You are here

rick's blog

Looking at Lulz

LulzSecI've been looking at the various files LulzSec has uploaded from their victims. These include Sony (several different sites on separate occasions), PBS, the game company Bethesda, Fox TV, Nintendo, and a computer security company called Unveillance. They actually defaced the PBS site, posting a bogus article claiming that dead rapper Tupac was located alive

They also extracted the hashed password file belonging to the Atlanta chapter of Infragard, an FBI-affiliated organization, and cracked a bunch of the passwords. The site is now offline.

My initial impression is that these folks are using some fairly simple attacks, like SQL injection, to retrieve a lot of the data. Note that in most cases they didn't actually deface the victim. I suspect they would have if they could have. Thus, they're taking advantage of the weaknesses they do find.

Post category: 

"Cracking" Passwords

There's been buzz in computer hardware blogs over the past few days about how faster processors (and GPUs in particular) are rendering strong passwords "useless." One experimenter, named Vijay Devakumar, posted a description of his success at cracking passwords, which has been recently picked up by bloggers on

Post category: 

RAID Backups Redux: Snow Leopard

Grumble, grumble.

There has been an update to the DiskUtil program that prevents my RAID backup procedure from working.

The version I am running - Version 11.5.2 (298.4) - no longer provides a "Remove" or "Demote" function when a RAID drive is missing or offline. I've found two ways around this. I recommend the first approach for regular use. The second is only provided to illustrate a bizarre feature of Apple RAID.

Wordpress tag: 
Post category: 

Whither the book?

I started reading ebooks on my Palm III in 1998. Now that I have a tablet, paper books seem quaint and even annoying some times.

(C) 2011 Rick Smith, Creative Commons Attribution

Two households in our family own hardcover copies of Clavell's Noble House , an alarmingly thick novel from 1981. It weighs over 3.5 pounds. It makes good travel reading. I've read chapters out of different copies while on visits, but never managed to finish it. And I wasn't going to carry it on a plane. I finally bought the Kindle edition. It lives weightlessly alongside a few hundred other books on my 1.4 pound iPad.

Wordpress tag: 
Post category: 

Drupal 7: Not Ready for Prime Time

I've just spent an unsatisfying weekend with Drupal 7. I made several unsuccessful attempts to upgrade from Drupal 6.20 to Drupal 7. Although I had carefully built a copy of my active site, and tried to experiment only with that site, the side-effects managed to damage the live site as well.

Everything is back and stable on Drupal 6.

Wordpress tag: 
Post category: 

It's Framemaker Month, and its 25th Anniversary

Fellow Framemaker junkies on the "Framers" list have pointed me to a recent and very upbeat posting on Framemaker, which turns 25 this month. Those who are familiar with my work style know that I've been a Framemaker junkie for about 20 years.

Wordpress tag: 
Post category: 

More on Comodo

A fellow calling himself (herself?) "ichsun" claims responsiblity for breaking into the Comodo CA to create bogus certificates.

He has posted (pasted, actually) a series of statements on that describe what happened and provide some evidence to support his claim. Note that the link above will probably go sour in a while, since Pastebin's policy is to recycle the pasted storage periodically.

Post category: 

More Bogus Certificates

I few months back I retold the story of a bogus Microsoft certificate issued by Verisign in 2001. It's a difficult story to track down ten years later because many articles published by then have either disappeared or been 'updated' to remove details.

Post category: 

The best on-line security examples?

I'm collecting links to good primary sources and on-line examples of information security concepts. I'm especially interested in finding videos that aren't simply text-based Powerpoint set to mpeg.

Down for a week

Yes, Cryptosmith has been down for a week. Last Saturday I directed GoDaddy to migrate me to a new set of clustered servers. After 3 days of asking the help desk about delays, they "escalated" the problem to the next level. The next level never answers the phone or bothers with mundane things like status reports.

Wordpress tag: 


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer