Some funny GitHub commits:
What to do if shit happened.
This article (https://freedom-to-tinker.com/blog/vitaly/gone-in-six-characters-short-urls-considered-harmful-for-cloud-services/) just gave me an excellent idea…
In a nutshell: these URLs are so short that you can explore a lot of them with a simple brute force approach. Just generate a random hash and there is a high chance that it points to somewhere.
Example: with bit.ly I generated a link:
http://bit.ly/1bNGJd3 . I tried to modify some characters in the hash and in most cases it pointed to somewhere…
Do you want 10 million username/password combinations? Strictly for research purposes, of course. If yes, then check out this blog post. Magnet link at the bottom.
MD5 is a hash, not an encryption. From this hash value you cannot restore the original content. However, you can take a dictionary, hash every word in it with md5, then compare the original md5 value with them. If there is a match, your md5 is cracked.
“MD5Decrypter.co.uk allows you to input an MD5 hash and search for its decrypted state in our database, basically, it’s a MD5 cracker / decryption tool… We have a total of just over 43.745 billion unique decrypted MD5 hashes since August 2007.” (source)
So, if you store your passwords in md5 format and someone has access to them, they are not safe at all… If an md5 hash is generated from a weak password, it can be cracked in an instant with the tool above.
OK, but… how should I store the passwords then?
See this post for a great tip: How to store and verify a password?
0x5f3759df is a magic constant that can be used to calculate the inverse square root of a number very efficiently. See this post for a detailed explanation. Now if you come across this number (which can happen anywhere, anytime), you will say “aha, I know that one”.
You need an API key for a service (like Google or Imgur) and you want to use someone else’s key. Naturally, this is just a theoretical problem.
This blog post shows how to harvest API keys. In short:
- visit GitHub’s advanced search page
- type in a keyword (for instance “
AIza” for Google API keys)
- hit the Search button and choose Code on the left side