Entry 23660 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 23660

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

2002/1/24-25 [Computer/SW/Security, Computer/SW/Unix] UID:23660 Activity:high

1/24    Anyone have any ideas and/or pointers of how to crack Yahoo IM offline
        messages and archived chats and conferences without knowing the
        password of the account that you are trying to snoop on?
        \_ No, but I'm sure google does.  -John
        \_ If google doesn't help you could try cracking it yourself.  I'd
           make my own logs with my own account and see what comes out.  Use
           long strings of each character in the alphabet, 1 per log, etc.
           I know they used to send everything over the net in clear text so
           I doubt the archive encryption is tougher than rot13 or des.
        \_ never used it but try http://www.elcomsoft.com/aimpr.html

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2010/3/9-30 [Computer/HW/CPU, Computer/SW] UID:53748 Activity:nil

3/9     http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele
        I failed to see why you must starve the CPU of electricity. Why
        can't you just simulate that in software?
        \_ And if you can simulate that in software, why not just single-
           stepping the simulated CPU and get the key out?
	...

2009/12/29-2010/1/19 [Computer/SW/Security] UID:53607 Activity:nil

12/29   Sounds like the GSM encryption key has been recovered via a
        brute force attack:
        http://www.nytimes.com/2009/12/29/technology/29hack.html
	...

2009/7/12-24 [Computer/SW/Security] UID:53132 Activity:nil

7/9     Ok I'm learning how to do this fancy ssh-keygen thing so that I
        don't have to keep typing passwords inbetween logging into machines.
        What's an ideal size for the number of bits in dsa? 1024 is default,
        but would 2048 enhance it even more? What do you guys use?
        \_ I'm paranoid.  I use 4096.  Go for at least 2048, I'd say...
        \_ If you want to be secure make sure your keys have passphrases, and make
	...

2009/7/8-16 [Computer/SW/OS/Linux, Computer/SW/Unix] UID:53124 Activity:nil

7/7     what happened to our web presence? http://www.csua.berkeley.edu
        not working
    \_ That would be because we've yet to set them up afaik. Steven *does* have
    a job after all. The idea is that we want a separate computer mounting the
    web directories, so that if an exploit compromises the webserver, the shell
    server (soda) itself will be insulated from the attack.
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53083 Activity:low 53%like:53089

6/28    Hello everyone,
Logins to soda are back open.  The new ssh key is
2048 4b:96:67:18:27:da:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Please allow public key authentication since it is more secure
than plain password. Also if you see this posting, it means
anybody could have posted the annoucement.  Because  the
	...

2009/6/29-7/3 [Computer/SW/Security] UID:53089 Activity:nil 53%like:53083

6/29    Please allow public key authentication since it is more
        secure than plain password.  If you see this posting, it
        means anybody could have posted the annoucement.  Because
        the official csua web site is still down., this makes it a
        little suspicious to the truly paranoid.
        p.s.  this web entry format is counter intuitive.  And how come
	...

2009/2/10-13 [Computer/SW/Security, Computer/SW/Unix] UID:52552 Activity:nil

2/10    I have an sh file that does a mount.. the mount does an
        authentication. I previosly stored the username and password
        from zenity prompts. However, I can't get a return on the password
        field. The following only works on the username:
        mount -t davfs "http://blahblah.com/BLahUser11" /mountdir << EOF
        ${username}
	...

2009/1/15-23 [Computer/SW/Languages/Java, Computer/SW/Security] UID:52394 Activity:nil

1/15    http://cwe.mitre.org/top25
        2009 CWE/SANS Top 25 Most Dangerous Programming Errors
        \_ "Avoid inconsistent messaging that might accidentally tip off
           an attacker about internal state, such as whether a username
           is valid or not."  Really?  Fuck you buddy.  I don't always
           remember what my goddamn username was on your stupid fucking
	...

2009/1/5-8 [Computer/SW/Unix] UID:52313 Activity:kinda low

1/3     no hurry but do you know of:
        $ chsh
        Password:
        Enter the new value, or press return for the default
         Login Shell [/usr/local/bin/bash]: /bin/zsh
        failed: Insufficient access
	...

2009/1/2 [Computer/SW/Security] UID:52311 Activity:nil

1/1     Is email still down?  My outgoing email seems to be not working.
        Also ssh password login seems to be not working (but certificate works).
        Thanks and Happy New Year.
	...

Cache (1070 bytes)

www.elcomsoft.com/aimpr.htmlPasswords are recovered instanly, multilingual ones are supported. Please note that AIMPR can recover YOUR lost or forgotten password only, extracting/decrypting it from your own system (if such information is there, of course). Unregistered version can be used during 30 days after installation (although it doesn't expire, actually) and has some limitations. You can order the fully licensed version of AIMPR over the Internet from RegNow with any major credit card. The ordering page is on a secure server, ensuring that your confidential information remains confidential. As soon as RegNow notifies us that your order has been processed (usually in one business day), we will provide you with the serial number which will register your copy of AIMPR. Note: With the Personal License ($30), you can use the program for non-commercial purposes in non-business, non commercial environment. To use the program in a corporate, government or business environment, you should purchase a Business License ($60). We're very sorry for any inconvenience caused by those delays.