UnknownReference

Choosing good passwords ;)

A farewell mail from one of Apple’s security professionals.

From: Derrick Donnelly <donnelly@apple.com>
Subject: Farewell !!

As some of you may already know today is my last day at Apple.  I got a good opportunity to work in the Security-Forensic space that I am going to pursue.  I will also be able to work from home and that will allow me to spend more time with my new son Noah.  As in any trip, half the fun is getting there and the best part is the people you meet along the way.  Just over 5 years ago I left Canada for Apple and I really did not know what was in store for me but you all made me feel very welcome.  For me coming to work in IT Security for Apple was my dream job. I have had the honor of working with some of the most talented people in the industry.  I have learned a lot from you and I had great guidance from the best boss an employee could hope for.  I am sad to move on but I know I am leaving the security in the hands of a great team!

I will continue to be a very strong advocate of our hardware and the Mac OS.  I wish you all the best and I see only good things for Apple in the near future.

If you want to drop me a line some time, you can reach me at macbuddy@pacbell.net or you can iChat with me at macbuddy@mac.com

Take care and be safe
Derrick

My final words
Remember security starts at the keyboard in front of you:

A 6 character password has about fifty six billion (56,800,235,584) possibilities and the average computer (the G5 is even faster) can try all combinations (crack them) in 2.5 hours.

A 7 character password has about three and a half trillion (3,521,614,606,208) possibilities and a computer can try all combinations in about 1 week.

An 8 character password has about two hundred trillion (218,340,105,584,896) possibilities and a computer can try all its combinations in about a year.

A 9 character password would take about 70 years for a computer to try all combinations.

They say the chips coming in about a year could half these times!  Now if you do not want to wait for next year's chip, you can always put 2 computers in parallel and half the time.  In theory you could put 365 computers in parallel and break 8 character passwords in just over a day (Virginia Tech just put 1100 G5s in parallel).  Do you think hackers have friends?

Computers have a lot more time on their hands than we do and most of the bad guys don't have jobs.  The next person asking for your social security number could be just a few clicks away from your stock options.

If you just got a chill down your back or just got a little paranoid; good, my work is done.

Use an 8 character password (9 characters is better)...  You would make this security professional very happy if you would change your passwords after you read this e-mail : )

Saving HTTP requests.

Ever noticed the SaveAs method in the HttpRequest class which is the actual Request object for a context. The SaveAs method of the Request object saves the current HTTP request to a file, which can be very useful for logging and debugging reasons. You should pass True to its second argument if you want to save HTTP headers as well. Helps in many situations when you exactly want to know what the header for the request looks like :)

              Request.SaveAs "c:\myrequest.txt", True

The saved file contains something like this:

              GET /Play/RequestForm.aspx HTTP/1.1

              Connection: Keep-Alive

              Accept: */*

              Accept-Encoding: gzip, deflate

              Accept-Language: en-us

              Cookie: LastVisitDate=4%2F11%2F2003+5%3A02%3A46+PM; ASP.NET_SessionId=ee4mi0ugensntgvkfjt0v4nd

              Host: localhost

              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3512) 

Happy Reading !