|
Search |
|
|
|
Classic 2 Guys |
|
10 Random Stories:
|
|
|
|
ANOTHER Windows Exploit! Woohoo!!! |
|
I don't know about you, but we here at 2 Guy's relish it when we hear something really bad about Windows, like a security vulnerability or data-eating virus. Those kinds of things just make you feel all warm and fuzzy inside, not unlike doing a shot of Stoli. Well, maybe it IS partially the Stoli, but lately we haven't HAD to drink Stoli to get that feeling.
Last week, some Polish hackers (does that make anyone else giggle?) found a critical exploit for all versions of Windows except for ME (who said Windows ME was the bastard child of the Window's family?). Microsoft quickly issued patches, and said hurriedly that everyone should go out and install them, but this just underscores Microsoft's lack of security - even though that was supposed to be their new top focus this year.
Now granted, OS X has security flaws as well, like the recent Screensaver password bug, where if you had a password on your Screensaver, you could hold down a key for 5 minutes, then hit enter. The Screensaver would then crash, allowing you to access the desktop. I don't know of any hackers who would have the endurance to hold a key down for 5 minutes though, so I think we were pretty safe, but in any case, Apple issued a security update within days. But the point is that Apple's security holes are smaller, fewer, and have the potential for less damage in most cases.
That said, this week's feel-good Windows vulnerability has all the makings of a hit. Basically, any Windows password can be cracked if it consists of letters or numbers. You read that right - let me explain.
CNET News.com reported on a Swiss researcher (what's with these northern Europeans, do they have nothing better to do than hack Windows!?) who was recently able to reduce the time to decrypt alphanumeric Windows passwords from 1 minute 41 seconds to an average of 13.6 seconds.
The problem with the way Windows deals with passwords stems from the fact that when they're encrypted (or hashed), a random number (known as 'salt') isn't used. As the CNET article states, "Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory."
You can view the Swiss guy's site and actually test it out for yourself. If you don't have access to a Windows machine or can't find a hashed password (within LANManager) there are previous requests you can see from other people (Hey, "6ee3d7a9ca274823aad3b435b51404eef7eb9c06fafaa23c4bcf22ba6781c1e2" is "dragon"!).
So feel secure in your faith, for OS X is the Way and the Light, and your (pretty much) impregnable shield from the darkness of the world. Now go forth and spread the word of Jobs! |
|
July 23 2003, 9:29 AM EDT, by
|
Comments:
|
Serpico |
7/23/03, 3:44 PM EDT |
It's too bad that society is full of followers and not leaders. They use the same excuse, if everyone else is using it, then I need to, too. Get a brain, mofo.
|
stickman67 |
7/24/03, 1:01 AM EDT |
I have a fair idea now why the OS is called "Windows" -- large, transparent holes that are easily opened ...
|
Jonahan |
7/24/03, 11:02 AM EDT |
Yeah, and people give us crap for using Macs when they don't even know the differences between the OSes. Ignorance is bliss. I guess that's why the default desktop in XP is named "Bliss", huh? ;)
|
stickman67 |
7/24/03, 10:18 PM EDT |
It just occurred to me that it may be no coincidence that it was the Swiss who found this hole. Swiss cheese: full of holes. Windows: so full of holes that it must whistle in a strong breeze.
So what's next on the Swiss agenda? Dubya's head?
|
This article is archived, so you may not comment on it.
(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)
|
|
|
|
Site Links |
|
|
|
Deep Thoughts |
|
To us, it might look like just a rag. But to the brave, embattled men of the fort, it was more than that. It was a flag of surrender. And after that, it was torn up and used for shoe-shine rags, so the men would look nice for the surrender.
|
|
Around Da Web |
|
iProng: |
iPhone steals show at CTIA Wireless 2007
|
DLO offers dual cover fashion case for iPod
|
AT&T received 1M inquiries on iPhone
|
MacDailyNews: |
Ars Technica in-depth review: Apple TV ?impressed all those who touched it?
|
Inside Apple?s Mac OS X 10.5 Leopard Server OS
|
The chips inside Apple TV
|
Think Secret: |
Adobe Creative Suite 3 pricing revealed
|
|
|
We Like: |
|
|
|
Side Projects |
|
Jonahan
- JediPoker.net
- Jonahan.com
- iProng
- MacProng
iKen
Jedbeck
J.P.
|
|