Windows Password Security- Part 3

As I recall, I was talking about hashes. The answer to yesterday’s question is that you can; one program that allows you to do this is called fgdump. It takes the hash and directly logs in, without using the login screen. I’m pretty sure that this is the end of the series.

Advertisements

Data Integrity Loss

I’m back from the non-blogosphere thing… I think it’s called the real world… but anyway, I’m back! Today’s post is about data integrity loss, or whatever it’s called. This is the first all-orginal post, i.e. I didn’t do any research. My best analogy for data loss is somewhat like this: A game of telephone is being played, but only the first and last people know the language, so the middle people make some mistakes, such as saying “fart” instead of “fort”. If only a few people are between those who know the language, mistakes can be corrected, such as turning “fart” back into “fort”. If too many people are in between, though, it could get mis-interpreted. now replace those who don’t know the language with wires, and those who do with routers.

Man in the Middle

This post is about Man in the Middle (hereby refered to as MITM) attacks. MITM refers to the hacker, with computer C, tapping the line between computer A and computer B. If there was not any previous connection between A and B, C can see all communication, no matter the security. Let us imagine a simplification. A says “let’s use algorithm X” B sees this and says, in algorithm X, “OK, here’s your webpage”. C sees A changing the algorithm and decrypts all traffic in algorithm X, seeing the webpage. I can see no way to get around this other than A) send the information along a different path or B) if the hacker taps the conversation after it has started. If anyone knows another way, please comment.

Laws and the Internet

Finally, I hope to actually give some content.

I believe that laws have no right on the internet. Individual sites have the right to store what they want about you, and block you, but the internet should not be governed by laws of any kind, especially not the ones of the servers’ location(s). If governments want to set up their own lines for their own networks, they have that right, and the right to prosecute those who hack it, but HTTP protocol should remain the people’s (and the robots’). If two people want to have an email conversation, then anyone who can intercept the line should be able to listen in.

Spam

someone tried to post a soma cooment from the following email address: vollokjik@mail.ru I hope that spiders will crawl this, and the spammer will in turn get spam.

SPAM, SPAM, SPAM, SPAM, SPAM…

We all hate spam. I know there are many blog posts about this, so I’ll try to be short. A good site for statistics on spam is here. On that same site, I found the US laws about spam. That brings me to another point: law and the internet. but I’ll touch on that later. I’ve found the best spam filter to be the one that Gmail has. Read the rest of this entry »

Gmail down

Gmail went down for the majority of its tens of millions of users on Tuesday, September 1, 2009. The Boston Globe’s story is available here, and a Google News search for “gmail” returns many valuable results, at least for now. When I was affected, I thought that one of my labs features had broken, until I found others experienced it, too. Gmail said that it took some servers down for routine repair, and underestimated the additional load on other servers. The Gmail team was alerted of the problem within seconds, but had to continue the maintenance. Google’s report is here. Read the rest of this entry »