[Stahlseele]

You know, with the PSN hacked, there was a big chance for some major cloud computing using the PS3s like they do with those ghetto Supercomputers using multiple Consoles...

Well, it WAS used for that by the US Airforce for example . .
Until Sony, being dicks, decided to take away the OTHER OS Capabilites of the PS3 . .

[CanRay]

You know, with the PSN hacked, there was a big chance for some major cloud computing using the PS3s like they do with those ghetto Supercomputers using multiple Consoles...

Well, it WAS used for that by the US Airforce for example . .
Until Sony, being dicks, decided to take away the OTHER OS Capabilites of the PS3 . .

And that is why we Jailbreak systems.  *Evil Grin*

[Stahlseele]

Yes, and no . .
Big part of the reason is:"Because! Yes, we can!"
Also, did you follow the cause of George "Geohot" Hotz?

[Digital_Viking]

Yes, and no . .
Big part of the reason is:"Because! Yes, we can!"
Also, did you follow the cause of George "Geohot" Hotz?

Worst part of that were the criminals that tried to use GeoHot as justification for their attacks on Sony.

[Digital_Viking]

There is no security anymore.

Never was - or Security as in "We can make something impenetrable". Security is about tradeoffs - stronger security will consume more resources, be it processing cycles or money, or personnel. The trick is finding a balance between business and security needs. But it will never be unhackable. Security is as much about auditing after an incident as it is about preventing one.

Or as Schneier's Law says:"Any person can invent a security system so clever that he or she can't imagine a way of breaking it."

[Stahlseele]

You spend your time making a system foolproof, the universe spends its time making a better fool . .

[Digital_Viking]

You spend your time making a system foolproof, the universe spends its time making a better fool . .

Precisely

[Redjack]

Who cares if you could generate 10 trillion passwords per second? If the server you're trying to brute force only accepts one retry every 3 seconds, it'll still take years and years until you reach the right guess.

This was applied to a password harsh file. Funny thing is that if your dealing with a server, you may be able to trick it into reading out such files to you even tho it is not in the normal paths the server handles.

Then it a matter of applying rainbow tables and brute force techniques to find a matching hash. This then tells you the plain text password.

This could also be applied in a cascade attack where you start with a non-privileged account that has visibility to password hashes to then escalate privileges.

[bigity]

There is no security anymore.

Never was - or Security as in "We can make something impenetrable". Security is about tradeoffs - stronger security will consume more resources, be it processing cycles or money, or personnel. The trick is finding a balance between business and security needs. But it will never be unhackable. Security is as much about auditing after an incident as it is about preventing one.

Or as Schneier's Law says:"Any person can invent a security system so clever that he or she can't imagine a way of breaking it."

Sadly this is very true.  Hell, the NSA guidelines on securing a Windows server involving shutting down services that allow it to operate on a network (like DNS Client).  Why they'd even compile such a document I have no idea but it was great fun (not really) to read and try to follow what was possible.

[CanRay]

Security is for keeping honest people honest.  Professionals will always find a way.

[Onion Man]

It doesn't matter how easy it is to hack a password if all of your network devices use frequency hopping spread spectrum, time division spread spectrum, or my favorite, wavelength hopping spread spectrum encryption protocols.  Good luck making any sense out of the gobbledygook you receive when dealing with serious, proprietary network/telecom tech.

[hobgoblin]

that have exactly zero to do with encryption. The only way it can help is if the next hop info is inside the encrypted data. Btw, Bluetooth uses such a setup in the 2.4Ghz band and recently someone made a Bluetooth sniffer that can keep up with the hopping.

[Onion Man]

For two devices to match FHSS hops they would need to have identical chips configured identically.  FHSS is the encryption employed by USAF.  WHSS isn't officially used anywhere yet.  TDSS is hackable with a sufficient data set.  TDSS might be broken by a bluetooth sniffer, FHSS and WHSS are outside the realm of reality there...

but you do bring up a reasonable point.  2.4gHz iz a garbage frequency so cluttered with mass produced devices that no one OCD about their security should ever use it.  I'd recommend getting a license and using a private bandwidth, or even better, stay wired and use cat-6, or something less common, contained within conduit, the route of the truly paranoid.  Don't forget to have all your doors and windows secured with a gauss loop just in case someone tries to actually remove your PC and take a physical image of your storage device.  It's way more effort than any reasonable person will go through, but you can do amazing things with a clean room, a freezer, a microscope, and all the time in the world.

Edit: after reading the abstract, not yet accepted by any conference anywhere for presentation, I giggle...  These guys think that FHSS devices use a single chip.  That's like trying to make a practical claim with a theoretic analysis... actually, that's exactly what it is.  They're using a substantially similar process (from what little is described in the abstract) as is used to hack TDSS.  FHSS devices work similarly to electronic slot machines.  Multiple chips, active chip changes "randomly" as far as computers can conveniently generate, using a TDSS timing chip (or array of chips).  I'll amend my assertion to say that it's not impossible under ideal conditions (god knows there's someone out there who's job it is to deal with intercepting real FHSS traffic), but that it is impossible in a practical situation.  Also, the abstract makes no differentiation between data encryption and signal encryption.  FHSS, WHSS, and TDSS are signal encryption methods, data encryption methods can be used within them, and they can be used within signal multiplexing technolgy (with the notable exceptions of TDSS not working with TDM and WHSS not working with WDM).

[Onion Man]

that have exactly zero to do with encryption. The only way it can help is if the next hop info is inside the encrypted data. Btw, Bluetooth uses such a setup in the 2.4Ghz band and recently someone made a Bluetooth sniffer that can keep up with the hopping.

Oh dang.  I misread your comment to begin with.  Doesn't change my above comment one bit, but apologies if it seems like I was jumping down your throat about signal tech.  There is very little about bluetooth that makes it desirable to someone like me, like the frequency, the use of substandard hardware to begin with, the myriad versions of bluetooth that aren't exactly compatible (like the dozens of different, incompatible protocols for stereo over bluetooth), etc.  I can see the practical applications for satellite computers for certain warehouse and remote location application, but for personal use its a no and if I were as obsessed with data integrity as I could be after an education in wired signaling technology (wireless was my obsession at the time, now I have an emphatic dislike of it) I wouldn't even consider it.

Again, apologies if it seemed like I was jumping down your throat or anything.  It's 6am here and I haven't slept in at least 2 days (insomnia + hyposomnia = frequent confusion about whether or not you've slept).

[Stahlseele]

i REALLY hate the wireless fad <.<
there are some REALLY easy ways to get into the way of wireless internet . .
made sure i had a good wired network here, wifi only goes up for visitors . .