OK. Just saw someone posting "8 Character Passwords are Dead"
To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.
That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.
Yes, 8 character passwords should be dead, but this is bogus.
Super cool and simultaneously creepy. It’s now an arms race between things like fingerprint scanners and facial recognisers and GANs. https://www.inverse.com/article/53280-this-person-does-not-exist-gans-website
I'm running a pi-hole in the house now to block ads and trackers. It's absurdly easy to setup and very effective. Plus the stats are so interesting to see all the ads blocked. The best thing is that because it works at the DNS level, it affects things like TVs, mobile apps, game consoles, and other embedded devices. https://pi-hole.net/
If you have a #mac and you want to forget the open #wifi access points that your mac has joined, this handly little python script does the trick. It leaves alone any wifi that has a password. Only deletes the WiFi networks that have no password. If you use #iCloud keychain, this will have the lovely side-effect of deleting them from your #iPhone/#iPad at the same time. https://github.com/mubix/osx-wificleaner
You might also want to disable the captive network assistant on your mac:
Maybe I’ll put a password on this zip file. Why bother? Crypto implemented like a CS undergrad. With many eyes, all bugs are someone else’s job to find. https://twitter.com/3lbios/status/1087848040583626753
This is an absolutely epic thread about racking and stacking. I love it. https://twitter.com/QuinnyPig/status/1087472201492643840
Here's how my #Monday is starting. How's yours?
I started visualising my #CloudTrail events on #AWS using #ElasticSearch. I blogged about it and put the code on Github.
Blog post: https://blog.paco.to/2019/cloudtrail-to-elasticsearch/
I have this idea that tooling that turns specs into documentation (like Swagger or JavaDoc or whatever) should keep a giant list of apologetic modifiers and prepend them to the front of every paragraph or section or something.
"Unfortunately, this function takes and string and…" "Deplorably, a Segment object is used to model…" "Tragically, a responds code of 304 indicates…"
Not learning a thing from 3D printing of TSA keys or all the data breaches that have happened in the last decade, a firm has created photos-of-keys-as-a-service. It is a bad idea beyond bad ideas.
This year's announcement. https://www.bbc.co.uk/news/technology-46795616
Why that's bad.
I just disabled #clamav on my email server. I'm not sure that it detects anything of value, but it uses half the instance's RAM trying. I suspect the RAM-to-value ratio is not good enough.
If you're in #infosec and you're in Europe, the Middle East, or Africa, there's a great award to recognise an outstanding contributor: the ISLA (Information Security Leadership Award). Nominations close in 2 weeks: https://www.abstractscorecard.com/cfp/submit/login.asp?EventKey=ZVLLTVYZ