First of all, I hope that you’ve moved beyond MD5 hashes and hashing passwords by themselves, adding salts, etc., but I do recall systems in which an MD5 hash of a password by itself was “good enough”.
You can look up some md5 hashes on this md5 cracker page. I found many two word combinations that were crackable.
You can play with generating md5 hashes of questionable passwords (such as your name and p@ssw0rd) with this md5 Hash Generator
- The iPhone 3G S has to be in the physical possession of the hacker (instead of an over-the-air attack).
- The iPhone can be wiped remotely (however, MobileMe, push, and Find My iPhone must be turned on, and must be connected to the internet).
- The iPhone is more likely to be profiled as a valuable piece of hardware than for its data potential–the BlackBerry is a well-recognized business device and would be a more likely target for data thieves.
Some additional thoughts:
- The iPhone has thus far been a consumer device, although the trickle in enterprise adoption makes this alarm-sounding well timed.
- Apple does not currently provide enterprise management software for either desktops or phones, which (beyond security) is probably the greatest barrier to enterprise acceptance.
The whole reason I don’t use Internet Explorer except on rare occasions is that I don’t want website add-ons to automatically install without a little bit of fuss. I would expect this “ClickOnce” support would make accidental installation of malware more likely. No, thanks. I disabled it until I absolutely see a reason that I need it–which is my normal policy with Firefox add-ons.
Apparently, there was another exploit on Twitter today? #dontclick
Those exploited would end up tweeting the following message:
Don’t Click: http://tinyurl.com/amgzs6
So, it was a Twitter worm by way of clickjacking. Though I missed out on the fun, I learned a new security term: CSRF (Cross-site request forgery). I tell you, security geeks get to see all kinds of cool stuff.
Code analysis: Twitter Don’t Click Exploit
Twitter’s response: Twitter Blog: Clickjacking Blocked.
I don’t think that these are all necessarily “network” or “security” related, but they are interesting, nonetheless: