They’re alive…. they’re ALIVE!
Windows 8.1: What a difference a year makes
Windows 8 was an ambitious operating system. Microsoft’s goal was, and still is, to have a single operating system that can span the traditional PC, the tablet, and everything in between.
To do this, the company introduced a new kind of application—the “Modern” or “Metro” style application. It created a new style of interaction—an edge-based UI for touch users, a hot-corner based one for mouse users. And it developed a new application launcher—the Start screen. Microsoft retained the familiar Windows desktop for running traditional mouse and keyboard driven Windows software.
Windows 8 worked. It was a viable operating system, and in broad strokes, it fulfilled Microsoft’s dream of one operating system for tablets and PCs. But Windows 8 was far from perfect. Its problems were in three main areas.
First, the touch interface was in many ways incomplete. There was a nice touch-friendly settings app, for example, but it couldn’t be used to configure most system settings. Instead, you had to use the desktop Control Panel.
Second, it did essentially nothing to marry the new touch UI to the old desktop. Both are important, and both have a role to play, but in Windows 8, the two lived in almost entirely separate worlds, with different styles of interaction, different appearances, and different capabilities.
Third, and perhaps most unforgivably, it did almost nothing to teach people how to use it. Windows 8 introduced a bunch of new concepts and new ways of using the operating system, but it didn’t tell users about any of them. Full story
In case you missed NY Comic Con: We were there to take photos. Check out our photo gallery from over the weekend.
How the Bible and YouTube are fueling the next frontier of password cracking
Early last year, password security researcher Kevin Young was hitting a brick wall. Over the previous few weeks, he made steady progress decoding cryptographically protected password data leaked from the then-recent hack of intelligence firm Stratfor. But with about 60 percent of the more than 860,000 password hashes cracked, his attempts to decipher the remaining 40 percent were failing.
The so-called dictionary attacks he mounted using lists of more than 20 million passwords culled from previous website hacks had worked well. Augmented with programming rules that substituted letters for numbers or combined two or more words in his lists, his attacks revealed Stratfor passwords such as “pinkyandthebrain”, “pithecanthropus”, and “moonlightshadow”. Brute-force techniques trying every possible combination of letters, numbers, and special characters had also succeeded at cracking all passwords of eight or fewer characters. So the remaining 344,000 passwords, Young concluded, must be longer words or phrases few crackers had seen before.
"I was starting to run out of word lists," he recalled. "I was at a loss for words—literally."
He cracked the first 60 percent of the list using the freely available Hashcat and John the Ripper password-cracking programs, which ran the guesses through the same MD5 algorithm Stratfor and many other sites used to generate the one-way hashes. When the output of a guessed word matched one of the leaked Stratfor hashes, Young would have successfully cracked another password. (Security professionals call the technique an “offline” attack because guesses are never entered directly into a webpage.) Now, with his arsenal of dictionaries exhausted and the exponential increase in the time it would take to brute force passwords greater than eight characters, Young was at a dead end. In the passwords arms race, he was losing. Young knew he needed to compile new lists of words he never tried before. The question was where to find the words. More at Ars Technica