2 Guys, a Mac, and a Website - The Evolution of the Web - ANOTHER Windows Exploit! Woohoo!!!
October 7th - Hey, happy pantsday.
2 Guys Store

120x60

 Search

 Classic 2 Guys
10 Random Stories:
The Open Source Way versus the Microsoft Way
Headhunting Apple Execs
APPL and Apple - Some Thanksgiving Thoughts
Breaking News - Disaster Strikes!!!
2 Guys Podcast - 2/28/05
Super-Inclined Article for Making Laugh
Tip for adding links in html to the iTMS
Windows Security Breach Du Jour
Put The Knife Down and Step Away From The Mac
3-2-1 Lawsuit!

 Comments
yum hot guys - core
You guys are the pants! - PHP WannaBe
Maybe they don't like you - so they sent you defective product. Have yo... - DJLC
A friend of mine had this product, and the antenna portion quickly came... - Cubist
And the other rule of not commenting on your own article!
...
- Jonahan


 Account
Not logged in.

Username:
Password:
Save password
Not registered?




 ANOTHER Windows Exploit! Woohoo!!!
I don't know about you, but we here at 2 Guy's relish it when we hear something really bad about Windows, like a security vulnerability or data-eating virus. Those kinds of things just make you feel all warm and fuzzy inside, not unlike doing a shot of Stoli. Well, maybe it IS partially the Stoli, but lately we haven't HAD to drink Stoli to get that feeling.

Last week, some Polish hackers (does that make anyone else giggle?) found a critical exploit for all versions of Windows except for ME (who said Windows ME was the bastard child of the Window's family?). Microsoft quickly issued patches, and said hurriedly that everyone should go out and install them, but this just underscores Microsoft's lack of security - even though that was supposed to be their new top focus this year.

Now granted, OS X has security flaws as well, like the recent Screensaver password bug, where if you had a password on your Screensaver, you could hold down a key for 5 minutes, then hit enter. The Screensaver would then crash, allowing you to access the desktop. I don't know of any hackers who would have the endurance to hold a key down for 5 minutes though, so I think we were pretty safe, but in any case, Apple issued a security update within days. But the point is that Apple's security holes are smaller, fewer, and have the potential for less damage in most cases.

That said, this week's feel-good Windows vulnerability has all the makings of a hit. Basically, any Windows password can be cracked if it consists of letters or numbers. You read that right - let me explain.

CNET News.com reported on a Swiss researcher (what's with these northern Europeans, do they have nothing better to do than hack Windows!?) who was recently able to reduce the time to decrypt alphanumeric Windows passwords from 1 minute 41 seconds to an average of 13.6 seconds.

The problem with the way Windows deals with passwords stems from the fact that when they're encrypted (or hashed), a random number (known as 'salt') isn't used. As the CNET article states, "Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory."

You can view the Swiss guy's site and actually test it out for yourself. If you don't have access to a Windows machine or can't find a hashed password (within LANManager) there are previous requests you can see from other people (Hey, "6ee3d7a9ca274823aad3b435b51404eef7eb9c06fafaa23c4bcf22ba6781c1e2" is "dragon"!).

So feel secure in your faith, for OS X is the Way and the Light, and your (pretty much) impregnable shield from the darkness of the world. Now go forth and spread the word of Jobs!

July 23 2003, 9:29 AM EDT, by




Comments:
Serpico 7/23/03, 3:44 PM EDT
It's too bad that society is full of followers and not leaders. They use the same excuse, if everyone else is using it, then I need to, too. Get a brain, mofo.

stickman67 7/24/03, 1:01 AM EDT
I have a fair idea now why the OS is called "Windows" -- large, transparent holes that are easily opened ...

Jonahan 7/24/03, 11:02 AM EDT
Yeah, and people give us crap for using Macs when they don't even know the differences between the OSes. Ignorance is bliss. I guess that's why the default desktop in XP is named "Bliss", huh? ;)

stickman67 7/24/03, 10:18 PM EDT
It just occurred to me that it may be no coincidence that it was the Swiss who found this hole. Swiss cheese: full of holes. Windows: so full of holes that it must whistle in a strong breeze.

So what's next on the Swiss agenda? Dubya's head?



This article is archived, so you may not comment on it.

(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)


iMac G5_468x60
MacMini_02

 Site Links
 Deep Thoughts
To us, it might look like just a rag. But to the brave, embattled men of the fort, it was more than that. It was a flag of surrender. And after that, it was torn up and used for shoe-shine rags, so the men would look nice for the surrender.

 Around Da Web
iProng:
iPhone steals show at CTIA Wireless 2007
DLO offers dual cover fashion case for iPod
AT&T received 1M inquiries on iPhone
MacDailyNews:
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
Inside Apple?s Mac OS X 10.5 Leopard Server OS
The chips inside Apple TV
Think Secret:
Adobe Creative Suite 3 pricing revealed
 Olde Stuff
2 Guys Podcast Feed
Greatest American Hero
iAir
Scary Ballmer
Space Game
 We Like:
 • 2 Guys
 • Apple.com

 Side Projects
Jonahan
  • JediPoker.net
  • Jonahan.com
  • iProng
  • MacProng
iKen
  • MacIdiot
Jedbeck
  • Jedbeck.com
J.P.
  • Baby Ashley Project