Yep, just checked it - my unique LinkedIn password SHA-1 hash is in there.
If you have a LinkedIn account, login NOW and change your password. If you've used that password with other things associated with your LinkedIn login (usually your email address), then change those passwords too!
Here's a link to the hash file: combo_not.txt.zip
Here's a nice write-up on the details as well as a online SHA-1 generator so you can check for your own hash: Errata Security
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
June 06, 2012
January 18, 2012
Skyrim Save Games
UPDATE: It's quite possible that disabling Speedstep is overkill. I'm having success re-enabling Speedstep and disabling CORE PARKING.
I was doing some reading and noticed that one of the issues with Skyrim that is routinely brought up is the "saved game issue," which is basically the idea that corrupt saved games or oversized saved games cause problems. In almost any Skyrim troubleshooting forum thread, you will have someone post a suggestion to disable auto-save.
According to this post:
What this tells me is that the author of the post is not a native English speaker and that the game basically starts up and then applies a series of variables to the engine to continue the game where you left off. Something like:
This is in line with what looks like (haven't tried yet) easy cheats, like giving yourself weapons and giving yourself extra perks through the tilde (~) console commands. This also matches up with my experience where the crashes didn't happen right away, only after a period of time (i.e. variables changing).
I wonder if something in the game engine variables is bad with my saved games, which causes periodic crashes. One way to test this is to clear out all the saved game info (have to Google how to do that) in order to "start from scratch" and then start a new character and see when the crashes start. Or another way is to examine the contents of the saved game and somehow turn on debugging and see if there are any exceptions that are generated by the game engine (there has to be a debugging mode) when the saved game is loaded.
I'm assuming this is normal behavior for any game loading, but maybe the way this was implemented by Bethesda is buggy in some yet-unknown-configurations. Maybe it's a combination of issues and I'm fumbling like a thumbless monkey trying to build a nuclear reactor. Analysis continues....
I was doing some reading and noticed that one of the issues with Skyrim that is routinely brought up is the "saved game issue," which is basically the idea that corrupt saved games or oversized saved games cause problems. In almost any Skyrim troubleshooting forum thread, you will have someone post a suggestion to disable auto-save.
According to this post:
(Format is a bit different but as with Morrowind the .ess file is basically a "mod" loading up the changes you've done to the game and your character to try and describe it fairly simple.)This looks like a reasonably accurate documentation for the Skyrim saved game file format.
What this tells me is that the author of the post is not a native English speaker and that the game basically starts up and then applies a series of variables to the engine to continue the game where you left off. Something like:
- Start at time 0, basic game start.
- Apply the character variables (height, weight, color, attributes)
- Apply the skills variables
- Position player
- Load the variables for the area completed (along with individual stats for each)
- Load the character inventory
- Fast forward time
- etc
- etc
- Start the game
This is in line with what looks like (haven't tried yet) easy cheats, like giving yourself weapons and giving yourself extra perks through the tilde (~) console commands. This also matches up with my experience where the crashes didn't happen right away, only after a period of time (i.e. variables changing).
I wonder if something in the game engine variables is bad with my saved games, which causes periodic crashes. One way to test this is to clear out all the saved game info (have to Google how to do that) in order to "start from scratch" and then start a new character and see when the crashes start. Or another way is to examine the contents of the saved game and somehow turn on debugging and see if there are any exceptions that are generated by the game engine (there has to be a debugging mode) when the saved game is loaded.
I'm assuming this is normal behavior for any game loading, but maybe the way this was implemented by Bethesda is buggy in some yet-unknown-configurations. Maybe it's a combination of issues and I'm fumbling like a thumbless monkey trying to build a nuclear reactor. Analysis continues....
January 17, 2012
Website Password Requirements
Increasingly, I have more and more passwords to remember. Mainly, this is due to different requirements (i.e. minimum length, upper/lower case, numbers, special characters, expiration every X months, etc). Unfortunately, because I am human, my passwords need to make some sense to me. I already have several "series" of passwords that I keep track of mentally. But, the problem is when faced with a login screen, I sometimes have a hard time remembering which password is for what (I'm still fighting the urge to write passwords down). If I could see what the password requirements are, I could make a reasonably successful guess at which password is what.
I believe I'm not the only one, so I'm going to start compiling a list of websites and their password requirements for reference. If you want me to add a site, please leave a comment with the attributes for that site and I'll add it.
I believe I'm not the only one, so I'm going to start compiling a list of websites and their password requirements for reference. If you want me to add a site, please leave a comment with the attributes for that site and I'll add it.
Site: amazon.com
Minimum Length: 6
Numbers Required: N
Upper/Lower Required: N
Special Chars Required: N
Expires: N
Site: google.com
Minimum Length: 8
Numbers Required: N
Upper/Lower Required: N
Special Chars Required: N
Expires: N
Site: newegg.com
Minimum Length: 6
Numbers Required: N
Upper/Lower Required: N
Special Chars Required: N
Expires: N
Other: No spaces, alphanumeric only
Site: isc2.org
Minimum Length: 8 - 20 characters
Numbers Required: Y
Upper/Lower Required: N
Special Chars Required: Y
Expires: N
Site: americanexpress.com
Minimum Length: 8 - 20 charactersNumbers Required: Y
Upper/Lower Required: N
Special Chars Required: Y (only %,&, _, ?, #, =, -)
Expires: N
Other: No spaces and NOT CASE SENSITIVE (!!)
NOTE: This means that they are storing the ACTUAL PASSWORD in their database and not using hashes. Ugh.
Site: Apple/iTunes
Minimum Length: 6 characters
Numbers Required: N
Upper/Lower Required: N
Special Chars Required: N
Expires: N
Site: dell.com
Minimum Length: 6 characters
Numbers Required: Y
Upper/Lower Required: N
Special Chars Required: N
Expires: N
NOTE 2: New requirements since they were hacked.
NOTE 3: Sends email notification of password change.
Site: zappos.com
Minimum Length: 8 characters
Numbers Required:Y/N (either this or Special Char)
Upper/Lower Required:Y
Special Chars Required:Y/N (either this or Numbers)
Expires: N
NOTE 1: Cannot use any of the previous 6 passwords. NOTE 2: New requirements since they were hacked.
NOTE 3: Sends email notification of password change.
Zappos Hacked
I woke up to this email on Sunday:
Here's the text of the email (bolding is mine):
After not panicking, I tried to figure out which password I used on the Zappos site, but alas I got this when I tried to access it:
Because clearly, blocking traffic from locations "outside the continental United States" is a security measure. *rolleyes* This is the Internet, folks - physical location is irrelevant. If I'm attacking a website in the US, the exploit packets will NOT be coming from outside the US, unless I want it to.
First, the bad news:
We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).
THE BETTER NEWS:
The database that stores your critical credit card and other payment data was NOT affected or accessed.
SECURITY PRECAUTIONS:
For your protection and to prevent unauthorized access, we have expired and reset your password so you can create a new password. Please follow the instructions below to create a new password.
We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail. Please exercise caution if you receive any emails or phone calls that ask for personal information or direct you to a web site where you are asked to provide personal information.
PLEASE CREATE A NEW PASSWORD:
We have expired and reset your password so you can create a new password. Please create a new password by visiting Zappos.com and clicking on the "Create a New Password" link in the upper right corner of the web site and follow the steps from there.
We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@zappos.com.
After not panicking, I tried to figure out which password I used on the Zappos site, but alas I got this when I tried to access it:
Because clearly, blocking traffic from locations "outside the continental United States" is a security measure. *rolleyes* This is the Internet, folks - physical location is irrelevant. If I'm attacking a website in the US, the exploit packets will NOT be coming from outside the US, unless I want it to.
Subscribe to:
Posts (Atom)