Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

by in arstechnica – 5/27/2013

“The ease these crackers had in recovering as many as 90 percent of the hashes they targeted from a real-world breach also exposes the inability many services experience when trying to measure the relative strength or weakness of various passwords. A recently launched site from chipmaker Intel asks users “How strong is your password?,” and it estimated it would take six years to crack the passcode “BandGeek2014”. That estimate is laughable given that it was one of the first ones to fall at the hands of all three real-world crackers.

As Ars explained recently, the problem with password strength meters found on many websites is they use the total number of combinations required in a brute-force crack to gauge a password’s strength. What the meters fail to account for is that the patterns people employ to make their passwords memorable frequently lead to passcodes that are highly susceptible to much more efficient types of attacks.”

Read the whole article at arstechnica.com.

 

How Many Combinations Are Possible Using 6 LEGO Bricks?

“This question was first officially “answered” in 1974, and LEGO mathematicians arrived at the number 102,981,500. Eilers was curious about the mathematical methodology behind that number, and soon discovered that it only covered one kind of stacking—thus, it was dramatically low. So he wrote a computer program that modeled all the possible brick combinations. After running the program for a week, he ended up with a massive number: 915,103,765 combinations.” mentalfloss.com

The times involved by adding bricks seem to get into ranges we read about in articles about the times it takes to crack passwords.

Blocking Telemetry in Windows 7 and 8.1

Originally published by By Martin Brinkmann on February 11, 2017, at ghacks.net.

“Microsoft pushed patches to devices running Windows 7 and 8.1 in recent time that collect information and transfer data to Microsoft regularly.

One of the main issues that Windows users may have with telemetry is that Microsoft does not reveal what it is collecting, and what is included when telemetry data is transferred to the company.

The [linked article] provides suggestions on limiting Windows data collecting and transferring. There is no guarantee that nothing is collected and/or submitted after making privacy related changes to the operating system, but a guarantee that data collecting is severely limited at the very least.”

Closing Words [from the article]
There is always the chance that new updates will add new services or tasks. This is why it is recommended to set Windows Update to inform but not download and install automatically.”

At the time I posted this article, the original had 50 comments.

Dash Cams: Coming To A Dashboard Near You

“Dash cams are small video cameras (priced from $50 to more than $200) that can be mounted to your car’s dashboard or windshield to record what happens in front of the vehicle. More advanced models can also record interior audio and video, and rear-facing video, and even display on your rearview mirror or stream to the internet.”

This linked consumerist.com article provides five of the top reasons people buy one, and also compares some models and features: consumerist.com

Tech Expert Trolls “Tech Support” Scam Caller — For Two Hours!

This Consumerist.com story is just too good to not share with you here.

“[Extremely knowledgable, experienced tech expert Sean Gallagher, currently an editor for tech site Ars Technica,] both knowing his stuff and also being in a position to write stories about it, decided to have a little fun with the scammer who called him on Monday, and kept him on the line for two hours while pretending to be an easy mark.”

“You can read the full saga, with more of the technical details — or just listen to the condensed 27-minute recording of the two-hour call — over at Ars Technica.”

Do take the time to read that Ars Technica article. It helps if you can imagine you’re watching it being performed at a SPAUG meeting.