Elliott C. Back: Internet & Technology

How to Protect Your Password

Posted in Cracking,Hacking,Security,Spam by Elliott Back on June 7th, 2012.

You may have read about the tens of millions of usernames and passwords which have been recently been compromised/hacked/leaked on major websites in the last few weeks. If not, here are a few of the stories:

  • 30 million passwords leaked from LinkedIn due to unsalted SHA-1 hashes stored centrally.
  • 6 million passwords hacked at Last.FM, the popular music discovery service.
  • 1.5 million passwords leaked from eHarmony.

In the last year other services have experience serious security breaches:

  • 100 million accounts compromised on the Sony Playstation Network (PSN). Sony offered free credit monitoring and games to all PSN users to compensate them, a major departure from the typical “change your password” / sweep it under the rug response.
  • All RSA SecureID tokens were compromised by the theft of RSA intellectual property and cryptographic keys. RSA tokens are used by most enterprises to login remotely as part of multi-factor authentication scheme.

How can you protect yourself?

Signup for a service like 1Password or LastPass, which offer convenient browser extensions. They generate unique passwords per website that you user, so the breach of security at Facebook won’t affect your password on Mint.

How can Web Developers protect users?

Move to standardized authentication methods, like OpenID or Facebook/Twitter/Google login integration. If the authentication mechanism is outsourced, your customers and users don’t need to worry about how you store their passwords.

If you absolutely want to store user passwords, please read How to Safely Store a Password and use bcrypt to do the heavy lifting. Then even if your login/password database is compromised, nothing will come of it.

Why Sarah Palin Sucks for VP

Posted in Politics,President,Religion,Science by Elliott Back on September 7th, 2008.

Sarah Palin, after winning John McCain’s VP nomination, has been in the news a lot these days. Photoshopped and real pictures showing her in her beauty pageant glory days have been flooding the web, while incriminating Youtube videos exploit her poor camera performance and public speaking ability. Everywhere I look, no one can take her as a serious contender for the Vice Presidency.

But that’s not why I think Sarah Palin sucks. I don’t care about her looks, her messy personal life, or her pregnant teenage daughter. I care about what she’s done, and what she’s willing to do, in office.

Sarah Palin: Eminent Domain

Sarah Palin, while mayor of Wasilla (1996-2002), decided to build a $15M multi-use sports facility as her legacy. However, when the city failed to close the $125k deal on the land where she wanted it built with the Alaska Nature Conservancy, they went ahead and began to build anyway. On someone else’s land. Sara Palin then invoked Eminent Domain law to sue the developer who held title to the land, Gary Lundgren, who eventually won the court case, and settled with the city to the tune of an additional $1.7M.

Sarah Palin sucks because she is willing to try to steal private property from its rightful owners for her own good.

Sarah Palin: Book Bans

According to Time, Sarah Palin, “asked the library how she could go about banning books” because some of her constituents believed they used “inappropriate” language. Sarah Palin also threatened to fire the librarian, Mary Ellen Baker, for not giving “full support” to the mayor.

Update: the following list of books Sarah Palin wanted banned, courtesy of Liveleak, looks similar to every other list I’ve seen of books the Christian right has wanted banned.

Update 2: The above list is a complete fabrication, a copy-paste job of an older list of books banned over time. Some fact checking shows that books late in the Harry Potter series are on the list, which came out after Sarah Palin’s inquiries into book-banning. The truth of the book-banning incident is apparently a rhetorical inquiry into how the librarians would react were she to issue the order… still scary…

Sarah Palin sucks because she is willing to censor anything that doesn’t fall into her narrow set of beliefs.

Sarah Palin: Creationist

According to The Lang Report, Sarah Palin in 2006 said in a gubernatorial debate, “Teach both. You know, don’t be afraid of education. Healthy debate is so important, and it’s so valuable in our schools. I am a proponent of teaching both.” In spite of courts having (fortunately) ruled that teaching creationism is a violation of the separation of Church and State, electing someone with Sarah Palin’s beliefs will inevitable continue the Bush legacy of eroding America’s scientific prominence.

Note that the education arena is not the only area where Sarah Palin’s policy may have been shaped by her religious views. Her Pastor Kalnins believes in the “end times” or “last days,” and that Alaska may soon “be the refuge” for those fleeing the apocalypse of the world. These beliefs are absurd.

Sarah Palin sucks because she’s willing to compromise educational policy for her own personal religious beliefs.

Sarah Palin: Homophobe

I’ll submit the following quotation from The Bilerico Project, which lays out the facts fairly well:

Palin said she’s not out to judge anyone and has good friends who are gay, but that she supported the 1998 constitutional amendment. Elected officials can’t defy the court when it comes to how rights are applied, she said, but she would support a ballot question that would deny benefits to homosexual couples. “I believe that honoring the family structure is that important,” Palin said.

Sarah Palin sucks because she believes homosexual couples are inferior to heterosexual ones.

Sarah Palin: Racist

Sarah Palin’s attitude towards native populations living in Alaska, or black Barack Obama, indicates that skin color matters to her. The LA Progressive article Palin Is “Racist, Sexist, Vindictive, And Mean” sheds some light:

“Sambo beat the bitch” may be everyday language up in the bush. Whether it – and the outlook, politics and worldview Palin reflects when she says such things in public – should be part of a presidential campaign is another thing altogether. The comment says as much about McCain as it does about Palin, and it says a lot of things about Americans who overlook such statements (as well as her record) and vote anyway for McCain.

Sarah Palin sucks because she refuses to treat those she views as different as her equals in politics. America is a complex country, full of differing cultural groups and interest; only a president sensitive to the variety of man can successfully navigate the American melting pot.

Sarah Palin: Anti Sex Education

Sarah Palin oppose the “right to choose”, and advocates abstinence-only sex education. The Huffington Post quotes her saying, “The explicit sex-ed programs will not find my support.” This is a problem, because abstinence-only sex education is futile and ineffective, and has been thoroughly debunked. Reading statistics like “by age 18, about 71 percent of U.S. youth have had sexual intercourse” would lead one who cares about America’s youth to teach them safe-sex, not tell them a “no sex” message that will be ignored.

Update 3: For the other side of the story, you should read Newsweek’s great Sliming Palin: False Internet claims and rumors fly about McCain’s running mate story. Although I feel many of their anecdotes are just trying to muddy the waters, no issue in politics is black and white either, and this certainly deserves the “fair and balanced” treatment. Isn’t life just shades of gray?

Update 4: Check out what Matt Damon thinks of Sarah Palin:

Matt Damon Rips Sarah Palin –

Apple Pulling iPhone Apps from the App Store

Posted in Apple,Errors,Hacking,iPhone by Elliott Back on September 1st, 2008.

Apple has become notorious for removing applications from the iPhone app store, generating huge amounts of controversy as each application is removed. This post aims to aggregate the controversy into a single page, for reference.

i-am-rich.jpg

The infamous I am Rich application sold 8 copies of the above glowing jewel for $999 a pop. The author, Armin Heinrich, said “I am sure a lot more people would like to buy it, but currently can’t do so,” Heinrich said. “The App is a work of Art and included a secret mantra; that’s all.” The application was pulled from the iTunes store on August 7th after reviews like

“I saw this app with a few friends and we jokingly clicked ‘buy’ thinking it was a joke, to see what would happen. … THIS IS NO JOKE…DO NOT BUY THIS APP AND APPLE PLEASE REMOVE THIS FROM THE APP STORE”

began to appear for the application. There is still no official comment from Apple as to why they removed the expensive, artsy application. According to the L.A. Times, Heinrich is also baffled: “I have no idea why they did it and am not aware of any violation of the rules to sell software on the App Store.”

slasher.jpg

Slasher, an iPhone app which “displays a common kitchen knife on the screen and plays a horror sound when you make a stabbing motion” was pulled from the App Store for violating section 3.3.12 of the iPhone SDK agreement covering objectionable content:

3.3.12 Applications must not contain any obscene, pornographic, offensive or defamatory content or materials of any kind (text, graphics, images, photographs, etc.), or other content or materials that in Apple’s reasonable judgment may be found objectionable by iPhone or iPod touch users.

The Author is still trying to get clarification about what this means and get his application back into the App store. However, it sets an unfortunate precedent that any application (think about Religious apps, bound to offend other Religions…) can be pulled simply because someone, somewhere claims to be offended.

ipint.jpg

Carling Brewery’s iPint application was removed from the Apple store after a mistake in classification caused the enormously popular application to be listed internationally, instead of in the local UK market. iPint is still available for UK iTunes users.

light.jpg

Erica Sadun’s light-making application apparently made the iPhone’s LCD brighter than the default brightness. Somehow this was a violation of Apple SDK, and the App has vanished from the App Store. If you know more about “Light”, please leave a comment. I can find little on it.

phonesaber.jpg

PhoneSaber was an iPhone application to emulate swinging a Star Wars lightsaber around. As you swing your phone, it would emit various sound effects. According to this post, Mac Box took down the app voluntarily after a THQ rep communicated that they violated Lucasfilm’s mobile licensing.

netshare.jpg

As you all know, Netshare, the innovative app that let you use your edge or 3G cellular as a local wifi router, essentially tethering for the iPhone, was pulled by Apple after AT&T leaned on them. Nullriver notes that “we’ve received no communication from Apple thus far. NetShare did not violate any of the Developer or AppStore agreements.”

Next Page »