kevjiang's comments

kevjiang | 11 years ago | on: Automated password changing

>> Are you doing these changes on the user's computer or in the cloud?

I'm surprised this wasn't covered in the blog or FAQ. Seems like an important detail that security-minded customers would care about.

kevjiang | 11 years ago | on: Was jquery.com compromised?

Were any HNers ever able to reproduce what RiskIQ reported? Namely seeing jquery.com include the script from the malicious jquery-cdn[.]com domain?

kevjiang | 12 years ago | on: Hijacking user sessions with the Heartbleed vulnerability

In fact, an attacker doesn't even need to steal the private key.. Heartbeats can be sent before certificate authentication takes place.

kevjiang | 12 years ago | on: Can Snowden be targeted using the Adobe breach?

You should probably assume that they have your password too. Since Adobe encrypted the passwords instead of hashing them, all of these passwords will be known once the encryption key is discovered. Someone could possibly use the method in the article to guess your password as well.

So if you use the same password on any other websites, better change it.

kevjiang | 12 years ago | on: Can Snowden be targeted using the Adobe breach?

Amazingly, these aren't even password hashes.. they're encrypted versions of the password. Ars wrote an article on this yesterday [1]. Basically if anyone has the encryption key, they'd be able to decrypt ALL passwords in the list.

[1] http://arstechnica.com/security/2013/11/how-an-epic-blunder-...

kevjiang | 12 years ago | on: Did these guys just reinvent the Web?

I came to this comments page just to check if quarterto's law was still holding up :)

kevjiang | 12 years ago | on: It's A Terrible Time To Buy An Expensive House

Rental prices are based on supply and demand, except for in a few cases (for example, rent control). That's why he suggests using rental prices as a way to check how reasonable a house price is.

kevjiang | 12 years ago | on: Why I Just Closed My LinkedIn Account

>> LinkedIn leaked 8 million users' passwords less than a year ago, because they were storing them in the database in plain text.

The password leak from last year was really a leak of the password hashes. I'm pretty sure they didn't store passwords in plaintext.

I think the backlash was because they didn't salt the hashes and only used one iteration of SHA1 instead of a more appropriate hash function.

That being said, this doesn't really change the OP's point. Which was, "secure my ass"

kevjiang | 13 years ago | on: Must-have OS X apps for developers and designers

Another really useful app is Spectacle, for keyboard shortcuts to dock an application the left or right half of the screen (like winkey+left and winkey+right on windows 7/8).

http://spectacleapp.com/

kevjiang | 13 years ago | on: Show HN: XKCD-inspired StackSort

Doesn't seem like it.

Code:

  var common_url = '&pagesize=100&order=desc&site=stackoverflow&todate=1363473554';

SO /questions api:

  todate – Unix timestamp of the maximum creation date on a returned item