27 Haziran 2012 Çarşamba

What Every User Needs to Know About TrialWorks Add-In and the MSG Conversion.

To contact us Click HERE
As previously mentioned in our blog (http://trialworks.blogspot.com/2007/04/trialworks-version-936-is-now-available.html) the 9.36 release of TrialWorks supports a new e-mail filing feature that no longer depends on Microsoft Exchange Public Folders to file e-mails. We've been getting lots of questions and insight from our users about the change, and I wanted to take a minute to share with you some of the things that your office, your techs, and your users should know about the new feature.

In a nutshell, until version 9.36, the only way TrialWorks filed e-mails was by tagging case information to a message and moving it to the associated Exchange Public Folder. Last year Microsoft announced to do away with the legacy public folder system and introduced new functionality to Exchange 2007 that would boost functionality and completely replace the old-school system. As a side-note, due to the outcry from the Exchange community, Public Folders are still available in Exchange 2007 - but we moved on. So we introduced the Save as MSG function to TrialWorks. MSG is simply the file extension on Outlook Messages saved to the file system, instead of Exchange. They retain their e-mail properties but are saved outside of the e-mail system; Outlook is still used to open them.

  1. First and foremost, users have asked whether the change is necessary. Although we do not require any office to switch to the new Save as MSG format, our future developments of new Outlook E-mail integration are focused on the nonexistence of Public Folders, therefore firms that are still utilizing the legacy system may not benefit from new functionalities available to those that have switched to Save as MSG.

  2. What are the benefits of switching to Save as MSG, apart from future developments? There are several benefits to both users and server administrators, so I rather list them separately:

    Users: More reliable e-mail filing system that works better with larger e-mails (specifically those carrying attachments) and less problems associated with unfiled messages or add-in not loading that users have experienced, especially after the January 2007 Outlook Security Bulletin that affected add-in function. The upgrade to 9.36 coupled with the Save as MSG conversion will resolve outstanding add-in problems that may be a result of not having the latest TrialWorksAddin.DLL or Redemption.DLL (which we made available after the security bulletin).

    Server Administrators: Massive reduction in Exchange resource use as the Exchange Public Folder Store will contain minimal amounts of data. Although the Save as MSG Conversion will not delete the public folders, all server administrators are encouraged to backup exchange and move the existing TrialWorks Public Folder to PST and out of Exchange. The reason for keeping the PST and backup is simply to maintain all precautions. Furthermore, future server migrations will become far easier to manage as the TrialWorks SQL Server-2-Server Migration protocols is reduced to 2 stages, instead of 3.

  3. What practices do you recommend for the migration? It is important to know that the actual Save as MSG Conversion is a 2 step process; the first step involves a check-box in Global Settings and the second is a single-click activation of the conversion process from TrialWorks. However, prior to triggering the migration all IT admins are encouraged to 1) backup exchange server and save the backups 2) backup SQL server and save the backups 3) change settings trigger the conversion 4) review and save the log files 5) disable user access to public folder for a few days 6) move the public folders out of exchange.

  4. What can users expect to see after the migration? The TrialWorks Choose A Case button will remain the same through 9.36, with new functionality in version 9.37 (currently in BETA). However, there are some changes that you should be aware of:

    Outlook Folder Button: no longer displays the Outlook E-Mail Window, instead opens with Windows Folder containing e-mails for that case. That screen does not offer a preview pane or message header information. You are expected to utilize the E-Mail Tab.

    "BackDoor" to Saving E-mails: historically users could Move to Folder any message they chose (or a number of messages) through Outlook. That feature is no longer available. Technically Save As function could be used, but it is too cumbersome. So no backdoor ability.

    Messages Are Now Indexed: As long as your Index Server is running, and it should be, your TrialWorks Catalog will collect all e-mail message information and include it in search results. This makes it possible to search all e-mails within fractions of a second.

    Messages Are Now in Deleted Items: After a message is "filed" to a case, it is also moved to Deleted Items in Outlook. Those messages will remain there for as long as the Deleted Items are not purged. This makes it easy to quickly reference filed messages without having to go to a case. Please remember that those are only COPIES of the messages you filed, but they are available for reference and we have received lots of positive feedback about that feature.

    More reliable E-Mail filing: The new feature resolves various issues since the Microsoft Security Bulletin. Although we addressed them in 9.35 and packed the fix in 9.36, the MSG function helps resolve outstanding problems by default.

    Windows Security Message When Opening E-Mails From TrialWorks: Windows by default will prompt with a security/caution message whenever you double click on an e-mail item in TrialWorks. You can change the behavior by going, inside of Windows Explorer, to Tools > Folder Options > File Types > MSG > Advanced and unchecking the "Confirm Open After Download" checkbox.

  5. Are There Any Known Technical Problems? The Save as MSG function had been in development and testing for over 12 months, but ultimately it is our users that help us notice potential problems and work towards a speedy solution. Just recently we have noted that in some instances messages that are opened from TrialWorks E-Mail Tab, then closed, and then opened again Outlook may randomly generate a "permission" error message (which pops under the active window, so you don't notice it until you minimize TrialWorks). We are working on resolving the issue for 9.37, which will be out soon. There is no reason to wait for the next release as the upgrade has many benefits and the reported problem is rare.

/KJ author.
/KJ updated on 8/8/07

TrialWorks 9.37 Released

To contact us Click HERE
The TrialWorks 9.37a release has been available for about one week now. The majority of the changed focused on internal functions associated with the Outlook Plug-In for TrialWorks (using the new MSG functions). In addition, we have added a feature to streamline access to the TrialWorks Account Manager.

In regards to the TrialWorks/Outlook integration, 9.37 addresses several problems that affected ability to file certain types of messages. Primarily, errors that were caused by repeated opening and closing of previously filed e-mails (this item is locked error messages). In addition, it enahances the Public Folder to MSG Migration options with new procedures to verify the migration.

As far as the Account Manager is concerned, we have added a Help Menu item that automatically populates the firm's logon credentials. The Account Manager can be used to submit trouble tickets, view basic account information, and schedule/download upgrades.

Defragment the Exchange Information Store after MSG Conversion

To contact us Click HERE
If you are the system administrator for a firm using TrialWorks Case Management Software, than you may have already switched to the Save as MSG function for the TrialWorks/Outlook Add-In available since version 9.36. Well, if you have than you may need to complete a few cleanup procedures to improve performance of your Microsoft Exchange Server.

After the TrialWorks Save as MSG Conversion you should be able to export the existing Public Folder to a PST file. After the folder is copied to a PST (or exported) you can delete it from Microsoft Exchange. However, you will notice that the Exchange Public Folder Store does not decrease in size after deleting the Public Folder. By the way, the expected change in size will likely be huge.

Microsoft Exchange Public Folders will not immediately decrease in size, by design, until you complete a Defreg (defragmentation) on that specific public folder store. To do so you must budget about two hours of Public Folder downtime. When you are ready to complete procedure, you will need to dismount the Exchange Public Folder Store and trigger a defrag from Command Prompt using the ESEUTIL.EXE utility available in Exchange. For more details please review the Microsoft Documentaiton on Exchange Defragmentation.


TrialWorks version 9.37b and Outlook Add-In Functionality.

To contact us Click HERE
TrialWorks 9.37b with the latest TrialWorks Add-In is available as of 10/24/2007. The package is a supplemental patch, and not a complete upgrade. Version 9.38 is expected in the next few days, so users are encouraged to wait for the next release. The version of the TrialWorksAddin.dll is

This version addresses a few e-mail filing problems which would have resulted in messages not being filed from the INBOX, under certain cricumstances. Issues related to this fix typically involved e-mail messages with attachments, but were not limited to that.

TrialWorks Add-In problems may result from an array of problems. Assuming that all other potential problems have been reasonable dealt with (such as WinWord as email editor, LoadBehavior, DisabledItems, Registration, and that users are running MSG functions) the next step is to examin the TrialWorkAddIn.LOG file for this error:

"Error in EmailFilerTimer_Timer:Object variable or With block variable"

IF the error is seen and all other potential failures have been eliminated apply this update immediatley.

Since it is crucial that OUTLOOK be closed during the install of the new add-in, in some cases it may be more efficient to deploy the patch using the Windows logon script than using our TrialWorks messaging option.

Here is a list of commands that may be helpful:

----[ open SBS logon script in notepad from RUN command]------

notepad file:////[servername]/NETLOGON/SBS_LOGIN_SCRIPT.bat

---[insert the text below to the logon script] ----

REM - TrialWorks Aoutlook Addin Update 10/24/2007
xcopy file:////[SERVERNAME]/TrialWorks/Temp/Binn/TrialWorksaddin.dll %windir%\system32\ /D /Y /C
%windir%\system32\regsvr32.exe %windir%\system32\TrialWorksaddin.dll /s

---- [ save the file ] ------

Ask the users to restart their computers. ASking them to Log off and back on can be misunderstood.

Daylight Savings Time: Round 2

To contact us Click HERE

This is a reminder that the 'fall back' of the daylight saving time change this year is one week later than last year, as mandated by the Energy Savings Act of 2005. It will go into effect on November 4th.

As we advised you in the spring, unless certain Microsoft updates are applied to your computers, it is possible that the time zone settings for your system clock may be incorrect during this period. Note that Microsoft has made additional Daylight Savings Time and time zone changes since those released in January 2007. For full information, including directions to Knowledge Base articles, recommended preparation, and general sequence of update actions, see the Microsoft Daylight Saving Time Help and Support Center, at http://support.microsoft.com/gp/cp_dst.

Provided that you apply the applicable Windows updates to all your computers, TrialWorks products are not directly affected by this change. However, those who use TrialWorks third-party integrations that affect your calendar scheduling (like Outlook, Palm and other mobile devices) should ensure that they apply any patches or updates made available by those third-party vendors and follow their recommendations for avoiding appointment inconsistencies.
It is recommended that you check your TrialWorks appointments during the adjustment.

/Author: KJ

25 Haziran 2012 Pazartesi

Ayesha Gaddafi daughter of the late president Muammar Gaddafi spam scam

To contact us Click HERE

Subject: Greetings
Sent by: Ayesha Gaddafi
Sent Via Email: ayeshagaddafi@gmail.com
Determination: Scam Phishing attempt


My name is Ayesha Gaddafi am the only daughter late president Muammar Gaddafi, who ruled Libya from 1969 to 2011. During the period of his stay in office, he made me go into money exchange and gold business but due to the up rising/crisis in libya now he died a careless death as a result of that i made a bold decission that i was going to leave the country so that i will not fall a victim like my father did because the way things are going on,no body is safe.

However before the death of my father he deposited $20 million to a bank in London Uk, which i will provide you with the contact information. And also as people were evacuating the country i packaged 85 kilogram of Gold in an italian safe as a mattar of fact i saw a UNITED NATION humaniterian aid worker he was going to London UK and i secure the two boxes on his care but i did not disclose the original content of box to him.I asked him to help me to convey the boxes to his country in the United Kingdom,i told him that the content of the boxes is my father's properties documents both home and abroad,i told him to help me secure it till my country is calm then i will give him instruction on that,so he to issue to me the certificate of ownership of the boxes with my name which i will forward to you for the collections of the boxes because he said that whoever that is coming to claim it should present the ownership certificate that was our agreement.

As i was making searching in the internet i got your email address and i said to my self that i was going to do busines with you in your country. i am happy the diplomat had now arrived to London safely with my frist son and he has called me and i told him that somebody will call him about the boxes i gave him and he said no problem that my boxes are safe and i am free any time for it.

Having gone through my mail massage i will like us to work together in your country with the money US$20 Million so if you have accepted with me then get back to me with your full name,your country of origin,your age and sex,your private telephone number,your current occupation and lastly any of your valid identification card.

with all this it will enable us to proceed and please remember not to disclose this to any body for security reasons,If you have accepted then i will give you the contact to contact the Diplomat for the boxes of gold and the contact information of the bank were the money is been deposited in United Kingdom and as soon as every thing is concluded i will fly to your country to settle down there for the rest of my life and we will invest the money and sale the gold. Waiting to hear from you as it will enable me to stop searching for another helper.

Best Regard
Ayesha Gaddafi
only daughter late president Muammar Gaddafi From Benghazi Libya.

Top Five Regrets of the Dying By Bronnie Ware

To contact us Click HERE

For many years I worked in palliative care. My patients were those who had gone home to die. Some incredibly special times were shared. I was

with them for the last three to twelve weeks of their lives. People grow a lot when they are faced with their own mortality.

I learned never to underestimate someone's capacity for growth. Some changes were phenomenal. Each experienced a variety of emotions, as

expected, denial, fear, anger, remorse, more denial and eventually acceptance. Every single patient found their peace before they departed

though, every one of them. When questioned about any regrets they had or anything they would do differently, common themes surfaced again and

again. Here are the most common five:

1. I wish I'd had the courage to live a life true to myself, not the life others expected of me.

This was the most common regret of all. When people realize that their life is almost over and look back clearly on it, it is easy to see how

many dreams have gone unfulfilled. Most people have had not honored even a half of their dreams and had to die knowing that it was due to

choices they had made, or not made.

It is very important to try and honor at least some of your dreams along the way. From the moment that you lose your health, it is too late.

Health brings a freedom very few realize, until they no longer have it.

2. I wish I didn't work so hard.

This came from every male patient that I nursed. They missed their children's youth and their partner's companionship. Women also spoke of

this regret. But as most were from an older generation, many of the female patients had not been breadwinners. All of the men I nursed deeply

regretted spending so much of their lives on the treadmill of a work existence.

By simplifying your lifestyle and making conscious choices along the way, it is possible to not need the income that you think you do. And by

creating more space in your life, you become happier and more open to new opportunities, ones more suited to your new lifestyle.

3. I wish I'd had the courage to express my feelings.

Many people suppressed their feelings in order to keep peace with others. As a result, they settled for a mediocre existence and never became

who they were truly capable of becoming. Many developed illnesses relating to the bitterness and resentment they carried as a result.

We cannot control the reactions of others. However, although people may initially react when you change the way you are by speaking honestly,

in the end it raises the relationship to a whole new and healthier level. Either that or it releases the unhealthy relationship from your

life. Either way, you win.

4. I wish I had stayed in touch with my friends.

Often they would not truly realize the full benefits of old friends until their dying weeks and it was not always possible to track them down.

Many had become so caught up in their own lives that they had let golden friendships slip by over the years. There were many deep regrets

about not giving friendships the time and effort that they deserved. Everyone misses their friends when they are dying.

It is common for anyone in a busy lifestyle to let friendships slip. But when you are faced with your approaching death, the physical details

of life fall away. People do want to get their financial affairs in order if possible. But it is not money or status that holds the true

importance for them. They want to get things in order more for the benefit of those they love. Usually though, they are too ill and weary to

ever manage this task. It is all comes down to love and relationships in the end. That is all that remains in the final weeks, love and


5. I wish that I had let myself be happier.

This is a surprisingly common one. Many did not realize until the end that happiness is a choice. They had stayed stuck in old patterns and

habits. The so-called 'comfort' of familiarity overflowed into their emotions, as well as their physical lives. Fear of change had them

pretending to others, and to their selves, that they were content. When deep within, they longed to laugh properly and have silliness in their

life again.

When you are on your deathbed, what others think of you is a long way from your mind. How wonderful to be able to let go and smile again, long

before you are dying.

Life is a choice. It is YOUR life. Choose consciously, choose wisely, choose honestly. Choose happiness.

Bronnie Ware is a writer, singer/songwriter, songwriting teacher and speaker from Australia. She has lived nomadically for most of her adult

life. Bronnie shares her inspiring observations and the insights gained along the way through the diversity of her work.

The Indian With One Testicle named One Stone

To contact us Click HERE

There once was an Indian who had only one testicle and whose given name was 'Onestone'.

He hated that name and asked everyone not to call him Onestone.

After years and years of torment, Onestone finally cracked and said,' If anyone calls me Onestone again I will kill them!'
The word got around and nobody called him that any more.

Then one day a young woman named Blue Bird forgot and said, 'Good morning, Onestone.'

He jumped up, grabbed her and took her deep into the forest where he made love to her all day and all night. He made love to her all the next

day, until Blue Bird died from exhaustion.

The word got around that Onestone meant what he promised he would do.

Years went by and no one dared call him by his given name until A woman named Yellow Bird returned to the village after being away.

Yellow Bird, who was Blue Bird's cousin, was overjoyed when she saw Onestone. She hugged him and said, 'Good to see you, Onestone.'

Onestone grabbed her, took her deep into the forest, then he made love to her all day, made love to her all night, made love to her all the next day, made love to her all the next night, but Yellow Bird wouldn't die!

Why??? OH, come on... take a guess! Everyone knows You can't kill Two Birds with OneStone!!!

Ethical SEO Services - Unethical SEO Service by BusinessThruSeo.com

To contact us Click HERE

Sent by: Kaveri
Sent Via Email Address: websmo@businessthruseo.com
Sent To: Our harvested email address 
Determination:  Total Spam by a company sending SEO services (probably a scam) to a harvested Email address of an SEO Company has a screw loose and the fact that they are breaking our terms of service means that they are Black Hat SEO service and they engage in unethical practices.

Hi Sir/Madam,

I am Marketing Manager.

We have a SEO going for the following package: -

Monthly Task and responsibilities: -

Package For 15 Keywords:

1. Keywords Analysis & Research
2. 200 Manually Directory Submissions
3. 90 Article Submissions (1 Articles Submit in 30 Top Directories)
4. 10 Press Release Distributions (1 Press Release submit in 10 Sites)
5. 4 Web2.0/Blog postings
6. 30 Social Bookmarking Submissions
7. 10 website themed links
8. 3 Unique Article writing (400+ words)
9. 1 Press Release writing (350+ words)
10. Keywords Mapping
11. Keywords density check
12. Content optimization
13. Keywords proximity and frequency
14. Title Tag changes suggestions
15. Meta tags changes suggestions
16. Alt tag changes suggestions
17. HTML Site Map suggestions
18. XML site map setup
19. Anchor text optimization
20. Interlinking suggestions
21. Google analytics setup
22. Weekly Work Report
23. Monthly Ranking Report
24. Monthly Full Detailed SEO Work Report in Excel
Note: We send weekly report to each of our clients so that they can have regular updates on their website. Also, this shows that we work regularly on the website in a very elegant way.

We use only white hat SEO techniques for each website.

Please let us know in case you are interested.

Thanks & Regards,

Marketing Manager

Debt Management Office Of Nigeria - Scam for scam victims!

To contact us Click HERE

Scam Email Sent by: The Debt Management Office Of Nigeria
Scam Spam email sent via email address: angela@wllssy.com
Determination: Interesting scam spam email targeting people who were foolish enough to already be scammed or greedy enough to fake that they got scammed in order to get a settlement they don't deserve.

The Debt Management Office Of Nigeria,
Scam Victims Debt Management
15, Central Business District,
Email: scamdebtinfo@dmo.gov.ng , svdm-2012@hotmail.com
Telephone: +234-1-8173982, +234-80-9593-3431


If you know you have been a victim of online scam by Nigerians or you are owed any debt by the Federal Government of Nigerian then this email is for you. The debt management office of Nigeria has opened another office which will work out means of aking sure your compensation are paid to you completely and with full government concerns on it.

You are to provide the following:

Full details, Contact details, and proof of been scammed (either through email or transfer slip). You are to send it to the email address above or simply click the reply on reading this email and it will be forwarded to us.

Yours Sincerely,

Barrister (Mrs.) Ronke Anuoluwapo
For: Debt Management Office Of Nigeria.

Pleses You are to disregard this email if you are not on the entitled list

24 Haziran 2012 Pazar


To contact us Click HERE
Grant Award promotion 2012
Ref Num: (VNP 671)

Dear Winner

Congratulations to you as we bring to your notice that Vodafone company has chosen you by the board of trustees as one of the final recipients of this year promotion cash Grant/Donation to celebrate the 151st anniversary celebration and your email address have emerged a Grant of {$500,000.00 USD} Five Hundred thousand United State Dollars.
Please fill out below information and indicate how you want your funds sent to you: Either the service of the BANK or COURIER DELIVERY.
1. Full Name:....... 2. Address:........ 3. Nationality:......... 4. Age:.......... 5. Sex:.......... 6. Occupation:.......... 7. Phone/Fax:......... 8. Present Country:...........

Contact Agent: Mr. Glen Hood

Tel: +447011133562

Your Faithfully Ashley Morrison
scam, phishing, identity theft, spam

Bogus story: no Chinese backdoor in military chip

To contact us Click HERE
Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.

Backdoors are common, but rarely malicious

Backdoors are a common problem in software. About 20% of home routers have a backdoor in them, and 50% of industrial control computers have a backdoor. The cause of these backdoors isn't malicious, but a byproduct of software complexity. Systems need to be debugged before being shipped to customers. Therefore, the software contains debuggers. Often, programmers forget to disable the debugger backdoors before shipping. This problem is notoriously bad for all embedded operating systems (VxWorks, QNX, WinCE, etc.).

Chips have reached the software level of complexity. It is rare that any designer builds a chip from scratch. Instead, designers construct a chip from building-blocks. One of the most common building-blocks is the debugger, known as JTAG. This is a standard way of soldering some wires to the chip and connecting to the USB port, allowing common tools to debug your custom chip.

Whereas companies (should) disable the debug feature in the version they send to customers, that's not so easy with chips. It requires millions of dollars for every change to chip design. Therefore, chips always have the JTAG interface enabled. What chip designers attempt to do is just not connect the pins to it. Or, if they connect the pins, they don't route to the pins on the circuit board.

This has led to a popular hacking activity of taking a device, finding the JTAG pins, and hooking them up. A lot of devices have been hacked this way – although it requires that the hacker have physical control over the device.

One way to protect against this is by putting a key into the JTAG hardware that only the manufacturer knows, to disable some of the more dangerous JTAG commands. That's what appears to have happened here. Whether you call this a security feature to prevent others from hacking the chip through JTAG, or a secret backdoor available only to the manufacturer, is open to interpretation.

Security of FPGAs

The chip in question (Microsemi/Actel ProASIC3) is a typical FPGA – a chip with a blank array of gates that can be programmed to emulate almost any other kind of chip. As real silicon chips are becoming more expensive to manufacturer, FPGAs are becoming a more popular alternative. Every change to a chip design requires millions of dollars in changes to the masks that print gates onto a chip. FPGAs, or field programmable gate arrays, can be reprogrammed with no additional cost.

Most FPGAs are put in "smart" devices that also contain a processor (often ARM), memory, and drive (often flash). These smart devices run an embedded operating system, often Linux. The gate-array exists as a file on the drive. The file is read from the drive and written to the FPGA every time the power is turned on.

The obvious concern here is protecting intellectual-property. Competitors can easily get their hands on that file, then upload to their own FPGAs, thus cloning the product.

Therefore, to protect intellectual-property, this file can be encrypted. The FPGA can be configured with an AES 128-bit encryption key, known only to the manufacturer of the device. That makes the file useless to anybody else. Nobody can decrypt the contents to find the secrets, and competitors can download it to their own FPGAs without the keys.

While intended to protect intellectual-property, this technique will protect any other secrets. For example, you may use the FPGA as an SSL accelerator in your servers, where the FPGA executes the RSA encryption algorithm, with the private-key stored as part of the gate-array. This technique stops hackers from stealing the private-key should they be able to break into the server.

This encryption also serves as an integrity check, as it prevents hackers from changing the gate-array to do something malicious.

Obviously, a JTAG backdoor subverts all this. It not only allows the original manufacturer to steal intellectual-property, but any other secrets you tried to protect with the original AES key.

How this bug was found

This bug was found by fuzzing the JTAG port looking for undocumented functionality. While there are parts of this process unique to hardware (such as differential power analysis), the technique is ultimately little different than the fuzzing used to find software bugs.

Fuzzing has found backdoors in software before, but nobody claimed it was the work of the evil Chinese. We should keep this perspective.

This is not a "military chip

Much has been made about this being a "military" chip, but that's not true -- at least, it's not what you think.

The military uses a lot of commercial, off-the-shelf products. That doesn't mean there is anything special about it. A million soldiers use laptops to browse Facebook and exchange emails with their loved ones. It doesn't mean that these laptops are anything special or different than any other laptops. They are same Dell, Apple, and HP laptops that everyone else uses.

Sometimes the laptops are different, but that's because they are built to endure harsh environments (heat, radiation, humidity, vibration, and dust). Actel makes a "military" version of this chip, but pretty much the only difference is that it's rated to operate at higher temperatures. None of their chips, including the "military" ones, are certified by the government to hold secrets. Most of their sales are for their non-military versions, and even most of their military versions aren't for military use, but by customers (like oil rigs or airplanes) that have the same environmental concerns.

That's not to say there isn't a problem here. Consider something like the drones shot down by Iran. By their very nature, drones are designed from many non-secret, off-the-shelf components (you might find an iPhone buried somewhere inside). The reason is that they are designed to be cheap, to be frequently lost while flying over the enemy. Thus, it's likely that one of these FPGAs was inside the drone shot down by Iran. While it's unlikely the FPGA had any secrets worthwhile, issues like this make it easier for Iran to reverse engineer the drone and manufacture their own.

So what does this mean?

It's hard to say. We'll know more when the vendor (Microsemi/Actel) issues a response.

It could just be part of the original JTAG building-block. Actel didn't design their own, but instead purchased the JTAG design and placed it on their chips. They are not aware of precisely all the functionality in that JTAG block, or how it might interact with the rest of the system.

But I'm betting that Microsemi/Actel know about the functionality, but thought of it as a debug feature, rather than a backdoor.

It's remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It's prohibitively difficult to change a chip design to add functionality of this complexity. On the other hand, it's easy for a manufacturer to flip bits. Consider that the functionality is part of the design, but that Actel intended to disable it by flipping a bit turning it off. A manufacturer could easily flip a bit and turn it back on again. In other words, its extraordinarily difficult to add complex new functionality, but they may get lucky and be able to make small tweaks to accomplish their goals.

In the software world, security flaws that hackers use generally result from researchers doing the unexpected. In this case, researchers found a new way of analyzing chips, and therefore, found new unexpected results. This is to be expected. We shouldn't be surprised by this backdoor, but we should insist on fixing it. And researchers will not probably hunt for similar JTAG backdoors in other chips.


We'll know more when Microsemi/Actel responds. In the meantime, it's important to note that while the researchers did indeed discover a backdoor, they offer only speculation, but no evidence, as to the source of the backdoor. As somebody with a lot of experience with this sort of thing in software cybersecurity, I doubt there is anything malicious behind it. Also note that the issue is "intellectual property protection" in FPGAs; the "military security" angle is really distant. The Chinese might subvert FPGAs so that they could later steal intellectual-property written to the chips, but the idea they went through all this to attack the US military is pretty fanciful.

Update: the researchers respond
In this article, the researchers respond to this post. It's a bit humorous, because they simultaneously say that the issues their research exposes are   "[Trustworthiness] of chip developers who are subcontracted by military but mainly outsource their designs and chip fabrication to China and India"   and   "we have no idea why people have linked the Chinese to this as it did not come from us". The link to the Chinese came directly from them. Likewise, they deliberately distort people's misconception about the military. The truth is that the military cares about operating at high temperatures, and that in most applications, could care less if the intellectual property was stolen, or if the chip was backdoored.
Update: By the way, I've been accused of putting a backdoor in products the military uses in one high-profile incident (the accusation being nonsense, of course). I guess that makes me an expert in "backdooring the military" of some sort.

Update: Over at YCombinator, somebody points out that changes aren't quite as expensive as I thought, because instead of changing the entire mask set, you can change only a single metal layer in order to enable/disable things.

Update: In the comments below, Olin Sebert makes a strong argument that while the backdoor may be accidental, Actel's explicit marketing of the device as having no readback capability is evil.

Update: Many have pointed out that the current paper does explicitly make the claim that the Chinese were involved. True, but they do their best to hype that danger. Their first references [1] is to a Taxonomy of trojans a Chinese manufacturer might insert into chips, and the page at Cambridge's website announcing the paper draws that conclusion. Moreover, the paper describes the chip as "military grade", but it is in fact only "consumer grade". All the press generated by the paper took the Chinese angle, and it's the paper's authors who are responsible for that.

HP dm1z $350 perfect for BackTrack 5r2

To contact us Click HERE
I have a hard time recommending HP laptops because they are hostile to geeks (for example, you can't replace the built-in mini WiFi card), but the dm1z laptop from HP is otherwise a great computer for running hacker tools like BackTrack Linux (a distro that comes with all the open-source hacking tools). Right now, you can get one at Dealzon for $350, probably because HP is clearing inventory to make way for a new model.

What makes the dm1z great is its small size, being only a 3.5-pound 11.6-inch unit, yet having an extremely long battery life. For pentesters, this is awesome. It's not a good primary machine, but such cheap/small units make great secondary machines (my primary machine is a MacBook Air running Windows). It's low price means we don't mind leaving it in harms way, such as at a customer site in the bushes sniffing WiFi.

But at the same time, it does a pretty good job keeping up with the larger notebook computers. The three features that set it above competing small netbooks is gigabit Ethernet, a full GPU, and 8-gigs of RAM. The CPU, however, is anemic -- but except for password cracking (which runs great on the GPU) there is nothing we do that is CPU intensive.

Gigabit Ethernet

The reason I use the dm1z compared to other Atom-based netbooks is its gigabit Ethernet. Other small computers have only 100-mbps Ethernet. This may seem like an unimportant feature, yet it keeps turning up.

I commonly leave the unit at a customer's site connected sniffing an important link to an encrypted drive. While these connections are usually less than 10-mbps, they often peak above 100-mbps. This causes packet loss on a normal system with 100-mbps Ethernet, but is handled by the gigabit Ethernet in the dm1z. It's only a RealTek chip with crappy drivers for Linux (though I hear it has good drivers for FreeBSD), so it's not going to keep up with too fast a network, but it still does a lot more than 100-mbps.

I also use this as a tool for generating HTTP load against web-servers, to test their scalability. Even with a scalable webserver like Nginx and Lighthttpd, you still have to go through a lot of configuration of the server an the underlying OS to make it actually scale. Having a convenient load tester in my pocket really helps.

Finally, there is just the normal case of having to transfer files to/from the device. This d1mz can do this at a full 1-gbps. This would be painfully slow over 100-mbps. This means that the little computer can act as an efficient file-server for your home network.


The CPU is weak, but the main processor doesn't matter so much as the graphics processor (GPU that's integrated on-die. This runs oclHashcat pretty well for password cracking. It's not as fast desktop GPUs, of course, but it's as fast as the low-end gaming laptops. The WPA cracking tool pyrit also works quite well with it.

Note that Radeon graphics are consistently faster than nVidia GeForce GPUs for password cracking. This makes the dm1z better for password-cracking than competing netbooks using an Atom+nVidia combination, and even faster than high-end gaming laptops based on mobile versions of GeForce.

The system can run the password cracking for hours while on battery power - being integrated right on the CPU makes the GPU very power efficient.


The device uses an AMD "Bobcat" CPU, which is AMD's answer to Intel's low-power "Atom" CPU. It's a dual-core 1.3-GHz processor (dual-issue, out-of-order). It's about as fast as an Intel Atom, but not as power efficient.

It is 64-bit, though. I eventually upgraded and put 8-gigs of RAM in the box from the original 4-gigs that I purchased with the system.

Opening the case

Popping off the back is easy, and it allows you to upgrade the RAM (to 4gigs) or upgrade the hard drive or replace it with an SSD.

The thing that really annoyed me is that you cannot change the miniPCIe cards. There are two slots for them. HP's BIOS checks the identifier of the card and refuses to boot if an unknown card is in the slot. Apparently, you can get hacked BIOSes from the Internet that get around this, but I don't want to waste my time.

Luckily, BackTrack 5 r2 has all the necessary drivers, so the existing WiFi card works now.

Driver support

The latest BackTrack 5 r2 has all the necessary drivers. You still have to download the proprietary Radeon drives for password cracking, though. (The older BackTrack 5 wouldn't even boot correctly).

The one annoyance is that the mouse drivers aren't configured correctly. The mousepad doesn't have buttons, you have to press down on the pad itself. But then, this moves the mouse, so you end up clicking somewhere else. You have to learn to move with your finger (capacitive), then click with your fingernail (non-capacitive). Or use an external mouse.

3 USB ports

For WiFi hacking, it's got three USB ports. This makes it convenient for hooking up three Alfa adapters. Plus you have the built-in WiFi as well.

Partitioning the drive

I wanted to leave the existing partitions intact, but it already comes with too many partitions (Windows, Windows recovery, special Linux fast boot to browser). I had to fiddle around a bit to make things work.

Buying Guide

Get the cheapest options you can and upgrade them yourself.

The unit ships with a 4-gig DIMM. Instead of paying $120 to upgrade, go to Crucial.com and pay $22 for an extra DIMM.

Paying HP an extra $30 to upgrade from 320gig to 500gig hard-drive is better than buying a 500gig drive yourself for $70, but if I wanted to upgrade the drive, I'd probably go to 750gigs at $90 or 1-terabyte for $120.

Or I'd go for an SSD, where prices have dropped to $1 per gig. HP sells a 160gig SSD, but for $320, which is a bad idea. I'd go for a 60gig SSD for $60.

My unit has the older E-300 CPU at 1.3 GHz, but for $25 you can get the E-450 at 1.65 GHz, with also makes the GPU faster. But the whole point is getting the cheapest, most disposable system. If you need more CPU power, then getting a dm1-4170us instead with a dual-core Core i3 processor for $120 more will blow away the Bobcat processor.


This has proven to be an excellent netbook over the last year. I hate to recommend any HP products, because of the way it locks me out from choosing a different miniPCIe card, but it's otherwise been an excellent system. They are available for $350 on closeout right now, so I'd recommend picking one up.

Below is a picture of the dm1z in an action shot on the beach in the Caribbean. I didn't want to take my primary laptop due to fears of sand getting in it, and it getting stolen, so I took the dm1z instead. If you look closely, you can see the BackTrack background on it. This does highlight the fact that the screen sucks in bright sunlight (whereas my MacBook is pretty good in sunlight), but it's a cheap netbook, so that's what you expect.

Tuning Linux: TCP hash entries

To contact us Click HERE
Tuning Linux for scalable network applications is hard, partly because it's not documented anywhere. Or if it is, all the top Google results are for old versions of Linux. For example, the TUNABLE file of (I supposed) tunable parameters goes back to the 1.x version of the Linux kernel, even though we are now on version 3.4.

One important parameter is the number of TCP hash entries. When a TCP packet arrives, the kernel needs to do a lookup to find which connection the packet belongs to. This is done with a typical hash table. If the hash table is too small, you'll get "hash collisions", requiring several memory lookups before you reach the correct entry. In a scalable system, each memory lookup costs 300 clock cycles.

The parameter that controls this is for Linux is "thash_entries=" which you set as a typical boot parameter. The default is 65536 entries for every gigabyte of memory. In other words, an 8-gigabyte system will have 512k hash entries. You can find out many your current system has by doing "dmesg | grep "TCP established hash table entries"

This is probably more than enough for even the most scalable systems, so I doubt that you need to change it. That's probably why it was so hard finding the stupid parameter -- while it's a common issue for most operating systems, Linux automatically chooses a number that's big enough, so nobody cares about configuring it on Linux.

Now, after rummaging around in the Linux stack, I feel dirty, and am off to go take a shower ...

Update: The equivalent Solaris parameter is tcp_conn_hash_size. I include the name here for people searching for the Linux equivalent of the Solaris parameter.Update: Other useful boot options:
Reserves the specific number of 2-megabyte TLB pages. Allocating hugepages after boot can be difficult, because memory will be fragmented by allocating/deleting 4096-byte pages. Thus, reserve this number at boot time for use by your application when it starts after boot.

Confirmed: LinkedIn 6mil password dump is real

To contact us Click HERE
Today's news is that 6 million LinkedIn password hashes were dumped to the Internet. I can confirm this hack is real: the password I use for LinkedIn is in that list. I use that password NOWHERE ELSE. Furthermore, it's long/complex enough that I'm confident NOBODY ELSE uses the same password. Other security pros are reporting the same result. Therefore, we can confirm that this hack is real.

The way I tested to see if my password was in the list was to first generate a SHA-1 hash of my password, then I searched in the file "combo_not.txt" that I downloaded from the Internet containing the 6 million password hashes. I found a match.

To make it easy to calculate your SHA-1 password, I've included a form below. This is done in JavaScript inside your browser, it does not submit your password/hash to me or anybody else:

Enter any message to check its SHA-1 hash
  • Note SHA-1 hash of ‘abc’ should be: a9993e364706816aba3e25717850c26c9cd0d89d

Many of the hashes have their first few digits zeroed out (as described in this ycombinator post) as shown in the this excerpt from the file:

This means instead of searching for the complete SHA-1 output, you want to search for just the later part of the hash. People think that this means that the hacker has already cracked any passwords that have been zeroed out this way, which means that if you see zeroes in your matching password, then your password is already stolen.

Also note that if your password is long enough (like greater than 15 characters) and complex enough, then it's still probably safe. A 15 character SHA-1 password composed of upper/lower case with symbols and digits is too large for "brute-force" and "rainbow tables". However, if you've composed it of dictionary words, then it could fall to a "mutated dictionary" attack.

Update: the following link is a pointer to a download of the file, which by the time you read this, is almost certainly been removed https://disk.yandex.net/disk/public/?hash=pCAcIfV7wxXCL/YPhObEEH5u5PKPlp%2BmuGtgOEptAS4%3D

Update: This is a sorted list of unique passwords. Thus, if 50 people use the password "password", it'll only show up once in this list. Which it does. The password of "password" is hashed using SHA-1 to "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", which appears as "000001e4c9b93f3f0682250b6cf8331b7ee68fd8" in this list.

Update: Where do these passwords come from? The answer is the: the cracking underground. When hackers break into a network and steal the encrypted passwords, they crack as many as they can, and then exchange the dumps with their friends. Each hacker uses different tools, uses different dictionaries, and so on. Thus, once they've exhausted your their techniques, another hacker is still likely to be able to crack many more passwords.

Update: It took me only a couple minutes to verify that this hack is real, yet LinkedIn has not been able to:

This reflects poorly on the trustworthiness of LinkedIn. It's proper that you make such a comment before you know what's going on, but they've had hours to verify this, we should've gotten an update by now.Update:LinkedIn has a semi-confirmation as explained in their blogpost here. However, it only says they confirm that some of the passwords that were compromised correspond to LinkedIn accounts. That avoids accepting blame, after all, in other prominent password attacks (like one recently against Twitter), the source of the hack was not Twitter's fault, but due to "password reuse", as users used the same password for Twitter that they used for other websites, and it's the other websites that were hacked. As I (and other security pros) have confirmed, we don't reuse passwords. This password list comes from LinkedIn, and from no other source.

Update: How fast can hackers crack passwords? The answer "2 billion per second" using the Radeon HD 7970 (the latest top-of-the-line graphics processor). Each letter of a password has 100 combinations (UPPER, lower, d1g1ts, $ymbols). A 5 letter password therefore has 100 x 100 x 100 x 100 x 100 or 10 billion combinations, meaning it can be cracked in 5 seconds. A 6 letter password has 100 times that, or 500 seconds. A 7 letter password has 100 times that, or 50,000 seconds, or 13 hours. An 8 character password is roughly 57 days. A 9 character password is 100 times that, about 15 years. In other words, if your password was 7 letters, the hacker has already cracked it, but if it's 9 letters, it's too difficult to crack with brute force.

Update: A site http://leakedin.org will check this for you. They claim to has the password in the browser (like I do above), then check the database. I don't know if this is true -- but since you are going to change your password regardless, maybe it doesn't matter.

Update: What does password cracking look like? I started the "hashcat" tool to examine the file. It looks like this:
I'm using the latest Radeon HD 7970 graphics card. Note that I'm only getting a cracking rate of 400-million passwords/second, while the 7970 can actually do 2-billion/second. That's because I'm doing "multi-hash" cracking, testing each hash against the entire original list of 6.5 million hashes. That lookup takes longer than calculating the hash in the first place. I can dramatically increase hashing speed by first removing all the easily cracked passwords from the list, making it smaller, and hence making lookups faster.

23 Haziran 2012 Cumartesi

LinkedIn vs. password cracking

To contact us Click HERE
I'm running through the LinkedIn password hashes right now, so I thought I'd do a live blog of the steps I'm doing. As I do each step, I'll update this blog live. When you reach the end, chances are good I'll be updating it again in a few hours.


The file is simply a list of the raw hashes, containing no username or other account information. We can assume that the original hacker has that information, but since it's of little use to cracking, we don't have it ourselves.

The following shows the contents of the file my simply dumping the contents on the command-line "more combo_not.txt".

One issue becomes apparent: about half the file has had the first 5 characters zeroed out. This is discussed at ycombinator. Atom has released a version of his Hashcat password cracker to deal with this. John-the-Ripper apparently also has published a patch for this.

In the meanwhile, I'm going to split the file into two. To do this, I type "grep -v ^000000 combo_not.txt > linked.hashes". I'm running Windows, but I do this command in a Linux VM on the same machine. Unix command-line programs like "grep" are too darn useful.

Look carefully at brief few lines shown above. The file is oddly sorted, with the first few bytes random, followed by a rough sort order of the remaining bytes. This is an artifact from something, either in the manner the hacker originally got the file, or in some tool he's been using to crack the file.Internally, tools will often sort these things in order to make multi-hash lookups faster.

Dictionary Crack

The first thing hackers try is the "dictionary crack". Brute-force password cracking takes time, but quickly looking up passwords in a dictionary is very fast.

The most common dictionary to use is the "RockYou" dictionary. This was from a massive dump from a few years ago from a popular gaming site. Unlike LinkedIn, RockYou stored their passwords in the clear. Thus, it serves as a useful mega-dictionary to crack passwords with.

This took only a few seconds to run. Notice that it wasn't very successful, finding only 93 passwords. But we expected that. According to the discussion on YCombinator, the hacker had already run a dictionary crack, and marked those passwords with leading zeros.

So let's try the other file containing the corrupted hashes using the updated Hashcat feature on the other file, containing all the zeroed-out hashes. This is shown below:

As you can see, this straight dictionary lookup results in 688-thousand passwords being cracked, or about one fifth of all the zeroed hashes.

The reason for such a small hit rate is that the original hacker probably tried dictionary words plus mutations. So, I'm going to try that next. Instead of using mutations with the entire RockYou dictionary, I'm going to use smaller dictionaries, like the one that comes with Cain+Able, John the Ripper, common Facebook names, and English words. I'm going to use the "best64.rules" of common mutations that comes with Hashcat, though they are coming up with a better best64 list of mutations, I don't have that list handy at the moment to use.

[OOPS. I made a mistake and chose the wrong attack method, using "permutations" instead of "straight". This would run much faster if I turned this off. However, since it's already been running for a while, I'll just let it finish the job, and see if anything interesting comes out of it.]

Dictionary cracks are fine, but brute-force cracks are also useful. There is a limit to how fast you can do brute-force.

To brute force, I'm switching to "oclHashcat+" instead of normal "hashcat". This uses OpenCL acceleration on the GPU, and runs about 10 times faster, but it's more limited on the complexity of the mutation rules. For simple brute-force, it's very nice.

Let's start with 5 character passwords containing the full gamut of Upper/lower case, digits, and symbols/punctuation.

As you can see from the "Recovered:" line, it found zero passwords. Thus, this means that the original hacker already did this brute-force. That's reasonable, it only takes 16 seconds to run this.

Now let's try to brute-force 6 character passwords and see what results we get.

As you can see, whereas 5 characters got us nothing (they'd already been cracked), brute-forcing 6 characters go us 32,163 passwords.Below, I dump the output file showing some of these:

Note that you see "patterns" here that are purely an artifact generated by the password cracking program. The last letter is always 'a'. As we scroll down in the file, this progresses to 'b', then 'c', and so on. That's as you expect from a 'brute-force' cracker, which tries each letter in turn. But weirdly, the second letter is also 'a'. That's probably related to how password attempts are distributed among the GPU cores. A graphics processor has 2000 slow processors rather than a few fast processors, each one cracking a different set of passwords at a time.

What we see here is that a lot of these short passwords are still based on dictionary words with minor mutations, like "Ram0na". That means for longer passwords for which we cannot brute-force, we can maybe tweak the mutation rules more to do a better job.

Is 6 characters long for a password? From the RockYou file, that was the most common length of password, accounting for roughly 25% of all passwords.

Or, we can graph this by looking at that length or shorter:

The thing that most people don't understand about passwords is that brute-force is an exponential problem. The amount of time it takes quickly grows out of all reasonableness. I've created a graph of this below:

People have the misconception that massive increases in performance lead to massive differences in password cracking, but it doesn't really. Moving from my desktop processor to a GPU that's 20 times faster  only slightly increases the length of password I'm able to brute-force. Even going to a 1000 instance Amazon EC2 cluster with super-computer performance doesn't dramatically increase password lengths that I'm able to crack.

Although, that difference happens to be in the "sweet spot" of password lengths, so maybe it can make a difference.

As you can see at this point, my cracking processes are running in the background, so I'm busy playing with Excel instead to produce these graphs. My main CPU is still churning away doing a mutated-dictionary attack on the "zeroed.hashes", and my GPU is busy with a 7-letter brute-force fo the "linked.hashes".

I started a job with the "best64.rules" from oclHashcat, using not just RockYou, but a few other wellknown dictionaries. This is what the command-line looks like at startup:

It spams the screen for a bit, but here's what it ends up at:

As you can see, in 12 seconds, it found 31k hashes, out of a list that had already been purged of all easily crackable passwords

Running the same "best64.rules" over the "zeroed.hashes" list using the "-m150" version of Hashcat leads to the following result:

This recovered about 40% of the zeroed passwords, or 1.4 million out of the 3.7 million. That's to be expected, as these are passwords that the hacker already found, so should be easily found by us.

I just saw this Tweet go buy about the original forum post:

Here is a screen shot of that link. You can't see it at the tiny resolution I've shrunk this to, but you can click on it to expand and read it. What you see here is how the "password cracking underground' works. When hackers break in, they distribute the password lists to other people, who each works on the file trying to use their own methods to crack passwords that others may not have found. This usually means custom dictionaries, as well as custom mutation rules applied to those dictionaries. The InsidePro forums are full of this stuff. They have removed this post, because of course, of the press involved, but there are plenty of other posts like this from smaller password dumps.

Oh, crap, I just found out that I'm using my older Radeon HD 6970 instead of the newer Radeon HD 7970. That's a big difference. Actually, it's good that way. I'll just stick the new card in another machine, and let it run around the clock without having to disturb my main machine.


An explanation of HashCat's modes.

First, you need to decide on "hashcat" vs. "oclHashcat-plus" vs "oclHashcat-lite". The first uses the CPU and has the most features. The last uses the GPU and has the best speed, but the fewest features, and can only crack one password at a time. The one in the middle, "oclHashcat-plus", has a good set of features and GPU speed, so it's the one I use the most. You also have a choice of 4 programs to choose from, either the Linux or Windows version, at either 64 or 32 bits.

The command-line parameters for "oclHashcat-plus" are:
--hash-type 100
There are a lot of hashing algorithms. Currently, 27 different algorithms are supported. The number 100 represents "SHA1", the algorithm used for LinkedIn.
--attack mode 3
There are many attack modes. The most common are the "mutated dictionary attack" (1) and the "brute force" attack (3).
--custom-charset1 ?l?u?s?d
You have to configure your charset. You can configure different charsets for different letters, such as using upper-case only for the first letter, and a symbol-digit for the last letter. The symbol ?l means lower-case, the symbol ?u means upper-case, ?s means symbol/punctuation, and ?d means numeric digit. Using the "full" charset of all letters (upper/lower), digits, and symbols is 96 characters.
--outfile combo_not.out
This tells the program where to save the passwords it finds
--outfile-format 2
I like to just save the passwords alone, which is format number 2.
After all the options, the next expected input is the file containing the hashes.
Lastly, it expects the "mask" of patterns to try. To try for a 6 character password, use the mask "?1?1?1?1?1?1". The number '1' refers to "charset1" from above.
Thus, to brute-force six-character passwords, you can run the following:

oclHashcat-plus64.exe --hash-type 100 --attack-mode 3 --custom-charset1 ?l?u?s?d --outfile combo_not.out --outfile-format 2 combo_not.txt ?1?1?1?1?1?1?1

I've been trying to debug something with oclHashcat. It appears that while the Radeon 7970 is 30% faster at cracking a single password (2-billion hashes/second) than the Radeon 6970 (1.3-billion hashes/second), it's slower at multi-hash when given the entire LinkedIn file, doing only 200-million/sec vs 400-million/sec. This seems wrong, because the newer card is has a much better memory subsystem than the previous card, and in other tests I've done, has been much faster at multi-password cracking.
Use --remove. Oh, I found the source of the problem: I was using original file on the faster processor, which is twice as large as the one cut down removed the "zeroed" hashes. Memory lookups on GPUs are slower with the larger amount of memory. Thus, shrinking the file makes a big difference in speed. I wonder if splitting the file into small chunks that fit better within the GPU cache might work better.

In the meanwhile, though, simply removing from the source file all the passwords found so far (about 2 million of them) seems to improve the speed by quite a lot

Hashcat has updated their tools to support the zeroed-out hashes (to ignore the first few bytes when matching SHA1 hashes). Info is here:


I left a bunch of stuff running over night, and have about 50% of all the passwords cracked. To summarize what I did:

First, I did a dictionary crack of some very large dictionaries. This took seconds, and got a large number of passwords. I'll rerun the numbers later, but it's like a third of all the passwords.

Second, I did a brute-force up to 6 characters. It appears LinkedIn has a minimum length of 6, so you won't find shorter passwords. This took 18 minutes. Going to 7 characters will take 3 days to complete, so I'm letting that run on a separate machine while I do shorter jobs on the main machine.

Third, I did "mutated dictionary" attacks. I used several basic dictionaries, such as the RockYou list, as well as the dictionaries that come with such tools as Cain+Able, John-the-Ripper (JtR), and a list of Facebook names. I ran through all the mutations in the "rules" directory that comes with Hashcat. This found quite a few new passwords not found by the other techniques.

Fourth, I'm doing what Hashcast calls a "hybrid" attack that combines a dictionary either prefixed or followed by a brute-force. For example, right now, I'm runnign a job that does all the words in the RockYou dictionary followed by six lower-case/digits/numbers.

The first jobs took little time, so I rapidly updated this blog post as I did every little thing. Since then, updates have been coming slower as the two computers spend more time crunching numbers.

Thunderbolt cables are bidirectional

To contact us Click HERE
The Intel/Apple "Thunderbolt" technology is sexy has heck. It's not the 10gbps speed (being only slightly faster than USB3 5-gbps), but the fact that it exports raw PCIe signals.

But it's a bit flaky. I just bought an Apple 27 inch "Thunderbolt" display to go with the new MacBook Air I just ordered online. Apparently, like many other people, I'm getting an intermittent failure with the screen frequently going black.

Tech-support was pretty clueless, with me explaining to them how to diagnose the problem, such as going to the "System Report" to see what the Thunderbolt controller thinks is attached.

Even worse, they didn't suggest the solution I came up with. Instead of using the built-in "input" cable in the display, I grabbed a normal Thunderbolt cable and connected to the "output" of the display (the output is for daisy chaining to a second monitor, or for hooking up other Thunderbolt devices like RAID arrays).

Had this been a normal display, or normal USB, then connecting to the output would not work. The electrical signals wouldn't work, and the connectors wouldn't match. But this is Thunderbolt, and this sort of thing actually works just fine. There's really no excuse for such interfaces not to be bidirectional.

The standard script when calling about a Thunderbolt display problem should be "Do you have a second cable? Can you connect it to the output port and see what happens?". It's the cable that is the most frequent cause of Thunderbolt problems, you'd think they'd have this worked out by now.

Even after a full year, tech support and the Apple "geniuses" are still pretty clueless about the technology. Two "geniuses" confirmed that the display would work even with non-Thunderbolt DisplayPort connections, which turns out to be false.

When I return it tomorrow, I'm still undecided what I'm going to do. Do I replace with another Thunderbolt display that's likely to have other flaky problems? Or do I just get the non-Thunderbolt display, which costs the same, but works over normal DisplayPort instead? I'm a sucker for sexy, new, but unstable tech, so I'm probably just going to replace it with a monitor that works.

I resisted my techno-lust and ended up getting the non-Thunderbolt display in exchange (they cost the same). It came down to the fact that I couldn't think of a single good reason to have the Thunderbolt display, but good reason to have the plain DisplayPort version: it works with older computers. I'm typing this on the new monitor with my older Core2 pre-Thunderbolt MacBook Air, and the monitor also works with my Radeon HD 7970 password cracking box. While I'm using this monitor almost exclusively to dock the new MacBook Air arriving Monday, such backwards compatibility is important.

I mentioned to the "Geniuses" how I got the Thunderbolt display to work, using a separate cable to connected to the "output" port. They were all surprised at this. Seems like this is something that Apple should train people on, as it would help diagnose a lot of problems.

Norton v Olson: A review of a review

To contact us Click HERE
I like Quinn Norton's (@QuinnNorton) book review of Parmy Olson's (@Parmy) "We are anonymous", so I thought I'd write of a review of that review.

First off, Quinn's post should be treated with a bit of skepticism. I think Parmy's book is better than how Quinn describes it. They are competing journalists covering the same subject, so would naturally disagree on the best approach. Also, I think Quinn herself is not objective enough on the subject of Anonymous.

But Quinn's review is otherwise pretty good, with some keen insights.

What makes the post interesting is how it reveals the truth about how journalists approach a topic. It's like a personal diary or internal monologue of a journalist that was never supposed to be published.

...which in turn produces insight into Anonymous. What has been written about Anonymous has been the result of a process -- a pretty messed up process manipulated by hackers. By understanding how Anonymous screws with media you can get to the truth behind media accounts of Anonymous. Olson's book is full of useful facts, but this review of the book may be more useful for "understanding".

For example, consider Quinn's description "It’s impossible [for journalists] to not be part of the thing [Anonymous], when the thing uses the media to talk to itself". This is one of many quotes in Quinn's post that you should stop and think about. I think sometimes her prose gets a bit flowery, but at the same time, these things are essential points.

It's also a useful insight into other reporting, such as the way John Markoff reported on hackers like Kevin Mitnick during the 1990s. Markoff let the hackers manipulate him into producing an exaggerated bombastic story, making both Markoff and his subject famous. It also led to Mitnick's self-destruction: after trying his best to convince Markoff he was the world's most dangerous hacker, Mitnick then was pursued and prosecuted by the FBI who believed it to be true.

So as a meta-piece of hacker journalism, I think Quinn's post is worth reading.

As for the subject of the review, Parmy Olson's book, I'm only a third of the way through it. I agree with Quinn's description that it focuses too much on LulzSec, but at the same time, it does have a lot of coverage of Anonymous. It's not how I would describe things, but I wouldn't say it's "wrong", either. What matters is that it's full of facts. Sure, these fact are for the general public and not necessarily as detailed/technical as I would want, but they do answer a lot of questions I've had about how Anonymous and LulzSec actually accomplished their antics. As I expected, their hacks were always lame (they aren't great hackers), but it's still interesting knowing how things happened. Whether or not you like how Parmy approached the subject, it's the most "canonical" listing of the facts surrounding LulzSec/Anonymous that you can find.

Falsehoods programmers believe about networks

To contact us Click HERE
Inspired by falsehoods programmers believe about time and usernames, I thought I'd start collecting falsehoods programmers have about networks.
  1. Data on the network cannot be altered.
  2. Encrypted data on the network cannot be altered.
  3. Data cannot be accidentally corrupted, because TCP has checksums and Ethernet has CRCs
  4. If it's inside my perimeter firewall, that means I have total control over it (@armorguy)
  5. If it doesn't return an error, then send() sent all the data that was asked of it.
  6. Packets arrive in the order in which they were sent.
  7. Segment boundaries on a TCP stream are meaningful to the application.
  8. Segment boundaries on a TCP stream are not meaningful to the application.
  9. If you can't ping the target, then it doesn't exist. (@jjarmoc)
  10. If you can ping the target, then it does exist.
  11. TCP RSTs come from end-nodes.
  12. Bytes must be "swapped" from the network byte-order to the host CPU byte-order.
  13. It's an internal web app -- outsiders won't be able to discover where it is (@biosshadow)
  14. The DHCP address will be the same after a reboot (@shewfig)
  15. The DHCP address will remain the same until the next reboot.
  16. Well, it'll last a long time between changes
  17. Packets/PDUs go up or down the network stack, never sideways. (@maradydd)
  18. The IPv4 header is 20 bytes long starting with 0x45 (options are so rare we don't have to worry about them) (@shewfig)
  19. The DHCP server and local router are the same (@schrotthaufen)
What's fun is that you can see these errors happen by monitoring packets, I started this list for programmers, but we inevitably drifted outside programmers to network administrators. It's hard to draw the line, because some misconceptions are shared by both.
  1. There is no IPv6 on my network (@shewfig)
  2. NAT automatically blocks all inbound attacks (@shewfig)
  3. We know all the devices attached to our network at any given time (@armorguy)
  4. VLANs are just as good as physical segmentation. (@jjarmoc)
  5. Ok, VLANs aren't as good, but they are good enough for now.
  6. We have good WIPS/monitors, so we don't have rogue access-points anywhere. (@armorguy)
  7. No need to add it to the DNS; I'll remember it. (@shewfig)

Microsoft Surface: because the iPad is an existential threat

To contact us Click HERE

The term "existential threat" refers to things that threaten your existence. For the last 30 years, nothing has threatened Microsoft's hegomony over the desktop. The Internet didn't. Thin clients didn't. Java didn't. Linux desktops continue to be horrid. The Apple desktop is good enough, but only in the high-margin niche.

But a better Windows than Windows was never going to be a threat. That's not how technology works. Once you dominate a market, nobody is going to rise up and challenge you. Instead, the only threat is that your market becomes obsolete.

That is the subtext behind Bill Gates' infamous "Internet Tidal Wave" letter of 1995, recognizing that the Internet was going to destroy Microsoft, unless the company could completely turn around their business. They did, which is why Microsoft has survived for or the last 17 years. Their stock price was around $4 a share when Gates wrote that letter, and is around $30 today. It's also the subtext behind Microsoft's own existence, as the personal computer destroy all prior computer companies that built "mainframes" (even IBM's stockprice went negative at one point, being worth less than its assets).

Buy Microsoft's stock has continued to be at $30 for the last decade. While they succesfully capitalized on early Internet growth (mostly by tricking corporations to use ActiveX), they have failed in later Internet growth. Today's Internet is very differetn than the Internet of 5 years ago, which is different than the Internet of 10 years ago, which is different than the Internet of 15 years ago.

Today's, there's no good reason for the "desktop" computer. Fewer and fewer people are installing new Windows applications. The market has moved to the web (where thankfully, ActiveX is quickly disappearing), to mobile devices, to social networks.

That's why Microsoft is moving boldly to counter the threat to their business. The next version of Windows is designed primarily to be a pad operating-system with the "Metro" interface using touch, with the traditional "Desktop" interface as an option for old geezers who still want to use a mouse and a keyboard. That's not to say the keyboard/mouse aren't necessary, but that that they will be an adjunct to the primary touch interface, and not the primary interface themselves.

Microsoft needs a "Metro" tablet as part of this, but they are stuck. The high-end is dominated by Apple, who builds a luxury product by obsessive conrol over the hardware. The low-end market is dominated by Android, which Google gives away for free. There is no place in the middle for Microsoft to charge for an operating system. Hence, their bold move to deliver a product that competes with Apple on the innovation and quality of the hardware.

Many are praising/criticizing Microsoft, predicting that they will fail/succeed. I find that an uninteresting debate. Instead, what I find interesting is that the iPad/BYOD/cloud is an existential threat, and discussing the few options open to Microsoft, before it goes the way of Nokia and Blackberry.