Generating passwords.

A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen.  If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated.  Good times.

You've probably wondered why stolen passwords are dangerous.  There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services.  Coupled with the fact that many online services use e-mail addresses as usernames, this means that all …


Neologism: Hopepothesis

Hopepothesis - noun - What you come up with when you really don't know what you're doing or what's going on, but you pull something out of your ass anyway.  If anybody asks, that's your working hypothesis.

DefCon 23: Presentation notes

Here and behind the cut are the notes I took at DefCon 23. They are necessarily incomplete because they're notes, and I refer you to the speakers' presentations and eventually video recordings for the whole story.

Applied Intelligence: Using Information That's Not There - Michael Schrenk

  • Knowing your operations and resources
  • More effective and efficient
  • Competitive intelligence
  • What's happening outside of your business
  • Know your competitors and markets
  • Collect, analyze, and apply external data
  • There is a professional association of people who do competitive intelligence
  • Applied intelligence is actionable and changes what you do
  • Most is useless unless you develop it …

Attention people of Syria:

Reprinted from here in case gets filtered.

The following phone numbers can be used for free dialup access to the Net:

00492317299993 User=telecomix Pass=telecomix
004953160941030 User=telecomix Pass=telecomix
0031205350535 User=XS4all Pass=XS4all
00431962962 User=selfnet Pass=selfnet
0034912910230 no password
0016033715050 no password
004721405060 no password

Dial up access for Syria:


user:telecomix password:telecomix

@speak2tweet works in Syria. Call +16504194196, +390662207294 or +442033184514 to hear tweets or leave a tweet. seems to work for accessing the Google search page. Other features might use different servers …


Passwords, passphrases, and practical use.

One of the most annoying things about the modern world is that pretty much everything you're likely to use these days, from your network login at work to your webmail account to your bank's website requires a username and password before you can actually do anything. Way back when this functionally didn't used to be such a big deal - people chose easy to guess passwords for their accounts and left it at that. Later on, admins discovered that crackers probably wouldn't spend hours on end guessing passwords, they'd spend a few hours writing software to do it for them (which …


Your American tax dollars (and login credentials) at work.

Earlier this year, pen-testers hired by the Internal Revenue Service attempted a time-worn attack as part of their assignment: They phoned up 102 people who work at an IRS office while pretending to be tech support and asked them for their usernames. The people called were also asked if they could temporarily change their passwords to something simple (love? sex? secret? god?) as part of a troubleshooting effort.

61 of the 102 people complied with the request of complete and total strangers. If this hadn't been a pen-test, those office networks would have been sitting ducks. Only eight people called …