June 28, 2006
Fake Name Generator - do you love anonymity so much you have a whole domain set up for that purpose? Well, then enjoy the fake name generator. My friend Nicholas E. Morris of 394 Beal Road in Santa Fe Springs, CA and his mother (Mrs. Kennedy) enjoy it so much they're planning to use their visa card #4716 5883 3471 4459 (exp 9/2008) to buy bulk fake identities on Nick's birthday (December 6, 1973).
By the way, I can't WAIT to see what kind of crazy this post generates in search referrals. Miss Muffy still garners several hundred search hits a month; a putative cc number in cleartext should do no less.
On the other hand, this sounds like classic Microsoft:
After reading Bruce Schneier's book on crypto, we learned that TEA was a really bad choice as a hash. The book says that TEA must never be used as a hash, because it is insecure if used this way. ... But why did they make this mistake? Obviously the designers knew nothing about crypto - again! - and just added code without understanding it and without even reading the most basic books on the topic.
It's impossible to overestimate how stupid, arrogant and basic some of their mistakes are: everything runs in kernel mode? Jebus. (This is analogous to having every user an admin -- which is a) well know to be insane and b) true of Windows).
My favorite part so far is the tone on that 17 mistakes page. It's more or less, "Look, we tried to work with Microsoft to let them know someone could hack their system by soldering chips and using bogus savegames. In return for our "discoveries", we only expected them to help us run homebrew apps and Linux on the XBox. We just don't know why they wouldn't get back to us when we're being so cordial."
Lemme get this straight: you're a nuisance group to Microsoft that is helping develop ways to crack their hardware, but all you really want is to have them help you run a non-Microsoft OS on their machine? Gosh, I can't figure out why they pretended you didn't exist.
Who are you referring to? I don't understand. Where am I?
Hey, I watched the Tigers beat the Astros in Detroit earlier this week...
PS: hyperlemur dot com is the #6 when searching google for Ronal Bear.
The Xbox article was very fascinating, but I couldn't shake the notion that the writers had limited perspective on some of the things they called mistakes. For instance, in #1 Security vs. Money, they say,
"Be very careful with tradeoffs between security and money. There are rarely sensible compromises. Keep in mind that the very reason for the security system is to make more money, or to prevent money losses."
They go on to cite the use of in-system programming of flash and lower spec SDRAM as evidence of these compromises. Well, these steps likely saved MS several dollars on the cost of each console. Given that they've shipped over 25 miliion consoles at this point, these compromises have likely given them more than $50M in additional profit. Are they losing anywhere close to this much to people who are willing to solder mod chips or do the steps necessary to install Linux? I really, really doubt it.
So the hackers "won" and proved they were smart enough to hack the console, but that doesn't mean that MS didn't still achieve their goal of maximizing profit by making it hard enough to prevent Joe Average from copying games (or booting Linux, yeah right).
"PS: hyperlemur dot com is the #6 when searching google for Ronal Bear."
That is the least auspicious claim to fame I've ever seen asserted.
That being said, the section about the back and forth battle over the font vulnerability was pretty funny.
Go Tigers!
The Ronal Bear and Yaris hatch combo would be so tyte.
Haven't you heard? The Yaris doesn't get along with animals.
« Older She turned me into a duck! | one definition for Roshambo Newer »
To post comments to a thread you must login or create a profile.
In other security news, and possibly only of interest to JalapenoTabouli: The Security Failures of the XBox. I only understood like 60% of this (you can skip past the hairy stuff), but found it interesting to see both how hard a problem this is and how fucking dumb the mistakes they made were. Many are actually the opposite of my stereotype of an MS employee: the guys I knew who went to MS wouldn't come up with the brilliant little hack to leverage the exception as the PC wraps from #FFFFFFFF to #00000000 but would never have failed to read the datasheet showing that Intel chips don't in fact throw an exception.
posted by mrflip at 03:52PM CST on June 28