Comments on: Blogger proves flaws in Ecuadoran security system by hacking president's identity http://boingboing.net/2012/12/04/blogger-proves-flaws-in-ecuado.html Brain candy for Happy Mutants Tue, 21 May 2013 23:14:00 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: ffabian http://boingboing.net/2012/12/04/blogger-proves-flaws-in-ecuado.html#comment-1598497 ffabian Tue, 04 Dec 2012 22:15:00 +0000 http://boingboing.net/?p=198133#comment-1598497 "prompted action from the president, who personally ordered Moreno's release" Guess what would've happened if he tried this in the "Land of the free" instead of some third-world south-american backwater country... “prompted action from the president, who personally ordered Moreno’s release”
Guess what would’ve happened if he tried this in the “Land of the free” instead of some third-world south-american backwater country…

]]> By: Cowicide http://boingboing.net/2012/12/04/blogger-proves-flaws-in-ecuado.html#comment-1598397 Cowicide Tue, 04 Dec 2012 20:31:00 +0000 http://boingboing.net/?p=198133#comment-1598397 <blockquote>vociferous Twitter campaign</blockquote>I wish all wars were fought this way.

vociferous Twitter campaign

I wish all wars were fought this way.

]]> By: Sean Nelson http://boingboing.net/2012/12/04/blogger-proves-flaws-in-ecuado.html#comment-1598327 Sean Nelson Tue, 04 Dec 2012 19:34:00 +0000 http://boingboing.net/?p=198133#comment-1598327 I would like some more information on the numbers that he "simply guessed".  There must be more of a pattern than is mentioned in the wired article.  The number combination he guessed is:  V23444 – E5444 Even understanding that the first character will be only A, E, or V, that still leaves 9 base-10 digits of entropy in addition to those two 3-character slots.  If my understanding is correct, the number of permutations could be calculated with 3*10*10*10*10*10*3*10*10*10*10 =  9,000,000,000  (because 3 letters and 10 digits are possible in each position) An online attack should be pretty infeasible with that many guesses.  At 10 guesses per second, it would take an average of about 14 years. Sounds like there are some details that aren't available about this vulnerability yet. I would like some more information on the numbers that he “simply guessed”.  There must be more of a pattern than is mentioned in the wired article.  The number combination he guessed is: 

V23444 – E5444

Even understanding that the first character will be only A, E, or V, that still leaves 9 base-10 digits of entropy in addition to those two 3-character slots. 
If my understanding is correct, the number of permutations could be calculated with 3*10*10*10*10*10*3*10*10*10*10 =  9,000,000,000  (because 3 letters and 10 digits are possible in each position)

An online attack should be pretty infeasible with that many guesses.  At 10 guesses per second, it would take an average of about 14 years.

Sounds like there are some details that aren’t available about this vulnerability yet.

]]> By: Marc Mielke http://boingboing.net/2012/12/04/blogger-proves-flaws-in-ecuado.html#comment-1598289 Marc Mielke Tue, 04 Dec 2012 19:10:00 +0000 http://boingboing.net/?p=198133#comment-1598289 "The third was a set of two numbers from an identity card, which he simply guessed." ??? Unless he was happy with a 1% chance of success, there's more to this part.  “The third was a set of two numbers from an identity card, which he simply guessed.”

??? Unless he was happy with a 1% chance of success, there’s more to this part. 

]]>