Archive for the ·

Internet

· Category...

Passwords

Comments Off

This week was not a good one for “cloud security”. No less than three major web sites had their password databases stolen, with LinkedIn as one of the biggest hits. Since they did not “salt” their password hashes, there is now a trove of easily crackable password hashes for everybody to go through.

Not exactly my cup of tea, but what I found interesting was this tool which lets you check whether a passwords was included on the list of 6.5 million. Now, I wouldn’t advice anybody to type their real password in there, no matter how much that web sites claims they are the “good guys”. However, it’s fun to see what other “clever” passwords people come up with. Here’s some of the ones I’ve found (minimum length at LinkedIn was 6 characters).

The obvious: password, 123456, qwerty

The keyboard layout: qazwsx, zse4xdr5, 0987654321, mnbvcxz.
Well, virtually every “clever” layout combination I can come up with. Including “super clever” ones like: zse456, 890okm, !QAZ”WSX.

The names: harry1, harry2, harry3, harry4, harry5, harry6, harry7, harry8, harry25, harry26, anna25, john30.

The famous: rambo1, gaga12, posh10, clinton, billgates, hilton

The pets: puppy1, puppy2, bonzo1, pluto1.

The cities: london, newyork, berlin, oslo11, tokyo1, zurich

The obscene: Actually, I’d rather not have my blog black-listed by iterating them here. You go ahead and try yourself. There’s many of them. If the word doesn’t make up six letters, append 1 or 10.

Ok, that’s enough fun for now. I’m thinking this would make a great game! A twist on the old hang-man. Or maybe more time-based: Guess 10 LinkedIn passwords in 20 seconds. Well, looking at the examples above, that’s possibly too easy.

Comments Off

IP6: This time it’s for real

Comments Off

Last year, Google and other leading Internet sites and companies turned on dual-stack IP4/6 for their domains. Back then, it was only for one day. Yesterday, 6 June, it’s on for good. And it works!

To test your connection, try http://test-ipv6.com.

Below are some ping6 tests from today, just for the record. nine.ch is my hosting provider.

$ ping6 google.com
PING google.com(mil01s17-in-x06.1e100.net) 56 data bytes
64 bytes from mil01s17-in-x06.1e100.net: icmp_seq=1 ttl=57 time=168 ms
64 bytes from mil01s17-in-x06.1e100.net: icmp_seq=2 ttl=57 time=167 ms
64 bytes from mil01s17-in-x06.1e100.net: icmp_seq=3 ttl=57 time=163 ms

$ ping6 facebook.com
PING facebook.com(www6-10-08-prn1.facebook.com) 56 data bytes
64 bytes from www6-10-08-prn1.facebook.com: icmp_seq=1 ttl=45 time=173 ms
64 bytes from www6-10-08-prn1.facebook.com: icmp_seq=2 ttl=45 time=174 ms
64 bytes from www6-10-08-prn1.facebook.com: icmp_seq=3 ttl=45 time=173 ms

$ ping6 nine.ch
PING nine.ch(2a02:418:6201:499::157) 56 data bytes
64 bytes from www.nine.ch: icmp_seq=1 ttl=57 time=176 ms
64 bytes from 2a02:418:6201:499::157: icmp_seq=2 ttl=57 time=176 ms
64 bytes from 2a02:418:6201:499::157: icmp_seq=3 ttl=57 time=175 ms
64 bytes from 2a02:418:6201:499::157: icmp_seq=4 ttl=57 time=175 ms

Comments Off

Internet blackout

Comments Off

Today many sites across the Internet mark their opposition against the proposed US legislation Stop Online Piracy Act (SOPA) and the Protect-IP Act (PIPA). Jason Hooper has made a collection of screenshots of the black front pages.

Hopefully, this will never become a reality. However, for some sites it already is. In Holland, Pirate Bay is already on the blocking list, as is the case in Belgium. And a number of domains were already seized by the Department of Homeland Security last year.

The days of the free and uncontrolled Internet is long gone, and in some countries, it never even existed. The next questions are how much freedom there will be left on the WWW as we know it today, and how much will have to be taken under ground, using darknets or similar systems.

Comments Off

Low end hosting

Comments Off

I recently found this great overview of cheap and simple hosting and Virtual Hosting solutions: lowendbox.com. It includes many providers of cheap hosting solutions for private and small business use.

If you are able to manage your own server, e-mail and web site, there are many reasons you should take matters in your own hands. For the most basic use case, family e-mail and a small web site, it does not have to be expensive or take much time. Including your own domain, you should end up under 200 Euros / year.

For only e-mail, or only web hosting, you might get by on the smallest of boxes offered, which is usually 128 MB of RAM. However, if you need both on the same machine, 256 MB is rather tight. For disk, somewhere between 10 and 20 GB should be sufficient. And the traffic / month limits are usually more than enough, often as high as 100 GB / month or more. CPU is usually never a limiting factor for a basic setup.

So register a domain, rent some space, and become an Internet householder and landowner.

Comments Off

Real Names

Comments Off

The “Real Names” discussion is raging these days, and it’s great to see not only fringe opinionist chipping in, but big names on both sides. Danah Boyd from Microsoft chooses to focus on the power people ought to have to secure themselves. While Alexis Madrigal, senior editor at The Atlantic, looks at pseudonyms and how they can be used to avoid persisting and attaching information to one’s real identity. The Slashdot crowd says, “if you don’t like it, don’t use their service”. Everybody has a story from Facebook when sensitive information leaked out to the wrong people.

All this starts to sound familiar, and indeed the various points raised now were all neatly collected about two years ago in Viktor Mayer-Schonberger’s book “Delete: The Virtue of Forgetting in the Digital Age. Schonberger’s argument was not focused on real name or pseudonyms, but rather examined what happens when the default shifts from forgetting to remembering almost everything. He investigates several options and solutions to the problem of eternal memory, and has at least one suggestion which might help: expiration dates for information.

Although engineers and managers alike would get much back from reading the book, I fear that Schonberger’s argument would be lost on many of them. It would drown in technical details and resistance, never making it into code. Expiring digital information is so counter-intuitive to how engineers work and think, it would be written off as impossible.

As for the “Real Names” debate, my take is “trust no one”. “Enemy of the State” is definitely worth a re-watch if you haven’t seen it lately.

Comments Off

Test if your ISP is manipulating BitTorrent traffic

Comments Off

The Max Planck Institute for Software Systems brings you a test to see if your ISP is throttling BitTorrent traffic from your computer. At the end of the tests, it also gives some nice statistics on your upload and download speeds.

http://broadband.mpi-sws.mpg.de/transparency/bttest.php

Comments Off

The Internet – We’re not going to give it to them

Comments Off

In a long profile interview, O’Reilly tells about his meeting with American power:

The Whole Internet User’s Guide and Catalog (1992) became a category-busting best-seller, establishing itself as “a 250,000-copies-a-year thing,” O’Reilly says, at least until it became outdated in the mid-’90s. He saw the book not just as a tent pole for his business but as a chance to awaken the world to the Internet.

He went on a press tour. He sent a copy to every member of Congress, and was invited to meet with House aides. Before addressing a huge group of them, he was taken aside by the House IT department. “I go into this little room, and it’s like Three Days of the Condor,” O’Reilly recalls. “This old guy in a three-piece suit and a cane says, ‘We don’t want you to get the aides too excited about the Internet, because we’re not going to give it to them.’ So I went out and got them excited anyway.”

Comments Off