Gawker Passwords, etc.

I have work deadlines, so I haven’t been able to been able to write a well constructed post about this, however, a few things:

  • To check if you had a Gawker account (there are 1.25M of them, so you might have one even if you didn’t realize it) I recommend: Note: even if your password wasn’t unhashed, consider it compromised. These passwords are encrypted with DES crypt, which is not adequate to stop attackers. The keyspace is too small. For more info on DES (and probably the best post-mortem so far), see this Forbes blog post.
  • This is as good a time as any to manage your passwords properly. A lot of people (including me) are using 1Password. It’s currently available as part of the MacUpdate December 2010 Software Bundle. LastPass also looks like a good solution and is free ($12/yr for mobile support). PwdHash and KeePass are also options.
  • According to the FAQ, Gawker claims to be sending emails eventually (and some people are doing so as well now). What I did last night, and maybe a good thing to do for your friends if you are an uber-geek is to go through your friends list and grep through the torrent database and them personally know if their account has been compromised, especially if the password has been unhashed.
  • Oh, lastly, if you’re a geek w/ your hash and want to check on whether it’s a reused password or not, you can pretty easily fire up a python shell and see if it matches:
    password = 'your_password'
    hash = 'your_hash'
    salt = hash[0:2]
    import crypt
    crypt.crypt(password, salt)

    If you’re not sure though, audit your passwords anyway when you have a spare hour or two. You’ll feel better, trust me.

Tax Day

Yeah, yeah, I wish it were simpler too – the mechanics of it are a pain in the ass, but that stuff we use has to come from somewhere. So, to celebrate, here’s a classic:


this morning I was awoken by my alarm clock powered by electricity generated by the public power monopoly regulated by the US department of energy. I then took a shower in the clean water provided by the municipal water utility. After that, I turned on the TV to one of the FCC regulated channels to see what the national weather service of the national oceanographic and atmospheric administration determined the weather was going to be like using satellites designed, built, and launched by the national aeronautics and space administration. I watched this while eating my breakfast of US department of agriculture inspected food and taking the drugs which have been determined as safe by the food and drug administration.

At the appropriate time as regulated by the US congress and kept accurate by the national institute of standards and technology and the US naval observatory, I get into my national highway traffic safety administration approved automobile and set out to work on the roads build by the local, state, and federal departments of transportation, possibly stopping to purchase additional fuel of a quality level determined by the environmental protection agency, using legal tender issued by the federal reserve bank. On the way out the door I deposit any mail I have to be sent out via the US postal service and drop the kids off at the public school.

After spending another day not being maimed or killed at work thanks to the workplace regulations imposed by the department of labor and the occupational safety and health administration, enjoying another two meals which again do not kill me because of the USDA, I drive my NHTSA car back home on the DOT roads, to my house which has not burned down in my absence because of the state and local building codes and fire marshal’s inspection, and which has not been plundered of all it’s valuables thanks to the local police department.

I then log on to the internet which was developed by the defense advanced research projects administration and post on and fox news forums about how SOCIALISM in medicine is BAD because the government can’t do anything right.

Originally posted on the Laissez Faire forums at Something Awful.