Feeds:
Posts
Comments

If you been using Ubiquity with Firefox, have a look at Quix. It combines a number of useful bookmarklets into one. You can then use them as commands to the browser. It is possible to add your own commands and override the existing ones. More details at quixapp.com

Testing out Posterous

This is a test post to see if everything is configured right. All the posts can be accessed at my Posterous. I have configured to mirror every post onto  my blog. Tweets and facebook updates should be sent automatically too.

In case you are wondering what all this is about, I suggest you have a look at Posterous. Its amazing what all you can get it done. I would have shifted my entire blog onto posterous had it not been for the SEO. I am ranking high for the keywords I wanted. In case anyone knows if this can be achieved without hurting SE rankings,kindly let me know.

Oh, and bear with me for a post or two if things don't seem properly aligned. Now, hopefully this works as expected. Over and Out!

You might be aware that several high profile Twitter accounts belonging to people like President Elect Barack Obama, Britney Spears and Fox news being compromised had been compromised recently. This came to notice when tweets like the following began to appear.

hacked fox news twitter

This had been attributed to a phishing email initially but Wired.com provides a detailed account of how the hacker named GMZ was able to gain access to Twitter internal tools and compromise some big profile accounts. He was able to run a dictionary attack on a random Twitter user’s account who happened to have access to Twitter internals.

While this may sound like too much of a co incidence, it re iterates the number 1 rule of a strong password: NEVER USE A WORD THAT CAN BE FOUND IN A DICTIONARY AS YOUR PASSWORD. The account that was compromised had a pretty weak password: ‘happiness’ which is very easy to guess, let alone brute force.

Learning from this and the worst passwords of all times, you can easily create strong passwords.

That said, I know many people who just shrink back at the thought of remembering strong passwords and would rather use their dog’s name, often giving arguments like “Why would anyone want to hack into my account?”. Well apart from the fact that your account can be used in n number of ways against you, you should also realize that many people make a living out of getting personal data and their are plenty of buyers of such information. While in the Twitter case, you can argue why Twitter didn’t have an unsuccessful log ins limit, it goes to show that you have to be responsible not only for yourself but for others too (Think Social Networks). Moreover a well constructed password is not at all difficult to remember and yet secure.

Here are some tips you should follow to generate and use strong passwords:

Don’t use dictionary words

dictionaryIt’s a crime if you do so. And for that matter don’t even use combination of words like ‘prankfox’ or something similar formed by combination of two separate words. While more secure than a single word, these are not going to trouble a well written hacking tool.

Don’t attribute the password to yourself or your near/dear ones directly

familyThis means you cannot use your Car chassis number (although pretty good, but better avoid), model number, your girlfriend’s name, your father’s name or birthplace as your password. While these may not feature in most dictionaries, these are some of the common attempts of a Social Engineer. Besides, you won’t want your seemingly friendly colleague who knows great deal about your life, having access to your accounts. Do you?

Don’t use repetition or sequences

sequenceThis means you cannot use ‘abcdzyxw’ or ‘ggggggg3333′. Although these are not directly from the dictionary and might seem pretty secure but modern password crackers are good enough to take such things into account! The sequences also include consecutive keys on a keyboard. That is you should not use ‘asdfuiop’ or similar passwords that are easy to guess based on the keyboard layout. You can’t even imagine how easy it is for a casual person (let alone an adept shoulder surfer) looking over your shoulder to get your password if you violate this rule.

Those where the big DON’Ts. Now moving on to the DO’s:

Mix Upper case and Lower Case letters

mixwordsI cannot emphasize this point enough. You know that the passwords are case sensitive, meaning that ‘happiness’ is different from ‘Happiness’ which is different from ‘HaPpINEsS’ when used as passwords. Just think about it, even if you are using ‘happiness’ as your password but you mix lowercase and uppercase letters and use something like ‘HAPpiNesS’ then a typical dictionary attack will not be able to figure out your password, unless it tries every possible combination for every possible letter in the word, for all the words in the dictionary, which would take months if not years.

Add in some numbers and special characters

numbersWe just say how mixing uppercase and lowercase letters makes your password difficult to crack. If you add some numbers and special characters (like %,#,_,; etc) in your password, you would not only avoid a majority of dictionary files but also increase the number of computations required to get a successful match

Use sufficiently long passwords

long_giraffeUse relatively large passwords. Most web applications fix a minimum length of 6 characters these days, but even when choosing passwords elsewhere you must not drop below this length. The longer the passwords the difficult it is to guess, unless it violates one of the above rules. Long passwords are also difficult to remember so you should figure out a nice length that is not too small and not difficult for you to remember at the same time.

Some Strategies for strong yet easy to remember passwords

  • Start with a sentence. Say: “I had a BMW as my second car”
  • Take first letter of each word ‘IhaBamsc’
  • Password is already pretty strong, now reverse it ‘csmaBahI’
  • Introduce some numbers. You can use 2 with s of second as ‘c2smaBahI’
  • Make the password, easy to pronounce let’s say ‘c2EsmaBahIn’ i.e c2 – esma – bahin (makes no sense but can help you remember the password if you can pronounce it easily in your mind)
  • Add a special character or two if you desire ‘c2Esma_BahIn’.

There you have it a pretty strong 12 character password originating from the second car you owned! Yes, indeed you should be using passwords like the one above. This is just one of the methods. The key is to devise your own method if you can and stick to it. It will be truly unique and most secure.

Passwords are important, really very important, sometimes I think there is too much depending on a password. For instance just imagine if someone had the password to your Google account? There is so much depending on that one password, use your imagination!

Stay tuned for part 2 of the post where we will have look on some tools you can use to create and manage passwords.

You can get notified automatically when it’s out by subscribing to the RSS feed.

It is said that a wise man learns from other’s mistakes (or something similar!). Here is a list of 500 lamest/worst passwords of all time I came across on the web. Hope yours is not on the list!

Sr. No Top 1-100 Top 101–200 Top 201–300 Top 301–400 Top 401–500
1 123456 porsche firebird prince rosebud
2 password guitar butter beach jaguar
3 12345678 chelsea united amateur great
4 1234 black turtle 7777777 cool
5 pussy diamond steelers muffin cooper
6 12345 nascar tiffany redsox 1313
7 dragon jackson zxcvbn star scorpio
8 qwerty cameron tomcat testing mountain
9 696969 654321 golf shannon madison
10 mustang computer bond007 murphy 987654
11 letmein amanda bear frank brazil
12 baseball wizard tiger hannah lauren
13 master xxxxxxxx doctor dave japan
14 michael money gateway eagle1 naked
15 football phoenix gators 11111 squirt
16 shadow mickey angel mother stars
17 monkey bailey junior nathan apple
18 abc123 knight thx1138 raiders alexis
19 pass iceman porno steve aaaa
20 fuckme tigers badboy forever bonnie
21 6969 purple debbie angela peaches
22 jordan andrea spider viper jasmine
23 harley horny melissa ou812 kevin
24 ranger dakota booger jake matt
25 iwantu aaaaaa 1212 lovers qwertyui
26 jennifer player flyers suckit danielle
27 hunter sunshine fish gregory beaver
28 fuck morgan porn buddy 4321
29 2000 starwars matrix whatever 4128
30 test boomer teens young runner
31 batman cowboys scooby nicholas swimming
32 trustno1 edward jason lucky dolphin
33 thomas charles walter helpme gordon
34 tigger girls cumshot jackie casper
35 robert booboo boston monica stupid
36 access coffee braves midnight shit
37 love xxxxxx yankee college saturn
38 buster bulldog lover baby gemini
39 1234567 ncc1701 barney cunt apples
40 soccer rabbit victor brian august
41 hockey peanut tucker mark 3333
42 killer john princess startrek canada
43 george johnny mercedes sierra blazer
44 sexy gandalf 5150 leather cumming
45 andrew spanky doggie 232323 hunting
46 charlie winter zzzzzz 4444 kitty
47 superman brandy gunner beavis rainbow
48 asshole compaq horney bigcock 112233
49 fuckyou carlos bubba happy arthur
50 dallas tennis 2112 sophie cream
51 jessica james fred ladies calvin
52 panties mike johnson naughty shaved
53 pepper brandon xxxxx giants surfer
54 1111 fender tits booty samson
55 austin anthony member blonde kelly
56 william blowme boobs fucked paul
57 daniel ferrari donald golden mine
58 golfer cookie bigdaddy 0 king
59 summer chicken bronco fire racing
60 heather maverick penis sandra 5555
61 hammer chicago voyager pookie eagle
62 yankees joseph rangers packers hentai
63 joshua diablo birdie einstein newyork
64 maggie sexsex trouble dolphins little
65 biteme hardcore white 0 redwings
66 enter 666666 topgun chevy smith
67 ashley willie bigtits winston sticky
68 thunder welcome bitches warrior cocacola
69 cowboy chris green sammy animal
70 silver panther super slut broncos
71 richard yamaha qazwsx 8675309 private
72 fucker justin magic zxcvbnm skippy
73 orange banana lakers nipples marvin
74 merlin driver rachel power blondes
75 michelle marine slayer victoria enjoy
76 corvette angels scott asdfgh girl
77 bigdog fishing 2222 vagina apollo
78 cheese david asdf toyota parker
79 matthew maddog video travis qwert
80 121212 hooters london hotdog time
81 patrick wilson 7777 paris sydney
82 martin butthead marlboro rock women
83 freedom dennis srinivas xxxx voodoo
84 ginger fucking internet extreme magnum
85 blowjob captain action redskins juice
86 nicole bigdick carter erotic abgrtyu
87 sparky chester jasper dirty 777777
88 yellow smokey monster ford dreams
89 camaro xavier teresa freddy maxwell
90 secret steven jeremy arsenal music
91 dick viking 11111111 access14 rush2112
92 falcon snoopy bill wolf russia
93 taylor blue crystal nipple scorpion
94 111111 eagles peter iloveyou rebecca
95 131313 winner pussies alex tester
96 123123 samantha cock florida mistress
97 bitch house beer eric phantom
98 hello miller rocket legend billy
99 scooter flower theman movie 6666
100 please jack oliver success albert

via [What's my Pass?]

Yep, you read it correct. New Year will be indeed one second late. If you just uttered WTF, you need to know about leap seconds. Righto! There are leap seconds just like there are leap years.

Remember as a kid you studied that a full revolution of earth around the sun is called a year and a full rotation of earth about its axis is called a day. And also that the solar year (time for one complete revolution) is 6 hours more than 365 days. So we have to add an extra day in February to compensate for this differential every 4 years.

Well leap seconds have a similar background. As you might be aware these days time is measured in terms of oscillations of Caesium-133 crystal. Now as it turns out, the crystal is more precise than earth’s rotation. Earth’s rotation is affected by a number of factors like solar winds, motion of masses inside earth etc. So we have a time differential, which keeps on accumulating with each day.

When this difference reaches a certain limit (i.e. close to 1 sec), it has to be corrected and this is when a leap second is added to the time. The total differential accumulated over the entire year is 0.6 so a leap second is generally added after 18 months.

The International Earth Rotation and Reference Systems Service takes care of all the complex mathematics and science for you and announces when a leap second is going to be added. Typically when a leap second is added the clock moves from 23:59:59 to 23:59:60 before striking 00:00:00. As it turns out a leap second will be added at 23:59:59 UTC on 31st December 2008. Here is the official announcement

So what do you need to do? Well computers and cellphones will adjust automatically via NTP and other means, and I suppose you wont be bothered adjusting your wrist watch to the closest second. So go and Party, just wait another second before you wish if you want to be precise and/or if your life depends on it!. If you are interested in catching the clock turn 23:59:60 these are some of your best bets or have a look here

Here in India we would have already wished new year, but people living in timezones that are behind UTC (and including UTC) would have to postpone the wishes for another second. Or you can countdown to -1 ;) or perhaps ..3, 2, 1, leapsecond, 0, Happy New Year!

Compressed files are common place on the Internet. More often than not the files you download from the Internet contain some form of compressed files. While ZIP and RAR are the most common formats in the Windows world, tar.gz is widely used on the Linux side.

As you might be knowing that you require special software to extract these files. WinRAR and WinZIP are the most common choices. However, these are not free and after the trial period is over you may be greeted with a nag screen or not allowed to use the product all together. So its time we go looking for some alternatives.

As it stands there is just a perfect alternative for all your archiving and extracting needs. Its 7-Zip. 7-Zip is free, open source and apparently performs better than its commercial counterparts. It is available for 98/ME/NT/2000/XP/Vista as well as for Linux. Let’s just see what 7-Zip has to offer:

As soon as you fire it up you are greeted by the powerful file manager. Using it is pretty intuitive. You can perform basic functions like extracting, testing, creating or copying/moving archives

I however like to utilise the integration with Windows Shell. I am sure you will like it this way as well. 7-zip integrates tightly with the right click menu. You can choose which menu options appear in when you click an archive, so it doesn’t clutter your context menu. Just click on file and choose the appropriate action and 7-zip does the rest, quickly and efficiently

7-Zip supports creating and extracting archives which are in 7z, ZIP, GZIP, BZ2 and TAR format while it can extract (not create) archives in ARJ, CAB, CHM, CPIO, DEB, DMG, HFS, ISO, LZH, LZMA, MSI, NSIS, RAR, RPM, UDF, WIM, XAR and Z formats. That’s more file formats supported than you would ever need. A downside can be that is doesn’t allow you to create RAR archives if you use RAR a lot. As for me that is not an issue because of all the other formats that it supports. In particular the 7z format offers better compression than other formats so you might want to look into that.

Don’t take my word for it, the 7-Zip site offers details on how 7-Zip(and the 7z format) compares performance wise with some of the commercial offerings out there:

Another 7-Zip feature that I simply adore is that you can encrypt your data when you are creating an archive in 7z or Zip format. Add in a password and you have got your data protected. Additionally you can choose to encrypt the filename as well if you think the name is giving away too much of information.

Developers can also get access to LZMA SDK that allows you to use compression in your applications. Visit the 7-Zip home page for more details.

7-Zip is perfect for your daily archival needs. Its free, its open source and its better, I have never looked for anything else since I started using it. Give it a shot and let us know how you liked it

Download 7-Zip

Head on over to WebValuer to find out what is your site worth. WebValuer takes in the domain name, fetches some statistics and gives you the net worth of your website.

Techcrazy Blog is valued at $8,495. Hmm.. I am not too sure if this is accurate. Any comments?

Webvaluer claims that although not exact, but still the estimates are good enough to get a general idea. Anyways while you are there you can also have a look at your website’s rank. Online status, employees, demographics. You might already be knowing the stats but its nice and fun to look at what the world sees, and of course at the price

If you have a website and blog, hop over to WebValuer, you can also get a badge to put on your site letting the world know that they are on some precious teritorry. Let me know what your site is worth. Then may be we can arrange a meet up at some casino!

Follow

Get every new post delivered to your Inbox.