Lots of more sensitive files than /etc/password !
... /mobile/Library/SMS/sms.db - SMS and iMessage database :-(
....
....
.... :-(
10 publicly visible posts • joined 17 Oct 2016
Firstly,
Solicitors ('lawyers??') aren't used to these kinds of cases - it's literally pointless hiring one for this, it would be like asking a GP to do brain surgery.
A barrister, however, is a different kettle of fish - they are sharks. But I doubt one wanted to take this trivial case.
I think he's just pushing the CPS - prosecute now, or drop the charges and give me my stuff.
It's a smart move, as if they have the evidence they need (possibly hoping to brute-force the crypto), pushing won't matter, if they don't, it could cause the case to be dropped. Of course, the police can always come back to their *copy* of the evidence, if they can break the crypto in 5 years - they don't actually need to originals, just 'best available evidence', as they can prove the originals were his, and the encrypted copies of the data is a 'true copy'.
Neat move on his part, and hopefully will mean someone in the CPS makes a decision - which is what's causing his anxiety....
This is literally a cute way to do something you could always do.
Load a object, compare load/compile/execute times to determine if it's was downloaded or already downloaded.
Bucketing the cache per "requester site" would resolve this, but also impact performance.
The real impact here is when you consider iterating though a graph of social media to find the particular persons profile using basic set theory & finally iteration over the short list of people who've seen the recent posts from DUP Supporters, UK Parliament News and LGBT weekly.
Oh dear.
Firstly, max of any number of characters is silly - you're stream hashing, so length limits are dumb.
Secondly, known dumb password check is good, but increased complexity is better e.g. mandating symbols.
Thirdly, re-hashing a hash isn't necessarily better - or the writers of SHA512 would have done it. e.g. collisions are going to be increased, and that means *less* security. Every rehash is another chance your super-secure password will collide with 'Password1'.
Fourthly, user specific salting is great....if it includes internal values (account number etc.) - just adding the username to the front isn't going to help any. This also needs to be longer than the hash (512 bits+)....
Fifthly - global salt values, hope that's another longer-than-hash value...
If it has no value, it should be shut down....
BRAND damage here is the cost - especially for a new organisation that is trying to gain respect.
They should have just stuck the site on a CDN & forgotten about it, like Krebs did....