Sunday, December 30, 2012

China requires Internet users to register their names

China's government tightened Internet controls with the approval of a law that requires users to register their names after a flood of online complaints about official abuses rattled Communist Party leaders.

Chinese authorities pretend the law will strengthen protections for personal information. But it is more likely to curtail the Internet's status as a forum to complain about the government or publicize corruption.

Wednesday, December 26, 2012

The entertainment industry's release strategy creates piracy

From The Guardian:

If you want people to buy media, you have to offer it for sale. If it's not for sale, they won't buy it, but many of them will still want to watch or hear or play it, and will turn to the darknet to get – for free – the media that no one will sell to them.

This isn't a surprising research finding. Everyone who's ever run a business or worked in any kind of sales job knows that rule one is to make a product that people want and then offer it at a price they're willing to pay. Doing this won't always make you rich, but no one ever got rich without starting from there.

Tuesday, December 11, 2012

25-GPU cluster cracks every standard Windows password in <6 hours

Via ArsTechnica:

A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.

The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 958 combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm—which many organizations enable for compatibility with older Windows versions—will fall in just six minutes.

The Linux-based GPU cluster runs the Virtual OpenCL cluster platform, which allows the graphics cards to function as if they were running on a single desktop computer. ocl-Hashcat Plus, a freely available password-cracking suite optimized for GPU computing, runs on top, allowing the machine to tackle at least 44 other algorithms at near-unprecedented speeds. In addition to brute-force attacks, the cluster can bring that speed to cracks that use a variety of other techniques, including dictionary attacks containing millions of words.

...the machine is able to make about 63 billion guesses against SHA1, the algorithm used to hash the LinkedIn passwords, versus the 15.5 billion guesses his previous hardware was capable of. The cluster can try 180 billion combinations per second against the widely used MD5 algorithm, which is also about a four-fold improvement over his older system.