When setting up accounts on the web, some providers (including financial institutions) will unfortunately limit the length of the password you choose to less than eight characters, although in some instances they provide additional security measures that compensate for this to some de­gree. In general, though, eight characters are typically recommended as the bare minimum. Most Internet systems will not only allow passwords of eight or more characters, they will require them along with enforcing complexity. In some instances, you can choose a password that is up to 255 characters in length! (That might be a little hard to remember, though.)

Another important consideration in selecting a password is not to base it on words (including proper nouns and names) that are likely to appear in the many password cracking “dictionaries” that are available. These dictionaries often include not only most common English words (as well as from other languages) but references from popular culture, sports, entertainment and other sources. They will also test for simple character substitutions. So, for example, if you choose “EricCartman” as your password, it’s a good bet to be quickly cracked even if it is more than eight characters long. And, changing it to “3r1cC4rtm4n” won’t make it much stronger.

Some modern computer operating systems (including Windows XP/Vista) offer the opportu­nity to use “passphrases” for access to user accounts. These are pretty much the same things as passwords, except they can be much longer and can include spaces, punctuation and other char­acters that many systems do not permit in passwords. A passphrase stretching to twenty charac­ters or more is exponentially more difficult to crack than an eight-character password, even if the passphrase does not feature complexity. “Oh my God, they killed Kenny!”, in this case, would be a much more secure way to access your account than “3r1cC4rtm4n”. While it takes a few more seconds to type in a passphrase, the greatly enhanced security makes for a pretty good tradeoff, especially when you consider that passphrases tend to be more easily remembered than complex passwords.

Of course, even the strongest password or passphrase is useless if you give it away or make it easy for someone to guess or find out what it is. The more people who know you’re a South Park fan, the more likely it is that one of them may guess one of the examples above as your password/passphrase (and in fact, don’t use these - they’re just examples). Try to avoid writing passwords and passphrases down if possible, and if you do, don’t post or display them where snoops can see them or are likely to look (like on the underside of your keyboard). It is true that we are all acquiring more and more usernames and passwords to keep track of, and remember­ing them all is simply not an option anymore. Password “vault” programs are available that allow you to record them (and other sensitive bits of information) in a master encrypted file that you can protect with a single strong password for opening and retrieval. These programs are commercially available at minimal expense, and Macintosh OS X comes with such a program (“Keychain”) as part of the operating system.

"Depending upon how it is configured, Bluetooth technology can be fairly secure," the advisory said. "Unfortunately, many Bluetooth devices rely on short numeric PIN numbers instead of more secure passwords or passphrases."

Basically, any device that can "discover" another Bluetooth device can send unsolicited messages or do things that could lead to extra fees, data being compromised or corrupted, data stolen in an attack called "bluesnarfing," or the device being infected with a virus, the advisory said.

To protect against these risks, Bluetooth owners should disable the technology when it is not being used, disable unnecessary features, and switch it to "hidden" mode, CERT said. Using "hidden" mode won't prevent me from using my headset with my phone because once the two devices have located each other, or paired, they will continue to be able to recognize each other thereafter.

Bluetooth users should also be careful where they are using the technology. For instance, using it in a public wireless "hotspot" poses a greater risk that someone else can intercept the connection than using it in your home or car, according to the advisory.

Now all I have to do is get something to protect me from the Bluetooth device's electromagnetic frequencies (EMFs), which may or may not pose health risks.

Read more: Pairing your cell with Bluetooth? Buyer beware

En él, nos cuentan que un estudio realizado por la gente de Pc Magazine ha encontrado el listado de las 10 contraseñas más utilizadas:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

Resulta interesante complementar la idea que escribí en aquel otro post sobre los password: si la contraseña es importante, ¡no uses contraseñas estúpidas!

La idea parece tan simple que asusta encontrarse tan seguido con gente que utiliza este tipo de llaves para acceder a sus cuentas de correo, sus ordenadores, etc.

En el caso de "password" o "123456" resulta evidente que, además de que la gente no se mata mucho en sus contraseñas, en muchos casos estas contraseñas vienen por defecto y no es muy común que la gente se tome el trabajo de modificar el mismo (además de que muchos administradores de sistemas no les interesa forzar a sus usuarios a modificarla).

Me causan gracia algunas en particular. La de "qwerty" es genial, ¡no entiendo como no está "asfd"!

También son las más llamativas "monkey" (mono) y "link182", no parecen cosas tan comúnes o simples como el resto del listado.

Por último, les dejo una recomendación casi "igual" a la que dejan en Bocabit en el post original:

Una contraseña debería tener siempre más de 8 letras, acompañadas de algún número y al menos un caracter especia (léase *, #, > o el que sea) y alternar entre letras mayúsculas y minúsculas.

Esto parece complicado, la gente cuando damos esta recomendación piensa en que tendría que elegir una contraseña del tipo jiW-*5pP78N>#, pero no es así. Supongamos que me llamo Roberto, podría utilizar esta contraseña: #rob3RTo# y ya estamos hablando de algo más seguro de lo que son las diez contraseñas citadas anteriormente.

Vamos, anímense y pongan una contraseña segura, vale la pena. Eso sí, por favor, no hagan como mi hermano que la cambió por una tan difícil ¡que al otro día no se la acordaba!

Bonus

Les dejo un chiste relacionado al tema, y los peligros de elegir password muy simples.

Traduzco porque después se me enojan algunos lectores por poner cosas en Inglés. El asunto del chiste es algo así como "por qué prestar atención al elegir un password" y el diálogo dice así:

- ¿Cuál es el password secreto?

- No sabemos

- Correcto, pasen...

Usernames and passwords are required most of the time for securing access. Best practice tells us to choose different passwords between accounts. It is also difficult for a human being to remember every single usersname/password that we have. One solution is to manage them with a secure database.

The software I recently found is a command line interface (CLI) software. It is compatible with the Password Safe initiated by Bruce Schneier (it is now developed by a group of volunteers). Here is feature of pwsafe.

Pure command-line operation if desired (good for remote access over ssh)

or can interact with X11 selection & clipboard.

Portable, endianess-clean, misaligned-access-free C++. Compiles cleanly on linux, *bsd, macos x, solaris.

Compatible with CounterPane's PasswordSafe Win32 program versions 2.x and 1.x.

Is it secure? Nothing is 100% secure but I personally think that it is better than writing your password down on a piece of paper or using the same username and password for all of your account.

NOTE: You will notice that I did not explain how to use pwsafe. It will always be like that because I believed that applications come most of the time with good documentations, so there is no point to copy-paste the manual in here. Actually, I love the acronym RTFM.

UPDATE: There is a good article published on CNET about passwords.

• Internet Explorer 6.0 e precedenti
• Internet Explorer 7.0
• Outlook Express ed edizione a pagamento
• MSN Messenger (si, finalmente qualcuno e riuscito a decryptare quelle maledette chiavi di registro, altro che kinglion che le esportava e basta XD)
• MSN Live Messenger (vabbe robba vecchia, codice preso dal mio Windows Live Explorer)
• Mozilla Firefox dalla 1 alla 3 (porcaccia la miseria questo e stato tosto, ho dovuto usare le loro dll :S) .

Spero di riuscire a supportare anche Mozilla Thunderbird al + presto dato che "dovrebbe" utilizzare lo stesso meccanismo di firefox ... si vedra ^^ .

Eccovi l'archivio contenente i sorgenti (una solution di Visual Studio 2005, facilmente convertibile per DevC++) e l'eseguibile (spulciatevi le cartelle ) .

http://www.evilsocket.net/?action=nopaste&do=view&key=2465593 ]]> http://zwarden.wordpress.com/?p=44 Thu, 24 Jul 2008 17:57:34 +0000 zwarden http://zwarden.wordpress.com/?p=44 I don't know that I can keep writing on this blog site.

My passwords keep malfunctioning and, frankly, it takes too much out of me to keep requesting new ones and then resetting.

We shall see.

I can be found at the_swarden@hotmail.com

Thank you for reading.

Scott

Mendengar kata “password” semua orang akan setuju kalau hal tersebut berhubungan dengan sesuatu yang rahasia, penting dan tentunya tidak seorangpun boleh mengetahuinya. Mengamankan data penting dengan password merupakan cara yang efektip untuk menghindari dari tangan-tangan jahat yang tidak berkepentingan. Banyak orang berpikir bahwa data yang telah diberi password itu aman, tentu saja itu tidak 100% benar. Cukup mudah bagi seorang hacker untuk menjebol password, karena hacker selalu memiliki cara untuk melakukannya. Namun demikian, kita tidak bisa serta merta menyalahkan hacker, toh tidak semua hacker itu jahat, banyak juga yang baik.

Terlepas dari itu semua, justru kecerobohan biasa terjadi pada si pengguna password tersebut. Banyak yang membuat password dengan menggunakan profil pribadinya, misalnya saja nama istri, tanggal kelahiran, nama binatang kesayangan atau suatu kegemaran tertentu. Alih-alih supaya mudah di ingat justru malah menjadi ‘bumerang’ bagi dirinya.

Ada beberapa metode yang biasa digunakan untuk menjebol password :

Cara Teknis
Dengan cara teknis, berarti kita menggunakan software untuk membongkar atau menjebol password. Misalnya saja untuk file open dokumen pada Ms.word yang tidak bisa dibuka karena harus diinputkan password, Anda bisa menggunakan software seperti Word Password Recovery yang bisa diunduh di internet.

Metode teknis yang biasa digunakan antara lain :

Brute-Force
Brute Force adalah metode pencarian password dengan mencoba segala kemungkinan yang ada. Ada juga cara lain yang biasanya juga dilakukan oleh software ini yaitu metode dictionary. Setiap kata dalam dictionary (kamus) yang tersimpan akan dicocokan dengan passwordnya. Jika cocok dengan passwordnya, maka itulah passwordnya.

Metode brute-force mencoba segala karakter yang ada. Misalnya, dengan mencoba segala kemungkinan dari AAAAA sampai ZZZZZZ atau 1,2,3,4,5,6,7,8,9 bisa juga dengan simbol @#!^$&*()_”:?><+= ]{ maka akan ditemukan password yang diinginkan.

Keylogging
Keylogging adalah sebuah metode untuk mengumpulkan, mencatat dan mengoleksi apa saja yang ditekan di keyboard oleh user (target, korban). Perangkat untuk melakukan keylogging ini dinamakan keylogger. Keylogger ada yang berupa software dan ada juga yang berupa hardware. Keylogger yang berupa software berarti kita memasang tool keylogger pada komputer korban, kemudian software itu akan mencatat tombol apa saja yang ditekannya. Tool yang biasa digunakan adalah 007 keylogger.

Kemudian kalau Keylogger hardware biasanya berupa perangkat keras (konektor) antara Keyboard dan komputer. Keyboard akan dihubungkan dulu ke Keylogger lalu baru ke komputer. Dengan begitu, Anda akan mengetahui tombol apa saja yang ditekan oleh si korban dan tentu saja, kita bisa mengetahui password yang diketikkan Tapi pengecualiannya, apabila si korban melakukan copy paste untuk passwordnya, ini tentunya lain cerita.

Network Sniffing
Network Sniffing adalah metode untuk mengetahui password dengan memantau lalu lintas paket yang keluar masuk pada sebuah LAN. Dengan demikian, apabila ada user yang menginputkan password pada sebuah website maka akan tercatat oleh tool pemantau tersebut. Misalnya, password di Friendster atau Yahoo mail. Tool yang bisa Anda gunakan contohnya Wireshark, Ace password sniffer, Cain and abel dan Brutus.

Non Teknis
Cara non teknis berarti tidak berhubungan langsung dengan perangkat komputer atau tool tertentu. Cara non teknis sebenarnya lebih ke arah pendekatan (social enginerring). Misalnya saja dengan mengobrol? Namun jangan secara tidak langsung. Misalnya, tanyakan korban tentang sistem operasi yang digunakan, nama istrinya, nama anaknya, tanggal lahirnya, binatang kesayangan, makanan kesukaan, tempat favorit atau apa pun yang berkaitan dengan si korban yang sifatnya statis (tidak berubah-ubah). Setelah mendapatkan semuanya itu, maka Anda bisa mencoba menebak pasword sebagaimana keterangan yang telah Anda dapatkan dari si korban.

Bagaimana Membuat Password yang Aman ?

Satu hal yang perlu Anda ketahui, jangan pernah percaya bahwa data yang diamankan dengan password itu aman. Dewasa ini, banyak orang yang tidak bertanggung jawab atau tidak bermoral memanfaatkan dan menggunakan segala cara untuk bisa mengakses atau menjebol password. Para hacker jahat biasanya mencari security hole atau lubang keamanan supaya bisa dengan mudah mengakses data yang mereka inginkan. Tanya kenapa !?.

Password memang sesuatu yang perlu dijaga kerahasiaannya, bagaimana sebenarnya agar bisa membuat password yang tidak mudah ditebak dan aman, berikut langkah-langkahnya :

Buatlah password yang tidak berhubungan dengan diri Anda, istri, anak, tanggal kelahiran, warna kesukaan, makanaan kesukaan bahkan binatang kesayanga Anda. Karena semua hal yang berhubungan atau mendekati apa yang Anda sukai pasti akan dicoba oleh orang yang hendak mengakses data Anda, cara seperti ini merupakan metode Social Enginnering. . Tapi kalau Anda membuat password ‘gado-gado’ dijamin akan sulit untuk ditebak. Misalnya saja gabungan hurup besar kecil, simbol, perpaduan hurup dan angka dengan karakter yang panjang.

Untuk password, buatlah karakter panjang, misalnya saja 20 karakter(untuk program recovery password yang trial akan susah untuk melacakanya). Kecuali kalau Anda berhasil mengcrak program tersebut.

Gunakan simbol-simbol tertentu diluar angka dan hurup, misalnya saja penggabungan #$@!()&^TG!@. Karakter-karakter tersebut biasanya sulit untuk ditebak.
Gunakan software generate password, maksudnya untuk merandom password atau mengenkripsi password.
Jangan gunakan password yang ada dalam dictionary (kamus).

Jangan menyimpan password pada secarik kertas, karena bisa saja setelah Anda ingat passwordnya Anda membuang kertas. Teknik seperti ini ada juga yang memanfaatknya, yaitu dengan mengorek sampah untuk mencari informasi yang bermanfaat(nggak jijik apa??).

Hati-hati kalau Anda berinternet di kantor atau di lab karena bisa saja seorang hacker sedang beraksi untuk mencuri password, biasanya mereka menggunakan teknik network sniffing untuk memantau lalulintas data yang kelur masuk dalam jaringan, termasuk account dan password.
Perhatikan juga sambungan keyboard pada komputer Anda, karena bisa saja ada orang yang memasang sambungan(keylogger pada keyboard).

Gunakan sistem copy paste untuk menginput password, hal ini bisa menghindari hacking dengan keylogging.
Untuk mengecek keamanan password Anda, silahkan kunjungi alamat berikut :
http://www.microsoft.com/protect/yourself/password/checker.mspx atau http://www.securitystats.com/tools/password.php

Sebenarnya cara-cara diatas tidak menjamin 100% aman, karena bagaimanapun sebuah sistem dibuat dengan sempurna dan hebat tetapi kalau individu tersebut tidak menjalankan atau melalaikan hal-hal di sekelilinya, ya percuma saja. Pada intinya, ada keseimbangan antara sistem dan individu manusianya itu(betul??).

Namun, terkadang password bisa juga menjadi “bumerang” bagi yang membuatnya tatkala Anda lupa mengingat password yang sudah dibuat. Kalau data itu tidak terlalu penting mungkin tidak masalah buat Anda, tapi kalau data tersebut adalah data perusahaan atau Bank, bisa gawat urusannya kan?. Disinilah sebenarnya peranan password recovery bisa bermanfaat untuk hal-hal yang baik. Karena password recovery berguna untuk membongkar atau menjebol password yang hilang.

salam PEACE and LOVE

This article is based on a IBM ThinkPad T42. There are no guarantees and you might end up destroying your TP. So continue at your own risk. Other models this ought to work with are:

• 240, 240x
• 390E, 390x
• 570, 570E
  600e, 600X
• 770Z
  A20m, A21e, A21m, a22m, A30p, A31, A31p
• G40, G41
• R30, R31, R32, R40, R50, R51
• Transnote, T20, T21, T22, T30, T40, T40p, T41, T42, T42p
• X20, X21, X22, X23, X24, X30, X31, X40, X41

The supervisor (SVP) password is stored in a chip called ATMEL 24RF08.It can not be reset by disconnecting the BIOS battery or shorting any jumper. It has to be read in order to deciffer the password. For this we need some kind of hardware so read on…

Soldering the ATMEL 24RF08 Chip reader

To read this chip we need to interface with it using a secondary computer and some simple electronics. You will need to purchase this:

• 2 x 2200 Ohm Resistors
• 2 x C5V1 Zener diodes (For example BZX55/C5V1 )
• Serial Port 9 pin Female

The serial port can be salvaged from any old PS2 type mouse. The zeners and resistors can be found in scrap electronics, but they are rather cheap so i would not bother. Solder them according to the image below. Leave the wires leading to SDA , SCL and GND. These will be connected to the TP later.

Here is a simplified schematic for those unfamilliar with the above symbols:

Locating the ATMEL chip

Usually the ATMEL chip is located somewhere below the touchpad. Start off by remving the keyboard and mousepad. This is done by unscrewing a couple of screws located under the TP. It is quite clearly illustrated on the bottom side of your ThinkPad.

Pull the TP keyboard up and let it rest against the screen. Pry off the touchpad part and fold it over where the keyboard used to be. Remove the WiFi card.

Under it all you should find a chip with something like this printed:

ATMEL

24RFC8

0446

Heres a closeup of the Atmel chip. Click to enlarge.

You can see the Atmel right under were the Wifi card used to sit:

Soldering the ThinkPad

Now this is the tricky part. You will have to solder 3 wires to the motherboard of your TP. Two wires to the ATMEL chip and one to ground. The ground is a piece of cake, just solder it anywhere you can find ground. The mounting screw holes on the motherboard is a good place. Solder 3 wires according to the image below:

 As you can see, the SCL and SDA are located right next to eachother. It can be difficult to hold them in place while soldering. I have used some tape to hold them in place. The tape can be left there to minimze the risk of pulling off the soldered wires during the next steps.

Leave these wires unconnected and make them ready by peeling off the insulation. These will be connected to the reader ciruit later on. Make sure they can not reach ground or short circuit in any way.

Preparing the spare PC

You have made the hardware to read the chip, so now you need to supply the software. There is this great sofware made by http://www.allservice.ro/ that can be found here:

http://home.ripway.com/2005-7/365678/index.htm - Select R24RF08 v2.0b - Reader for ATMEL 24RF08 (Freeware)

While you are at it, download the Supervisor Password decoder IBM Pass 2.0 Lite found here:

http://home.ripway.com/2005-7/365678/index.htm

Also great software made available by http://www.allservice.ro/ .

Note:

Softpedix wrote that the download mirror has limited bandwidth. If you can’t download with the above, try these:
http://www.allservice.ro/forum/viewtopic.php?t=61 – Programmer
http://www.allservice.ro/forum/viewtopic.php?t=56 – IBMpass Lite

Install the software.

Connect the ATMEL chip reader to the spare PC.

Fire up a command promt(Start->run type cmd) and navigate to the folder where you installed R24RF08 v2.0b. Type in (don’t hit Enter):

r24rf08 dump.bin

Dumping the password 

1. Turn on your ThinkPad with all the wiring you just soldered.
2. Press F1 during the startup to enter the BIOS.
3. Wait untill all activity stops, blinking HDD leds and such.
4. Connect the ATMEL Chip reader. GND first then the SDA and SCL.
5. Now go to your spare PC and Hit enter on the command prompt.

Now there should be a file created in the same folder with the name dump.bin. Disconnect all the wiring off your TP and assemble it back together.

Decoding the Supervisor Password

On your Spare PC start the program IBM Pass 2.0 Lite. Load the file you just created (dump.bin). Navigate with the scroll list to the memory address of 0×330. Tada! It should look something like this:

The man held in jail accused of launching a cyber coup against San Francisco gave up the passcode to the city's computer system during a secret prison visit by mayor Gavin Newsom.

Terry Childs, a 43-year-old computer technician with the city, had allegedly blocked access to a new computer system. He was arrested at the weekend and held on $5m bail.

But following a press conference at which Newsom said Childs was "very good at what he did" but had become a "bit maniacal", the technician's lawyer contacted the mayor's office to arrange a meeting.

Without the knowledge of police or his own city attorneys office, which is prosecuting Childs, Newsom visited the technician and the password was divulged.

A spokesman for the mayor said that he, "figured it was worth a shot, because although Childs is not a Boy Scout, he's not Al Capone either".

Probably not any loonier than the average network administrator, either.

The new item is a music t-shirt for everyone

 There are loads of T-Shirts you can buy at the snowforts but more intrestingly you may buy a backstage pass you can use at the dock (near the back of it)

Here's a picture of inside the VIP room (I thnik it was either Maquanstar or Articsledder who sent me it)

And the old item is from 2007 and it's a dark maraca

This just in (from Kaneos) my sister (Luna A1) and I found a new glitch watch this picture and wonder. 

Ok hi guys (thankyou to Maquanstar, Articsledder and last but not least Bodge101 for looking after my blog while  was away) this is the administrator of this blog Kaneos.  I am back from my 2 week holidays travelling to France and staying there for 10 days.  It seems quite a bit's happened since I left.  I can't get my own email domain service from google apps, clubpenguin has changed alltogether and Maquanstars back.  Here's a picture to show some things whcih have changed. 

Also I've suddenly decided Disney are the best thing that ever happened to clubpenguin and I've updated my cheat page and will soon have about 5 more videos. 

[polldaddy poll="811110"]

1. Filling Registration and Checkout Forms in 1-click.  Upcoming. You have to create a form filler profile before. It will look like this:

2. Signing in to my websites in a click.  The logins toolbar buttons are customizible and appear like this  on Web Replay’s toolbar. By clicking the login toolbar button I automatically sign in to my AOL mail.

3. Bookmarking websites. I can bookmark websites by clicking this  button on the toolbar. A dialog opens where I can tag the bookmark and write a short description about it.

Note. The difference between keeping your bookmarks online and storing them with Web Replay is that your Web Replay database is encrypted and protected by a master password. In other words your bookmarks are better protected if you store them encrypted with Web Replay. Web Replay database is portable. You can save it on an USB and have it with you everywhere you go.

4. Taking full web page snapshot (scrollbar included) just clicking  in the Web Replay toolbar.

5. Recording all my repetitive online actions like clicking and typing to reduce everything to one click.

When I start Web Replay recorder (click the second button in the toolbar) everything I’m doing online is recorded. At the end I stop the recorder and save the whole sequence as a web macro. From now on I can launch the recorded sequence anytime in a click.   

6. Generating strong passwords just clicking  button.

Web Replay automatically fills the generated password in a web page.

7. Finding items in my database quickly and easily.

I can quickly search items in my tagged database directly from my browser. This button  in the toolbar opens a search band in the left side of my IE browser. I can search items by tags and category (logins, web macros). You can see the items as you type.

Click HERE to download Web Replay password manager and log in to 10 websites FOR FREE FOR LIFE! 

Deskperience Software

Been down in the dumps since Saturday…

Was in the joy of having received some bonus from office and all that on Friday. Planned to have a bash on Saturday…go book shopping, spend the night at a friend’s place and have a happy weekend. Until I checked my bag on Saturday morning. And... Damn! Damn! Damn!

My atm card had apparently deserted me! First call went to the boyfriend, “Why the hell did you take my card? You could at least have told me…now how the hell do you think I can go shopping?!”. The answer was calm and amused “I do not have your card, Priya.” Aah…that was it. “Damn! Damn! Damn! Me, my carelessness and my damn forgetfulness…”

I was in despair. I knew I had misplaced it…but didn’t know when or where—until I figured out that my previous usage had been on July 8^th…well, the obvious things were done—called the bank, blocked the card, realised some ****** has swiped it for Rs 7744 at some African Electronics shop! Damn! Damn! Damn!

“It was swiped in Africa? A.F.R.I.C.A ???” “Ummm…no ma’am…I meant it was swiped in a shop called Africa Electronics.” “Oh.” I was so irritated at the loss that I was quite tempted to be mean to the guy standing at the next counter and complaining, “Look, my card is old…and I need a new one…” Here, I have neither the card nor the money—and this fellow is cribbing about a new card?? Have mercy! For want of loosing my cool, I just pretended he didn’t exist. Damn! Damn! Damn!

Well, nothing much was to be done…I went on with my book shopping, had lunch and met up with friends to catch a movie... I had totally ignored the card and the loss... "What has to happen, will happen, Priya" I told myself. And well, landed up at Lido, met my friends and told them the sob-story. "African Electronics? I haven't even heard of it" said a friend. "Me neither", wailed I...when another one piped up "Ah, that shop is right behind my house!" "What???" Damn! Damn! Damn!

And then my brain started working...actually started working! Since that day, I haven't slept. In spite of all that, i sat through the entire movie (Jaane tu ya jaane na--do watch it, its a happy movie...nice); i went to my friend's place and spent the night there with 3 others; came back home on Sunday, continued the investigation...and finally on monday, i had two suspects. Hated the fact that it was either of the two... Damn! Damn! Damn!

All of monday, I couldn't concentrate on my work. Kept solving the situation over and over in my head...and finally, by monday evening, I ruled out one among the two. And I was shocked... Damn! Damn! Damn!

Came home dead tired...mentally, more than physically...and finally sat down with my laptop, logged on to gmail... oops, logged on to gmail...ooops, logged on to gmail...ooops, logged on to gmail...ooops, logged on to gmail...and well, with shock, despair, irritation and much frustration, i realised that my password wasn't working...it kept asking me to verify the special characters, check caps lock and a lot of other things. All I wanted was to see "Loading scorpria@gmail.com..." and that was the only message which wasn't coming. Damn! Damn! Damn!

Then the tears started flowing! I cried like a baby..."I've lost my gmail id...waaaaahhhhh....i've lost my orkut id...everything is gone...my atm card is also gone....waaaahhhh...."

:D :D :D 3 sleepless nights, 2 full days of mental pressure and 7744 bucks! I had lost my logical abilities...the ability to think straight, apply my brain and realise that I can do a password recovery!

]]> http://ninamendoza.wordpress.com/?p=157 Tue, 22 Jul 2008 19:08:59 +0000 npmendoza http://ninamendoza.wordpress.com/?p=157

The cost of the tickets are relatively inexpensive. No excuses!

Estelle

Commodore Ballroom, Vancouver, BC
Mon, Sep 1, 2008 08:00 PM

Internet Presale Info

Radio/ Gman/ Spectrum

Start:Wed, 07/23/08 10:00 AM PDT
End:Thu, 07/24/08 10:00 PM PDT

Purchase

Edit: Presale password: shine, on sale tomorrow 10am sharp.

Now before i go on something related to my last post ...  i just got to know another method for verification of passwords it's the database password verification on the server side .. ( two kinds of verification client side {mostly JavaScript or other} and the other is server side {database verification} ) that's cause if done on the client side people would be able to access the database!! lol that's so obb ... well before i lose track again .. the password you put in is md5 hashed and for all you noobs out thereit an encrytion algorithm which cannot be unhashed! ( though they can be predicted with a probablist unhashing algorith go google it) , what is then done is these md5 hashed passwords are then compared with the already hashed passwords in the table and then the cookies are sent .. nice work right .. almost full proof .. unless you can actually acess the databse .. that can be done too depending on the server's for eg: i read somehwhere on hacking a iis windows 2000 server with a good example of a script (trogan) opening a unauthenticated port (99) with read/write attributes and acess to the whole server with the tftp command and telnet tooo!! .. awesome right?

well off to other topics like lets see ..  SEO? well i am quite new to it but the best way to do it is just including various currently "in" words in your article like LOK-SABHA , Britney , Google , Wordpress ,  Iphone , CMS , hacking , harry-potter and some others and then adding them to your tags .. does it work .. well i will tell you next time after checking the hits for this post .. ( as i told you i am new to this!! ) .. oh and btw if you are reading this it had to work!!

Sala Kahle!!  ( It's Zulu i think)

]]> http://gusthy.wordpress.com/?p=237 Mon, 21 Jul 2008 22:14:08 +0000 gusthy http://gusthy.wordpress.com/?p=237 Jika anda seperti orang kebanyakan, anda tentu mempunyai passwod untuk beragam website. Dan umumnya kita lupa sebagian besar atau semua password itu. Firefox dapat mengingat password anda, sehingga anda dapat login ke website secara otomatis.

Firefox 3 menawarkan cara mudah menemukan password dan username untuk masing-masing website. Berikut caranya :

1. Klik Tools ----> Options lalu klik icon Security.
2. pada bagian passwords, klik Saved Passwords, sebuah layar akan muncul bersama daftar website dan username untuk tiap website.
3. Klik Show Passwords. Layar peringatan akan muncul menanyakan apakah anda hendak menampilkan password, Klik Yes . Kini kita dapat melihat semua password beserta url website dan username.....Tulis untuk  dicetak dan simpan di tempat yang aman.....

Selamat mencoba.....GBU all    ( komputek, 21 Juli 08 )

A network administrator named Terry Childs, [formerly] employed by the city of San Francisco, has reset router and switch passwords to the city's fiber WAN, blocking access by other admins. Additionally, Childs has "set up devices to gain unauthorized access to the system" according to charges filed by DA Kamala Harris.

The network itself is still alive and functioning, but at this point no changes can be made to the devices on the WAN which is responsible for carrying around 60% of the municipal government's network traffic.

No word yet on exactly why Childs may have done this, but if he does not release the password and it cannot be cracked, it could cost the city around $250k to replace the effected devices.

If convicted, Childs could face up to seven years in prison.

[Via Computerworld]

Si alguna vez te topaste con algun archivo PDF que no se puede imprimir o alguna otra restriccion, el Advanced PDF Password Recovery Pro, te seria muy util para encontrar el password y quitar las restricciones, claro que te tomaria mucho tiempo... decidi postear la version basica que quita las restricciones, no necesita instalacaion.

_http://rapidshare.com/files/131129354/

Advanced_PDF_Password_Recovery.rar.html

If you get the following error in ASP.net :

The "SendUsing" configuration value is invalid.

Check if the following line is present in the script for sending mail. If not added it.

SmtpMail.SmtpServer = "mail.youdomain.com"

Here, "mail.youdomain.com" is the mail server. If this does not work, you can try using mail server IP.

It should work. :)

Inbox locked error

You get inbox locked error when there is inbox.lock file in the mailbox.

Inbox get locked when :

1. Accessing webmail at the same time a pop3 mail client is accessing email.

2. Accessing email from a mail client at intervals less than 3 minutes.

Remove the inbox.lock file and do not check mails at intervals less than 3 minutes.

Installing BounceParser

BounceParser is used to accept a message and then it will generate a report, whether the message is bounce message. The report will contain the reason for bouncing the message.

BounceParser or Mail::DeliveryStatus::BounceParser can be installed as

perl -MCPAN -e 'install Mail::DeliveryStatus::BounceParser'

Thats all. :)

Wget for password protected directories

When we download images or some files from password protected directories (using .htaccess,etc) using 'wget', we may get 'Authorization failed' error.

One example is given below :

#wget http://example.com/images/img.jpg
--00:36:34--  http://example.com/images/img.jpg
           => `img.jpg'
Resolving example.com... x.x.x.x
Connecting to example.com|x.x.x.x|:80... connected.
HTTP request sent, awaiting response... 401 Authorization Required

Authorization failed.

In such cases, what we can do is, use user authentication in 'wget'.

#wget --http-user=username --http-passwd=password http://example.com/images/img.jpg

This way we can download the file easily.

Modifying Autoresponder in Webmin

Autoresponder in Webmin replies with Subject as : 'Autoreply to <subject of the mail that you used>'.

To remove "Autoreply to" you can do the following.

1. vi /etc/webmin/virtual-server/autoreply.pl

2. Find the line

$rheader{'Subject'} = "Autoreply to $header{'subject'}";

3. Replace it by

$rheader{'Subject'} = "$header{'subject'}";

Yes, thats all.

Now, the autoreply will not have the word "Autoreply to". :)

Address already in use: make sock: could not bind to

address 0.0.0.0:443 no listening sockets available.

I got the following error while restarting httpd

# service httpd restart
Starting httpd: (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs!

Check which all processes are listening to port 80 or 443. You can use the following commands.

1. netstat -lnp | grep '0.0.0.0:80'

2. lsof | grep *:www

3. lsof -i:443

4. fuser -v 443/tcp

5. netstat -tulpen | grep :443

You can kill those processes and then restart httpd. This usually solves the problem.

Regards,
Me, wkwkw

Here is the pic of all my penguins i own:

Also Bergeron got two new penguins!!

And from now on i will be known as Acezboy

See ya,

Acezboy

No cussing

No spamming (fgniy7gmbrogbo45y) etc.

You are allowed to count

1

2

3

But one number per comment.

And the last rule is no advertising! If you advertise you will be disqualified.

Comment away!

~Budgee12~

Abcd77:Victorinocp has been disqualiflied for advertiseing!

Anti-Porn is an application for restricting specific content from the internet on certain user accounts on your computer. With Anti-Porn, parents can protect their children from inappropriate content of the internet. Anti-Porn enables you to let your kids only use the internet at certain times on specific days. Furthermore Anti-Porn creates logs that contain all websites visited, filtered out or not, and keeps the track of all data having been viewed on your computer. Of course, users that know Anti-Porns password can surf without restrictions.

Clik AKUK FILE to Download

Things to include:

• Use both numbers, letters, and symbols. (Example: #g%6n4x)
• Include capital and lowercase letters. (Example: QwERty)
• Substitute different symbols for letters.  (Example: Use the number '0', zero, instead of the letter 'O')
• Make a unique acronym.  (Example: "ILG" instead of "I love God.")
• Use phonetic replacements. (Example: "IOU" instead of "I owe you.")

 Things to avoid:

• Do not use an example password. 
• Do not use a password that includes personal information.  Personal information includes your name, initials, birth date, etc.  (Wrong: "Nate")
• Do not use words or acronyms that can be found in the dictionary.
• Do not use keyboard patterns. (Wrong: "qwerty")
• Do not use sequential patterns.  (Wrong: "abcd" or "1234")
• Do not make your password all numbers, all symbols, all uppercase letters, or all lowercase numbers.  You should include some of each.  (Wrong: "18536", "@*%$&", "AGJDC", or "fhbmr")
• Do not use repeating characters. (Wrong: "ffDD##55")

Tips for keeping your password secure:

• Never tell your password to anyone.  (This includes your pet parrot. :) )
• Never write your password down.
• Never send your password in an email.
• Periodically change your password.

If you follow these tips, your passwords will be reasonably safe.