First  Prev  1  2  3  4  Next  Last
Post Reply Hacked
Secret Moderator
12280 cr points
Send Message: Send PM GB Post
28 / M
Offline
Posted 4/10/15
http://www.forbes.com/sites/adamtanner/2014/04/14/these-sites-tell-which-of-your-accounts-have-been-hacked/

For those of you who re-use the same email or credentials, or a permutation thereof, it is advised to see if a company or site has been breached and your account details have been taken.

websites like the forbes link above, along with password managers like Dashlane alert users to data breaches to change their compromised credentials, and inform you if they've been re-used.

To date, CR has not had a data breach, but it doesn't mean it won't happen. Best security practices by end users are the first line of defense.


18050 cr points
Send Message: Send PM GB Post
U.S.
Offline
Posted 4/10/15
My neighbor's Wi-Fi password was 12345678. Then they moved out. XD
Posted 4/10/15 , edited 4/11/15
personally never been hacked on any online services.

and I have used the same passwords for everything lol


Several people from China tried to hack into my Guild Wars 2 account, but because their IP is different to mine, GW servers needed an extra authentication step from my email... and they don't know my email so they couldn't hack into that xD
13652 cr points
Send Message: Send PM GB Post
こ ~ じ ~ か
Offline
Posted 4/10/15

TheOmegaForce70941 wrote:

You can check how long time it would take a PC to guess your password here https://howsecureismypassword.net/



Haha, "correct horse battery stapler" -- which by now, is in every cracker's dictionary -- is rated 6.9 nonillion (that's 10^30!) years.

I think though, that site can give a false sense of security. I put in a ten-character string of numbers and upper and lower case letters. Result? 6 years.

Well, possibly. However, that would depend on the hashing algorithm used. Unsalted MD5? Same string would take only 14 months. Drop a couple of characters and it drops to mere hours.

A lot of older web applications out there use such weak hashing. Developers often leave security as an afterthought.

Fortunately, that site lets you change the setting for how many hashes per second. Multiply it by ten for better results. ;)

OT: I wonder what exactly it means to be "blatantly" hacked, anyway?
19466 cr points
Send Message: Send PM GB Post
43 / M / Finland
Offline
Posted 4/11/15

TheOmegaForce70941 wrote:

You can check how long time it would take a PC to guess your password here https://howsecureismypassword.net/


I'm supposed to enter my pass on a third party site? Nah, even if I can't find anything too egregious about it*, I think I'll refrain, thanks...

*http://security.stackexchange.com/questions/17500/is-howsecureismypassword-net-safe-to-use

If you still feel the urge to test something there, use a similar type string as the pass you want to test but written differently.
46382 cr points
Send Message: Send PM GB Post
20 / M / Sweden
Offline
Posted 4/11/15 , edited 4/11/15

Gracias2 wrote:


TheOmegaForce70941 wrote:

You can check how long time it would take a PC to guess your password here https://howsecureismypassword.net/


I'm supposed to enter my pass on a third party site? Nah, even if I can't find anything too egregious about it*, I think I'll refrain, thanks...

*http://security.stackexchange.com/questions/17500/is-howsecureismypassword-net-safe-to-use

If you still feel the urge to test something there, use a similar type string as the pass you want to test but written differently.


If you really are unsure of it's security then there's a simple solution, check the source code... I mean, it's probably written in Javascript and HTML.

Plus if you don't trust 'em then just connect to the site and disscoect from the internet, close the site and then re-connect
19466 cr points
Send Message: Send PM GB Post
43 / M / Finland
Offline
Posted 4/11/15

TheOmegaForce70941 wrote:

If you really are unsure of it's security then there's a simple solution, check the source code... I mean, it's probably written in Javascript and HTML.

Plus if you don't trust 'em then just connect to the site and disscoect from the internet, close the site and then re-connect


Again, to everyone, important reminder, Do not type your pass on any site other than the one you use it on.

@TheOmegaForce Checking the source code is hardly applicable to your average user. And the site itself seems somewhat vulnerable to hacking, so you'd need to do that every time you visit. Most common people aren't experts on HTML let alone Javascript... Your solution seems to work, and the site doesn't need cookies or flash. But I'd still be wary as I'm pretty sure an experienced hacker with a compromised site like that would find a way to work around it...
52119 cr points
Send Message: Send PM GB Post
21 / M / Tiphares
Offline
Posted 4/11/15
Whenever I make a new account for whatever website I'd like to sign up for I write the username and password in a notepad file and save it on my desktop in a secure location.
46382 cr points
Send Message: Send PM GB Post
20 / M / Sweden
Offline
Posted 4/11/15

Gracias2 wrote:


TheOmegaForce70941 wrote:

If you really are unsure of it's security then there's a simple solution, check the source code... I mean, it's probably written in Javascript and HTML.

Plus if you don't trust 'em then just connect to the site and disscoect from the internet, close the site and then re-connect


Again, to everyone, important reminder, Do not type your pass on any site other than the one you use it on.

@TheOmegaForce Checking the source code is hardly applicable to your average user. And the site itself seems somewhat vulnerable to hacking, so you'd need to do that every time you visit. Most common people aren't experts on HTML let alone Javascript... Your solution seems to work, and the site doesn't need cookies or flash. But I'd still be wary as I'm pretty sure an experienced hacker with a compromised site like that would find a way to work around it...


Well HTML and Java/Javascript are the two most basic programming languages... So it won't take long to learn!

Anyhow, I understand what you're saying. But I personally feel that the problem isn't people using the same password on multiple services, I feel that it's too many people using simple passwords on multiple services. For instance there's a lot of people out there who use "password123" and some others whom use their phone number as their password on everything and that's really unsecure.

63460 cr points
Send Message: Send PM GB Post
Offline
Posted 4/11/15 , edited 4/11/15
Thank You for the warning. It's always good to update with something better.
428 cr points
Send Message: Send PM GB Post
22 / F / Puerto Rico
Offline
Posted 4/11/15

jakari

Thanks that's really useful. But how do you remember all the login / complicated pw's x3?


I have a RL, little black book of passwords. I don't take pictures of them. I don't write them in digital text. Complete old school book keeping. It has been with me for over 12 years and counting.

When it broke apart, I glued and taped it together.

That's how I keep my passwords straight.

Santera
61159 cr points
Send Message: Send PM GB Post
27 / M
Offline
Posted 4/11/15
The most hardcore solution I've heard of is to keep an encrypted file on external media (such as a flash drive) that contains all your passwords, and keep that external drive on you. You only have to remember the one password to decrypt the file, and you have access to all your passwords. This guy would also only ever copy/paste his passwords so that they couldn't be picked up by a keylogger.

That's a little extreme, though, and incredibly inconvenient. I'm no expert on LastPass, but I've heard that it provides a similar level of protection without all the hassle. Personally, I've gotten by using just a few different passwords, and I avoid using them on shady sites. If I feel I must create an account on a site I don't trust, I use an extremely weak and simple password that's easy to remember. As far as I know, I haven't been hacked yet.
15947 cr points
Send Message: Send PM GB Post
20 / Cold and High
Offline
Posted 4/11/15 , edited 4/11/15
My password is 1234 and never got hacked once!
13652 cr points
Send Message: Send PM GB Post
こ ~ じ ~ か
Offline
Posted 4/11/15

staphen wrote:
This guy would also only ever copy/paste his passwords so that they couldn't be picked up by a keylogger.


This guy also doesn't know very much about keyloggers.
61159 cr points
Send Message: Send PM GB Post
27 / M
Offline
Posted 4/11/15

evilotakuneko wrote:


staphen wrote:
This guy would also only ever copy/paste his passwords so that they couldn't be picked up by a keylogger.


This guy also doesn't know very much about keyloggers.


I admit that my information about keyloggers comes from Wikipedia, but I see no reason why this method wouldn't work against your typical API-based keylogger, or even kernel-based keyloggers and maybe hypervisor-based keyloggers. You know, anything that actually monitors the keys entered by the keyboard. I'm honestly surprised that form grabbing and packet analysis can even be considered keylogging.

In case you're interested, I only read about this guy in an article. The purpose of the article was to describe the inevitability of "being hacked," what it means, and how to minimize the damage. The guy in question was an acquaintance of the author used as an extreme example of the lengths some people would go to.
First  Prev  1  2  3  4  Next  Last
You must be logged in to post.