ScriptNo: A Quick Guide

A lot of work has been put into ScriptNo, an extension for Chrome that allow for you to control what loads on pages, increasing security and decreasing the time it takes for a pages to load.

This article will serve as a guide to get you quickly running ScriptNo, and configure it to your browsing needs!
Read more

ScriptNo

This post is a quick walkthrough of the features of my Chrome extension, “ScriptNo”: https://chrome.google.com/webstore/detail/oiigbmnaadbkfbmpbfijlflahbdbdgdf

ScriptNo is quite feature-rich, so hopefully this helps walk you through setting it in such a way where it works best for you.

Just to clarify: ScriptNo leverages the “beforeload” handler in Chrome, blocking SCRIPT, OBJECT, EMBED, IFRAME, FRAME, IMG elements before they are loaded (while APPLET, AUDIO, VIDEO, and NOSCRIPT are removed after the page has been loaded; this is a limitation in the Chrome API).

Read more

My Analysis of SonyPictures.com Passwords

I went through all of the passwords, filtered/sorted/crunched, and I present the 30 most-used passwords presented in bar graph format, with some simple deductions.

There was no need to decrypt them as they were all in plaintext (bad, bad, bad)). I created a simple Excel formula to count the number of occurrences in the range (=COUNTIF(RANGE,CELL)), did some more sorting/filtering, and hit the graph button.

So, here is what I’ve quickly deduced from the above graph:

• Sony users = Seinfeld fans (?)
• Cultural differences exist in passwords (e.g. I have no idea what foto4U2 is)
• Many users signed up for a contest of some sort and hoped to win (“winner”, “sweeps”, “contest”)
• “purple” is a popular colour
• I wonder if users with either “george” or “michael” like(d) George Michael‘s music
• Honestly, I’m surprised “password” and “123456″ were not the top two (and maybe throw “abc123″ in there as well)
• Take-aways:
  • if your password is one of the 30, change your password right away to something more secure that includes numbers, some symbols (e.g. @#$%), and something that isn’t just a word or two (dictionary lists and attacks exist)
    • even if the password were “password” or “purple” and were encrypted, they could be decrypted within seconds
  • avoid using the same password for everything
• Take-away for Sony: md5($password.$salt) (and addslashes($_GET['id']) next time.

Disclaimer: I don’t condone the public release of email addresses and passwords (whether it be encrypted or plaintext), nor was I involved in any way with this incident. This was a simple exercise I decided to do. In my analysis, I discarded the usernames/email addresses that were associated with the above passwords out of respect for those who were included in the breach (if you were, change your password!)

TrueCrypt and Dropbox

Recently there has been increasing concern over privacy on Dropbox (an online file synchronization service). I am in the midst of putting my school files and portfolio work that I have on Dropbox in a 3GB TrueCrypt container I created (of course I put them in a RAR file before putting them in the container since I won’t be updating them frequently, to conserve space).

Overall, Dropbox is awesome because I didn’t have to worry about losing my data or changes (as it has revision-history support). While some others on the Internet are dumping Dropbox, I appreciate its service but felt compelled to encrypt my more sensitive documents.

This post will quickly outline the steps I took, and some tips I’ve come across. (TrueCrypt is free and Dropbox offers 2GB for free)

Read more

iTunes and “Perfect” Equalizer Settings

http://hints.macworld.com/article.php?story=20040902070807431

To access the Equalizer: View => Show Equalizer

The exact dB values aren’t shown when you adjust the pointers, so I had to do it by eye, like so:

Play around with the settings; after you’re satisfied, don’t forget to click on the drop-down list and click on “Make Preset” and enter a name to save it.