Hacking Democracy on Google Video.
Apparently, our corporate overlords are able to determine elections now, in addition to their other nifty powers (wire tapping us without legal repercussions, amassing our financial data and then letting it be stolen, etc). Now, I don't vote, but if I did, I would be outraged!
A while back when I was first learning AJAX, I decided I wanted to write an interactive PHP/JavaScript shell for executing commands, etc. All the other ones I found either didn't handle directories well, were way too bulky or were backdoored. So, I now present to you JAXED Shell. I haven't extensively tested it, but it should work in the majority of situations.
Enjoy 
Commands:
home - return to shell's home directory
clear - clear history box
up/down arrow - go through previous commands
right arrow - file name completion
A few months ago I read this excellent article on password hashing schemes and I found some things out that I hadn't previously thought about. For instance, this sounds like a pretty novel thing, but speed in a hashing algorithm is not what you're looking for, and some hashing algorithms are much slower than others by design. Well, the other day someone on IRC didn't believe that crypt() would take a significant time more than md5(). Well, of course, I had to test it. So here's what I came up with to benchmark the two:
$t = microtime(true);
for($i=0;$i<5000;$i++){
$m = md5('password');
}
$diff = microtime(true) - $t;
$t2 = microtime(true);
for($i=0;$i<5000;$i++){
$m = crypt('password');
}
$diff2 = microtime(true) - $t2;
echo("MD5: " . $diff . "\\n");
echo("crypt (DES): " . $diff2 . "\\n");
echo("MD5 was " . $diff2/$diff . " times faster than crypt");
My average results with this say that md5() is something close to 125 times faster than crypt(). If you were just hashing one password, the difference would be negligible to the user. However, if someone is trying to brute one versus the other, the time will definitely make a difference. The moral of the story? Sometimes slower is better.
I apologize to any cryptographers who were hurt while reading this post; it's not very scientific, but it is the simplest way I can think of to demonstrate the time difference between these two algorithms. I'm sure you could do it better, and I encourage anyone who knows more than I do to let me know in the comments.
One of the largest security challenges many organizations face come from the most basic aspect of security: user passwords. Humans simply have a limited capacity to remember otherwise insignificant streams of letters and digits; as a result, they often choose passwords that are easier to remember. Those memorable passwords, however, can fail in the face of dictionary attacks or guesses based on information such as birth dates or the names of family members. This week's meeting of the Computer and Communications Security interest group of the Association for Computing Machinery saw the description of the latest attempt to balance security and obscurity: an improved form of the "Draw a Secret" method.
It seems like every week that I read something about making passwords easier to remember or something similar. The majority of these are woefully insecure and promote a hands-off security policy. However, I think this could seriously be a plausible alternative to traditional text passwords for a number of reasons. Read the rest of this entry »
What an idea! Hide a CAPTCHA breaker in porn. You get what you want (free e-mail accounts in most cases), they get what they want (porn). Win-win.
A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad "Melissa" agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press "go," and "Melissa" reveals more of herself.
Just a side note, sorry I've been posting a lot of news stories this week, but I'm drained for material right now, so I figured sub-par content would be better than none.