
	October 7th - Hey, happy pantsday.

	Search
All stories

Classic 2 Guys

10 Random Stories:

The Open Source Way versus the Microsoft Way

Headhunting Apple Execs

APPL and Apple - Some Thanksgiving Thoughts

Breaking News - Disaster Strikes!!!

2 Guys Podcast - 2/28/05

Super-Inclined Article for Making Laugh

Tip for adding links in html to the iTMS

Windows Security Breach Du Jour

Put The Knife Down and Step Away From The Mac

3-2-1 Lawsuit!

	Comments
• yum hot guys - core • You guys are the pants! - PHP WannaBe • Maybe they don't like you - so they sent you defective product. Have yo... - DJLC • A friend of mine had this product, and the antenna portion quickly came... - Cubist • And the other rule of not commenting on your own article! ... - Jonahan

	Account
Not logged in. Username: Password: Save password Not registered?

ANOTHER Windows Exploit! Woohoo!!!

I don't know about you, but we here at 2 Guy's relish it when we hear something really bad about Windows, like a security vulnerability or data-eating virus. Those kinds of things just make you feel all warm and fuzzy inside, not unlike doing a shot of Stoli. Well, maybe it IS partially the Stoli, but lately we haven't HAD to drink Stoli to get that feeling.

Last week, some Polish hackers (does that make anyone else giggle?) found a critical exploit for all versions of Windows except for ME (who said Windows ME was the bastard child of the Window's family?). Microsoft quickly issued patches, and said hurriedly that everyone should go out and install them, but this just underscores Microsoft's lack of security - even though that was supposed to be their new top focus this year.

Now granted, OS X has security flaws as well, like the recent Screensaver password bug, where if you had a password on your Screensaver, you could hold down a key for 5 minutes, then hit enter. The Screensaver would then crash, allowing you to access the desktop. I don't know of any hackers who would have the endurance to hold a key down for 5 minutes though, so I think we were pretty safe, but in any case, Apple issued a security update within days. But the point is that Apple's security holes are smaller, fewer, and have the potential for less damage in most cases.

That said, this week's feel-good Windows vulnerability has all the makings of a hit. Basically, any Windows password can be cracked if it consists of letters or numbers. You read that right - let me explain.

CNET News.com reported on a Swiss researcher (what's with these northern Europeans, do they have nothing better to do than hack Windows!?) who was recently able to reduce the time to decrypt alphanumeric Windows passwords from 1 minute 41 seconds to an average of 13.6 seconds.

The problem with the way Windows deals with passwords stems from the fact that when they're encrypted (or hashed), a random number (known as 'salt') isn't used. As the CNET article states, "Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory."

You can view the Swiss guy's site and actually test it out for yourself. If you don't have access to a Windows machine or can't find a hashed password (within LANManager) there are previous requests you can see from other people (Hey, "6ee3d7a9ca274823aad3b435b51404eef7eb9c06fafaa23c4bcf22ba6781c1e2" is "dragon"!).

So feel secure in your faith, for OS X is the Way and the Light, and your (pretty much) impregnable shield from the darkness of the world. Now go forth and spread the word of Jobs!

July 23 2003, 9:29 AM EDT, by

Comments:

Serpico

7/23/03, 3:44 PM EDT

It's too bad that society is full of followers and not leaders. They use the same excuse, if everyone else is using it, then I need to, too. Get a brain, mofo.

stickman67	7/24/03, 1:01 AM EDT
I have a fair idea now why the OS is called "Windows" -- large, transparent holes that are easily opened ...

Jonahan	7/24/03, 11:02 AM EDT
Yeah, and people give us crap for using Macs when they don't even know the differences between the OSes. Ignorance is bliss. I guess that's why the default desktop in XP is named "Bliss", huh? ;)

stickman67	7/24/03, 10:18 PM EDT
It just occurred to me that it may be no coincidence that it was the Swiss who found this hole. Swiss cheese: full of holes. Windows: so full of holes that it must whistle in a strong breeze. So what's next on the Swiss agenda? Dubya's head?

This article is archived, so you may not comment on it.

(The good news is there's always the shoutbox, the forums or the contact form if you're socially-inclined at the moment!)

	Site Links
3rd Gen. iPod HD Replacement 5th Gen. iPod Hard Drive Replacement

	Deep Thoughts
To us, it might look like just a rag. But to the brave, embattled men of the fort, it was more than that. It was a flag of surrender. And after that, it was torn up and used for shoe-shine rags, so the men would look nice for the surrender. Submit a Deep Thought

Around Da Web

iProng:

iPhone steals show at CTIA Wireless 2007

DLO offers dual cover fashion case for iPod

AT&T received 1M inquiries on iPhone

MacDailyNews:

Ars Technica in-depth review: Apple TV ?impressed all those who touched it?

Inside Apple?s Mac OS X 10.5 Leopard Server OS

The chips inside Apple TV

Think Secret:

Adobe Creative Suite 3 pricing revealed

	Olde Stuff
2 Guys Podcast Feed Greatest American Hero iAir Scary Ballmer Space Game

We Like:

• 2 Guys
• Apple.com

Side Projects

Jonahan

JediPoker.net
Jonahan.com
iProng
MacProng

iKen

MacIdiot

Jedbeck

Jedbeck.com

J.P.

Baby Ashley Project