Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    • Archives

    • Recent comments

    Archive for the 'Links' Category

    Interesting and relevant links I found.

    Megahack of Stratfor

    9th January 2012

    If you haven’t heard yet – stratfor.com was hacked in December 2011, leaking full information about 75k credit cards (including owner’s addresses and CVV codes) and 860k (right, almost a million) user accounts. All Stratfor email archives were also reportedly stolen (around 160-200 GB of data), but those were not made publicly available on the internet – unlike the credit cards and user accounts information, which is still relatively easy to find and download.

    I do not really recollect anything that large. Well, not counting dropbox’s 4-hour window of “any password fits all accounts”, but that was different.

    Here are some of the news items about this seriously large hacking incident:

    Here come more technical reports:

    TheTechGerald’s analysis linked to above got my attention. Unfortunately, a while ago I’ve subscribed to stratfor’s “free intelligence mailing list”, and was wondering if my account information is now publicly available. I was the most worried about the password I’ve used to subscribe, because of the risk of using the same password somewhere else.

    Unlike TheTechGerald, I haven’t used any dictionaries – just the default configuration of a well-known tool for finding weak passwords. Within a single hour, ~100k passwords were decrypted (~12% of all). Till the end of the day, ~50k more passwords were decrypted (totalling 17.4% of 860k). At this point my password was still safe, and I’ve found a way to verify that it is not used anywhere else, so I’ve aborted further decryption.

    There are a few simple conclusions:

    • anybody who had a stratfor account must verify that he/she isn’t using that password anywhere else, because if 1 PC can get 17% of all the passwords in less than a day, it is only a matter of short time until all the leaked passwords will be decrypted and made publicly available in various “md5 decryption databases”
    • system owners should run periodic screenings for weak passwords (and implement policies to prevent creating obviously weak passwords from the very beginning)
    • md5 is very fast to decrypt/bruteforce – a much slower hashing function wouldn’t hurt; also, using a more complex hashing approach, maybe even with a closed-source shared library, could help
    • single-factor authentication (password-based) is likely to get replaced with 2-factor authentication in the nearest future
    • one may enjoy increased personal data safety by using throw-away passwords in conjunction with antispam mailboxes like spam.la and mailinator.com (at least 1600 users – 0.186% – did use these services).

    Read the rest of this entry »

    Share

    Posted in Links, Misc, Security, Software, Web | No Comments »

    Good advice: /bin/false is not security

    1st October 2011

    SSH Security and You – /bin/false is *not* security.

    Share

    Posted in *nix, Links, Security | No Comments »

    Phusion Passenger Apache users guide

    14th August 2011

    Phusion Passenger Apache users guide

    Also as a PDF.

    Share

    Posted in Links, Notepad, Software | No Comments »

    HandBrake profile for Nokia E71 default player

    13th August 2011

    Inspired by video encoding with handbrake.

    HandBrake is a very high-quality piece of software – next time you need recoding something into H.264/MPEG-4 (using MKV or MP4 containers) – try HandBrake. It easily saturated all my CPU cores – which I failed to achieve with ffmpeg, which even with threads=8 was only saturating 2 cores.

    Attached to this post are 2 profiles for recoding movies for Nokia E71. The “_best” profile has exhaustive motion detection, otherwise is identical to the base profile.
    E71.plist
    E71_best.plist

    Related:

    Share

    Posted in Links, Misc, Movies, Notepad | No Comments »

    Using Python in a Java project

    17th May 2011

    If you are a Python zealot, and Java doesn’t feel right, but the project you are working on is a Java project – try

    • Jython – Python for the Java platform, compile your python scripts into Java bytecode
    • Groovy – not Python, but still a scripting language which compiles to jars
    Share

    Posted in Links, Movies, Programming, Python | No Comments »

    Academia or life?

    16th April 2011

    Worth reading: Goodbye academia, I get a life.

    Share

    Posted in Links, Science | No Comments »

    Fonts for programming

    13th April 2011

    My personal favourite for the last 2-3 years had been DejaVu Sans Mono.

    Check this list of 10 programming fonts – you may find your love there.

    Share

    Posted in Links | 1 Comment »