discourage your neighbor from attempting to use the line on the torrent, but it won't have a significant effect on decreasing the traffic to the DSL line, and if you start dropping more packets per QoS policy, it will just result in more retransmissions. This all gets a lot easier when everyone has significantly faster lines, but ultimately this is not a problem that current technology does a great job of solving. Specifically, this gets easier (but is still a far cry from solved) when the bandwidth of the wireless fabric is about the same as the bandwidth of the ISP uplink. It is also worth pointing out that even if your neighbors don't share your internet connection, if their wireless AP shares your channel they share your wireless bandwidth. But that is the wireless fabric bandwidth, which tends to be more abundant.

Comment: Re:interesting factoid: (Score 1) 454

by bugg (#30766046) Attached to: Human Males Evolve At a Faster Pace Than Females

i'm saying wouldn't it be better to have your testicles inside your body and evolve sperm that develop at a higher temperature? its pretty ridiculous to have such an important organ dangling outside unprotected. i never understood why.

Here's a hint: we got to where we are via random mutation and natural selection, not design.

Comment: Re:How about... (Score 1) 636

by bugg (#30439412) Attached to: "Loud Commercial" Legislation Proposed In US Congress

You're both wrong. There are two things that can kill: power, and frequency.

To get from being healthy and alive to cooked requires a change in energy as lots of chemical bonds need to be destroyed. This requires work to be done, and the rate at which work is done is power. This is the traditional killer in most electrocutions. I say it's the power and not the work that kills, because if the power is low enough, you can probably survive indefinitely. Power is current*voltage, and it's measured in watts. A static shock is easily 10kV - air doesn't breakdown and conduct until you've got 3 million volts/meter, so the 5mm static shock you might get when you rub your feet on the carpet is around 15kV. But you didn't move all that much charge with that action, so the current is necessarily very low, as is the power.

If you want to know how fast a microwave will cook a hotdog, a great place to start is the power rating (watts) of the microwave. If you want to know how fast an electric oven will get to temperature, the right place to start is the power rating (watts) of the microwave. You two are arguing over whether it's the 120V that kills the hotdog or the 10A that kills the hotdog, when it's very clearly the product (1020W) that does it. That's why the wattage of the microwave is a selling point.

Frequency: You actually don't need to cook someone to kill them, which means without that much work/power it's possible to kill someone. The trick is inducing cardiac arrest. The frequency turns out to be much more important than the total work done. Tasers don't do much work, for instance, but they have killed people. Someone with more of a background in the electrochemistry of the nervous system and the heart could probably chime in more on this.

Comment: Leverage the spinning platters to your advantage (Score 5, Interesting) 289

by bugg (#29149219) Attached to: Ten Ways To Destroy a Hard Disk
Everyone knows drives are most vulnerable when the heads are engaged, and the spinning platters should cause a single destructive action to potentially spread to the entire circumference. Why not do a write operation to the entire disk and hit it with a hammer during the write? Do that properly and the heads should go flying off in pieces into the platters, and the platters spinning with the loose head material should ensure nothing survives.

Comment: Re:Well the only fool proof way... (Score 4, Insightful) 491

by bugg (#28980375) Attached to: How Can I Tell If My Computer Is Part of a Botnet?
In practice, I'd run the sniffer on the machine if there was already one there. The absence of the sniffer revealing traffic does not mean there is no traffic, but if the sniffer shows traffic it's a safe bet it's real. Frankly I've yet to hear of any rootkits that would let the sniffer still work and not show the compromised traffic, I think it's more of an in-theory than in-practice. Because I mean, I suspect users who know how to operate sniffers are an edge case for botnet authors. If you've got the sniffer on the machine and can easily run it, why not? A fine alternative is setting up a span port (monitor port) on the switch. I work with managed switches all day, so I'm spoiled in this regard - I don't really think that's an option for the OP however, linksys switches tend to be pretty dumb.

Comment: Re:It doesn't matter (Score 1) 359

by bugg (#28679385) Attached to: R.I.P. FTP

One needn't compromise a router in order to gain access to it. They can be given access, after all.

There are thousands of network engineers and similar who work for ISPs, who routinely capture traffic as part of their jobs. It takes only one of them to disregard the rules/the law/their job and run a longer trace, or to run a trace to capture one specific thing and inadvertently capture passwords. Or worse yet, it takes only one of them to have their credentials or machines personally compromised.

It might be a bit farfetched, but once you start working in this business and you see how many engineers have pretty advanced credentials, you realize that any one of them could become a determined attacker and do quite a bit of damage -- or, a sufficiently determined attacker could get a job as a network engineer.

A meeting is an event at which the minutes are kept and the hours are lost.

Working...