Ubuntu 8.10 Password Bug

Hello everybody, today while I was entering my password at my Ubuntu 8.10 login desktop, by mistake I entered one character more than the actual password. Voila! I had successfully logged on to my user desktop. Everything was working fine. I noticed this was also the case when using administrative applications in ‘System -> Administration’. It also exists for ‘sudo’ (root user) commands used in the terminal. This is a big security vulnerability.

The login is successful if whenever password is entered correctly upto eight characters (or less for smaller passwords), irrespective of length of password.

Login is unsuccessful if password entered wrong upto eighth character.

Suppose if my password is ‘calculator’

Entering following password will give successful login:

  1. calculater
  2. calculatexor
  3. calculat

Many other combinations are possible. The only condition is that the password should correct upto eight characters or less for smaller password.

I didn’t find any bug in launchpad regarding this. So I have filed a bug. Click here to view the status of the bug at Launchpad.

NVIDIA Ion Platform

Nvidia has introduced the ION platform, coupling NVIDIA GeForce 9400M integrated graphics solution with Intel Atom processor.

Graphics powerful small NVIDIA Ion Platform

Graphics powerful small NVIDIA Ion Platform

Advantages? It can run video at full HD resolution of 1080p. Its now possible to play many games at better frame rates on an Atom processor, which were not possible with the older Intel 945 chipset platform. It’s also possible to use Windows Vista on an atom. With Linux based OS you now run Compiz Fuzion with all the 3D effects enabled.How about keeping you friends wondering, how your little machine can do so much with Compiz Fusion on Linux.

The ION platform has hardware accelerated decoding of H.264 and MPEG-2 formats. But all this will come at the cost of battery life. The use of this graphics solution is seen as a bottleneck on the battery life of current netbooks. Definitely, it’s not for those who just do a bit of word-processing, online surfing on their netbooks. Also gaming on an tiny 10-inch screen is not worth it. Though I guess manufacturers will bring in bigger screen based on Atom processors soon.

Ok, after all its dis-advantages that overpower advantages, why am I talking about this platform. May be because you can connect a bigger monitor you an netbook, and go gaming at your relatives house with all the gaming progress saved on the netbook.

The bigger arena I hope to see this platform succeed is the Home Theatre PC (HTPC) market, where low power requirement is big boon, but the requirement are not very high. There’s no need of a power hungry graphics card and processor. You think you will use this combo for you next Home Theater PC? Another competitor for Nvidia Ion Platform is Nvidia Tegra.

Verisign’s SSL Encryption Cracked: Online Shopping And Transactions Threatened

With the help of 200 PS3, an team of security researchers was able to break Versign’s SSL encryption. The cell processors in PS3 were very much capable of exploiting the SSL algorithm. The SSL encryption uses MD5 hashes to create a code and detect whether the data has been modified after it was transmitted. This way any hacker attack could be prevented. But the demonstration by the group showed how the power of improved hardware capabilities could be easily used to attack almost any trascation on the internet.

Using the hardware the group was able to create fake security certificates that behaved like the actual ones. The website demonstarated was RapidSSL. So now it’s time for websites to do away with MD5. But no need to worry as of now, the details of the attack are still with the researchers. It almost impossible for anybody to do such a attack even though the possiblity is not eliminated. With increased computing power like the CUDA, its possible.

What website should look for is changing their security to a more advanced level. We should hope that researchers create a more better encryption. There’s nothing that cannot be cracked, but improving the security level is the only way to stop the attacks. It time to take security seriously with such increased computing power. What we should do?? See to it the website has a valid security certificate. It is denoted by a yellow lock on your browser address bar.

So be awake with eyes wide open the next time you go shopping. So will you go for online shopping, online banking or any transactions now?? Of course you can.