February 26, 2012 1:03 AM
Posted by: Dan O'Connor
Here is what I could break down.
1,578,060 unique account and password combinations, this is not %100 accurate. There was some accounts that had blank email addresses so that mucks it ups a little.
Of that there is 832,507 unique passwords, my next task will be to compair that list to my already existing dictionary to see how many new ones we have.
February 25, 2012 2:04 AM
Posted by: Dan O'Connor
vshpere 5 w2k,
vsphere 5 windows 2000,
vsphere 5 windows 2000 conversionSounds so simple.
I started up my VMWare Converter and aimed at a Windows 2000 server, and it would not go? That’s strange.
I tried a few times, still wont start. Next I attempted to log in and run the client from the target, same issue but now I get a message that only XP and up is now supported.
Well does that not make for an afternoon, after a few attempts at other version I did get v4 to go. I connected to the VCenter ok-ish. It did work but I had to select a host and not the cluster also picking the datastore it was going to go to was not going to happen. No matter what I selected it went to the first datastore on the host.
So the short version is that you need V4 and be prepared to move some machines around, but other then that success.
February 25, 2012 1:37 AM
Posted by: Dan O'Connor
There is a large set of usernames and passwords from the site youporn.com out in the wild. I have seen reports of it being over 1 million accounts.
If you are in to password research it can be found on torrent sites.
I have found a few sites that have done analysis of the hack, but the results are differing so I might have to take a look myself.
February 12, 2012 3:24 PM
Posted by: Dan O'Connor
I have to admit I do not do very much web / app development. Maybe a one or two times a year and I am not sure how you end up with storing passwords in plain text?
I guess you would have to write your own authentication, not sure why you would go through all of that when there is stuff already made. Strange.
http://www.engadget.com/2012/02/12/microsoft-store-hacked-in-india-leaked-passwords-stored-in-plai/
February 9, 2012 8:20 PM
Posted by: Dan O'Connor
norton source code,
pc anyware source code,
symantec hackIf you have missed it, individuals claiming to be connected to anon have stolen source code to Norton AV and PC Anywhere. They attempted to blackmail Symantec in to paying them to keep it under wraps. From what I have been able to find the contact at Symantec was FBI, playing as an employee.
http://pastebin.com/GJEKf1T9
I would think that this will become more prevalent over the next 18 months, once one story like this goes around there will be copy cats. More details;
http://news.cnet.com/8301-1009_3-57372308-83/hackers-wanted-$50000-to-keep-symantec-source-code-private/
Also the code is posted on some bittorrent sites, I will not link to that. If you really want it, it’s not hard to find.
February 9, 2012 8:13 PM
Posted by: Dan O'Connor
A few links;
http://www.imperialviolet.org/2012/02/05/crlsets.html
http://arstechnica.com/business/guides/2012/02/google-strips-chrome-of-ssl-revocation-checking.ars
It makes no sense to continue to use the CRL. My personal experience is limited with it, but I have to agree with the experts on this one.
February 2, 2012 9:21 PM
Posted by: Dan O'Connor
symantec hack,
verisign,
verisign hackWhile it happened a while ago, it just came to light in a filing to the SEC.
http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202
The details in the story are lacking, but this type of attack can be very serious. It also seems to be a trend of attacking certificate signors. Having a legit signed bank or Google cert can net you a ton of money.
