October 8, 2006
How small is small?
Look at the picture above.
What do you see?
One of those signs you can order with your name or whatever on them, carved from a single piece of wood, looks like.
But that's not what it is.
In fact, it's a little plastic sign.
Well, you may or may not believe it, but the sign is resting on a single human hair.
Watch the movie.
A Beretta that doesn't require a license
From the website:
- Carry the Berreta M9 — Be Ready For Any Task, Anytime, Anywhere!
Fabbrica d’Armi Pietro Beretta S.p.A., or simply “Beretta” to James Bond, “Q”, and other cognoscenti, is the world’s oldest industrial firm — after 480 years of continuous operation!
And of course, Beretta is the world’s most respected gunmaker, in no small part due to the lethal and legendary M9, the 9mm semi-automatic pistol trusted by Special Forces commandos around the globe.
The M9 Multi-Knife lives up to its namesake, with 9 useful implements that can help you out of a jam.
Contained within the satin-polished stainless steel case: a 2-1/4” blade; saw; scissors; screwdriver/bottle opener; can opener; corkscrew; small screwdriver; #2 Phillips; and a leather punch.
Flip out the knurled barrel and a brilliantly efficient LED automatically turns on to beam brightness into black holes!
Includes fitted nylon belt sheath and spring-loaded clip.
'How to crack (almost) any password in less than two minutes'
My headline is the headline over Ken Munro's "Security Matters" piece in the paper version of this weekend's Financial Times.
Long story short: use the pound (£, not #) sign.
- Security Matters: Passwords
Passwords are a fine example of how human frailty can be the weakest part of any secure system. Their very nature makes them problematic.
A good password is long and complex – and hard to remember; weak ones are next to useless. They are also expensive to manage. One of the most requested helpdesk services is resetting a password.
We know that the strongest passwords contain non-alphanumeric characters or symbols, are sufficiently long, and do not contain dictionary words. But some non-alphanumerics are a whole lot better than others.
Password cracking can be likened an evolutionary battle. Better encryption means passwords can be stronger. But with more powerful processing it is possible to crack the “new” stronger password. However, there is a simple way of defeating some password crackers.
Passwords are encrypted by the operating system to prevent theft. The encryption process produces a “hash”. Rather than comparing the log-on to a database of words (known as a “dictionary” or “brute force” attack), an attacker can speed things up by using pre-computed hash tables, such as rainbow tables. These tables contain the “hash values” for virtually every possible password, making the cracking of the password a simple process.
For example, it is possible to compute most Microsoft LAN Manager (LM) hashes. This is one of the formats that Windows uses to store passwords up to 14 characters long. The result is that virtually any hash can be cracked in a couple of minutes. There are failures but only very few.
So how do those few avoid being cracked?
The reason is that most of the widely used password crackers and pre-computed password tables are coded in the US, mostly using US-language character sets.
One way for users outside the US to make use of this quirk is to use passwords that include characters not available on US keyboards. There are a few options including the “£” and “€” signs. We have tried this successfully as a defence against several password crackers. Even a single character password (the £) beats them.
It is a small matter to include a £ sign in your passwords, but it has been overlooked by attackers for a long time. To the best of our knowledge there is no publicly available rainbow table that includes the £, although we are aware of some being computed.
A standard US-language alphanumeric character set contains 62 characters. Include US-keyboard non-alphanumerics, and there are 104. Include the ”Latin-1” character set from ISO 8859-1, which covers most western languages, and the priceless £ sign, and we get 191 characters. This makes brute forcing passwords and pre-computing the hashes an arduous task as the level of password complexity has grown exponentially.
Improving password security can be achieved by removing LM hashes. LM is weak because if the password is longer than seven characters two hashes are created, which means that each half of the password can be attacked separately.
NTLM, a Microsoft authentication protocol, is better. It uses the user’s domain or local system credentials to authenticate them.
NTLM is based on stronger encryption and avoids splitting the password into two parts for encryption.
Single Sign On (single authentication giving access to multiple applications) is often touted as the best solution, and it can work well, but if the SSO server is breached, everything it controls access to could be compromised in one hit.
Yet another option is to use security tokens (authentication devices such as smart cards or key fobs) – though these should not be seen as substitutes for passwords.
In the end, like many security issues, it boils down to risk. Is what you are trying to protect actually worth so much investment, and, if it is, can your people be trusted to remember how to get in?
Ken Munro is managing director of SecureTest (www.securetest.com)
Counterfeit Detector Pen
Sure, the cash is pouring in faster than you can count it — but is it real?
Now you can find out — in the privacy of your own home.
- Smart Money® Counterfeit Detector Pen
The patented Smart Money® Counterfeit Detector Pen has revolutionized counterfeit detection!
Since the advent of color photocopy machines and printers, there has been a surge in casual counterfeiting.
Dri Mark's Counterfeit Detector pen is a highly effective and inexpensive tool for detecting bad bills and deterring counterfeiters from passing phony currency in the first place.
Simply make a small mark on U.S. currency.
An amber mark passes the test, a dark brown or black mark means the bill is probably counterfeit.
Works on all new design U.S. currency (bills series 1959 and later).
Simple to use and very reliable.
But how does it work?
Losing a helmet
Is it just me or has anyone else noticed that this football season helmets seem to be flying off players' heads far more frequently than in past years?
I see a helmet bouncing along the field almost every game now, pro and college.
What gives (besides the chin straps)?
Are the helmet snaps being made differently?
I mean, back in the day, when there was just one strap fastening in two places — one on each side — they rarely came off.
Nowadays there are two snaps on each side so you'd expect the hats to stay on through anything.
Apart from players like Michael Vick and Randy Moss, who like to leave one strap dangling for flair, helmets should rarely come off, with the default "belt + suspenders" two-sided chin strap.
So, like I say — what gives?
Pixellated World Map Rug
'Little T Learns to Share, by Terrell Owens — First in a series of children's books by the über-controversial Dallas Cowboys wide receiver
It's due out next month, the first in his Timeout Series.
Long story short: The sequels, "Little T Learns What Not to Say" and "Little T Learns To Say I'm Sorry," are expected in Spring 2007 and Fall 2007, respectively.
Here's Calvin Watkins story from this past Friday's Dallas Morning News.
- T.O. and kids? Book it
Owens-inspired children's book to hit shelves next month
You can attach many labels to the outspoken Terrell Owens.
But children's author?
The often controversial Cowboys playmaker, who made headlines last week for what was determined to be an accidental overdose, will now release his first children's book — "Little T Learns to Share."
Dallas-based publisher BenBella Books said it should hit bookstores in mid-November.
This is no tell-all, such as "T.O.," the book on his life he released this summer.
It's about a a young boy learning the value of sharing.
Little T, the title character, refuses to share his football at first but later realizes he can't enjoy his new ball without friends.
"I tried to play outside alone and throw it by myself, but football isn't football unless you play with someone else," Little T tells his mother in the book.
It's the first book of T.O.'s Timeout Series. The second book, "Little T Learns What Not to Say" is due in spring 2007, and the third one, "Little T Learns To Say I'm Sorry comes out fall 2007." The other topics haven't been determined.
"It's a life lesson for discipline," said Courtney Parker, the co-author who's known Owens since they were freshmen at Tennessee-Chattanooga. "It's ironic because he's considered one of the more undisciplined players in the NFL."
After Owens was released by the Eagles in 2005, he was talking with Parker on the phone about writing a book.
"We're watching television and the commentator said, T.O.'s behavior is so childish," Parker said. "And then [Owens] says, 'That's not a bad idea for a book. It should be about discipline since the world thinks I have none."
Owens was unavailable for comment.
Oh, yeah, one last thing: don't bother calling or dropping by between 4:15 p.m. and 7:30 p.m. (ET) today 'cause I'll have my game face on for Dallas v Philadelphia on Fox.
They say it's the hottest ticket of the year except for the Super Bowl.
One Click Butter Cutter
Put the fun back in food.
From the website:
- One Click Butter Cutter
This ingenious butter cutter delivers one standard pat with each click of the handle.
Slices, serves, and stores one stick of butter or margarine.
No more messy butter dish.
5 pats equal 1 tablespoon.
2"W x 3"D x 8"H.
$19.99 (butter included. Not.).