Friday, October 26, 2012

Analysis of the Punto.pe Leak

That extremely frustrated feeling you get when you cannot crack 50% of a moderately large leak within minutes. When rockyou.txt only nets you 6,124 plains. When 1.2 billion words + 40,000 rules results in a paltry 24,000 plains. Oh, that frustrated feeling.

And let's not forget that "you have to be freaking kidding me" feeling you get when you realize that the dump you have been working with for 26 hours actually contains plaintext passwords for 70% of the hashes -- after you've already busted your ass to crack 81% of them. A mistake easily made when you hastily extract only the hashes from a dump, without bothering to look at the rest of the data.

Saturday, October 20, 2012

Rosing IT Security Award finalist 2012

[Oh yeah, you can zoom in on it!]
This is my proof of being not only nominated, but also ending up as one of three finalists for the Rosing IT Security Award in 2012, presented by the Norwegian Computer Society. On Thursday Oct 18 the winner was announced at their annual conference, with Gjøvik University College (HiG) as the winner. Very few individuals has been nominated for the award since its inception in 2002, and I am incredibly proud to be one of them. I am also very happy to congratulate all the excellent people I know there; Christoph, Tone, Morten, Patrick, Kirsi, Nils and others as well. I really look forward to our continued cooperation!

Criteria for the award (Google translated text):
The prize will be awarded to businesses in Norway, or in special occasions to individuals. The receiver will in a positive way - directly or indirectly - have contributed to increased information security and IT security. The contribution may be through dissemination, training or awareness-raising activities, by promoting innovative thinking or to have developed and implemented appropriate methods, standards, concepts, technologies or services that have provided great merits - or otherwise have contributed to this.

Monday, October 01, 2012

New PGP key

I've created a new GPG key with KeyID 7861BC12. Synced to keyserver.ubuntu.com, pool.sks-keyservers.net, keyserver.pgp.com and keys.gnupg.net. It even includes a picture. You can get it here.
My old key (KeyID D0D0AEF6) has been set to expired.