Home / Tag Archives: digest-golf

Tag Archives: digest-golf

iOS 9’s space-saving "app slicing" disabled for now, will return in future update (Andrew Cunningham/Ars Technica)

Enlarge / Apple's sample universal binary here is just 60 percent of its original size when downloaded to an iPad or iPhone. Andrew Cunningham Further Reading Back in June, we wrote a bit about App Thinning , a collection of iOS 9 features that are supposed to make iOS 9 apps take up less space on iDevices. Apple has just announced to developers that one of those features, "app slicing," is not available in current iOS 9 versions due to an iCloud bug. It will be re-enabled in a future iOS update after the bug has been resolved. App slicing ensures that your iDevice only downloads the app assets it needs to work. In older versions of iOS, all devices downloaded "universal" versions of apps that included all of the assets those apps needed to work on each and every targeted iDevice. If you downloaded an app to your iPhone 5, for example, it could include larger image assets made for the larger-screened iPhones 6 and 6 Plus, 64-bit code that its 32-bit processor couldn't use, and Metal graphics code that its GPU didn't support. That's all wasted space, a problem app slicing was designed to resolve. Apple says the iCloud bug affects users who are restoring backups to new devices—if you moved from that iPhone 5 to a new iPhone 6S, for example, iCloud would restore iPhone 5-compatible versions of some apps without the assets required by the newer, larger device. For now, Apple says that devices running iOS 9 will continue to download the universal versions of apps along with all their assets, whether they're needed by your specific device or not.  TestFlight , the beta app distribution service that Apple purchased in 2014, will continue to distribute software tailored for specific devices, but regular users will need to wait for that iOS update before they begin to see the feature's benefits.

Read More »

Active malware campaign has hijacked thousands of WordPress sites in just 15 days, has spiked to over 5K new infections daily (Dan Goodin/Ars…

This is what happens at the network level when a browser visits an infected site. Malwarebytes Attackers have hijacked thousands of websites running the WordPress content management system and are using them to infect unsuspecting visitors with potent malware exploits, researchers said Thursday. The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post . The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit , which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor. "If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can," Cid wrote. "What’s the easiest way to reach out to endpoints? Websites, of course." On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties.

Read More »

Google sends out invites for press event on September 29 at 9 AM PT, new Nexus devices and Chromecast expected; event will be livestreamed on YouTube…

Google We know it's late Friday but this little message just popped into our inbox. Google is holding an event September 29 where the company is promising "tasty new treats and much s'more." September 29 has been the rumored launch date for Google's Nexus line for a few weeks now, and it looks like the rumor mill was right on target. Google is expected to launch updates to the Nexus 5 and Nexus 6. The new 2015 Nexus 5 will be built by LG , while Huawei is handling the 2015 Nexus 6. Both are geared up for Marshmallow with fingerprint readers and USB Type C, and have other goodies like laser autofocus for the camera and front-facing stereo speakers. The event should also see the launch of Android 6.0 Marshmallow , and we might even see the rumored Chromecast 2 that leaked today. The event will be livestreamed at youtube.com/google. © 2015 Condé Nast. All rights reserved Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars Technica Addendum (effective 5/17/2012) Your California Privacy Rights The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad Choices

Read More »

Google’s Project Zero team finds address space layout randomization offers less protection against Stagefright than Google PR claims (Dan Goodin/Ars…

Ron Amadeo Members of Google's Project Zero vulnerability research team have challenged a key talking point surrounding the security of Google's Android mobile operating system. To wit, a key exploit mitigation known as address space layout randomization does much less than the company's overworked public relations people say in blocking attacks targeting critical weaknesses in Android's stagefright media library. As Ars reported beginning in July, a series of vulnerabilities in the libstagefright library made it possible for attackers to remotely execute malicious code on close to one billion Android phones . In the following seven weeks, Google has released updates that either lessen the severity of attacks or directly fix the underlying cause, although many users have yet to receive the fixes, and some probably never will . Throughout the resulting media storm, Google PR people have repeatedly held up the assurance that the raft of stagefright vulnerabilities is difficult to exploit in practice on phones running recent Android versions. The reason, they said: address space layout randomization, which came to maturity in Android 4.1, neutralizes such attacks. Generally speaking, ASLR does nothing to fix a buffer overflow or similar software bug that causes the vulnerability in the first place. Instead, the defense vastly decreases the chances that a remote-code-execution attack exploiting such bugs will succeed. ASLR does this by loading downloaded scripts in a different memory location each time the operating system is rebooted. If the attacker can't locate the malicious code, the exploit results in a simple crash, rather than a game-over hack. On Wednesday, Project Zero researchers tested a home-grown stagefright exploit on a Nexus 5 device running an Android 5.x version. The results showed that at best, ASLR will lower the chances their exploit will succeed. Meanwhile, Joshua Drake, the security researcher who first disclosed the critical vulnerabilities in the code library, said Android ASLR does even less to prevent a new custom exploit he has developed from working. The ASLR shortcomings stem from two root causes. First the randomization offers just eight bits of entropy, meaning there are only 2 8 , or 256, possible locations where attackers can find their malicious payload

Read More »

Google OnHub teardown shows large speaker, huge heatsink, lots of antennas, and a light sensor that doesn’t yet work (Ron Amadeo/Ars Technica)

The Google OnHub, in pieces. Even after our review of Google's OnHub router , the device is still a mystery. Today Google is selling a $200 Wi-Fi router with an abundance of processing power that promises to some day be a smart home device. We're guessing it will power the "Google On" smart home ecosystem, but Google isn't talking about any details today. Further Reading Perhaps the mad scientists over at iFixit can shed some light on the device. They recently ripped open the Google OnHub, displaying its internals for all the world to see. They found lots and lots of antennas, a huge heatsink, and it was mostly held together with clips. The big surprise is the sizable speaker that sits at the top of the device. During setup, the speaker emits a loud ringtone-like sound that pairs the OnHub with a phone, but the OnHub speaker is much larger than what you would find in a smartphone. It's still a far cry from Amazon's woofer/tweeter combo in the Echo, though. iFixit was able to confirm that the odd little "plug" in the speaker grill is really an ambient light sensor, which Google told us doesn't work yet. There's also a Silicon Labs EM3581 SOC network co-processor for ZigBee and Skyworks 66109 2.4 GHz ZigBee/Smart Energy front-end module, which are also dormant.

Read More »

US appeals court rules copyright owners must consider fair use before issuing takedown notices, siding with EFF (Joe Mullin/Ars Technica)

The US Court of Appeals for the 9th Circuit today issued a ruling that could change the contours of fair use and copyright takedown notices. In an opinion (PDF)  published this morning, the three-judge panel found that Universal Music Group's view of fair use is flawed. The record label must face a trial over whether it wrongfully sent a copyright takedown notice over a 2007 YouTube video of a toddler dancing to a Prince song. That toddler's mother, Stephanie Lenz, acquired pro bono counsel from the Electronic Frontier Foundation. The EFF in turn sued Universal in 2007, saying that its takedown practices violated the Digital Millennium Copyright Act. Further Reading The judges ruled today that copyright holders "must consider the existence of fair use before sending a takedown notification." Universal's view that fair use is essentially an excuse to be brought up after the fact is wrong, they held. UMG's view of fair use solely as an "affirmative defense" is a misnomer. "Fair use is uniquely situated in copyright law so as to be treated differently than traditional affirmative defenses," wtore US Circuit Judge Richard Tallman for the majority. The long-running copyright case began when Lenz uploaded a video of her son Holden dancing to Prince's "Let's Go Crazy." At that time, Universal had an employee scouring YouTube each day in order to issue takedowns on videos that used Prince music. EFF, looking for a test case over bad DMCA takedowns, found a sympathetic client in Lenz, a mom seeking to simply share a video of her son with his grandmother. Today's ruling isn't an all-out win for EFF, which wanted Universal to be held liable immediately under 512(f), the section of the DMCA that allows for damages over bad-faith takedown notices. Universal will have to face a trial over whether it "knowingly misrepresented" its "good faith belief the video was not authorized by law." But the judges have made clear that copyright owners "must consider fair use before sending a takedown notification," before forming that "good faith belief." To be successful at trial, Universal doesn't have to prove that the video wasn't fair use. It just has to show that it considered fair use before sending the notice. Otherwise, it could be liable for "nominal" damages to Lenz—which wouldn't be much, since her video went back up after a short period, and has been up since then.

Read More »

Comcast tests letting Florida customers pay an extra $30 per month to avoid 300GB data cap (Jon Brodkin/Ars Technica)

Comcast has unveiled a new $30 charge that will let customers in Florida escape the company's 300GB monthly usage limit. Further Reading The nation's largest cable company has been trialling data caps in nine states, with slightly different policies in each one. Generally, customers who exceed a monthly limit pay an extra $10 for each additional 50GB, though customers are allowed to exceed the caps for three months before getting penalized. But customers in Fort Lauderdale, the Keys, and Miami, Florida, can now purchase unlimited data for an extra $30 per month. Paying this additional $30 eliminates the 300GB monthly cap, but customers have to pay the extra amount each month even if they use less than 300GB. "The Unlimited Data Option costs the current additional fee of $30 per calendar month, regardless of actual data usage," Comcast said in an FAQ updated today . (Thanks to  DSLReports for noticing the change .) Customers who use more than 450GB per month may come out ahead by purchasing the unlimited data option. "For example, if you enroll in the Unlimited Data Option and use 530GB in a given month, you will only be charged $30 for choosing to enroll in the Unlimited Data Option," Comcast says. "If you do not enroll in the Unlimited Data Option, you would be on the 300GB plan and therefore would be charged $50 for the additional 250GB (five blocks of additional 50GB) provided on top of the 300GB plan. Note that customers enrolled in the Unlimited Data Option who use less than 300GB in a given month will still be charged $30 for that month." The unlimited data option hasn't been made available to the other eight states  where Comcast is imposing usage limits. Those are Alabama, Arizona, Georgia, Kentucky, Maine, Mississippi, Tennessee, and South Carolina. Within the trial areas, customers who buy the pricey 505Mbps or 2Gbps plans don't face data limits . Customers who live outside the data cap trial states don't face any limits or overage charges regardless of what plan they buy, but Comcast may impose limits throughout its territory within a few years . If you're wondering how Comcast settled on a 300GB data cap, a company VP recently said  that it's a business decision rather than one driven by technical necessity.

Read More »

Journalists arrested on terrorism charges in Turkey for using crypto software (Glyn Moody/Ars Technica)

Three journalists working with Vice News have been charged with "engaging in terrorist activity" on behalf of ISIL (ISIS), because one of them used encryption software. A Turkish official told Al Jazeera : "The main issue seems to be that the journalists' fixer uses a complex encryption system on his personal computer that a lot of ISIL militants also utilise for strategic communications." There are no details as to what that "complex encryption system" might be, but it seems likely that it is nothing more than the PGP email encryption software, or perhaps the The Onion Router (TOR) system, both of which are very widely used, and not just by ISIL. The correspondent and cameraman for Vice News, who are both British, and their fixer , who is Iraqi but Turkey-based, were arrested last Thursday in Diyarbakir, located in south-eastern Turkey, and an important centre for the country's Kurdish population. According to The Guardian , the Vice News journalists were covering "recent clashes between Turkish security forces and the Patriotic Revolutionary Youth Movement, the youth wing of the outlawed Kurdistan Workers’ Party (PKK)." Further Reading Exposing those tensions would not have endeared them to the Turkish authorities, and the real reason for their arrest may be to stop them reporting on this sensitive issue. What is particularly troubling, however, is that it seems the mere use of encryption software is enough for three journalists to be arrested on terrorism charges. As Ars has reported, this demonisation of crypto is not confined to foreign lands. The UK prime minister, David Cameron, has said he does not intend to "leave a safe space—a new means of communication—for terrorists to communicate with each other," whatever that means in practice. Similarly, law enforcement officials on both sides of the Atlantic have warned of things " going dark " because of the growing use of encryption by criminals. The latest move by the Turkish authorities is simply one more attempt to paint crypto as inherently suspicious, perhaps with a view to making its use explicitly illegal at some point. This post originated on Ars Technica UK

Read More »

PhantomAlert files suit against Waze, claims Waze copied its database, incorporated it into its own application before sale to Google (Cyrus…

Further Reading PhantomAlert , a company that makes a Waze-like traffic smartphone app, has now sued its better-known rival for copyright infringement. The Washington DC-based company argues in a Tuesday filing that after a failed data-sharing deal between itself and Waze collapsed in 2010, within two years, Waze apparently stole PhantomAlert’s "points of interest" database. As the civil complaint states : Among other methods, PhantomAlert determined that Waze had copied its Points of Interest database by observing the presence of fictitious Points of Interest in the Waze application, which PhantomAlert had seeded into its own database for the purpose of detecting copying. On information and belief, Waze copied the PhantomAlert database on multiple occasions after late 2012, re-incorporated the copied data into the Waze application, and continued to display the Points of Interest data to the users of the Waze application. Then, as the case alleges, when Waze was sold to Google in June 2013, the company profited handsomely from this theft. "Waze needed to grow its database to increase its value and become more attractive to potential acquirers," Karl Kronenberger, PhantomAlert’s attorney, said in a statement . "Our complaint alleges that Waze stole PhantomAlert’s database when Waze could not get it legally, and then sold itself to Google for over $1 billion." The lawsuit asks the court to shut down Waze entirely, and to order Google to pay unspecified damages. “I started PhantomAlert seven years ago as an entrepreneur with a dream, and now that dream has been crushed by companies that are profiting from the years of blood, sweat and tears our team put into our product," Joseph Scott Seyoum, PhantomAlert's CEO, said in the same statement. Kronenberger did not respond to Ars’ request for comment as to how exactly this database was stolen. Google also did not immediately respond to Ars’ request for comment.

Read More »

Popcorn Time lawsuits continue as 16 are sued for watching Survivor (Joe Mullin/Ars Technica)

Plaintiffs included a screenshot from the Popcorn Time app, with their movie circled in red. The "Popcorn Time" app was launched in 2014 as a kind of "BitTorrent for dummies" with a simple Netflix-style interface for viewing movies. But now with a second lawsuit filed against users of the app, it looks like 16 as-yet-anonymous watchers may soon need a primer on "mass copyright suits for dummies." The lawsuit (PDF) , entitled  Survivor Productions Inc. v. Anonymous Users of Popcorn Time (Does 1-16) , targets 16 Comcast subscribers who allegedly used the app to watch Survivor— not the reality series, but a thriller starring Pierce Brosnan released earlier this year. Lawsuits over BitTorrent piracy of non-pornographic content are rare to begin with. Survivor Productions now joins Voltage Pictures in being one of just a few movie studios willing to pursue individual downloaders over copyright claims. "The fight against counterfeiting and piracy are critical issues of importance to the both the United States of America and the State of Oregon," states the complaint. "Popcorn Time exists for one purpose and one purpose only: to steal copyrighted content." The complaint includes warnings from the Popcorn Time software as exhibits, and it notes that the movie Survivor was promoted to users of the app. The Survivor Productions lawsuit is nearly identical to another lawsuit against Popcorn Time users filed four days earlier over the Adam Sandler movie The Cobbler . Both were filed by the same attorney, Oregon-based practitioner Carl Crowell. In an earlier e-mail interview with Ars, Crowell said his client does not seek more than the statutory minimum for damages, which is $750. "The goal is to deter infringement," he said. In addition to the Popcorn Time lawsuit, Survivor Productions filed 12 lawsuits against individual users who allegedly used standard BitTorrent technology to get their copies. The suits were filed between July 13 and August 21

Read More »

Former Secret Service agent Shaun Bridges pleads guilty to theft of $820K in bitcoin during Silk Road investigation (Joe Mullin/Ars Technica)

SAN FRANCISCO—Shaun Bridges, a former Secret Service agent who was investigating the Silk Road drug trafficking website, pled guilty today to charges of money laundering and obstruction of justice. Bridges' scheme was straightforward and very profitable. After Silk Road admin Curtis Green was arrested in January 2013, he debriefed agents in Baltimore. Bridges took his admin credentials, logged in, and started locking Silk Road drug dealers out of their accounts. He then looted the accounts, grabbing about 20,000 Bitcoins, and put them into his own account. US District Judge Richard Seeborg read out each of the government accusations against Bridges in court today, and the man responded "yes sir," acknowledging he had committed each of the acts. Shaun Bridges Bridges moved the Bitcoins into his Mt. Gox account. They were worth more than $300,000 at the time of the theft. Bridges moved the money into a Fideltity account called Quantum International Investments LLC between March and May of that year. By then, the bitcoins were worth about $820,000. Bridges also pled guilty to obstructing the Baltimore investigation of Silk Road and later to the internal investigation of his own behavior. At one point, he talked to a colleague who was being interviewed and agreed "to tell a consistent story" about his unauthorized use of a FINCEN database. The plea agreement includes sentencing recommendations, but it isn't known what those are at this time. "You understand these are simply recommendations, and it will be for me to decide what the appropriate sentence is?" Seeborg asked. "I do," said Bridges

Read More »

LTE over Wi-Fi spectrum sets up industry-wide fight over interference (Jon Brodkin/Ars Technica)

A plan to use Wi-Fi airwaves for cellular service has sparked concerns about interference with existing Wi-Fi networks, causing a fight involving wireless carriers, cable companies, a Wi-Fi industry trade group, Microsoft, and network equipment makers. Verizon Wireless and T-Mobile US plan to boost coverage in their cellular networks by using unlicensed airwaves that also power Wi-Fi equipment. While cellular carriers generally rely upon airwaves to which they have exclusive licenses, a new system called LTE-Unlicensed (LTE-U) would have the carriers sharing spectrum with Wi-Fi devices on the unlicensed 5GHz band. Further Reading Verizon has said it intends to deploy LTE-U in 5GHz in 2016. Before the interference controversy threatened to delay deployments, T-Mobile was expected to use the technology on its smartphones  by the end of 2015 . Wireless equipment makers like Qualcomm  see an opportunity to sell more devices and are integrating LTE-U into their latest technology. Using 5GHz will let cellular networks boost data speeds over short distances without requiring users to log in to a separate Wi-Fi network. But companies from all over the technology industry are arguing over how much this new technology will interfere with Wi-Fi networks and how quickly the Federal Communications Commission should move in allowing it. The latest development came yesterday when Verizon, T-Mobile, Alcatel-Lucent, Ericsson, and Qualcomm sent a letter to the FCC opposing a Wi-Fi Alliance proposal that would slow the process of getting LTE-U out of testbeds and into real-world networks. Wi-Fi Alliance seeks delay The Wi-Fi Alliance is an industry trade group that certifies equipment to make sure it doesn't interfere with other Wi-Fi-certified equipment operating in the same frequencies. The group this month  asked the FCC  to avoid authorizing any LTE-U equipment until the Wi-Fi Alliance is able to conduct its own tests on vendor devices using new interference testing guidelines that the Alliance is still developing. The Wi-Fi Alliance has a long list of members  covering pretty much the entire technology industry, including the five companies opposing its request

Read More »

Former FireEye intern pleads guilty to developing Dendroid spyware for Android; sentencing scheduled for Dec. 2 (Dan Goodin/Ars Technica)

A former intern at security firm FireEye has admitted in federal court that he designed a malicious software tool that allowed attackers to take control of other Android phones so they could spy on their owners. Morgan Culbertson, 20, pleaded guilty to federal charges involving Dendroid, a software tool that provided everything needed to develop highly stealthy apps that among other things took pictures using the phone's camera, recorded audio and video, downloaded photos, and recorded calls. According to this 2014 blog post from Android security firm Lookout, at least one app built with Dendroid found its way into the official Google Play market, in part thanks to code that helped it evade detection by Bouncer, Google’s anti-malware screening system. Culbertson, who last month was one of 70 people arrested in an international law enforcement sting targeting the Darkode online crime forum , said in a LinkedIn profile that he spent four months at FireEye. While there, he said, he "improved Android malware detection by discovering new malicious malware families and using a multitude of different tools." He was also a student at Carnegie Mellon University. According to The Pittsburgh Post-Gazette , Culbertson on Tuesday pleaded guilty to developing and selling the malicious tool kit . Culbertson advertised the malware on Darkode for $300, and he also offered to sell the source code, presumably for a much higher price, that would allow buyers to create their own version of Dendroid. He faces a maximum 10 years in prison and $250,000 in fines at sentencing, which is scheduled for December 2. Culbertson said he had spent more than a year designing Dendroid, a timeline that means he worked on the remote access toolkit during or shortly after his four-month tenure at FireEye. FireEye told Forbes that   Culbertson has been suspended from any future work at the company.

Read More »

YouTube Gaming launches Wednesday on iOS, Android, and web to compete with Twitch (Ron Amadeo/Ars Technica)

One year and one day after Google lost Twitch.tv to Amazon , YouTube Gaming is going public. Starting tomorrow, users can head down to http://gaming.youtube.com  (or download the app) to check out the new interface, see who's streaming, or start a stream themselves. We went hands-on with a pre-release version  of YouTube shortly after the June announcement, and very soon the site will be ready for public consumption. Further Reading YouTube calls YouTube Gaming the "go-to destination for anything and everything gaming." It not only shows who is live streaming, but serves as a collection point for all gaming content on YouTube. YouTube Gaming automatically categorizes YouTube's gaming content and sorts it by game and by the content of video. This allows users to easily see the most popular content for their favorite game. A beta version of the new live streaming dashboard is also launching tomorrow. The new dashboard makes streaming less of a scheduled event and more of a casual thing that streamers can do whenever they want. Streaming on YouTube Gaming is done on HTML5, and, unlike Twitch, streamers can enable a "DVR Mode" that buffers the last four hours of a stream and allows viewers to rewind. YouTube Gaming will give Twitch.tv the biggest competition in the live streaming space it has ever seen. Almost every Twitch streamer also uses YouTube for archival purposes and as an additional revenue stream, and now YouTube is a one-stop-shop for every kind of gaming video on the Web. Starting tomorrow, YouTube says  gaming.youtube.com should work for users "in any country where YouTube is available." The Android phone and tablet app launches tomorrow, too, in the US and UK with "other countries coming soon." The iOS app will be available at this link , and for now everything is English-only.

Read More »

New data uncovers the surprising predictability of Android lock patterns (Dan Goodin/Ars Technica)

Marte Løge The abundance of password leaks over the past decade has revealed some of the most commonly used—and consequently most vulnerable—passphrases, including "password", "p@$$w0rd", and "1234567". The large body of data has proven invaluable to whitehats and blackhats alike in identifying passwords that on their face may appear strong but can be cracked in a matter of seconds. Further Reading Now, Android lock patterns—the password alternative Google introduced in 2008 with the launch of its Android mobile OS—are getting the same sort of treatment. The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they're capable of. The research is in its infancy since Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively miniscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords . Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology , recently collected and analyzed almost 4,000 ALPs as part of her master's thesis. She found that a large percentage of them—44 percent—started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier. "Humans are predictable," Løge told Ars last week at the PasswordsCon conference in Las Vegas, where she presented a talk titled Tell Me Who You Are, and I Will Tell You Your Lock Pattern . "We're seeing the same aspects used when creating a pattern locks as are used in pin codes and alphanumeric passwords." ALPs can contain a minimum of four nodes and a maximum of nine, making there 389,112 possible combinations. In a similar fashion as passwords, the number of possible combinations grows exponentially with the length, at least up to a point.

Read More »