Forgotten Windows Password

Recently at work a server lost contact with it's domain which invalidated all domain accounts on the machine.  So the only way to login was using a local account, of which there was only one - the local administrator.  The problem is, no one knew the password, it had been almost a decade since the local admin account had been last used.  So is there a way to recover from this type of problem?  Turns out the answer is yes - and it's so easy it's almost scary.

What you need is a program called OphCrack.  Windows stores users passwords as hashes, and OphCrack cracks the password by comparing the password hash against pre-generated hashes stored in what they call "rainbow tables."  OphCrack can be run in two different ways.  Probably the most common is from a "live CD."  Once you burn the CD you boot the computer from that CD, from there OphCrack does everything automatically - it finds the registry hives storing the password hashes, begins the cracking process, and displays the results.  The other way to run OphCrack is on your computer directly.  This is useful if you can login to one account but need to crack another account's password.  You can also load up the registry hives of a computer - I believe it requires the SYSTEM, SAM, and SECURITY registry hives.

The scary thing is how quickly and easily OphCrack can work its magic.  Using the default tables it was able to crack the password in 7 minutes and 2 seconds!

There are other methods to crack your password, or otherwise login to an account without knowing the password.  But OphCrack is the easiest and least invasive I've seen.


I wanted to be clear here, this is not a security flaw in Windows.  Similar software exists for Linux and Mac, so anyone computer can be hacked into.  It's taking advantage of your relatively weak password.  If you're paranoid about this type of thing, what can you do to prevent it?  Below are some tips that will help prevent this type of attack (if you're concerned about such things).

1. Use disk encryption.  Windows, Linux, and Mac all have software that can encrypt the disk.
2. Use long passwords and at least one symbol or extended character.  OphCrack works by having pre-calculated hashes for shorter passwords (up to about 10 characters) and using letters and numbers.  Since this covers 99% of the passwords people use, this works most of the time.  But if your password is longer and uses special characters (e.g. '^' and '&') the possible number of passwords increases exponentially and so does the time to crack.
3. Do whatever you can to ensure physical security of the computer.  Once someone has physical access to your computer, there's almost no stopping them.  Even if you have a long password, they may not be able to crack your password but they can still access your files (unless you used disk encryption).  Of course, if your computer is a laptop, tablet, or phone and you lose it or it's stolen - well consider your data compromised.

OphCrack is a cool little program that helped us login to this server.  Tools like this are not merely "hacking" tools but they do have useful purposes.

What a real quality pair of headphones looks like

I see a lot of people these days walking around listening to their Beats Audio headphones.  Every time I see that I think "idiot - you fell for their marketing ploy and spent way too much money on sub-par headphones."  Now that's very judgmental for me to say that, especially since I've never actually listened to a pair of Beats.  But I have listened to true high-quality headphones, and I've read enough reviews (e.g. here and here) to know that Beats is popular strictly because of a great marketing engine.  They have created this illusion that their product is great and desirable and as such, anything with their name and logo can command top-dollar prices.

Several years ago I purchased a pair of Sennheiser HD 590 headphones.  I'm going to talk about these headphones.  Again, I've never listened to Beats so I can't do a direct comparison, but I suspect Beats has few, if any, of the the following features.  I guess you could think of the following as a way to design the best headphones, the feature to include that give you a truly great product.

The first thing you notice with a pair of headphones like this is how comfortable they are.  The strap across the top of the head is fully padded, but most importantly the ear pieces very softly padded.  They are also large and fit around the ear instead of lying flat on the ear.  This makes them very comfortable for long periods of time.  Another great feature of these headphones is they are an "open" design.  An open headphone is one that allows both air and noise to pass through the headphones.  While wearing these headphones you can still hear the world around you as clearly as without the headphones.  This has one major benefit when it comes to comfort.  A typical "closed" headphone tries to isolate you from the sound world around you.  To do this, the ear cup must be pressed against your skull to try and block a lot of noise.  Since the open design is not trying to isolate you, the ear cups do not need to squeeze onto your head.  The end result is a VERY comfortable headphones.  You can listen to these for hours and never feel like you need to remove them to give your head and ears a break.

Another great feature is the thought that went into the wire.  Many headphones have one wire coming out each ear, whereas these headphones have a single wire on one side.  You don't realize how much the two-wire design gets tangled up until you use a single wire design.  Sennheiser also has a detachable wire at the ear piece.  So if the wire gets caught on something it won't rip the headphones from your head, instead the wire just comes unplugged.  They even include the adapter to let you listen to 1/4" headphone jacks in addition to the standard 1/8" jacks.  And to top it all off, all connectors are plated in gold which prevents them from oxidizing over time.  You could argue that good headphones should be wireless, but a wireless design has circuity in them and, more significantly, lots of battery.  Both of which add weight to the headphones which makes them less comfortable to listen to for long periods of time.  It also adds the hassle of having to charge them.

But the list of top quality features and components doesn't stop there.  The speakers use Neodymium magnets, which are the strongest known magents and produces better sound.  Also, all the wiring in the headphones is oxygen-free copper (OFC).  This is copper that has been smelted in a special way to prevent oxygen from bonding to the copper.  It's a more pure form of copper, it transmits electricity better than regular copper, which again results in better sound quality.  Both OFC and Neodymium cost more money which is why few manufactures use it.

Another great feature of Sennheiser headphones is the company support.  Sennhesier has been around for decades, and they support all of their products for a long time.  You can buy replacement parts for their products decades after the product was last manufactured.

To sum up, these Sennheiser HD 590 headphones are the most comfortable and best sounding headphones I've ever used.  It goes to show you when a company takes the time to design a truly great product, the results speak for themselves.  Of course, headphones like these aren't cheap.  I forget how much I paid for them, but it was about $300.  And that's where Beats headphones rub me the wrong way.  You can spend that much and more on Beats, and do they offer any of these features?

The one thing I've read over and over about Beats is they offer bass and volume.  Well if you want crappy bass and high volume from an overpriced headphone, by all means order some Beats.  But if you want good quality music with properly represented bass then look for a high-quality brand like Sennheiser or Grado.

Recently it was announced that Apple is buying Beats.  To me this perfectly sums up the point I'm trying to make.  To me, Apple is the pinnacle of average hardware that commands extremely high prices because their marketing department has convinced people "it's worth it."

PKZip through rose-colored glasses

PKZip is a piece of software that I've looked fondly upon - until recently.  Most computer users are aware of PKZip (a.k.a. just "zip") which is probably the most common and ubiquitous file compression format.  It's been around since the late 80s and is extensively used in computers - so even if you don't directly use this format I can pretty much guaranty many of the software and services you rely on do use this format.  And what's not to love about this format?  It offers very good compression, it's fast, and it's royalty free unlike some other compression software.

Well, it turns out not everything is peachy-keen in Zip-land.  Recently at work I've had the need to directly read and write zip files.  I cannot rely on existing code to read and write the zip file for me, I must do it myself.  Fortunately the actual compression and decompression code I don't have to write, but all the metadata inside the zip file I must write myself.  Basically the internal structure of a zip file is a lot of smaller structures that contain file into such as compressed/uncompressed sizes, filename, attributes, etc.  These structures also point to relative positions of other structures in the file, etc.  This is all standard stuff if you've ever written code to process a binary file.  So what's the problem then?  Simple, the way these structures are laid out is horrible.  You have to start off parsing the file from the end which is counter-intuitive, some structures have signatures ids whereas others do not, the contents of structures varies depending on bit flags, etc.  But by far the biggest headache is the zip64 extensions.  The original zip format cannot handle large files, so they had to extend the format to support 64-bit file addresses.  I understand they wanted to maintain backwards compatibility, but what they should have done was create a new format and zip/unzip tools would adjust accordingly.  It would actually be the same code to maintain backwards compatibility, just where that code goes would have been different.

Oh well, I can't fault them too much.  I mean the zip format became wildly popular, probably more popular than they had ever anticipated.  They might have put more thought into the design had they known.  Also, it would have been hard to foresee the need for 64-bit support back in a time when hard drives were only a few megabytes in size.

PKZip has definitely stood the test of time.  But its age is showing.  Newer formats like Rar and 7Zip offer better compression ratios.  Personally I would recommend 7Zip.  But zip is so ubiquitous it's going to be around for a while.  I just wish the internals of the file weren't so bad.