- Cracking WPA in the cloud
I saw this yesterday but Cory’s write up on Boing Boing clarified it just enough for me to realize it wasn’t the story I wrote up quite some time ago. That earlier piece was put together by a security researcher merely documenting his efforts to use Amazon EC2 to drive a password cracker in distributed fashion. This is a polished service that does that same for a modest cost and at the push of a button. It makes a certain amount of sense as password crackers with legitimate research users for other systems, like the Windows credentials store or the password file on Unix-like systems, have been around for some time. I’ve used John the Ripper myself more than once to audit password strength.
- Google patents tying search to mouse cursor movement
As Slashdot explains, the method in question is using pauses in movement, hovering over links or ads, to trigger display of more relevant data. The TechEye article to which Slashdot links raises some concerns, especially over privacy. To implement this patent, Google would need to be tracking and remotely logging your activity. The potential for even accidental capture of problematic data (WiFi data gaffe?) is enormous let alone the incentive for attackers to try to crack into that data stream.