Storing Passwords - done right! Written by: Christoph Wille Translated by: Bernhard Spuida First published: 1/5/2004 Viewed 257725 times. 1766 ratings, avg. grade 4.76 In very many - not to say almost all - Web applications user data is administered, from Web forum to Web shop. These user data encompass login information of the users which contain the password besides the user name - and this in plain text. A security leak par excellence. Why is storing the user name and password in plain text a security leak? How can this security risk be eliminated? What is a Salted Hash? A hash is a numerical value of fixed length which unequivocally identifies files of arbitrary legth. The reason for this is that usually so called 'Dictionary Attacks' are run against hashed passwords - a good example being the MD5 hashed passwords of NT4. The intention behind a Salted Hash is to have this type of attack fail by attaching a random value - the so called salt - to each password and only then compute the hash over password and salt.
Coding An HTML 5 Layout From Scratch HTML5 and CSS3 have just arrived (kinda), and with them a whole new battle for the ‘best markup’ trophy has begun. Truth to be told, all these technologies are mere tools waiting for a skilled developer to work on the right project. As developers we shouldn’t get into pointless discussions of which markup is the best. They all lead to nowhere. While it is true HTML5 and CSS3 are both a work in progress and is going to stay that way for some time, there’s no reason not to start using it right now. So today we’re going to experiment a little with these new technologies. Use Graceful Degradation techniques and technologies to keep things in place for legacy browsers.Use Progressive Enhancement techniques and technologies to be up to date with the latest trends.Use HTML5 alongside a rising technology: Microformats.Have a clear vision of some of the most exciting new features HTML5 and CSS3 will bring. It’d be a good idea to have a read at some of these articles first: Before we begin… Link <!
InfoSec Handlers Diary Blog - Hashing Passwords After talking about SQL Injection, this is the second part of the mini series to help you protect yourself from simple persistent attacks as we have seen them in the last couple months. A common MO employed in these attacks is to steal passwords from a database via sql injection. Later, the attacker will try to use these passwords to break into other sites for which users may choose the same password. Of course, part of the problem is password reuse. But for now, we will focus on the hashing of passwords to make it harder for an attacker to retrieve a users plain text password. First of all: What is hashing? Storing a password as a hash will make it difficult to figure out the actual password a user used. A hash isn't fool proof. Probably the most important defense against rainbow tables is the idea of introducing a "salt". In order to use a "salt", the salt value and the users password are first concatenated, then the string is hashed. - concatenate the two hashes, and hash them again.
30 Useful Responsive Web Design Tutorials So we’ve reached the end of our “Responsive Web Design week”, tonight’s post will be the last of the series. We are going all out to help you hone your skills in manipulating those codes to respond at will when displayed on different devices. And to do this, we are featuring 30 Responsive Web Design Tutorials found online. This list is not meant to be an exhaustive one but it will get you started on understanding the basics of designing an adaptive website that will cater to all sorts of screen sizes. We’ll start off with introductory tutorials in ‘Breaking the Ice’, something like an RWD: 101 class you should attend to get the hang of the concept before we move on to ‘Start Building’ exercises. Lastly we’ll end with a ‘Do More’ section in which we’ll feature tutorials that play with horizontal layouts, ‘elastic’ videos, drop-down menus and slide-to-top accordion navigations, thumbnails and the sticky issue with tables. But first… Responsive website Navigation Responsive Resume Fluid Grids
HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters) Even if you know you need to secure your Wi-Fi network (and have already done so), you probably find all the encryption acronyms a little bit puzzling. Read on as we highlight the differences between encryption standards like WEP, WPA, and WPA2–and why it matters which acronym you slap on your home Wi-Fi network. What Does It Matter? You did what you were told to do, you logged into your router after you purchased it and plugged it in for the first time, and set a password. WEP, WPA, and WPA2: Wi-Fi Security Through the Ages Since the late 1990s, Wi-Fi security algorithms have undergone multiple upgrades with outright depreciation of older algorithms and significant revision to newer algorithms. Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security algorithm in the world. WEP was ratified as a Wi-Fi security standard in September of 1999. Wi-Fi Protected Access (WPA) Wi-Fi Protected Access II (WPA2) Wi-Fi Security History Acquired; Now What?
Welcome [Savannah] untitled CyberCIEGE Educational Video Game an innovative video game and tool to teach computer and network security concepts CyberCIEGE enhances information assurance and cyber security education and training through the use of computer gaming techniques such as those employed in SimCity™. In the CyberCIEGE virtual world, users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack. Cyber Security Simulation In its interactive environment, CyberCIEGE covers significant aspects of computer and network security and defense. Players of this video game purchase and configure workstations, servers, operating systems, applications, and network devices. CyberCIEGE includes configurable firewalls, VPNs, link encryptors and access control mechanisms. Active Learning with CyberCIEGE This paper describes the game for educators and trainers who may want to incorporate the game into their courses. Questions? Site Map
Difference between WEP, WPA and WPA2 (Which is Secure) BESbswyBESbswy AddThis What's Next Recommended for you www.guidingtech.com AddThis Hide Show Wi-Fi Protected Setup Flaws Make Wireless Network Brute-force Attacks Feasible Design flaws in the Wi-Fi Protected Setup (WPS) wireless standard can make it easier for attackers to obtain access codes for secured wireless networks by brute force. The vulnerabilities identified by security researcher Stefan Viehbock affect a large number of WPS-enabled routers and wireless access points. The WPS standard was created in 2007 by the Wi-Fi Alliance in order to provide non-technical users with a simple method of setting up wireless networks. The standard supports several Wi-Fi authentication methods including one that requires pushing a physical button on the router and one that uses a predefined PIN number printed on a sticker by the device manufacturer. The PIN-based method is mandatory for WPS-certified devices, which support it by default. Devices that are WPS-capable, but aren't certified, are also likely to use the method. The WPS PIN is an eight-digit random number. The main problem lies with how devices respond to failed WPS authentication attempts. The U.S.