The link is to an article at InfoWorld's web site. Roger Grimes got ahold of the purloined password/username lists obtained in the phishing attack when they were posted on the web. He analyses 34k entries for various things like frequency of letter and number use. It is a short and very interesting look into both how passwords fail and how easily they can be made a lot stronger.
As Grimes points out, it is not often a White Hat type gets to analyse such large lists and his doing so makes this article unique. It also points out just how easy it is to have passwords that do fall into "the norm", meaning it is almost trivial for you to tighten up your act as far as passwords go. For me to do it, as well. I was a bit surprised to find that several of my passwords fall directly into line with the poor ones. I spent a fun-filled hour fixing that.
Jack
Update: There are links in the article cited above to a 3 part article on Microsoft's TechNet site. Here are all 3, just in case.
Part 1.
Part 2.
Part 3.
Thoughts and links from the crew of the On Computers Radio Show as we wander the Web.
Saturday, November 18, 2006
MySpace password exploit: Crunching the numbers (and letters)
Friday, November 17, 2006
Linux infringes Microsoft patents, says Ballmer
I'm sure it is possible, but if it is true, why hasn't Microsoft sued anyone or revealed which parts of Linux or the software that runs on it infringe their IP rights?
The response to Ballmer's statement from the open source/free software communities has been overwhelmingly defiant. I think they want Ballmer to back up his words and are not at all afraid of a lawsuit. I cannot make up my mind whether this is just bravado or based on facts. I sense the former but am assured by my FOSS developer friends that if in fact the threats are based in reality, the various developer communities will strip out the infringing code and re-write it in very short order.
One way or another, this is going to get interesting. Remember; Red Hat is suing SCO simply because SCO impugned Linux. RH is seeking a declaration in court that Linux does not infringe any of SCO's intellectual property. It would not surprise me if either they or another Linux company (Canonical comes to mind, here) sues MS seeking the same outcome. There are many Linux companies with deep enough pockets to sue Microsoft and one or more of them just might.
And more than one pundit has wondered aloud how suing over Linux would affect Microsoft's bottom line. Alienating a significant portion of your customer base is never wise and it is a certainty that a very significant portion of Microsoft's enterprise and government customers are running Linux in one form or another.
Jack
The response to Ballmer's statement from the open source/free software communities has been overwhelmingly defiant. I think they want Ballmer to back up his words and are not at all afraid of a lawsuit. I cannot make up my mind whether this is just bravado or based on facts. I sense the former but am assured by my FOSS developer friends that if in fact the threats are based in reality, the various developer communities will strip out the infringing code and re-write it in very short order.
One way or another, this is going to get interesting. Remember; Red Hat is suing SCO simply because SCO impugned Linux. RH is seeking a declaration in court that Linux does not infringe any of SCO's intellectual property. It would not surprise me if either they or another Linux company (Canonical comes to mind, here) sues MS seeking the same outcome. There are many Linux companies with deep enough pockets to sue Microsoft and one or more of them just might.
And more than one pundit has wondered aloud how suing over Linux would affect Microsoft's bottom line. Alienating a significant portion of your customer base is never wise and it is a certainty that a very significant portion of Microsoft's enterprise and government customers are running Linux in one form or another.
Jack
Google improves its AJAX toolkit
Google has some nice web and web application toolkits available. Their AJAX kit, which previously catered mainly to Windows and Linux, has now been expanded to include Macintoshs running OS X.
If you are doing any type of web development at all, I urge you to check out Google's free tools and code offerings. They might save you a lot of work or expand your capabilities.
Jack
If you are doing any type of web development at all, I urge you to check out Google's free tools and code offerings. They might save you a lot of work or expand your capabilities.
Jack
Tuesday, November 14, 2006
World Useablility Day and N@N
I thought this might interest some, I wish I'd heard about it before the actual day... They do have webcasts available, so perhaps there will also be some after the fact audio or video. Check it out. Usability is an issue for everybody.
World Usability Day 2006
I'm listening to Net@Nite and Amber mentioned ChaCha.com a search engine that has "Guides" who will do the searching for you. Amber used an example of looking for the price of a Wii, the expert pasted the link for wikipedia and told her to scroll half way down the page for the price, but they were about $259. So for those of us who might just be overwhelmed by the thousands of links, and just want some help finding results this might be the place to go. And its free! As I was checking it out, I found a way to imbed a search link here, so there it is....
FlashEarth is another cool page that I heard about while listening to Net@Nite, it offers a choice of mapping sources, zoomable, rotateable. Not to mention it'll give you your latitude and longitude, if anybody has a GPS, say.... Liveblogging Net@Nite for you :)
--MissM
World Usability Day 2006
I'm listening to Net@Nite and Amber mentioned ChaCha.com a search engine that has "Guides" who will do the searching for you. Amber used an example of looking for the price of a Wii, the expert pasted the link for wikipedia and told her to scroll half way down the page for the price, but they were about $259. So for those of us who might just be overwhelmed by the thousands of links, and just want some help finding results this might be the place to go. And its free! As I was checking it out, I found a way to imbed a search link here, so there it is....
FlashEarth is another cool page that I heard about while listening to Net@Nite, it offers a choice of mapping sources, zoomable, rotateable. Not to mention it'll give you your latitude and longitude, if anybody has a GPS, say.... Liveblogging Net@Nite for you :)
--MissM
Get Microsoft Firefox Professional
It's a prank. At least I hope it's a prank.
Enjoy,
Jack
Enjoy,
Jack
Broadcom flaw could allow Wi-Fi hijacks
Computer users can check if they have the vulnerable driver by searching for it on their system. The driver filename is: BCMWL5.SYS. As a workaround, some people suggest installing the fixed Linksys drivers for protection.
There are times when security through obscurity is a good thing, because I find I have this driver on my laptop. I'd hate to be in a public place with it right now and would probably revert to using my USB wireless, but what a pain that is. I know I'm not the only one with this problem. Since Broadcom has released an update, we need to make sure our manufacturers pass this update on to us.
Monday, November 13, 2006
Sun releases Java under GPL licence
Since Jack isn't/wasn't feeling well (feel better soon!), I'm posting this as an inadequate substitute. (And, its a link from TheInquirer.net!)
Full article
--MissM
SUN MICROSYSTEMS will announce today that its Java language, contrary to the prediction of many pundits, will be offered as pure "Free Software" -as Richard Stallman would say "free as in freedom"- under a GPL version two licence.
Ponytailed CEO Jonathan Schwartz will announce the ground-breaking move in a webcast to be held later at 9:30am Pacific Time. Both Java SE -used on desktops - and Java ME - used on mobile phones and PDAs- will be included. The server-side Java, or Java EE will be available both under the GPL version two licence and the same Common Development and Distribution Licence (CDDL) that Sun has used until now.
Full article
--MissM
Widescreen LCD Links
I had to gloss over a lot today, especially the part about viewing DVDs on a widescreen monitor. Here is a small selection of links to compliment our discussion on today's On Computers Show and podcast:
Computer Display Standards
How LCD Monitors Work
Widescreen Gaming Forum
Monitor Calibration
Anamorphic DVDs
Computer Display Standards
How LCD Monitors Work
Widescreen Gaming Forum
Monitor Calibration
Anamorphic DVDs
Sunday, November 12, 2006
OnComputers Radio show Podcast 11-12-06
This is the On Computers Radio show podcast for 11-12-06. You can listen live every Sunday from 10AM to 1PM Pacific thats 1PM to 4PM Eastern. If you prefer, you can download the same file here via ftp.
Show Links
Joe's GPS Nice!!
DailyTech - Get Ready for Black Friday
Satellite Tracking System: Orbitron
Mercury transiting the Sun: Bad Astronomer Blog
Thats roughly the first hours urls. I don't want to lose this, so I'm gonna hit publish.
--MissM
Black Friday, the busiest shopping day of the year, is almost here!
Black Friday is just around the corner! If you're not entirely familiar with the yearly tradition, Black Friday is the day after Thanksgiving that draws mobs of people to wait in long lines to get good deals on just about everything -- it is also the busiest shopping day of the year. Many credit Black Friday as being the unofficial start of the holiday shopping season.
DailyTech - Get Ready for Black Friday
Satellite Tracking System: Orbitron
Mercury transiting the Sun: Bad Astronomer Blog
Thats roughly the first hours urls. I don't want to lose this, so I'm gonna hit publish.
--MissM
Subscribe to:
Posts (Atom)