Comments for PC Sympathy http://www.pcsympathy.com Your Source for PC News and Technical Support Thu, 15 May 2008 18:19:25 +0000 http://wordpress.org/?v=abc Comment on WordPress 2.5 Cookie Forging Explained by devnull http://www.pcsympathy.com/2008/04/26/wordpress-25-cookie-forging-explained/#comment-62 devnull Wed, 07 May 2008 09:03:19 +0000 http://www.pcsympathy.com/?p=664#comment-62 I did some backtracking and I must be missing something or I have misunderstood something because this all seems imposible without knowing SECRET_KEY and SECRET_KEY constants if those aren't defined a random string is generated. $key = wp_hash($user->user_login . $expiration); great however function wp_hash($data) { $salt = wp_salt(); lets have a look at wp_salt(); function wp_salt() { global $wp_default_secret_key; $secret_key = ''; if ( defined('SECRET_KEY') && ('' != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) ) $secret_key = SECRET_KEY; if ( defined('SECRET_SALT') ) { $salt = SECRET_SALT; } else { $salt = get_option('secret'); if ( empty($salt) ) { $salt = wp_generate_password(); update_option('secret', $salt); } } return apply_filters('salt', $secret_key . $salt); } So without knowing those constants how can you feed function hash_hmac($algo, $data, $key, $raw_output = false) the param $key? I did some backtracking and I must be missing something or I have misunderstood something because this all seems imposible without knowing SECRET_KEY and SECRET_KEY constants if those aren’t defined a random string is generated.
$key = wp_hash($user->user_login . $expiration); great however
function wp_hash($data) { $salt = wp_salt();
lets have a look at wp_salt();

function wp_salt() {
global $wp_default_secret_key;
$secret_key = ”;
if ( defined(’SECRET_KEY’) && (” != SECRET_KEY) && ( $wp_default_secret_key != SECRET_KEY) )
$secret_key = SECRET_KEY;

if ( defined(’SECRET_SALT’) ) {
$salt = SECRET_SALT;
} else {
$salt = get_option(’secret’);
if ( empty($salt) ) {
$salt = wp_generate_password();
update_option(’secret’, $salt);
}
}

return apply_filters(’salt’, $secret_key . $salt);
}

So without knowing those constants how can you feed function hash_hmac($algo, $data, $key, $raw_output = false) the param $key?

]]> Comment on Why Your Computer Runs So Slowly by manunkind http://www.pcsympathy.com/2008/04/09/why-your-computer-runs-so-slowly/#comment-45 manunkind Thu, 10 Apr 2008 16:34:34 +0000 http://www.pcsympathy.com/?p=436#comment-45 tyrer, You are right about CCleaner. It's a must-have for any toolbox. Thanks for your comment. tyrer,

You are right about CCleaner. It’s a must-have for any toolbox. Thanks for your comment.

]]> Comment on Why Your Computer Runs So Slowly by tyrer http://www.pcsympathy.com/2008/04/09/why-your-computer-runs-so-slowly/#comment-44 tyrer Thu, 10 Apr 2008 13:10:15 +0000 http://www.pcsympathy.com/?p=436#comment-44 I'd recommend AVG too, its a very efficient program which does not hog system resources. For defrag i prefer to automate is as i feel manual defrags are time consuming for todays large drives, and the real time defragmentation is a step ahead of scheduling as well. Along with this i also use CCleaner for cleanups. I’d recommend AVG too, its a very efficient program which does not hog system resources.
For defrag i prefer to automate is as i feel manual defrags are time consuming for todays large drives, and the real time defragmentation is a step ahead of scheduling as well.
Along with this i also use CCleaner for cleanups.

]]> Comment on Browser hack renders routers insecure by manunkind http://www.pcsympathy.com/2008/04/08/browser-hack-renders-routers-insecure/#comment-43 manunkind Tue, 08 Apr 2008 12:34:32 +0000 http://www.pcsympathy.com/?p=432#comment-43 Solution: Always change the default username and password for any device or application. Default = well known. Solution: Always change the default username and password for any device or application. Default = well known.

]]> Comment on Password checker by manunkind http://www.pcsympathy.com/2008/03/10/password-checker/#comment-9 manunkind Tue, 11 Mar 2008 01:53:46 +0000 http://www.pcsympathy.com/2008/03/10/password-checker/#comment-9 Note: Microsoft does not see your password in any way, shape or form. All checking is done locally. Note: Microsoft does not see your password in any way, shape or form. All checking is done locally.

]]> Comment on Spam Pushes Malware Disguised As Screensavers by manunkind http://www.pcsympathy.com/2008/03/09/spam-pushes-malware-disguised-as-screensavers/#comment-8 manunkind Mon, 10 Mar 2008 03:26:23 +0000 http://www.pcsympathy.com/2008/03/09/spam-pushes-malware-disguised-as-screensavers/#comment-8 It all falls back to TRAIN YOUR USERS. Teach them about the basics of security and some of this will be eliminated. Troy It all falls back to TRAIN YOUR USERS. Teach them about the basics of security and some of this will be eliminated.

Troy

]]>