Posts by Adam 1

Re: Password revealed

That's the password on my luggage!

And here I was thinking that casino's were benevolent organisations looking out for the little guy.

Re: So, ....

"Others who purchased a Volkswagen also purchased 'new gear box for ...."

Re: Security bug?

Don't even make jokes about such matters. Someone should report him.

Wait! Who broke brake? I said no breaking changes, not no braking changes! Ah hang on. I think I can see the confusion.

Re: unlocked ? WTF?

They should have expected someone to commented on that.

Re: Label you, label me, label us all together

> quite a few people , when learning to drive, have to have their hands labelled "L" and "R"

I know some who need "R" and "the other R"...

Re: "Dropbox" ".. halfway through moving from the ageing SHA1 technology.."

It's actual difficult to change password algorithms when your user base is casual and you are using a hash because you have no way of determining the hashed password other than brute force, dictionary or rainbow attack, you have to passively wait for the user to authenticate again and force them through the change password roundabout.

Re: That table actually tells us why Turnbull is right

Let me counter your analysis with a simple question.

Do you think that 2 wind farms that are 100Km apart would switch off within 0.05 of a second of each other because they independently judged the wind speed too strong?

Or is it just possible that they both went into a controlled shutdown after some safety system noticed something very bad about the grid they were feeding as indicated in the article?

Re: Get real

SAMSUNG BATTERIES GO KABOOM. Milton cries atrocious.

Re: why paper at all?

No thank you. That would only serve to reduce the transparency of the process. I have no major quarms about a self service kiosk system that lets people fill out their intention and prints out the form to be placed in the box (real toner on real paper that is, not a receipt printer that fades a week later) but there are a number of practical challenges for handling faulty hardware, and ensuring booth attendants can't ballot-stuff.

Re: An even better form of authentication:

I've heard about these mythical "house keys" that allegedly work even if they're flat.

Re: Eliminated the obvious

> Now going for the long shots.

ICBM what you did there.

Re: Bah!

> How do we clean house?

There was this novel approach after the blaster worm hit in 2003.

https://en.m.wikipedia.org/wiki/Welchia

According to the guardian, 3 of the 4 lines feeding Adelaide from the north were taken down from 22 downed towers at 5 different places.

The coal plant they mothballed because of these wind farms is at Port Augusta. Those who down voted you evidently haven't ever looked at a map or think that coal power is magical and can be delivered to the population centres without these transmission lines.

Re: Is it just me

Meanwhile, one of the cattle class features is how if you drop your PED, the only place it can be is in your neighbour's lap. There's simply not enough room for it to fall in between.

Re: Weakening

Collisions are only one part of the overall threat model. An important part, but in this case an irrelevant part because the attack described didn't rely on any collision.

Password attacks (brute force and dictionary) defences rely on making it computationally infeasible to your adversary. That doesn't mean impossible, only that the compute resources required would be better employed (from the adversaries perspective) on other goals.

The main goal of running so many iterations is simply to make each guess more costly whilst still leaving it practical for a modest machine to derive the encryption key from the correct password. The change made here means that each guess is a much lower investment in compute than before. Although sha256 is more expensive than sha1 for a single iteration, it isn't 4 orders of magnitude more expensive (which is what would be needed to maintain the same resilience to brute force or dictionary based attacks).

My guess at what was wrong? The iterations argument/property value wasn't set so it picked the default value.

Would certainly have been cheaper

Re: Yawn

> Many a time I've seen a printer break and someone has had to fix it. In fact on more than one occasion a printer has broken and it has had to be replaced entirely.

I've personally witnessed a few printers displaying the dreaded PC LOAD LETTER error. Even a hard power cycle wouldn't fix that one.

Re: Looks like the beginning of the end

Only a few more disastrous multi billion dollar losses and Microsoft might make them an offer (based on a valuation of their market cap during the dot com boom).

Re: Or maybe it was targeted

Looking at it from a purely economic point of view, the profitability is simply a function of (percentage chance of someone plugging it in times percentage chance of them running a vulnerable system times ransom revenue per infection) minus the cost of the USB sticks. The sort of scum that would do this would have no reason to avoid the 5 finger discount at officeworks/hardly normal so let's assume that is not a big factor.

The low key distribution then minimise the chance of detection as it is much less likely to hit the major mastheads or TV news.

Combined with some phishing, this is indeed a powerful attack vector. I mean, it isn't too hard to find some large company (eg Telstra), fake an envelope with their logo, a short cover letter advertising some new foxtel streaming tie in and say there is some previews on the stick. Then a cheeky final line saying that even if you don't wish to subscribe, we hope you enjoy this 4GB USB stick.

A few logo stickers on the USB stick and even a few of us commentards may have been fooled. Some delayed execution of the malware would make detection very difficult indeed.

Re: Dense energy storage can be dangerous...

> e.g alcohol) , a spark in the vicinity of the liquid is enough to trigger a chain reaction

Contrary to pretty much any action thriller you have ever seen, it is rather difficult to get an explosion from petrol. Hint: firing a few rounds into the fuel tank will make a bit of a mess, but if it catches fire you can probably blame the exhaust

A spark within proximity of a hydrocarbon is not setting the liquid on fire but the evaporated gas (which in turn may produce enough heat to encourage the puddle of fuel to turn into an inferno, but that is secondary to the spark.

In the meantime, forget the spark. Please don't let lithium come into contact with air. Or water. It is really happy to see the back of that electron.