Tag Archives: security

Simple Great Passwords v Cracking Dictionaries For Rent

 

Anyone who deals with projector or media players should certainly have good password practices. It would be logical that anyone who passes security keys around should also figure out a pattern for creating passwords.

The article’s idea of putting in the last letter of the site associated with the password is a good first stop. So, the password for dcinematools would start with an ‘s’, and since it is easier to have most letters following be small letter, making the ‘S’ capitalized is a second good stop. 

One imagines that eventually hackers will start putting the letters of typical phrases into their dictionary cracking databases. I find it easier to use the letters of some object that is in front of me all day, but never a whole word. So, if the American Heritage Dictionary is in front of me, I might choose the first three letters from each word, and put a number in between each, with one of them being shifted to a symbol. I also have found that I give numbers based upon sensitivity, so that public sites which might have their data stolen get higher (or lower) numbers while more secure sites get the opposite. 

Like all matters dealing with responsibility for other people’s assets (equipment, art, friendship…), passwords are a sometimes pain, often done away with without penalty, but important that one time that it was required. Having a pattern will, in this case with the human-machine relationship, make things easier the one time that it might matter.

Security: Connect the Dots–Ongoing

This article will be an ongoing list of interesting articles in the security arena, none earth-shattering (which will have separate articles), but each one a dot that might connect to other data. Please add other news in the comments or write editor at dciematools.com 

15 August–Welcome to the future: cloud-based WPA cracking is here

Cloud computing is the latest effort to put data off site, to let professionals handle the IT details, or to put large amounts of data close to the user, while allowing the users to concentrate on their application. Dolby, for example, uses the well-regarded Salesforce solution (as do many large corporations) to monitor equipment and solutions in the field. Thus it is news…and really really really points to the need for using excellent passwords.

In 2008, I speculated about the future of distributed security cracking. That future has arrived, in the form of a $17 “cloud” based service provided through the efforts of a security researcher known as Moxie Marlinspike. It is effective against pre-shared key deployments of both WPA and WPA2 wireless networks.

The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. …Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.

If you opt to use the service, you will of course leave a money trail via Amazon Payments — which is probably a bad idea if you are attempting to gain unauthorized access to a secured network illegally. For the good guys testing the security of a client’s network, however, this is an incredibly handy tool to have at one’s disposal.

It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.


 

Please report any security news which you think that community could benefit from in the comments.

Purpose and Contact

There are many tangential groups who create and capture and manipulate the bits, from one lens at the capture point to the other at the exhibition point. There are a lot of specialty magazines and blogs and a lot of distractions in one’s own field to keep focused upon.

We feel that there is a blank spot for people who want to get the highlights of the many various and closely aligned segments that are just outside their daily purview.

Thus, Industry Online.

Our goal is to focus more on tech news and white papers than on commercial press and sales press releases. We won’t have advertising, but we will allow vendors to post special sales (when that directory and page is set up.)

The idea for this tool was formed when Marvin Hall gave a seminal SMPTE presentation at NAB 2007 which spoke to the issues that Modern Video/Film had to go through on each piece that they take in, massage and kick out. Clearly, among the pages of standards and constant deadlines, among the headlong-rush of technology in every particular sub-category, there seems to be a need for cross communication. 

Since we are all forced to be computer experts and help protect copyright interests, we’ll also attempt to keep an eye out for important security information.

And, of course, training—the field is not only fast moving, but we are requiring IT and digital expertise in places where mechanical skill was more important. The long hours of creating standards, and the benefits derived, will be for nought if they and best practices aren’t passed along.

So, we thank you for this opportunity. Your editor began in the pro-audio world in the 70’s. Since then he has sold, installed and trained people on entertainment technology equipment in film and TV studios around the world. He remembers how complicated and expensive motion tracking and 16 gig RAIDs were in the 90’s. In 2002 he was part of the installation groups who installed the first hundred digital cinema systems for the Star Wars II release. Since then, hundreds of HD-SDI cables and projectionist training hours later, he presents this journal.  

 

If you see something interesting, pass it along. If you want to cut out a space to broadcast a message, please feel free to use this forum. Also, we take advice well. Please make any comments, requests or complaints to:

Charles ‘C J’ Flynn

OpsCenter Technologies, Inc.  |  Cheyenne, WY
Internet Marine, SARL    |    Sophia Antipolis, FR

cjflynn @ ops center tech .com <remove spaces, of course>

This news magazine is part of the OpsCenterTechnologies online publishing empire (sic – in many ways).

DCinemaTools was introduced in June of 2009, but not live until mid-January 2010.