Ben Adida suggests that you don’t hash your secrets.
That means that if you know SHA1(secret || message), then you can compute SHA1(secret || message || ANYTHING), which is a valid signature for message || ANYTHING. So to break this system, you just need to see one signature.
Not being a cryptography expert, I was blown away by his article. At the core of his post is the idea that given a hash digest of a message, one could compute the hash of message + appended_message without even knowing the original message.
I had to see this for myself. Was it that easy to extend an MD5 or SHA1 hash?
Below, you’ll find working python code and an explanation for spoofing signatures signed with the MD5 algroithm.
Continue reading…
EDIT 2010-07-01 : I’ve packaged up a shell script to allow you to save and jump to commonly used directories. It’s called bashmarks and it has tab completion functionality built-in. Learn more about bashmarks here.
Before I wrote this script, It felt like I spent half of my time in terminal cd-ing around to various directories. If you’re like me, placing this snippet into your .bashrc file will save you tons of time each and every single day:
# Bash Directory Bookmarks
alias m1='alias g1="cd `pwd`"'
alias m2='alias g2="cd `pwd`"'
alias m3='alias g3="cd `pwd`"'
alias m4='alias g4="cd `pwd`"'
alias m5='alias g5="cd `pwd`"'
alias m6='alias g6="cd `pwd`"'
alias m7='alias g7="cd `pwd`"'
alias m8='alias g8="cd `pwd`"'
alias m9='alias g9="cd `pwd`"'
alias mdump='alias|grep -e "alias g[0-9]"|grep -v "alias m" > ~/.bookmarks'
alias lma='alias | grep -e "alias g[0-9]"|grep -v "alias m"|sed "s/alias //"'
touch ~/.bookmarks
source ~/.bookmarks
Continue reading…
I found a webcam in your neighborhood. As I type, I see your dog easing out a steady stream of its steady-stream onto your neighbor’s freshly lacquered patio. Don’t believe me? see the results for yourself:
(Unsecure) Webcams Around the World
How?
It first started with this link, And then this, And finally this.
Continue reading…
