ScriptNo
This post is a quick walkthrough of the features of my Chrome extension, “ScriptNo”: https://chrome.google.com/webstore/detail/oiigbmnaadbkfbmpbfijlflahbdbdgdf
ScriptNo is quite feature-rich, so hopefully this helps walk you through setting it in such a way where it works best for you.
Just to clarify: ScriptNo leverages the “beforeload” handler in Chrome, blocking SCRIPT, OBJECT, EMBED, IFRAME, FRAME, IMG elements before they are loaded (while APPLET, AUDIO, VIDEO, and NOSCRIPT are removed after the page has been loaded; this is a limitation in the Chrome API).
Somalia Crisis
Using most of the donations I’ve gotten from generous users of my Decreased Productivity Chrome extension, I’ve donated $50 to the World Food Programme to help with efforts to combat hunger and famine in Somalia (instead of buying myself coffee)
My Analysis of SonyPictures.com Passwords
I went through all of the passwords, filtered/sorted/crunched, and I present the 30 most-used passwords presented in bar graph format, with some simple deductions.
There was no need to decrypt them as they were all in plaintext (bad, bad, bad)). I created a simple Excel formula to count the number of occurrences in the range (=COUNTIF(RANGE,CELL)), did some more sorting/filtering, and hit the graph button.
So, here is what I’ve quickly deduced from the above graph:
- Sony users = Seinfeld fans (?)
- Cultural differences exist in passwords (e.g. I have no idea what foto4U2 is)
- Many users signed up for a contest of some sort and hoped to win (“winner”, “sweeps”, “contest”)
- “purple” is a popular colour
- I wonder if users with either “george” or “michael” like(d) George Michael‘s music
- Honestly, I’m surprised “password” and “123456″ were not the top two (and maybe throw “abc123″ in there as well)
- Take-aways:
- if your password is one of the 30, change your password right away to something more secure that includes numbers, some symbols (e.g. @#$%), and something that isn’t just a word or two (dictionary lists and attacks exist)
- even if the password were “password” or “purple” and were encrypted, they could be decrypted within seconds
- avoid using the same password for everything
- if your password is one of the 30, change your password right away to something more secure that includes numbers, some symbols (e.g. @#$%), and something that isn’t just a word or two (dictionary lists and attacks exist)
- Take-away for Sony: md5($password.$salt) (and addslashes($_GET['id']) next time.
Disclaimer: I don’t condone the public release of email addresses and passwords (whether it be encrypted or plaintext), nor was I involved in any way with this incident. This was a simple exercise I decided to do. In my analysis, I discarded the usernames/email addresses that were associated with the above passwords out of respect for those who were included in the breach (if you were, change your password!)
TrueCrypt and Dropbox
Recently there has been increasing concern over privacy on Dropbox (an online file synchronization service). I am in the midst of putting my school files and portfolio work that I have on Dropbox in a 3GB TrueCrypt container I created (of course I put them in a RAR file before putting them in the container since I won’t be updating them frequently, to conserve space).
Overall, Dropbox is awesome because I didn’t have to worry about losing my data or changes (as it has revision-history support). While some others on the Internet are dumping Dropbox, I appreciate its service but felt compelled to encrypt my more sensitive documents.
This post will quickly outline the steps I took, and some tips I’ve come across. (TrueCrypt is free and Dropbox offers 2GB for free)