i was wondering how fireworks would look like in black and white.
Monthly archives for January, 2010
rockyou, a service that offers up applications to social networking sites, has been hacked. 30 million user passwords along with the associated e-mail address has been compromised and some has been reportedly been leaked on the net. rockyou has apps in facebook and myspace. if you run applications made by rockyou they highly recommend that you change your password in rockyou and other online accounts that use that e-mail/password combination (presumably associated with rockyou). now.
with a handful of government websites being hacked the a lot of people have been asking me, “is that really possible? can they really hack into the election system?” the short, practical answer is, “given time, a hacker can hack into anything. given time.”
let’s clarify something first. a website is like a billboard or a poster—it serves up information about whatever. its easily accessible to the general online public.and it can easily be defaced when no one is looking or if its not guarded. and if it does get defaced it doesn’t mean the person who did it was able to get into the company premises and steal whatever it is that’s in the safe.
hacking a website is not the same as hacking into a company’s internal network. a corporate website usually just contains information that the company wants the public to see. like i said, similar to a billboard or poster. hacking the website is equivalent to defacing the billboard. there is no real damage done or stolen from the internal network. it is highly unlikely that the internal network of a company is physically connected to its website. how do i know? its best practices—if it can be avoided, you do not connect the web server to the internal network. and if you do, you have to make sure that there’s at least one layer of security (essentially a firewall with a ridiculously long passphrase) between the web server and the internal network.
how could have the websites been hacked?
its a combination of several things which also includes luck but its mostly laziness on the part of the server administrators. they could have put a longer password and, if it is possible, change the username of the administrative account. and these things should be changed again every so often—six months with some of my servers. there are easily downloadable “tools” to help today’s script kiddies (noob hackers) get into a website. i do not take that for granted.
how hard is it to hack into a company’s network?
if the network has been setup properly, its pretty hard. you have to know and get through several things before you can get your hands into the good stuff.
first, you have to know the ip address of the door—commonly a firewall—to the internal network. most networks are connected to the internet in one way or another and this firewall has its own ip address. the problem is that there are over 4 billion ip addresses in use on the planet. pick one. the admins certainly wouldn’t publicize their ip address and even if that got leaked there are usually several more they can use.
now if by chance you do get their ip address, you have to know three more things—the port number, the administrative username and the password for that firewall. think of a port number as something like a mini door and there are more than 64 thousand of these mini doors in that address. you have to pick one to use. then there’s the username which can be anything and, of course, the password—which can be pretty long. it can even be a sentence complete with capitalization, spaces and punctuation.
if you get through the firewall, you can then proceed to the file or database server which you would need, of course, the administrative username and password. which, again, can be anything. and there are some who are paranoid enough to put another firewall between the first firewall and the database server.
so to recap, you would need the ip address, port number, the administrative username and password of the firewall, the internal ip address, the administrative username and password of the database/file server. and also the administrative username and password of a secondary firewall you may encounter. and you have to enter all of this data in a very limited amount of time.
best of luck to you.
so the answer is “if the system is setup properly, no, they can’t really hack into the election system.”
is there another way to get around all this security?
there actually is. you can try launching a phishing attack specifically targeting the system administrators and pray that they’ll fall for it. personally, i do not think the admins are stupid enough to fall for such an attack.
what can i do to be safe from such attacks?
for starters, don’t believe everything that gets sent to you via e-mail. and don’t click on that link that your friend sent to you without carefully inspecting it first. and try not to use internet explorer. please.
corner of legarda and recto
when i walk this way in the morning i constantly see someone waiting for somebody. the corner apparently became a meet up place where friends, classmates or relatives agree to meet before school or work or after.
i do not think i have much time to spare. i try to spend my days being with people dear to me and on things i enjoy doing. i cannot give any more time because i do not have any to give.
if by chance our paths will cross again please be kind. i will remember and afford myself the luxury of looking at past memories for a moment but i will be silent.
grandson & grandfather
23rd december 2009
mall of asia, pasay city
its a picture of my son and my father
the start of the year was “traditional” enough—we welcomed it at midnight with festive lights and noise often with a meal and maybe with wine or ale. then maybe before going to sleep we think of what we want to change or do or where we’re heading off to in the coming days. old habits.
2010. its a fresh year and fresh new decade and it comes with its own handful of old and new resolutions as well as tired and fresh targets. it’s cliché but everyone seeks change for better fortunes and easier paths.
i have my own plans, aims and hopes for the coming days and most of them are not really for public consumption. but i can list down the one that i consider “safe”.
loose 1½ stone. you calculate. jog. ride my bike more. ss. endeavor not to take anything too seriously. this is more for my sake than anyone else’s. give more time and effort to creative projects. play soccer. learn each day. take no more crap from anyone. take better photos. run. get up that mountain. grow grass. spend more time out of the metro. go see more sunsets. spend less. not that i have any money. slim down. its not the same as loosing weight. spend less time online. its not as hard as you think. say what’s on my mind. when asked.
life is anything but predictable. let’s see.