Thread: One wall falls, another rises in it's place

  1. #1
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656

    One wall falls, another rises in it's place

    Europe-wide firewall mooted in Council of the EU | ZDNet UK

    When the Berlin wall fell, everyone thought it was to let freedom out into the former USSR.

    Instead, it appears to have let the vile disease of socialist centralism in. The only thing these bozo's do in response to EVERY screwup is to centralise a bit more, add more regulation, remove autonomy from people etc etc.

    It is not without a sense of irony that this whole sorry group is called the EUSSR.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  2. #2
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793
    Cant say I'm surprised. The mystery for me is why we haven't managed to produce a government that will try take us away from this madness - if not totally then at least revert the relationship back to the trading union that was initially suggested and our country voted to join.

  3. #3
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    We had this discussion in Germany a year or two ago when the ministry of youth wanted to erect a great firewall to have a blacklist for child porn. Sadly, "for the children" is a pretty strong argument for almost anything. It did one good thing though: it led a lot of people to the pirate party.

    I really wish we could vote for single politicians instead of whole parties. I really like our current (new) minister of justice who would never approve a firewall such as this. But sadly, the rest of her party is a lot of money-grubbing, greedy lobyists and will vanish with the next election because their only real decision this legislature has been to lower the taxes for hotels. What a surprise that they got their biggest donation from somebody owning a lot of hotels.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  4. #4
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    This raises so many moral issues that I don't see it being approved before hell freezes over. But it does reflect my fear that battling for freedom and against criminalization of certain activities on the internet, while at the same time turning a blind eye (and even actively supporting) all sorts of shaddy activities can only produce these type of answers.

    We are quick to shout for our civil rights, but we won't think twice before publicly supporting hacking, pirating, unregulated porn, or cheering when Sony gets the largest cyberattack in history against a corporation. This just can't keep going on forever. There must be a level of responsibility or we will soon or later get a regulated internet. Because I don't trust individuals can police themselves (I think we proved we can't), regulations are probably just around the corner; i.e. in 20 years the internet isn't probably going to be anything like what we have today. Just not something as drastic as this firewall nonsense.

    It doesn't help either that the whole TCP/IP thing is one class-a cluster........ in this day and age, where in order to be minimally protected you have to hire a small army of engineers and still face the fact "there's no such thing as a secure system". We essentially grew a Beast that can serve to perform vicious crimes against corporations, individuals and entire states and we are still expecting to let it run lose and unchecked. I'm not so sure it will.

    My opinion? We are screwed. It's going to happen sooner or later, because we can't even agree on the fact that we should at the very least stop supporting criminal activities on the web.
    Last edited by Mario F.; 05-04-2011 at 05:41 PM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  5. #5
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    cheering when Sony gets the largest cyberattack in history against a corporation.
    This was almost entirely their fault though. They didn't hash PSN passwords, or practically anything else personal and sensitive. There might still have been a breach, but it wouldn't have been as bad as possible, which is what happened.

    I'm rather surly on the prospect that the law will fix everything given that particular example of negligence.
    Last edited by whiteflags; 05-04-2011 at 06:03 PM.

  6. #6
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    I don't think law will fix anything, agreed. I'm playing devil's advocate there, make no mistake.

    It won't fix it, because regulation will defeat the purpose of the internet. Pretending for a moment we get to see a heavily regulated internet in the future, all that will be achieved is segmenting the internet. There will be those that have access to content A and those that don't have it. Give it a few more years, and content being filtered would also start to be politically motivated.

    The big problem I see though is, can we avoid this? How many more cheers for Anonymous before we lose the control we thought we had? Or, from another perspective, what do we think will happen in the aftermath of a nation-wide cyberattack?
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  7. #7
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by whiteflags View Post
    This was almost entirely their fault though. They didn't hash PSN passwords, or practically anything else personal and sensitive. There might still have been a breach, but it wouldn't have been as bad as possible, which is what happened.

    I'm rather surly on the prospect that the law will fix everything given that particular example of negligence.
    Everything I've read from the press releases suggests that the passwords were hashed (and what else would you expect to be hashed?), but what the hell does that matter, anyway...? When you have 77 million accounts, brute-forcing some hashes becomes trivial.

    That said, whether it was their fault or not, anyone that cheers for or defends someone stealing personal information, regardless of its accessibility, is in the wrong and I'm personally sick of seeing it.
    Last edited by SlyMaelstrom; 05-04-2011 at 09:05 PM.
    Sent from my iPadŽ

  8. #8
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    Well if the passwords were properly encrypted (which in everything I've read means hashing) then it's not like the bad guys would have gotten the passwords, even if they knew everything about how the passwords were stored -- the hashing algorithm used, etc. I might be defending it only because I have nothing at stake, but basically, even if we are screwed in regards to the internet, it's not like someone can shirk responsibility for other people's information if they're responsible for it. The highway to hell is paved with good intentions. I won't cheer but I think a screw you is in order to Sony.

  9. #9
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Actually... now that I think about it, why would they want to get the passwords anyway? Sure, properly hashing passwords is a good security measure, but considering the circumstances that the hacker apparently got ALL of the personal information of ALL of the users, then I'm not sure what they would get by hacking into my account, at all. Perhaps they'd want to see how many platinum trophies I have without having to find me in PS Home first?
    Sent from my iPadŽ

  10. #10
    Lurking whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    9,613
    Why do people do anything at all?

  11. #11
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,412
    Quote Originally Posted by SlyMaelstrom
    Sure, properly hashing passwords is a good security measure, but considering the circumstances that the hacker apparently got ALL of the personal information of ALL of the users, then I'm not sure what they would get by hacking into my account, at all.
    Maybe you reuse your password for your online banking account. After all, if no one ever reuses passwords, then hashing them for storage is pointless when they are stored along with information that is supposed to be restricted through authentication with the password and subsequent authorisation.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  12. #12
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    The attack may also have had little to do with getting users accounts, but more at damaging the company. Getting those accounts may be just the means to an end. Not the end itself.

    I agree that Sony doesn't come clean of this in any way. Even considering some of the most sensible data was hashed (and salted), the dimension of this assault makes it impossible to not view the company in a very bad light indeed. There's however the possibility this may have been an inside job, for which reason I suggest we keep it to a minimum for now. But yeah, I wouldn't dream blaming a victim of rape because she insinuated herself to her attackers. But I would certainly frown at her behavior.
    Last edited by Mario F.; 05-05-2011 at 06:00 AM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  13. #13
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by laserlight View Post
    Maybe you reuse your password for your online banking account. After all, if no one ever reuses passwords, then hashing them for storage is pointless when they are stored along with information that is supposed to be restricted through authentication with the password and subsequent authorisation.
    I use "crypt" to store passwords, which is not uncrackable in the sense that, if you get hold of the encrypted password, it is not impossible to come up with a string that will satisfy the crypt function and produce the same hash, and you could now use that particular account. But that is not the same thing as actually getting the original, unencrypted password.

    Because crypt is one way, and there are other possible strings that could produce the same hash, you would have no way of knowing whether the string that you found is the same as the one that produced the hash originally. This eliminates the possibility that someone who got the password database and "decrypted" all the passwords could try to reuse them somewhere else -- because while the decrypted strings will work here, they would only work there if there also used libcrypt (presuming the string is actually not the same as the original password).

    I'd hope this is a standard practice, and I also believe there are methods much better than libcrypt that do the same thing (produce an irreversible hash). Altho I haven't checked, since I'm not sure if that would matter in my circumstances.

    If Sony had been using decent one way encryption, it is not possible for someone to have gotten an entire database of passwords in their original, unencrypted form (altho I don't know if anyone actually did that, as opposed to simply getting strings that would allow them to access the accounts at Sony).
    Last edited by MK27; 05-05-2011 at 06:15 AM.
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  14. #14
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,909
    The big deal with getting the account info is that many people store their credit card info in there so they don't have to reenter it when they buy some content. Totally stupid IMO. And, as SlyMaelstrom pointed out, with 77 million accounts, I'm pretty sure you could find some dictionary words that satisfy the hashes. Probably half the account holders are under 12, with mommy and daddy's credit card on there, and are too young to understand just how important good passwords are. As for the rest: "evil will always triumph because good is dumb".

  15. #15
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    >> with 77 million accounts, I'm pretty sure you could find some dictionary words that satisfy the hashes.

    hmm... dictionary attacks against a hash are only viable if it wasn't salted. We don't know at this point if they were.

    >> Probably half the account holders are under 12, with mommy and daddy's credit card on there, and are too young to understand just how important good passwords are.

    The CC database wasn't breached. What was breached was an old (2007) database with some 13,000 CC numbers and expiration dates (but no security codes, naturally). Some, most, if not all, of these numbers have already expired.

    What I find irritating is that personal private information is still out there in raw format. I don't know... but everytime I'm doing a customer table(s), I have always hashed last name, address, postal code and phone and email contacts (along with any single CC field). The fact the media always loves a good ruckus around credit card theft, shouldn't stop anyone involved in actually creating these database from using bloody common sense and actually learn how to preoperly identify sensitive information. It's not just the goddamn credit cards, for pete's sake.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. FscanF Program falls over
    By gda2004 in forum C Programming
    Replies: 9
    Last Post: 12-02-2009, 12:34 PM
  2. The wall behind is showing over the wall in front. (Glut)
    By Queatrix in forum C++ Programming
    Replies: 2
    Last Post: 10-22-2005, 04:50 PM
  3. Jet Li falls on hard times?
    By Govtcheez in forum A Brief History of Cprogramming.com
    Replies: 11
    Last Post: 01-29-2005, 10:11 AM
  4. temperature rises
    By MisterSako in forum Tech Board
    Replies: 22
    Last Post: 09-28-2004, 01:08 PM
  5. when does niagara falls open ?
    By blitzkrieg in forum A Brief History of Cprogramming.com
    Replies: 18
    Last Post: 04-18-2003, 10:37 PM