Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

    • Archives

    • Recent comments

    Archive for the 'Misc' Category

    Megahack of Stratfor

    9th January 2012

    If you haven’t heard yet – stratfor.com was hacked in December 2011, leaking full information about 75k credit cards (including owner’s addresses and CVV codes) and 860k (right, almost a million) user accounts. All Stratfor email archives were also reportedly stolen (around 160-200 GB of data), but those were not made publicly available on the internet – unlike the credit cards and user accounts information, which is still relatively easy to find and download.

    I do not really recollect anything that large. Well, not counting dropbox’s 4-hour window of “any password fits all accounts”, but that was different.

    Here are some of the news items about this seriously large hacking incident:

    Here come more technical reports:

    TheTechGerald’s analysis linked to above got my attention. Unfortunately, a while ago I’ve subscribed to stratfor’s “free intelligence mailing list”, and was wondering if my account information is now publicly available. I was the most worried about the password I’ve used to subscribe, because of the risk of using the same password somewhere else.

    Unlike TheTechGerald, I haven’t used any dictionaries – just the default configuration of a well-known tool for finding weak passwords. Within a single hour, ~100k passwords were decrypted (~12% of all). Till the end of the day, ~50k more passwords were decrypted (totalling 17.4% of 860k). At this point my password was still safe, and I’ve found a way to verify that it is not used anywhere else, so I’ve aborted further decryption.

    There are a few simple conclusions:

    • anybody who had a stratfor account must verify that he/she isn’t using that password anywhere else, because if 1 PC can get 17% of all the passwords in less than a day, it is only a matter of short time until all the leaked passwords will be decrypted and made publicly available in various “md5 decryption databases”
    • system owners should run periodic screenings for weak passwords (and implement policies to prevent creating obviously weak passwords from the very beginning)
    • md5 is very fast to decrypt/bruteforce – a much slower hashing function wouldn’t hurt; also, using a more complex hashing approach, maybe even with a closed-source shared library, could help
    • single-factor authentication (password-based) is likely to get replaced with 2-factor authentication in the nearest future
    • one may enjoy increased personal data safety by using throw-away passwords in conjunction with antispam mailboxes like spam.la and mailinator.com (at least 1600 users – 0.186% – did use these services).

    Read the rest of this entry »

    Share

    Posted in Links, Misc, Security, Software, Web | No Comments »

    Carol of the Bells is a thousand years old Ukrainian song

    24th December 2011

    Arranged by the Ukrainian composer Mykola Leontovych between 1901 and 1919, and performed in 1921 at Carnegie Hall, Shchedryk (with a completely different text and now titled Carol of the bells) rapidly became popular in the US.

    The original Ukrainian text tells the tale of a swallow flying into a household to proclaim the plentiful and bountiful year that the family will have. The title shchedryk is derived from the Ukrainian word for “bountiful”. This follows a tradition of praising the hosts of festivities in the songs during those festivities, or when coming to get sweets, small money bills or presents in exchange for nice singing by a group of children.

    English text was written separately, and is copyrighted.

    All the derived music uses the original’s four-note pattern by Mykola Leontovych. Folk song/chant was the basis for Leontovych’s work on this piece. I believe the original song had a similar musical (vocal) pattern, and that “ostinato” figure of music was already present in the song, so Leontovych’s work was probably to smooth out any uneven moments, and formalize the music in notes. Citing wikipedia article, “ostinato motif, a repeated four-note pattern within the range of a minor third is thought to be of prehistoric origins”.

    Share

    Posted in Misc, Ukraine | No Comments »

    HandBrake profile for Nokia E71 default player

    13th August 2011

    Inspired by video encoding with handbrake.

    HandBrake is a very high-quality piece of software – next time you need recoding something into H.264/MPEG-4 (using MKV or MP4 containers) – try HandBrake. It easily saturated all my CPU cores – which I failed to achieve with ffmpeg, which even with threads=8 was only saturating 2 cores.

    Attached to this post are 2 profiles for recoding movies for Nokia E71. The “_best” profile has exhaustive motion detection, otherwise is identical to the base profile.
    E71.plist
    E71_best.plist

    Related:

    Share

    Posted in Links, Misc, Movies, Notepad | No Comments »

    Debunking the widespread myth of 2^32=4GB being the architectural limit

    10th April 2011

    Quite a number of people are aware of the PAE which can extend the addressable space from 32bit up to 36-48-52bit (depending on the implementation; as I understand, Windows PAE extends to 36 bits, or 64GB of addressable space). However, overwhelming numbers of internet pages continue insisting that a not-more-than-4GB limit for the 32bit Windows is the consequence of 2^32 = 4GB architectural limit.

    There is an excellent, in-depth, well-argumented article by Geoff Chappell on the issue. Highly recommended in its entirety to those who want a complete understanding (additional side-reading and facts verification might be necessary).

    A single citation to get you started:

    There is already on the Internet and elsewhere an awful lot of rubbish to read about this question. Hardly any of it would be worth citing even if I didn’t want to spare the authors the embarrassment. A surprising number of people who claim some sort of attention as expert commentators would have you believe that using more than 4GB of memory is mathematically impossible for any 32-bit operating system because 2 to the power of 32 is 4G and a 32-bit register can’t form an address above 4GB. If nothing else, these experts don’t know enough history: 2 to the 16 is only 64K and yet the wealth of Microsoft is founded on a 16-bit operating system that from its very first version was designed to use 640KB of RAM plus other memory in a physical address space of 1MB. Some remember this history and add seemingly plausible qualifications that exceeding 4GB is possible only at the price of nasty hacks that require everyone—well, all programmers—to jump through hoops. Fortunately, Intel’s processors are a lot more advanced than the 8086 from all those years ago.

    P.S. Unfortunately, patching the kernel won’t help make Windows XP see more than 4GB RAM: even though the kernel itself does support more RAM (with PAE), starting with SP2 the HAL was modified in a way prohibiting access to any RAM beyond 4GB. Patching may only be suggested to devoted geeks with Vista’s and 7′s.

    Share

    Posted in Hardware, Links, Misc, Software | No Comments »

    How to fix: Nokia Ovi Suite could not connect to the Nokia account server

    10th March 2011

    I’ve been getting this message for a long while, when trying to log into Ovi from within my Ovi Suite:

    Nokia Ovi Suite could not connect to the Nokia account server. Make sure the internet connection is working properly and try again.

    However, both my internet connection, and logging into ovi.com using a browser work fine. Even looking for updates from within Ovi Suite works fine!

    Here’s the solution (tested on Nokia Ovi Suite 3.0.0.290):
    Read the rest of this entry »

    Share

    Posted in how-to, Misc | 21 Comments »

    MongoDB is web-scale

    25th January 2011

    Disclaimer: don’t take this video seriously.

    Share

    Posted in Links, Misc | 2 Comments »

    Microsoft’s perspective on OpenOffice.org

    26th December 2010

    On the 24th of September 2010 Microsoft posted a video showcase titled “A few perspectives on OpenOffice.org”. Here’s the page with the video: http://www.microsoft.com/showcase/en/US/details/faaf9eb8-77c6-4bed-bc08-c069a7bfbb04. It asks to install silverlight, and if you don’t want that – look for the Watch as WMV direct videostream link.

    Just a single quote from Glyn Moody, Computerworld UK:

    The criticisms made in the video are not really the point – they are mostly about OpenOffice.org not being a 100% clone of Microsoft Office, and compatibility problems with Microsoft’s proprietary formats. The key issue is the exactly the same as it was for the Mindcraft benchmarks. You don’t compare a rival’s product with your own if it is not comparable. And you don’t make this kind of attack video unless you are really, really worried about the growing success of a competitor.

    See also what Savio Rodriguez (Infoworld) has to say about that video.

    Share

    Posted in Misc, Software | No Comments »