Posted via web from Varun’s posterous

This is a test post to see if everything is configured right. All the posts can be accessed at my Posterous. I have configured to mirror every post onto  my blog. Tweets and facebook updates should be sent automatically too.

Posted via email from Varun’s posterous

You might be aware that several high profile Twitter accounts belonging to people like President Elect Barack Obama, Britney Spears and Fox news being compromised had been compromised recently. This came to notice when tweets like the following began to appear.

This had been attributed to a phishing email initially but Wired.com provides a detailed account of how the hacker named GMZ was able to gain access to Twitter internal tools and compromise some big profile accounts. He was able to run a dictionary attack on a random Twitter user’s account who happened to have access to Twitter internals.

While this may sound like too much of a co incidence, it re iterates the number 1 rule of a strong password: NEVER USE A WORD THAT CAN BE FOUND IN A DICTIONARY AS YOUR PASSWORD. The account that was compromised had a pretty weak password: ‘happiness’ which is very easy to guess, let alone brute force.

Learning from this and the worst passwords of all times, you can easily create strong passwords.

That said, I know many people who just shrink back at the thought of remembering strong passwords and would rather use their dog’s name, often giving arguments like “Why would anyone want to hack into my account?”. Well apart from the fact that your account can be used in n number of ways against you, you should also realize that many people make a living out of getting personal data and their are plenty of buyers of such information. While in the Twitter case, you can argue why Twitter didn’t have an unsuccessful log ins limit, it goes to show that you have to be responsible not only for yourself but for others too (Think Social Networks). Moreover a well constructed password is not at all difficult to remember and yet secure.

Here are some tips you should follow to generate and use strong passwords:

Don’t use dictionary words

It’s a crime if you do so. And for that matter don’t even use combination of words like ‘prankfox’ or something similar formed by combination of two separate words. While more secure than a single word, these are not going to trouble a well written hacking tool.

Don’t attribute the password to yourself or your near/dear ones directly

This means you cannot use your Car chassis number (although pretty good, but better avoid), model number, your girlfriend’s name, your father’s name or birthplace as your password. While these may not feature in most dictionaries, these are some of the common attempts of a Social Engineer. Besides, you won’t want your seemingly friendly colleague who knows great deal about your life, having access to your accounts. Do you?

Don’t use repetition or sequences

This means you cannot use ‘abcdzyxw’ or ‘ggggggg3333’. Although these are not directly from the dictionary and might seem pretty secure but modern password crackers are good enough to take such things into account! The sequences also include consecutive keys on a keyboard. That is you should not use ‘asdfuiop’ or similar passwords that are easy to guess based on the keyboard layout. You can’t even imagine how easy it is for a casual person (let alone an adept shoulder surfer) looking over your shoulder to get your password if you violate this rule.

Those where the big DON’Ts. Now moving on to the DO’s:

Mix Upper case and Lower Case letters

I cannot emphasize this point enough. You know that the passwords are case sensitive, meaning that ‘happiness’ is different from ‘Happiness’ which is different from ‘HaPpINEsS’ when used as passwords. Just think about it, even if you are using ‘happiness’ as your password but you mix lowercase and uppercase letters and use something like ‘HAPpiNesS’ then a typical dictionary attack will not be able to figure out your password, unless it tries every possible combination for every possible letter in the word, for all the words in the dictionary, which would take months if not years.

Add in some numbers and special characters

We just say how mixing uppercase and lowercase letters makes your password difficult to crack. If you add some numbers and special characters (like %,#,_,; etc) in your password, you would not only avoid a majority of dictionary files but also increase the number of computations required to get a successful match

Use sufficiently long passwords

Use relatively large passwords. Most web applications fix a minimum length of 6 characters these days, but even when choosing passwords elsewhere you must not drop below this length. The longer the passwords the difficult it is to guess, unless it violates one of the above rules. Long passwords are also difficult to remember so you should figure out a nice length that is not too small and not difficult for you to remember at the same time.

Some Strategies for strong yet easy to remember passwords

• Start with a sentence. Say: “I had a BMW as my second car”
• Take first letter of each word ‘IhaBamsc’
• Password is already pretty strong, now reverse it ‘csmaBahI’
• Introduce some numbers. You can use 2 with s of second as ‘c2smaBahI’
• Make the password, easy to pronounce let’s say ‘c2EsmaBahIn’ i.e c2 – esma – bahin (makes no sense but can help you remember the password if you can pronounce it easily in your mind)
• Add a special character or two if you desire ‘c2Esma_BahIn’.

There you have it a pretty strong 12 character password originating from the second car you owned! Yes, indeed you should be using passwords like the one above. This is just one of the methods. The key is to devise your own method if you can and stick to it. It will be truly unique and most secure.

Passwords are important, really very important, sometimes I think there is too much depending on a password. For instance just imagine if someone had the password to your Google account? There is so much depending on that one password, use your imagination!

Stay tuned for part 2 of the post where we will have look on some tools you can use to create and manage passwords.

You can get notified automatically when it’s out by subscribing to the RSS feed.

It is said that a wise man learns from other’s mistakes (or something similar!). Here is a list of 500 lamest/worst passwords of all time I came across on the web. Hope yours is not on the list!

via [What’s my Pass?]

Yep, you read it correct. New Year will be indeed one second late. If you just uttered WTF, you need to know about leap seconds. Righto! There are leap seconds just like there are leap years.

Remember as a kid you studied that a full revolution of earth around the sun is called a year and a full rotation of earth about its axis is called a day. And also that the solar year (time for one complete revolution) is 6 hours more than 365 days. So we have to add an extra day in February to compensate for this differential every 4 years.

Well leap seconds have a similar background. As you might be aware these days time is measured in terms of oscillations of Caesium-133 crystal. Now as it turns out, the crystal is more precise than earth’s rotation. Earth’s rotation is affected by a number of factors like solar winds, motion of masses inside earth etc. So we have a time differential, which keeps on accumulating with each day.

When this difference reaches a certain limit (i.e. close to 1 sec), it has to be corrected and this is when a leap second is added to the time. The total differential accumulated over the entire year is 0.6 so a leap second is generally added after 18 months.

The International Earth Rotation and Reference Systems Service takes care of all the complex mathematics and science for you and announces when a leap second is going to be added. Typically when a leap second is added the clock moves from 23:59:59 to 23:59:60 before striking 00:00:00. As it turns out a leap second will be added at 23:59:59 UTC on 31st December 2008. Here is the official announcement

So what do you need to do? Well computers and cellphones will adjust automatically via NTP and other means, and I suppose you wont be bothered adjusting your wrist watch to the closest second. So go and Party, just wait another second before you wish if you want to be precise and/or if your life depends on it!. If you are interested in catching the clock turn 23:59:60 these are some of your best bets or have a look here

Here in India we would have already wished new year, but people living in timezones that are behind UTC (and including UTC) would have to postpone the wishes for another second. Or you can countdown to -1 or perhaps ..3, 2, 1, leapsecond, 0, Happy New Year!

As you might be knowing that you require special software to extract these files. WinRAR and WinZIP are the most common choices. However, these are not free and after the trial period is over you may be greeted with a nag screen or not allowed to use the product all together. So its time we go looking for some alternatives.

As it stands there is just a perfect alternative for all your archiving and extracting needs. Its 7-Zip. 7-Zip is free, open source and apparently performs better than its commercial counterparts. It is available for 98/ME/NT/2000/XP/Vista as well as for Linux. Let’s just see what 7-Zip has to offer:

As soon as you fire it up you are greeted by the powerful file manager. Using it is pretty intuitive. You can perform basic functions like extracting, testing, creating or copying/moving archives

I however like to utilise the integration with Windows Shell. I am sure you will like it this way as well. 7-zip integrates tightly with the right click menu. You can choose which menu options appear in when you click an archive, so it doesn’t clutter your context menu. Just click on file and choose the appropriate action and 7-zip does the rest, quickly and efficiently

7-Zip supports creating and extracting archives which are in 7z, ZIP, GZIP, BZ2 and TAR format while it can extract (not create) archives in ARJ, CAB, CHM, CPIO, DEB, DMG, HFS, ISO, LZH, LZMA, MSI, NSIS, RAR, RPM, UDF, WIM, XAR and Z formats. That’s more file formats supported than you would ever need. A downside can be that is doesn’t allow you to create RAR archives if you use RAR a lot. As for me that is not an issue because of all the other formats that it supports. In particular the 7z format offers better compression than other formats so you might want to look into that.

Don’t take my word for it, the 7-Zip site offers details on how 7-Zip(and the 7z format) compares performance wise with some of the commercial offerings out there:

Another 7-Zip feature that I simply adore is that you can encrypt your data when you are creating an archive in 7z or Zip format. Add in a password and you have got your data protected. Additionally you can choose to encrypt the filename as well if you think the name is giving away too much of information.

Developers can also get access to LZMA SDK that allows you to use compression in your applications. Visit the 7-Zip home page for more details.

7-Zip is perfect for your daily archival needs. Its free, its open source and its better, I have never looked for anything else since I started using it. Give it a shot and let us know how you liked it

Download 7-Zip

Head on over to WebValuer to find out what is your site worth. WebValuer takes in the domain name, fetches some statistics and gives you the net worth of your website.

Techcrazy Blog is valued at $8,495. Hmm.. I am not too sure if this is accurate. Any comments?

Webvaluer claims that although not exact, but still the estimates are good enough to get a general idea. Anyways while you are there you can also have a look at your website’s rank. Online status, employees, demographics. You might already be knowing the stats but its nice and fun to look at what the world sees, and of course at the price

If you have a website and blog, hop over to WebValuer, you can also get a badge to put on your site letting the world know that they are on some precious teritorry. Let me know what your site is worth. Then may be we can arrange a meet up at some casino!

Power cuts are no big deal in India. If you ever fell victim of power cuts and wanted to do some google search in that time or just want a mobile Google Search Solution, Google India has launched the SMS search service.
The sms costs you (Rs 2 or whatever is the rate for national sms for your provider). This is a big plus because you dont have to pay for premium sms as you would have to do if you used other shortcodes.

So how do you perform a search? The number to remember (or to add to your contacts) for google search is:

9-77-33-00000

Send your query as sms to this number and you will get a reply containing the results. Here is a sample reply which you would get if you search for “weather delhi”. There are special searches for trains, cricket scores and similar stuff.You can find some example queries and other details here.

Similar service existed in other countries like US, but has recently been launched in India. A welcome feature for the mobile phone crazy India! Way to go Google India!

Intrepid has been out for about a week now. Normally the ubuntu upgrades and installations work flawlessly, however when I upgraded to Intrepid there were a few problems. The most profound is what some have called the “Black Screen of Death”. It’s when ubuntu simply freezes up. So it happened that after the upgrade I was hoping to check out some of the new features in Intrepid, as soon as I logged in, Ubuntu just froze up, just a black screen with a mouse pointer that I could move but could not use. Couldn’t switch to virtual consoles, couldn’t restart X, nothing. In the end decided to use the power button to power off the machine.

Despite knowing that a restart seldom fixes an issue in Linux, I was still hoping the it would boot up just fine this time but it was not to be. Again a BLACK SCREEN that won’t allow you to do anything.

Cause

As it turned out, compiz was having issues with Intel onboard graphics on certain motherboards (845 in my case). There has been a bug report for the problem and it was mentioned in the release notes (damn I didnt read it before upgrading)

Solution

Booted up the system again, this time logged into Failsafe Terminal Session. Removed compiz

sudo apt-get remove compiz compiz-core

So no pretty desktop effects and other compiz tricks in Intrepid. Boooo… So sad as they worked perfectly in Gutsy and then Hardy. Hoping for a bug fix to be pushed into updates soon, so that we all will be able to use the compiz goodness once again.

Moral

Read the release notes thoroughly!

As you know MakeUseOf.com is one of the most popular tech blogs out there on the Internet. You might have noticed we are having some serious problems with the site right now. To be precise: I woke up to the news that MakeUseOf.com domain account with GoDaddy has been hacked and the Domain has been transferred to another web company based out of Dubai.

There have been some serious reactions and theories on digg and other blogs about how this was achieved, however we are still not sure and wouldn’t like to speculate. [UPDATE: A recent post on the MakeUseOf Status Blog provides more details and updates]

Rest assured we are working to get the domain back. Meanwhile you can visit http://makeuseof-temporary.blogspot.com for updates on the situation. If you are subscribed to the feed you will get the updates anyway so hang in there. BTW if anyone has a contact in GoDaddy or can help in someway to get things rolling it will be really appreciated. Use the form to get in touch.

Similar situation had cropped up with designer David Airey’s site some time back. He got it restored and had written a post explaining what had happened and how he got it back.

Hopefully MakeUseOf will be back sooner rather than later with quality articles that you love.

[UPDATE: Its back with it rightful owners. Yay!] ]]> https://varunkashyap.wordpress.com/2008/11/03/makeuseofcom-domain-has-been-hacked/feed/ 1 281 Varun Kashyap