Recent Entries in Hacking

  Making safer passwords

Uh-oh. Time to change my passwords. Guess I better stop using "password1".

Secure Passwords Keep You Safer

According to Eric Thompson of AccessData, a typical password consists of a root plus an appendage. A root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either a suffix (90 percent of the time) or a prefix (10 percent of the time).

So the first attack PRTK performs is to test a dictionary of about 1,000 common passwords, things like "letmein," "password1," "123456" and so on. Then it tests them each with about 100 common suffix appendages: "1," "4u," "69," "abc," "!" and so on. Believe it or not, it recovers about 24 percent of all passwords with these 100,000 combinations.

PRTK also runs a four-character-string exhaustive search. It runs the dictionaries with lowercase (the most common), initial uppercase (the second most common), all uppercase and final uppercase. It runs the dictionaries with common substitutions: "$" for "s," "@" for "a," "1" for "l" and so on. Anything that's "leet speak" is included here, like "3" for "e."

The appendage dictionaries include things like:

  • All two-digit combinations
  • All dates from 1900 to 2006
  • All three-digit combinations
  • All single symbols
  • All single digit, plus single symbol
  • All two-symbol combinations

Yarr, kill the women and children. Let's keel-haul their asses.

Oh, music and video piracy. You can see my confusion here.

Los Angeles Says Piracy 'Detrimental to the Public Health, Safety' | Threat Level from

Local governments in California and the United States have long had the power to declare property a public nuisance when their owners allow their land to become denizens of drugs, gangs, prostitution and gambling.

The Los Angeles County Board of Supervisors, following New York's lead, is adding a new CATEGORY: Music and video piracy.

In an ordinance just adopted, the five-member board is declaring that piracy "substantially interferes with the interest of the public in the quality of life and community peace, lawful commerce in the county, property values, and is detrimental to the public health, safety, and welfare of the county's citizens, its businesses and its visitors."

Canadian artist finds his Web-published Creative Commons artwork and interviews were stolen and republished into a coffee table book, selling for $100 on the Internet.

Luc Latulippe � Blog Archive � My illustrations, stolen and published in new book

â..OMG! You should totally sue them!â.

Yes, this is everyoneâ..s first reaction, right after red-faced anger. Well, let me just grab my wallet andâ.¦ oh, right, I draw pictures for a living! This means Iâ..m lucky if I have enough money to pay some bills for the next few months, but not quite enough to launch a class-action lawsuit across international borders against a bogus copyright infringing publisher in China.

Sweet! Now to get those t-shirts out.


Public Citizen | Press Room - Federal Court Rejects Wal-Martâ..s Trademark Claim Against Web Critic

A federal judge today upheld a Georgia manâ..s First Amendment right to criticize Wal-Martâ..s business practices by using satire to compare its destructive effects on communities to both the Holocaust and al-Qaeda terrorists.

In rejecting the companyâ..s claim of trademark infringement, the U.S. District Court for the Northern District of Georgia in Atlanta found that Charles Smithâ..s parody Web sites ( and and related novelty merchandise were protected speech and that a reasonable person would not confuse their use with Wal-Martâ..s legitimate trademarks. The court also rejected Wal-Martâ..s claim that it has trademark rights in the â..smiley-faceâ. that Smith used in one of his parodies.

Public Citizen and the American Civil Liberties Union of Georgia Foundation defended Smith after Wal-Mart sued the Conyers, Ga. man in 2006, claiming he infringed on its trademark by creating parody logos and Web sites built around the â..Walocaustâ. and â..Wal-Qaedaâ. concepts, including the image of an eagle clutching a yellow smiley face, similar to the one Wal-Mart uses in advertising. Smith also put the design on T-shirts, bumper stickers and other items that he sold on

Judge Timothy C. Batten Sr.â..s decision reaffirms an important point of trademark law â.. that even though a parody is placed on a T-shirt and sold, it nevertheless represents non-commercial speech that is fully protected by the First Amendment and, thus, is not a proper basis for a trademark action, said Paul Alan Levy, a Public Citizen attorney, who represented Smith along with Gerald Weber of Atlanta.

I'll admit I jump at the chance to disrobe in front of TSA people. Usually, I'll have my pants halfway down before they quickly usher me through. So I'm a little surprised at this. Well, not all that surprised. I have had people tell me I have to remove my earrings before. These are 10 gauge piercing rings that need two pairs of pliers to remove, so they have always just shrugged and let me go.

Once I actually had a TSA guy draw a gun on me when I went through a metal detector. I had saved up about 10 packs of ketchup in my coat's breast pocket. They must have thought I was packing in a shoulder holster. That was fun. - TSA Forces Woman To Remove Nipple Rings For Flight

A Texas woman who claims she was forced to remove a nipple ring with pliers in order to board an airplane called Thursday for an apology by federal security agents and a civil rights investigation.

"I wouldn't wish this experience upon anyone," Mandi Hamlin, 37, said at a news conference in Los Angeles. "My experience with TSA was a nightmare I had to endure. No one deserves to be treated this way."

Hamlin said she was trying to board a flight from Lubbock to Dallas on Feb. 24 when she was scanned by a Transportation Security Administration agent after passing through a larger metal detector without problems.

Apparently there are far too many loopholes in the Canadian do-not-call legislation -- so many that Michael Geist made his own list.

iOptOut - Welcome to iOptOut

The Canadian government passed legislation in 2005 mandating the creation of a do-not-call registry. The registry is scheduled to take effect in mid-2008, yet many Canadians may be disappointed to learn about the exemption of a wide range of organizations (registered charities, business with prior relationships, political parties, survey companies, and newspapers). Under the law, exempted organizations are permitted to make unsolicited telephone calls despite the inclusion of the number in the do-not-call registry. However, organizations must remove numbers from their lists if specifically requested to do so.

IOptOut takes advantage of this approach by allowing Canadians to create and manage a personal do-not-call list that begins where do-not-call legislation ends. Once you register, you'll be able to view a categorized list where you can opt-out of further contact from exempt organizations. To do this we send an email notification to each organization on your behalf requesting that your name, email address and phone number(s) be removed from their active marketing lists.

Excellent piece about how ham-handed approaches to traffic shaping impact real businesses, and that by denying the practice exists only causes further problems.

How Network Non-Neutrality Affects Real Businesses | Xconomy

My company, Glance Networks, has first hand experience. Glance provides a simple desktop screen sharing service that thousands of businesses use to show online presentations and web demos to people and businesses worldwide. When a Glance customer hosts a session, bursts of high speed data are sent each time the personâ..s screen content changes. The Glance service forwards these data streams to all guests in the session, so they can see what the host sees. The streams need to flow quickly, so everyoneâ..s view stays in sync.

One day a few years ago, our support line got a spate of calls from customers complaining that our service had suddenly slowed to a crawl. We soon realized the problem was localized to Canada, where nearly everyone gets their Internet service through one of just two ISPs. Sure enough, posts on blogs indicated that both of these ISPs had secretly deployed â..traffic shapingâ. methods to beat back the flow of BitTorrent traffic. But the criteria their methods used to identify the streams were particularly blunt instruments that not only slowed BitTorrent, but many other high-speed data streams sent by their customersâ.. computers.

... without telling them. This has apparently been confirmed on DSL Reports forums, and Bell's justification is that this is part of their TOS.

Bell Canada Throttles Wholesalers, Doesn't Bother To Tell Them -

Users of the Canadian family-run ISP Teksavvy have started noticing that Bell Canada is throttling traffic before it reaches wholesale partners. According to Teksavvy CEO Rocky Gaudrault, Bell has implemented "load balancing" to "manage bandwidth demand" during peak congestion times -- but apparently didn't feel the need to inform partner ISPs or customers. The result is a bevy of annoyed customers and carriers across the great white north.

  H&R Big Brother

Interesting little tidbit from Michael Geist on H&R Block's privacy policy. It's a little unnerving to know that my tax information is being sent to the U.S.

Michael Geist - H&R Block's Privacy Policy

Due to H&R US's location in the United States, and in instances where your personal information is processed or stored by another affiliate or service provider in the United States, courts or law enforcement or regulatory agencies may be able to obtain disclosure of your personal information under the laws of the United States.

  Moustache Me

Cool website which sells moustache stickers for vandalizing ads.


Moustache Me

First Rule of the Moustache...

We do not officially endorse property damage and we hate the word vandalism (ew!).

The moustaches available here are simple vinyl stickers and are therefore semi-permanent fixtures.

Do with them what you will but note that we disavow all connections to you and your actions.

I'm no Wordpress user, but these look like good tips. With a little modification, they could apply to most other server-based blogging software.

Wordpress Security Tips and Hacks

We all agree that having a secure wordpress weblog should be our first priorities when keeping a successful blog. In this post weâ..d like you to share your knowledge and help us create the Wordpress Security guide to keep the bad guys out.

Below are 10 security tips that you can easily implement on your WordPress blog. Please share one or more life-savers you use permanently to help protect yourself from WordPress security issues.

The Judge apparently took some time to defend his initial actions which caused the injunction to proceed in the first place.

Judge: Wikileaks gets its domain name back | The Iconoclast - politics, law, and technology - CNET

After spending more than three hours hearing arguments from a raft of attorneys--two representing the Swiss bank that fought to get the site's plug pulled and about 10 who have been trying to get the site back online--a federal judge here has ruled in favor of Wikileaks.

Wikileaks, which uses as its primary domain, is a whistle-blowing site that focuses on posting leaked documents.

"The court denies the motion for preliminary injunction, and the court hereby dissolves the injunction against (domain name registrar) Dynadot, and the litigation may now proceed," said U.S. District Judge Jeffrey White, who had called a brief recess around 11:40 a.m. PST, indicating that he was inclined to revisit his order from earlier this month that effectively pulled the plug on the domain name.

There are some alternate DNS names you can use to access since they've been censored by an unconstitutional injunction in California.

The weird story is this: A Swiss bank, allegedly laundering money in the Cayman Islands is caught by a whistle blower, and the story posted on The bank files an injunction in California district court and it's signed by the district judge without amendment and without Wikileaks counsel present. They are notified only hours in advance, and by email. The injunction goes after California registrar Dynadot, and requires them to pull all DNS records which redirect to's website.

Though, this doesn't pull the site, of course. Also, they have multiple sites around the world, to defeat censorship in places such as China -- little did they think this kind of censorship of the press would happen in the U.S.:

In order to deal with Chinese censorship, Wikileaks has many backup sites such as (Belgium) and (Germany) which remain active. Wikileaks never expected to be using the alternative servers to deal with censorship attacks, from, of all places, the United States.

Their original site (sans DNS records) with the article on the injunction is still available here (

From boing boing.

Wikileaks:Cover Names - Wikileaks

Alternative names you may use to communicate with Wikileaks in order to avoid censorship or cursory surveillance.

  EFF sues DHS

I know I have problems getting through the border. I'd rather not travel to the U.S. if I can help it, and I have family there.

Civil Liberties Groups Sue Homeland Security for Records on Intrusive Questioning and Searches of U.S. Travelers | Electronic Frontier Foundation

ALC, a San Francisco-based civil rights organization, received more than 20 complaints from Northern California residents last year who said they were grilled about their families, religious practices, volunteer activities, political beliefs, or associations when returning to the United States from travels abroad. In addition, customs agents examined travelers' books, business cards collected from friends and colleagues, handwritten notes, personal photos, laptop computer files, and cell phone directories, and sometimes made copies of this information. When individuals complained, they were told, "This is the border, and you have no rights."

But we're not done yet...

PC World's Techlog End of the Vista Kill Switch: A Good Start--But Not Enough

I'm used to any news involving Microsoft's Windows Genuine Advantage anti-piracy system involving headaches for innocent Windows users who are simply trying to use the software they paid for. But here's a positive development: Microsoft has announced that Windows Vista SP1, shipping early next year, will end the kill-switch measure that cripples every aspect of Windows Vista except limited Web browsing if it believes you to have a pirated copy of the operating system. (Over at ZDNet, Ed Bott has a good summary of this and other WGA changes.)

I say "believes" because WGA has had a nasty tendency to become confused and accuse paying customers of stealing their software. When it did this to thousands of users back in August, I gnashed my teeth and wrote a column telling Microsoft that it needed to either make fundamental changes to WGA or simply end it altogether.

I guess PBP (pretty bad privacy) didn't sound as cool.

Hushmail turns out to be anything but - Internet -

A court document in a drug smuggling case has shown that the private email service Hushmail has been cooperating with police in handing over user emails..

Hushmail claims to offer unreadable email as it uses PGP encryption technology and a company specific key management system that it says will ensure only the sender and recipient can read the emails. However it seems the Canadian company has been divulging keys to the American authorities.

The document describes the tracking of an anabolic steroid manufacturer who was being investigated by the Drug Enforcement Administration (DEA). The document alleges that the majority of those engaged in the trade in anabolic steroids use Hushmail to communicate.

The DEA agents received three CDs of decrypted emails which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada.

Ah, good news.

Slashdot | RCMP Won't Go After Personal Filesharers

"The RCMP announced that it will stop targeting people who download copyrighted material for personal use (Google translation). Their priority will be to focus on organized crime and copyright theft that affects the health and safety of consumers, such as copyright violations related to medicine and electrical appliances, instead of the cash flow of large corporations. Around the same time that the CRIA successfully took Demonoid offline, the RCMP made clear that Demonoid's users don't have to worry about getting prosecuted, at least not in Canada. 'Piracy for personal use is no longer targeted,' Noel St-Hilaire, head of copyright theft investigations of the RCMP, said in an interview. 'It is too easy to copy these days and we do not know how to stop it.'"

About Me

About the Blogger

I suppose if you've been reading my site for any length of time, you're probably curious to know who I am, and why I think people will read my blog. Online, I'm known as Zuckervati, mostly because it's easy...
» More ...

Mailing List Signup

What? There's a mailing list?

Sign up for the Mailing List

Follow Me on Twitter

Recent Entries

Tag Cloud

politik / film / video / skeptic / cewl / techno / humour / haxors / nosh / can-con / gaming / religion / weird / sex / funny / eco / music / stupid / photos / cocktails / George Bush / blogosphere / flickr / travel / evolution / politics / creationism / creationist / mobile / awful / photography / Star Wars / awesome / geek / bartending / coffee / drinking / mixology / alcohol / liquor / bartender / cocktail recipe / cats / food / Savoy Cocktail Book / science / Lovecraft / books / parody / Cthulhu / articles / TV / pets / John McCain / Movable Type / promos / cartoons / sci-fi / Canada / Radio Zuckervati / cool / Roger Ebert / system / atheism / comics / reviews / technology / writing / zombies / anime / anonymous / MMO / Star Trek / television / Alinea / animation / Batman / Futurama / Halloween / horror

Twitter Stream

D H McKee's bookshelf: to-read

Sunset and Sawdust
tagged: to-read
The Thicket
tagged: to-read
tagged: to-read