Sunday, 24 April 2005

There's slashdot conversation taking place about using and enforcing cryptographically strong passwords (it's all about passphrases, people, passphrases - read my experiences here). In that thread, someone linked to an old and quite perfect social engineering example that I had not seen in a while. In my field I see and hear some of the funniest (or rather scariest) stories about situations like this.

From an IRC chatroom:

<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
<AzureDiamond> you can go hunter2 my hunter2-ing hunter2
<AzureDiamond> haha, does that look funny to you?
<Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
<AzureDiamond> thats neat, I didnt know IRC did that
<Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
<AzureDiamond> awesome!
<AzureDiamond> wait, how do you know my pw?
<Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
<AzureDiamond> oh, ok.

Pretty darn funny - unless it's you.

Of course, much of the /. conversation has evolved into the requisite noise and talk about how the original question is a moot point because passwords are dead, etc etc etc blah blah blah shashdotadnauseum...

And, since we need something useful to go with the something-funny/scary, here's some information worth reading about how to make it possible for users to remember and use cryptographically strong authentication without having to resort to post-it's and .txt files on the computer:

The Great Debate: Pass Phrases vs. Passwords

  • Part One - covers the fundamentals of passwords and pass phrases, how they are stored, and so on
  • Part Two - discusses the relative strength of each type of password, and use some mathematical approaches for illustration
  • Part Three - offers some conclusions and guidance on how to choose passwords and configure a password policy

Add/Read: Comments [1]
IT Security | Tech
Sunday, 24 April 2005 09:19:41 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 23 April 2005

QuickTime is needed to watch this clip.

Okay, whoever sends me a picture of themselves actually wearing one of these will get a copy of Real Ultimate Power from yours truly. Cuz if you wear one of these, you'll love that book, I am confident.

"Introducing the most technologically advanced piece of clothing since the Hypercolor t-shirt ... the LED scrolling belt buckle."

Umm, wow. Cool, hehe.

It's $28.99 plus $6.49 shipping and handling, and holds up to six unique messages at a time, with each message being 256 characters long. You can change the messages at any time as well as things like like the speed of the messages and how bright the display is.

Yes it works with regular belts, and no it won't play MP3s.

Add/Read: Comments [3]
Random Stuff | Tech
Saturday, 23 April 2005 14:17:45 (Pacific Standard Time, UTC-08:00)
#  Trackback

Cokecanpolishing1727This one's making the rounds, and I thought it was cool, so here it is:

Yes, you CAN make a fire from a can of coke and a chocolate bar!

So, if you're ever stuck in the wilderness and can't find your way home, yet you happen to have (and hey, don't we all?), a Coke can and a bit of chocolate with you, have no fear - Just round up some flammable material and you have everything you'll need to start a fire and keep warm.

Or, you could just use to to wow and amaze your friends.

(via Eric Rice and Phil Torrone)

Add/Read: Comments [2]
Geek Out | Random Stuff
Saturday, 23 April 2005 11:56:42 (Pacific Standard Time, UTC-08:00)
#  Trackback

Mac_miniPeople are regularly asking me if I got my free Mac Mini yet, so to answer those questions here's an update to the Free Mac Mini situation/test/experience.

It appears that 85 people have signed up after clicking on my banner ad on this site, and 8 of those people have completed the offer portion (it takes 10 completions before they send the computer). So if you're interested in any of the available offers, do a guy a favor and give it a shot. Just click here: - Get a FREE Mini Mac! Or click on the Mac Mini image over there to the left.

The offers that are available change over time. At one point Blockbuster Online was been removed as a possible offer to complete, but it looks like it is back available at times (which is very cool). Among the others available are a trial of Napster's online music service and, a service I already subscribe to that allows you to receive faxes in email, and which also allows you to send faxes straight from your computer. No need for a fax line or a dedicated fax machine, plus having your faxes stored as electronic files is a great way to keep track of things.


If you happen to find Blockbuster Online as an offer to complete, I highly recommend it. I dropped NetFlix's service and switched to Blockbuster's service for two reasons: Less money per month and free rental coupons for in-store rentals each month. You get to rent unlimited DVDs online for only $9.95 a month (3 movies at a time), plus coupons delivered in email for two free in-store game or movie rentals every month. I got my "offer" credit within hours of signing up. Make sure you temporarily allow pop-up windows when you click on an offer at, because that's where they show you the terms of the offer and how long it will take for you to get credit for signing up. You can always close the pop-up later once you've received confirmation.

Anyhow, two more people to sign up and I can get that computer and remove the banner!

Add/Read: Comments [0]
Random Stuff
Saturday, 23 April 2005 10:56:46 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 22 April 2005

So, tonight's a special Geek Dinner, there's also a monthly Portland Nerd Dinner, and next week at the PADNUG meeting (that's Portland Area .NET Users Group), my coworkers Scott and Patrick are teaming up to present on "Continuous Integration for .NET" to attendees:

"Continuous Integration is more than just a fad; it's darn near required to survive anymore. Join Patrick Cauldwell and Scott Hanselman as they talk about one of Corillian's product's build processes. They will explore NUnit, NAnt, custom NAnt Tasks, automatic reporting of errors, and unit test failures as well as Cruise Control.NET which can enable you to create an Enterprise Wide Build Dashboard for all the pointy-haired bosses to oogle at. It'll be fun, informative, and fast pace."

Portland Community College Auditorium
CAPITAL Center, Room 1508
18640 NW Walker Rd.
Beaverton, OR 97006

There's chat time and free pizza at 6:00 pm. The meeting and presentation begins at 6:30 pm.

Add/Read: Comments [0]
Random Stuff | Tech
Friday, 22 April 2005 06:53:00 (Pacific Standard Time, UTC-08:00)
#  Trackback

My friend Chris Pirillo and his lovely fiance Ponzi will be in town this evening, and Alex has put together a Geek Dinner this evening here in Portland. Head for Northwest and join us/them for a geeky get together:

What: Geek Dinner in Portland
Date: Friday, April 22nd
Time: 6pm
Where: Blue Moon - 432 N.W. 21st, Portland
Who is Welcome: Everyone!

Bring your friends and digital cameras, let's hang out and be - well - geeks, I guess.

Add/Read: Comments [1]
Geek Out | Random Stuff
Friday, 22 April 2005 06:31:02 (Pacific Standard Time, UTC-08:00)
#  Trackback