Forgot your password?
typodupeerror

Comment: Re:Hey Wordpress... (Score 1) 103

by yawnmoth (#29328199) Attached to: Wordpress.org Warns of Active Worm Hacking Blogs
I don't know that the statement "the salt will always be known" is a valid one. The fact that it's different for each password is what makes it secure.

The statements "the salt will always be known" and "it's different for each password" aren't mutually exclusive. You can have a unique salt for each user / password and still always know the salt for each of those users.

Also, in the case of Wordpress, I imagine the only password an attacker would be interested in would be that of an admin. Presumably you wouldn't be trying to brute force every single users password on a Wordpress installation, anyway. Of course, then again, I'm not sure non-admins have a reason to have an account, anyway, since most Wordpress installs allow unauthenticated users to comment.

Comment: Re:Hey Wordpress... (Score 1) 103

by yawnmoth (#29327929) Attached to: Wordpress.org Warns of Active Worm Hacking Blogs

Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security.

Do you even know what a salted password is? Instead of brute forcing hash(password) you brute force hash(salt + password). Since the salt is always going to be known, brute forcing hash(salt + password) takes no more time then brute forcing hash(password). All it protects against are run-of-the-mill rainbow table attacks

Obfuscating banners only adds a trivial amount of work to determine the version a server is running.

I assume you're referring to the capability testing that the wordpress.org post mentioned? Tell me - did 2.8.4 even introduce new capabilities? If so, then, presumably, it should have been numbered 2.9.0 - not 2.8.4. And if they didn't add new capabilities, then capability testing wouldn't allow an attacker to figure out if you were running a vulnerable version or not, wordpress.org's comments notwithstanding.

Comment: Re:Hey Wordpress... (Score 1) 103

by yawnmoth (#29327603) Attached to: Wordpress.org Warns of Active Worm Hacking Blogs
I suppose you also think salted passwords are snake oil? Sure, they're not going to stop someone who's brute forcing on-the-fly, but it does make life more complicated for people using rainbow tables.

I only mention salted passwords because Wordpress uses them (see wp-includes/class-phpass.php).

Comment: add more commercials (Score 1) 313

by yawnmoth (#28213449) Attached to: Hulu May Begin Charging For Video Content
TV networks generally have 15 minutes of commercials for every 45 minutes of programming and as loathsome as having that many commercials may be, I'd, personally, rather have that than have to pay $20.00 / month or whatever. And I don't see pirating as a viable alternative, either - however unjustified the penalties for copyright violation may be, the fact remains that if you get caught, you're liable to be fined several thousand dollars.

Comment: Re:Sell more MSN (Score 1) 621

by yawnmoth (#5624786) Attached to: Copy-Protected CDs Going Mainstream
Most computers come with dial-up modems. Microsoft could use playing crippled files as an excuse to sell the Butterfly [userfriendly.org] to listeners.

just because most computers have dial-up modems doesn't mean that most people with dial-up modems are going to want to have to connect every time they want to play an audio CD.

or to another spin on this... should someone not be able to listen to an audio CD with headphones just because someone else is on the phone?

or what about someone using a laptop on a plane, in a car ride, or just outside, somewhere where they're not going to have an internet connection... should they not be able to listen to audio CD's?

or what about kids who have a computer, but whose parents won't let them get on the internet without their permission? do they now need permission just to play an audio CD?

make no mistake... having to connect to the internet to do something *is* an inconvience to some people, and i dislike the precidence this sets... i don't think we should have to inconvenience ourselves anymore than we already do for Microsoft.

To thine own self be true. (If not that, at least make some money.)

Working...