Since a couple of Swedens largest sites got hacked and the passwords are floating across the internet, we thought writing a small guide of how to not do the same mistake as those people have done, not using any salts. So, first of all, what is a md5 hash?

MD5 stands for Message-Digest algorithm 5 and has a 128bit hash value. An MD5 hash is typically a 32-character hexadecimal number. At first, there were problems cracking MD5 hashes, but in later time there have been something called a “rainbow table” which easily can crack md5 hashes. So, what to do to protect ourself against those rainbow tables? Use something called a “salt”. The reason why you have to add salts is because lot’s of people are using words such as “mydamncatsname” or “ilovejesus” which hashes have been generated and then if you compare your databases password-hash against the generated list, you will find out which password you have in your database. If you then have a salt such as “fsjlk4u9pfs” and the hash would generate the word ilovejesusfsjlk4u9pfs or something, which is not likely at all that a dictionary will have.

So how to implement this salt then? Does it involve some tremendous programming effort? No. It’s the easiest thing you can do.

To simplify this, heres a code snippet of how a salt works.

1
2
3
4

<?php
$salt = "kfoe56";
$hash = md5($salt.$password);
?>

That is a static salt, which is better then nothing, but not far as good as a dynamic salt. There is absolutely no reason why to use a static salt since it’s not any harder to create a dynamic salt.

A dynamic salt can be something that uses the userid or something like that. This is a pretty good example of how a dynamic salt can be used:

1
2
3
4

<?php
$salt = $userid;
md5($salt.md5($password.$salt));
?>

The time to crack that password is by far longer then a normal hash.

So please, use some damn salt when you store your users passwords.

If you lack inspiration, as all people sometimes do, you try out checking those clips we got here. Here’s our top 5 of inspirational speeches, without order (since it’s impossible to order them). Btw, please comment any other inspirational or motivational speech and we will add them as well!

Any given sunday speech, Al Pacino

Apple ad, “here’s to the crazy ones”

Steve Jobs, Apple, at Stanford University

Braveheart speech, Mel Gibson

Michael Jordan failure ad by Nike

Autistic basketball player makes it

Independence day speech, Bill Pullman

Armageddon president speech

One of the greatest entrepreneurs of all time, Bill Gates, has now retired from his chairs in Microsoft.

Here’s some history:

Since November, 1975, Bill Gates (or rather William Henry Gates II) has been entusiastic in his software development company Microsoft. He was one of the first souls who thought there was a commercial market for computer software which many did not believe.

In 1980 IBM contacted Microsoft and told them that they were interested in a BASIC interpretator for their comming IBM PC. When IBM asked of a operative system, Gates pointed at Digital Reasearch (DRI) which stood for the popular operativ esystem CP/M. IBM contacted DRI but they did never get any real deal and got left without licenses. IBM then contacted Gates again and told them about this and asked for a working OS, which probably is the most important in Microsofts history.

A couple of weeks later Microsoft bought 86-DOS by “Seattle Computer Products” for $50 000, without mentioning that IBM was a potentiall buyer. After some adjustments to PC, Microsoft delivered this to IBM as PC-DOS and got payed as a one-time figure.

Windows
In the early 1980’s Microsoft introduced a new type of graphical user interface (GUI) based on Xeroxs and Apples. The did now release Windows as a addon and alternative to their DOS system to fight with the real graphical OS. Under the early 1990’s Windows had a big lead in the software market for operative systems and the release of Windows 3.0 was a real success. Microsoft sold 10 millions copies the first two years and thats where the real dominance startet.

Paul Allen left Microsoft 1983 becuase of a disease but Gates worked as a MDfor the company until year 2000. The one who got the job then was Steve Ballmer.

Bill Gates is also the richest man on earth, with an estimated fortune of $56.000.000.000. !

Here comes the video (the second one is slightly more funny):

Here comes the funny version!

Asus has developed a new type of mini laptop called the EEE-PC series. EEE stands for “Easy to learn, Easy to work, Easy to play”.

There are currently four versions of the EEEPC which are:
EEE PC 8G
EEE PC 4G
EEE PC 4G Surf
EEE PC 2G

They all have Intel CPU and chipsets and a 7″ display.
Here are the specifications for each model:

EEE PC 8G
OS: Linux but Windows XP compatible
WLAN: Yes
Ethernet communication: Yes
Memory: 1Gb DDR2
Solid-state disk (SSD): 8Gb
Camera: Yes
Audio: Hi-Definition audio, Stereo speaker, Microphone
Battery: 4 cells; 5200mAh, 3.5hrs depending on actions.
Weigth:0.92kg

EEE PC 4G
OS: Linux but Windows XP compatible
WLAN: Yes
Ethernet communication: Yes
Memory: 512Mb DDR2
Solid-state disk (SSD): 4Gb
Camera: Yes
Audio: Hi-Definition audio, Stereo speaker, Microphone
Battery: 4 cells; 5200mAh, 3.5hrs depending on actions.
Weigth:0.92kg

The surf version of 4g has the same features but without a camera and a slightly lower batterycapacity, 4400mAh.

EEE PC 2G
OS: Linux but Windows XP compatible
WLAN: Yes
Ethernet communication: Yes
Memory: 512Mb DDR2
Solid-state disk (SSD): 2Gb
Camera: No
Audio: Hi-Definition audio, Stereo speaker, Microphone
Battery: 4 cells; 4400mAh, 2.8hrs depending on actions.
Weigth:0.92kg

You can see the laptop in action here:

Interesting piece of technology!

Cdsrc will summarize the popularity in programming languages in the early 2008. This list is based on TIOBEs programming community index.
To summarize it first: Java is leading. If you take both C and C++, they would have the lead, so our conclusion is that C/C++ is slightly more popular then Java. This list is basicly based on how much resources there are available for each language which means that languages such as PHP get lots of attention. Even though PHP is a very popular language, it has it’s drawbacks when it comes to perfomance issues which means that it can never be used in a high-performing software.

The language “Lua”, which most people never heard of became known when they included it in WoW (World of warcraft). You can script some simple scripts to increase your abilities (your own, not your characters) in WoW.

Visual Basic has also made an increase through the last months, possibly because of Windows Vista. Another interesting jump was made by Python. Python has passed both Perl and C# and the curve is showing even further increases.

The language with the most interesting future could be Ruby, which has backed down a little bit, but has a lot of interesting techniques that got to get rewards at some time.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Java 	20.849%
C 	13.916%
(Visual) Basic 	10.963%
PHP 	9.195%
C++ 	8.730%
Python 	5.538%
Perl 	5.247%
C# 	4.856%
Delphi 	3.335%
JavaScript 	3.203%
Ruby 	2.345%
PL/SQL 	1.230%
SAS 	1.204%
D 	1.172%
COBOL 	0.932%
Lua 	0.579%
FoxPro/xBase 	0.506%
Pascal 	0.456%
Lisp/Scheme 	0.413%
Logo 	0.386%

This was the list of the top 1-20, now to be followed by the 21-50:

21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

ColdFusion 	0.353%
ActionScript 	0.342%
Ada 	0.337%
Fortran 	0.305%
RPG 	0.251%
MATLAB 	0.241%
Awk 	0.213%
Prolog 	0.212%
ABAP 	0.195%
LabView 	0.169%
Groovy 	0.168%
Transact-SQL 	0.155%
Smalltalk 	0.133%
Bash 	0.133%
Tcl/Tk 	0.130%
Haskell 	0.119%
Forth 	0.116%
CL (OS/400) 	0.114%
Natural 	0.105%
ML 	0.092%
Focus 	0.091%
Ch 	0.088%
PL/I 	0.088%
Lingo 	0.087%
Factor 	0.084%
REXX 	0.075%
Objective-C 	0.071%
0.059%
Erlang 	0.057%
VBScript 	0.056%

The largest newspaper in sweden, aftonbladet.se, got their servers totally hacked during the last weeks. The group called “Vuxna arga hackare” which in english would be “Adult angry hackers”, hacked their servers for the second time in two years with ease. The reason of why Vuxna arga hackare (VAH) hacked aftonbladet is because of a couple of days earlier they hacked one of the biggest TV channels in Sweden, Tv3, and got no attention at all from media. They totally ignored the hacking and because of that, they attacked aftonbladet. The thought that their achievement should have greater success in the newspaper then some random dog or Paris Hilton, or whatever.

VAH hacked afonbladet and gained control of their whole mail-server and all passwords and usernames to the system, which they then released to public at the swedish forum flashback.se. Ironicly, the IT-security crews had passwords such as “anakin” and a dozen of the publishers had their firstname as password.

They did also hack this same newspaper two years ago and was called “script-kiddies” by the aftonbladet security team which then, of course, had this eaten up this time when they decided to publish the story.

What can we learn from this? Well.. It’s not possible to be totally safe on the net and even though you are dedicated to keep the security up, you are not guaranteed to complete the job.