Cracking out MD5 passwords with Google

November 20, 2007

As seen on Slashdot, a security researcher at Cambridge found a very interesting use for Google (full story) .

I am shocked… I didn’t know that WordPress is storing our precious passwords without a salt! and even more shocking is that Google is so great at storing and indexing everything that you can even use it to infer passwords giving the MD5 hash… that’s scary.

Of course if you have a strong password it won’t work, but it is a trivial way to break passwords of people oblivious to computer security using plain dictionary words as passwords, I don’t really know the trends but I wouldn’t be surprised if a lot of people still do that (when the site does not enforce a stronger password policy)

It is amazing how many things can be done with Google (maybe it will work with some other search engine… but I didn’t feel like trying), and it is really disappointing that WordPress got so careless, for most cases there is no reason to not use a salt, and the extra coding effort is negligible…. anyway if you have some simple wordpress password consider changing it.


Xen Summit Fall 2007

November 20, 2007

I was hoping for the material to be available already so I could link to it, but it is not yet the case.

So what is in store for Xen?

As I mentioned previously for day one some directions on Xen roadmap were shown some interesting xen extensions were shown, one I found particularly interesting is JavaGuest (Java running on top of Xen, allowing a full Java stack… more on that in a post to follow).

Day 2 started with AMD and Intel updates, and as I said it is really great that they are caring about virtualization. I am particularly excited about the features coming up with Intel VT-d which allows DMA for IO devices by means of DMA remapping (basically assigning regions of host physical memory as “protection domains”, assigning devices to this domains and remapping DMA access to host physical addresses on this domains, the remapping being done in HW).

Also very interesting was Samsung’s presentation on the ARM port of Xen, which they showed originally on the previous Xen Summit. Now it is even more advanced, they even showed Doom running in one of the domains, and following the current trend of disaggregating Dom0, they have a separate domain for drivers. Very good work, I really hope they release their work, there are a lot of great things that can be done with it.

Very interesting work for consolidating memory in Xen (the more VMs you run the more important this will become) by using Copy on Write was also shown, and a great approach at treating Xen VM as transactional applications (checkpointing the VM every few milliseconds, executing speculatively and holding any output in between checkpoints).

Finally, the recently announced OracleVM (Sun, Novell and RedHat also showed their stuff), now that Viridian is going to be released soon, pretty much all the major players have a virtualization solution in hand, this is definitely getting big.


Second take on the lion war

November 19, 2007

Where is my Genji Set? I can’t steal from Elmdor! and I spent a lot of time trying! There is another quest where you can get it, though, but not all of it (just the sword and the armor)

What happened to the spells/attacks quotes? “Layer upon layer make your mark now! Haste!” anyone? I really liked those, and I even used those while playing FFXI (some people liked it some others got really annoyed… anyway that was a long time ago).

Where are the other two intro videos? I understand… they are not widescreen, but they could have remade them just as the first one, those two videos are really good… I guess you can just download those videos and put them in your PSP to get the classic feel.

*Spoiler here *

I like the new quests, I enjoyed beating Algus (Argath?) an additional time, getting more stuff with Beowulf and Reis (with interesting extra story), seeing Ovelia one last time before going to beat Ultima (I like that one better than the original). I still don’t have the Dark Knight because I haven’t had played that much yet, and the Onion Knight sucks for now, maybe I’ll get something to make it better.

*End of Spoilers

I insist it was totally worth my money, but I have to finish with this quickly so I can start playing my Castlevania and Silent Hill… too many games, not enough time.

See my early review here


Delta United to Merge?

November 19, 2007

As seen on CNN, not really technology related but still something that shocks me! I really like Delta and I cannot imagine United sucking more than it already does, so it may mean that now my favorite airline will have bad service and extremely oversold tickets. I am clearly being totally subjective and biased, but I have had very bad luck with them (enough as not to care to spend some more money just to not fly with them).

It may actually be a good thing if they have both airlines coverage and flights may actually get cheaper and more hop options than Atlanta… anyway this is stil just a possibility, nothing official here.


Feeling sick…

November 19, 2007

I felt a bit ill during the weekend, sore throat, mild fever… didn’t feel like posting.

I will post a few updates tonight on the rest of the Xen Summit, a little bit more about android and some other random stuff I found interesting during the weekend.


Google Maps with GPS in the N95

November 14, 2007

… and any other phone with GPS for that matter.

For all the users of mobile phones with a GPS receiver that still have an old version of google maps, go now and update it. I just noticed that the new version (and maybe even a few older ones) now are smart enough to use the GPS on the phone to get your position.

Now it is not only the Helio that can do that… and I am pretty happy now because there is no way I will get lost ever again as long as I have my phone with me.


Nokia N82 released

November 14, 2007

Finally the Nokia N82 has been released (it’s sad for me that my beloved N95 is not the latest anymore, I should blog about it at least once before the N82 hits America).

According to the specifications it is like a slightly improved N95, lighter, slimmer, with a new look, xenon flash and the latest software revision. It looks like it doesn’t have the two-way sliding behavior of the N95 (that is quite useless, but looks very cool!) and I am pretty sure that reduced the weight and thickness. Overall it still looks nicer, but I am not sure about the keypad… playing those NGage games is going to get even harder.

Anyway if it is like the N95, it should be a very nice phone…