Gibson Research Corporation writes on Ultra High Security Password Generator:

Since there is no "output from the previous encryption" to be used during the encryption of the first block, the switch shown in the diagram above is used to supply a 128-bit "Initialization Vector" (which is just 128-bits of secret random data) for the XOR-mixing of the first counter value. Thus, the first encryption is performed on a mixture of the 128-bit counter and the "Initialization Vector" value, and subsequent encryptions are performed on the mixture of the incrementing counter and the previous encrypted result.

 The result of the combination of the 256-bit Rijndael/AES secret key, the unknowable (therefore secret) present value of the 128-bit monotonically incrementing counter, and the 128-bit secret Initialization Vector (IV) is 512-bits of secret data providing extremely high security for the generation of this page's "perfect passwords". No one is going to figure out what passwords you have just received.

Make sure to write the generated password down. Cool


Tech Buzz
UserpicMathematica 7 from Wolfram Research
Posted by Moxietype

Cross-site scripting (XSS) is a security vulnerability of dynamic Web pages generated from information supplied to the web server and replayed as part of the response to the browser. In an XSS attack, a malicious user can create a specially crafted link to inject unwanted executable script or code (usually JavaScript) into a Web site. When an unsuspecting victim clicks the link, the malicious piece of JavaScript can then send the victims’ cookie away to a CGI script.

A full security review usually involves more than just seeking out XSS vulnerabilities; it also involves overall threat modeling, testing for overflows, information disclosure, error handling, SQL injection, authentication, and authorization bugs.

Read the rest of this story »


In order to change the administrator, known in Unix as "root", password you will need a copy of Mac OS X Install disk. If you don't have the original disk, buy another one or call Apple (1-800-SOS-APPL) and ask for a replacement boot disk.

Once you have an install disk, double click on the Install Mac OS icon and you'll get a window with a restart button. Click on it, and your Mac will restart and go to the installation process.

You don't need to install the OS again! Click through windows until you get the regular set of choices on the menu bar. One of those menus is Utilities and one of the choices on that menu is Reset Password.

Change your password and choose Quit from the Installer.

Next time you start your computer you know your admin password.

Note: your admin password is only of limited security because anyone with an OS install disk can restart and reset your root password without knowing your existing password.

pw.gifHow to reset Mac OS X Admin Root password by using sudo command


Privacy
UserpicSurf the Web via Proxy on Mac OS
Posted by Moxietype

About Proxify Anonymous Surfing

A web-based anonymous proxy service which allows anyone to surf the web privately and securely. The Proxify widget provides easy access to the Proxify service, directly from your Dashboard.

Proxify hides your IP address and our encrypted connection prevents monitoring of your network traffic. Once using Proxify, you can surf normally and forget that it is there, protecting you.

System Requirements: Mac OS X 10.4 or later


Social Web
UserpicBroken Windows Theory of Social Behavior
Posted by Moxietype

The Economist reports that Dr Kelling's controversial "broken windows theory" of social behavior is correct.

A PLACE that is covered in graffiti and festooned with rubbish makes people feel uneasy. And with good reason, according to a group of researchers in the Netherlands. Kees Keizer and his colleagues at the University of Groningen deliberately created such settings as a part of a series of experiments designed to discover if signs of vandalism, litter and low-level lawbreaking could change the way people behave. They found that they could, by a lot: doubling the number who are prepared to litter and steal.

Read more on how Broken Windows theory applies to social behavior online.


In this video interview, long-time online community expert Randy Farmer talks about the broken windows theory and its application to online spaces. He talks about building an online community culture, moderation, quality of service and trolls.


Forgetting the root password on Mac can feel like a disaster but you can easily recover it using a sudo command if you have the password to an administrator's account on the system.

Open a terminal window and type:

sudo passwd root

You will be prompted for your password (the password to the administrator's account). After that you will be prompted for the new root password twice.

The sudo command is a great tool to control who can do what on a system. In this scenario the sudo command allows you after authentication with the user password to run a command as if you were root. The command passwd root is the command to change the password for the root user.

Update 01/16/08 How to reset lost root password by switching to single-user mode (Command-S) known as command line interface in Unix. (Suggested in user comments.)

Reed more on how to change your lost root password with an Install Disk.

3 comments 3 comments ( 1507 views )

The latest update* to Moxietype Content Management System is the custom Meta Description field for every entry. Meta Description will not be posted on your page but included as Meta Description tag on the Source Page for every individual URL of your content.

If the meta description is place, and the term(s) searched are within the description, then the meta description will appear in the snippet. If there is no meta description tags, then the text around the terms within the body of the content will be displayed in the snippet.

Read the rest of this story »

1 comment 1 comment ( 1218 views )

When trying to protect your privacy, the last thing you want is for a search engine to collect data on what is your search history behavior. That's called profiling.

Below is an abstract for the United States Patent Application 20050222989 "Results based personalization of advertisements in a search engine" filed by Google

Personalized advertisements are provided to a user using a search engine to obtain documents relevant to a search query. The advertisements are personalized in response to a search profile that is derived from personalized search results. The search results are personalized based on a user profile of the user providing the query. The user profile describes interests of the user, and can be derived from a variety of sources, including prior search queries, prior search results, expressed interests, demographic, geographic, psychographic, and activity information.


Most extensions and tools commonly used to prevent data profiling by search engines work by concealing information from outsiders. TrackMeNot takes the opposite approach and actually sends out a bunch of information for the search engines to process. It sends mostly false information, which means your real search activities remain hidden from view and search engines won't glean any useful data from your visit.

Firefox Add-On TrackMeNot 0.5.32
Works with Firefox: 1.5 – 3.0.*
Homepage: https://addons.mozilla.org/en-US/firefox/addon/3173

Description: Protects users against search data profiling by issuing randomized queries to popular search-engines.


Update 12/21/08: Firefox Refusal of the "RichResults" to obey the "Clear Private Data" command and how to disable RichResults feature.

While at this time there is no way to make the Location bar behave exactly like in Firefox 2 there are several experimental add-ons which received good marks from the users. (Experimental add-ons may be alpha, beta or pre-production in quality, performance and features. Caution should be used when installing experimental add-ons, as some of them have not been tested by an editor and may harm your computer configuration.)

Clear Private Data... (Add-Ons) 0.2.2

This extension utilizes the "Clear Private Data..." feature that is part of Firefox version 1.5 and above. It makes this feature a lot more accessible via right-click context menu and an optional toolbar button.

Homepage: https://addons.mozilla.org/en-US/firefox/addon/1280


Hide Unvisited 3

Hide pages (bookmarks) that you haven't visited from showing in the AwesomeBar. This is for users that don't want to see any bookmarks showing up unless they've used the bookmark since deleting certain pages/sites or clearing the history.

Homepage: https://addons.mozilla.org/en-US/firefox/addon/7429


Old Location Bar

If you like the look of Firefox 2 Location Bar. You will not be able to completely back to the Old Location Bar but there a few features listed: URL Bar displays the old way; Go Button is always present, only matches what you type, doesn't guess; and URL Bar turns Yellow when visiting a "Secure" page.

Homepage: https://addons.mozilla.org/en-US/firefox/addon/763


Google, SEO
UserpicMeta Data Generator Updates
Posted by Moxietype

Our latest updates include customized Meta Description field for each entry as well as an automatically generated Meta Title, both of which will help to maximize Search Engine Optimization for our sites.*

Why does Google care about meta descriptions?
We want snippets to accurately represent the web result. We frequently prefer to display meta descriptions of pages (when available) because it gives users a clear idea of the URL's content. This directs them to good results faster and reduces the click-and-backtrack behavior that frustrates visitors and inflates web traffic metrics. Keep in mind that meta descriptions comprised of long strings of keywords don't achieve this goal and are less likely to be displayed in place of a regular, non-meta description, snippet. And it's worth noting that while accurate meta descriptions can improve clickthrough, they won't affect your ranking within search results.

Read more at the Official Google Webmaster Blog on good use of meta data:

Improve snippets with a meta description makeover

Meta tags and Web Search Results

Globe of Meta

Tag Galaxy is worth a spin.Once you get past the fiery star with (conceptually related) orbiting planets, the globe itself presents a surprisingly addictive interface for photo discovery.


Most knowledgeable webmasters find the idea of moving the site from one platform to another, from one domain to another, or both as a rather scary process. The reasons are rather simple.

First of all, setting up Redirect 301 or other blanket redirect from one domain to another is hardly going to work for all visitors. Run a simple Google search on the terms link:yoursite.com and see how many external pages are linked to your site. Well, you have to contact all of them and ask them to change the old link.

Second, open Google Webmaster account and see how many pages from your site are indexed in the Google Search Engine. Yes, you have to set up an individual redirect 301 for each one of those pages. Same goes for images. Those redirects can easily run into thousands individual redirects for a dynamic site.

computer's wasteland

If you still feel that you absolutely positively must move your site to a new platform and have a few hundred of hours of disposable manpower to do so properly, read a few recommendations from Google. Making a site is a rather simple process in comparison with retaining the precious Search Engine presence and ranking.


Security
UserpicFarewell to China
Posted by Moxietype

Without much thought nor hesitation I would recommend to everybody to block IPs in the range of 222.208.0.0 - 222.215.255.255, and 125.64.0.0 - 125.71.255.255 which belongs to CHINANET Sichuan province network — the homebase of some of the world's most dedicated and prolific spammers. They actually enter it manually.

No wonder unemployment is so low in China.


E-Commerce, Offbeat
UserpicThe Definition of Free
Posted by Moxietype

Some Old Bottles

Lately, all I have been hearing about is how Word Press is "free." Now, the way I do math, anything that takes over ten hours to set-up and still doesn't function without a consultant and/or IT specialist has a cost associated with it, the cost of loss time, lowered productivity and no blog at the end of the day. For the last two weeks at my office we have been struggling to set-up a simple blog using WordPress.org that I have come to call the "buteverybodyusesit" software. I understand that developers and programmers love it because it is "free" and allows them to exploit gullible users in search of "free" software.

But I think there is some confusion regarding the defintion of free, which Word Press itself notes:

About the GPL

The GNU General Public License, or GPL, is an open source license. Open source doesn't just mean that you can view the source code - it has political and philosophical implications as well. Open source, or "Free Software", means you are free to modify and redistribute the source code under certain conditions. Free doesn't refer to the price, it refers to freedom. The difference between the two meanings of free is often characterized as "Free as in speech vs. free as in beer." The GPL is free as in speech.

codex.wordpress.org/License

So, while I am all for free beer and free speech I am also for the clear distinction between the two meanings of free.


Here are a few observations on the conflict between w3.org standards and some XML feed validators, RSS Feed Readers or News Aggregators as most people know them, which mushroomed in the recent years. Some of the elements of your document will still not be able to be read properly.

Below is an explanation about what Relative URL is and why it is used in your HTML document according to [RFC1808]:

This document describes the syntax and semantics for "relative"Uniform Resource Locators (relative URLs): a compact representation of the location of a resource relative to an absolute base URL. It is a companion to RFC 1738, "Uniform Resource Locators (URL)" [2], which specifies the syntax and semantics of absolute URLs.

A common use for Uniform Resource Locators is to embed them within a document (referred to as the "base" document) for the purpose of identifying other Internet-accessible resources. For example, in hypertext documents, URLs can be used as the identifiers for hypertext link destinations.

Absolute URLs contain a great deal of information which may already be known from the context of the base document's retrieval, including the scheme, network location, and parts of the URL path. In situations where the base URL is well-defined and known, it is useful to be able to embed a URL reference which inherits that contex rather than re-specifying it within each instance. Relative URLs can also be used within data-entry dialogs to decrease the number of characters necessary to describe a location.

Contrary to the established practice of World Wide Web Consortium on the use of Realtive URLs, some XML readers are unable to publish the images embeded via this method.

Some RSS elements are allowed to contain HTML, including links and images. However, if these links use relative URLs to point to resources, users of some news aggregators will not be able to click on them. And your images use the relative URLs, the images may not appear (since the news aggregator will be looking for the images locally on the user's hard drive, rather than on your web site).

How one should act in this situation? If you know that the content that you publish will be viewed via RSS Readers, either hot link the images to their original sites, or use a separate server to upload your images to and provide a full URL to your images versus a Realative. For example [url=http://yourdomain/images/picture.jpg]http://yourdomain/images/picture.jpg[/url] versus /images/picture.jpg.


Firefox, Privacy
UserpicHow to clear private data on Firefox for Windows
Posted by Moxietype

Updated for Firefox 3.0 "Clear Private Data 0.2.2." Firefox Add-On.

pw.gif Description: This extension utilizes the "Clear Private Data..." feature that is part of Firefox version 1.5 and above. It makes this feature a lot more accessible via right-click context menu and an optional toolbar button.

Update 12/18/08: How to Clear Private Data by changing the default of RichResults feature in Firefox 3.


Saved Passwords:
When entering a password on a web page for something such as your email login, Firefox will usually ask if you would like for the password to be remembered.

If you choose for the password to be remembered, it will be stored by the browser and then prepopulated the next time you visit that web page.

Download History: Firefox’s Download Manager keeps a record of every file that you download through the browser.

Cookies: A cookie is a simple text file that is placed on your hard drive when you visit certain web sites. Each cookie is used to tell a web server when you return to its web page. Cookies themselves can't contain any spyware or malware. They can't access your hard drive or compromise the security. Cookies can be helpful in remembering certain settings that you have on a web site. It is necessary to use cookies to establish the particular Web session when you log in into your internet account, being it New York Times on-line edition, this software, bank, etc. Those cookies are called session cookies. Another kind of cookie is a persistent cookie which helps the site to remember your user preferences, such as Amazon.com, HomeDepot.com or Target.com. If you block all cookies, those sites simply will not work.

Cache: Firefox uses its cache to store images, pages, and URLs of recently visited web pages. By using the cache, the browser can load these pages must faster on subsequent visits to the site by loading the images, etc. locally from the cache rather than from the web server itself.

Authenticated Sessions:
You may have logged into a site and noticed that when you returned later you were still logged in. This is because Firefox saved your authenticated session.

Now that you understand the meaning behind each menu item, check those that you wish to be erased and be sure that any items you wish to keep intact are unchecked. Once you are ready, click Clear Private Data Now and all of the item types that you selected will be cleared out.

You may have also noticed a choice at the bottom of the dialog entitled “Ask me before clearing private data”. This box is checked by default. Had the box not been checked, your private data would have automatically been cleared when you selected Clear Private Data from the Tools menu or hit the Ctrl+Shift+Delete keyboard shortcut.

In this case, there is another method you must use if you wish to modify your “Clear Private Data” settings.

Read about the Alternate Way To Change ‘Clear Private Data’ Settings in detail below or follow easy steps:

First, click on Tools in your Firefox menu located at the top of your browser. When the drop-down menu appears, scroll down and click on the Options choice.

You will now see the Options menu overlaying your main browser window. Click the Settings button, located on the bottom right hand side of the dialog directly above the Help button.

You will now see a “Clear Private Data” dialog box, similar to the one displayed in Step 3 of this tutorial. There is one added menu item in this dialog, however, entitled “Clear private data when closing Firefox”. When this option is checked, your private data will be cleared each and every time you exit the Firefox application.

To clear the important private data after every browser session follow these easy steps:

1. Click on Tools
2. Then click on Options
3. Go to the Privacy Tab
4. Then at the bottom of the window click on Settings
5. Then check the box beside “Clear Private data when FireFox Closes”
6. Make sure saved passwords and cookies are unchecked
7. Click on OK

Now your private data will be cleared each and every time you exit the Firefox application. In case you want to delete certain saved passwords follow these steps:

1. Click on Tools
2. Then click on Options
3. Go to the Privacy Tab
4. Password Tab
5. View Saved Passwords
6. Click on the Password you want to remove
7. Click on Remove

2 comments 2 comments ( 1423 views )

Security
UserpicSecurity Features in Web Browsers
Posted by Moxietype

Below are security features have been tested in the following web browsers:

  • Mozilla Firefox (version 1.5.0.4 running on Windows XP SP2)
  • Microsoft Internet Explorer (version 6.0 running on Windows XP SP2)
  • Safari (version 2.0.3 running on MAC OSX version 10.4.6)

Mozilla Firefox

Mozilla Firefox features an option to Clear Private Data; this option can be found under the tools menu. The following data can be cleared:

  • Browsing History
  • Saved Form Information
  • Saved Passwords
  • Download History
  • Cookies
  • Cache
  • Authenticated Sessions


There are check boxes to turn the above options on or off, the options that are turned on to clear by default are; Browsing History, Cookies, Cache, and Authenticated Sessions.

The Clear Private Data option can also be used through Options under the Tools menu. Once in options the private data can be cleared individually through the Privacy tab.

The Clear Private Data option can be set to clear private data when Mozilla Firefox closes, this can be done through Tools –> Options –> Privacy tab –> Settings button, and then tick the box that says Clear private data when closing Firefox.

Microsoft Internet Explorer

Microsoft Internet Explorer has its security features in Internet Options which can be found under the Tools menu. The security features include:

  • The General tab
  1. Deleting cookies and temporary internet files
  2. Clearing the browser history
  • The Security tab
  1. Internet security level – by default this is set to medium, prompts before downloading potentially unsafe content and unsigned ActiveX controls will not be downloaded. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low. Each of these levels changes various security settings.
  2. Local intranet security level – by default this is set to medium-low, most content will be run without prompts, unsigned ActiveX controls will not be downloaded, same as medium which is the default in internet security only without the prompts. The custom level allows the user to adjust the security level to High, Medium, Medium-low, and Low.
  3. Trusted sites security level – by default this is set to low, minimal safeguards and warning prompts are provided, most content is downloaded and run without prompts, and all active content can run. The custom level allows the user to adjust the trusted sites security level to High, Medium, Medium-low, and low.
  4. Restricted sites security level – by default this is set to high, less secure features are disabled. The custom level allows the user to adjust the restricted sites security level to High, Medium, Medium-low, and Low.

 

  • The Privacy tab
  1. Settings – by default the privacy settings are set to medium, blocks third-party cookies that do not have a compact privacy policy, blocks third-party cookies that use personally identifiable information without your implicit consent, and restricts first-party cookies that use personally identifiable information without implicit consent. The sites button allows the user to add sites that are allowed to use cookies.
  2. Pop-up blocker – by default the Block pop-ups check box is ticked, there is a settings button that allows the user to add sites that are allowed to use pop-ups (the pop-up blocker option is not available in WTS).

 

  • The Content tab
  1. Certificates – the clear SSL state button clears the SSL cache, the Certificates button lists the Intermediate Certificate Authorities, the Trusted Root Certification Authorities, the Trusted Publishers and the Untrusted Publishers.
  2. Personal information – AutoComplete stores previous entries and suggests matches for the user, the AutoComplete button allows the user to turn on AutoComplete for web addresses, forms, and usernames and passwords on forms. The user can also clear forms and clear passwords from the AutoComplete button.


Safari

Safari features an option for Private Browsing; this option can be found under the Safari menu. The Private Browsing feature ensures that private data is cleared from the browser; this is similar to the Clear Private Data feature in Mozilla Firefox, only the user has to turn the Private Browsing feature on before browsing whereas the Clear Private Data feature can be used after the browsing has occurred. The following data will not be saved when the Private Browsing feature is selected:

  1. Web pages are not added to the history.
  2. Items are automatically removed from the Downloads window.
  3. Information is not saved for AutoFill (including names and passwords).
  4. Searches are not added to the pop up menu in the Google search.


Until the Safari window has been closed users can still click the Back and Forward buttons to return to web pages that have been opened.

When turning on Private Browsing a box pops up asking if the user is sure that they want to turn on Private Browsing, users can either click Yes or No.

Safari also gives users the following options:

  1. Clear History – this option can be found under the History menu.
  2. Empty Cache – this option can be found under the Safari menu.
  3. Turn on/off AutoFill for usernames and passwords, and forms – this option can be found under the Safari menu in Preferences under the AutoFill tab.

The easiest and fastest way to clear the private data is to Reset Safari which deletes all stored sessions, passwords, history and cookies.


Web Site Optimization
UserpicGoogle Hot Trends
Posted by Moxietype

One can pinpoint the direction your dynamic site is going on the search engines by analizing the keyword activity. Below is an article on Google Hot Trends that I found interesting from the Digital Trends.

We don't want to imply that readers are the sort of folks who have to know what everyone else is searching for on the Internet, so, like, they can search for it too, but we thought we would note the launch of Google Hot Trends, a new service from the search engine giant which tracks the 100 fastest-rising search queries in the United States.

The new feature replaces the weekly Zeitgiest list Google has been producing for the last several years—although the company promised to continue compiling monthly summaries for each country, along with yearly wrap-ups. Instead of the weekly Zeitgeist, Google Hot Trends presents the hottest current search terms in what Google characterizes as "very close to real time." The listing is updating repeatedly throughout the day, and users can watch hot queries shift around as news breaks, celebrity gossip leaks, current events unfold, and the whims of cultural consciousness change.

Google says the Hot Trends are not the terms people are looking for most frequently—of course, many of those search terms are boring ("myspace", "ipod," "games", "weather", etc.) or things Google doesn't necessarily want to publish. Instead, Google analyzes search queries and presents searches that are deviating the most in relationship to the past traffic. So, if a search term paddles along with a few hundred queries a day and suddenly jumps to a million queries a day, it's deviated significantly from its past search pattern and might pop up on Google Hot Trends.

For each search term in the Hot Trends list, Google will pull up results from Google News, Blog Search, and web search; Google also displays the "hotness" of search terms by country, U.S. states, and cities. Users can also use Google Trends compare search queries against search other, and see how they fare across regions.

Of course, search terms must have enough search volume to provide data for Google Trends—which means most people won't be able to "egosurf" Google Trends using their names. Maybe Google will create that feature in the future.

That said, if one wonder's why he doesn't get enough traffic from the search engines, he should revaluate the interest in his topic within the general public.

1 comment 1 comment ( 2001 views )

Security
Userpic Encryption
Posted by Moxietype

Sensitive information often is stored on database servers and other storage facilities for later retrieval. At this point, it is critical to have at your disposal a facility that allows you, as a developer, to secure that data at storage time and retrieve the information you are looking for when you need it.

PHP offers an extension that allows developers to use the Mcrypt Library (mcrypt.sf.net) to secure data by encrypting it and later decrypting it. The documentation of the Mcrypt extension for PHP is located at [url=http://www.php.net/mcrypt]www.php.net/mcrypt[/url], and it should be studied carefully before implementation.

The Mcrypt extension supports an impressive array of algorithms, including triple-DES, Blowfish, Twofish and Two-Way. Using the Mcrypt extension is not a very intuitive process if you are not familiar with encryption; it can become quite confusing because of the variety of block algorithms and encryption modes available.

Read the full article at Linux Journal with a sample of a typical use of Mcript Extension.