| Author |
Message |
    
Cityxslicker
| | Posted on Thursday, February 17, 2011 - 03:44 pm: | 
|
the most common password....
'PASSWORD'
followed by
123456
ADMIN
QWERTY
your cats name, your kids name, your favorite color, the car you drive, the town you grew up.... facebook is a datamine gold field of stupid information that you think doensnt matter.
I PWN wireless networks from clincs for a living, I havent found one yet I couldnt get into in under a dozen tries. .... now think if I were a criminal and really motivated
Who has all your personal id info and is not required to 'store' it electronically by law; and forward it to the IRS?
um yeah. Your shiate is about to get hacked and PWn'd courtesy of the ol ACA and 'quality' - enjoy.
my password is a randomly generated code key encryption changed daily and based off of a bill serial number as a key set that I have in my pocket at the time.
a little trick the boys at Ft Meade like to teach on day 1 |
Swordsman
| | Posted on Thursday, February 17, 2011 - 03:56 pm: |
|
I luv ya City, but you're the most paranoid sumbitch I've ever heard of. 
~SM |
Stirz007
| | Posted on Thursday, February 17, 2011 - 04:22 pm: |
|
Just 'cuz you ain't paranoid, doesn't mean they ain't out to get ya....
City's on to something, though. Among my other duties, I perform vulnerability assessments for public infrastructure - AT/FP for water systems mostly. Without spilling too many beans, one of the basic truths is that the "inside man" is your biggest threat, not some terrorist. The insider knows the system and how to beat it. Now throw the disgruntled employee with an axe to grind into the mix, and that individual can do some real damage.
More that once I have said to myself "now if I wanted to take this thing out, how would I do it?" Good thing thoughtcrime is not a punishable offense. |
Azxb9r
| | Posted on Thursday, February 17, 2011 - 04:28 pm: |
|
What happens if you spend that bill then can't remember your password? |
Swampy
| | Posted on Thursday, February 17, 2011 - 08:53 pm: |
|
My passwords are computer generated so I can't remember them. I just write them on a slip of paper and put it on my desk....IT genuises at thier best...."Lets make this REALLY safe!"
MY laptop is scheduled for a complete overwrite, so that means the only program that I use it for will become unusable for 18 days, after which some IT genius will accuse me of effing the thing up by downloading porn.
The last time it happened I had put in a request for a new battery for the laptop because it was not holding a charge. The one program I use it for is extremely volitale and MUST be shut down properly, so while I am using it in the car, if the crappy inverter shuts down or I have to get out of the car there is no reserve to keep the machine running and Wa-La the laptop shuts down and crashes the program, never to be restarted until it is re-loaded by the techie specialist. Then they come over and ask me why I have IE8 loaded, because that is not an approved program.
Oh well, I loose, have I told you enough yet?
What's my password? |
Cityxslicker
| | Posted on Thursday, February 17, 2011 - 09:05 pm: |
|
I have been doing this since the 90's, it is not a problem I have
(even if I spent the bill, I have it memorized)
.... and yes, just because you dont think anybody is watching or listening, doesnt mean anybody isnt.
Your paranoia is at 3, mine is closer to 11
In God we trust, in all others we MONITOR. |
Just_ziptab
| | Posted on Thursday, February 17, 2011 - 11:17 pm: |
|
I mistype my password on purpose and then go back and fix it with a delete and a couple of backspaces. Don't know if that helps protect it,but it feels good. |
Swampy
| | Posted on Thursday, February 17, 2011 - 11:49 pm: |
|
Anybody who wants in, can get in, thats why I don't get on the internet, it's just not safe out there. |
Reepicheep
| | Posted on Friday, February 18, 2011 - 08:22 am: |
|
quote:Don't know if that helps protect it,but it feels good.
Unfortunately it doesn't (I've seen real data captured from malware in the wild). |
Packdog
| | Posted on Friday, February 18, 2011 - 08:53 am: |
|
My password is beerfart
That way when I forget it, it isn't too long before I get a reminder. |
Teeps
| | Posted on Friday, February 18, 2011 - 09:13 am: |
|
I go here: https://www.grc.com/passwords.htm
and select a random string of characters, then enter them into this:
http://www.google.com/products/catalog?hl=en&clien t=opera&hs=vlR&rls=en&q=sandisk+biometric+usb&um=1 &ie=UTF-8&cid=291705875878233217&ei=X31eTfCXBI-asA O00NnLCA&sa=X&oi=product_catalog_result&ct=result& resnum=4&ved=0CEYQ8wIwAw#
No memory needed... |
Geforce
| | Posted on Friday, February 18, 2011 - 04:58 pm: |
|
Every time I register for a new login or account on other websites I always use the current balance of my checking account. For BadWeb, it was $207.46. twoohseven46 |
Court
| | Posted on Friday, February 18, 2011 - 06:56 pm: |
|
I tried that and found my Badweb user profile was overdrawn and I owed Blake a $10 fee. |
Froggy
| | Posted on Friday, February 18, 2011 - 07:24 pm: |
|
Another bad habit I see too often is people reusing the password, but making it slightly different for each site, they would do something like "Passwordfacebook", it isn't hard to guess they will use "Passwordtwitter" or "Passwordbadweb". |
Xdigitalx
| | Posted on Friday, February 18, 2011 - 07:59 pm: |
|
What if I make a txt file and for each password, I could just select a random section (cut/paste) remembering the 1st and last symbol?
ad/bva'vjne'bjh0t8gyu]30'efhv08fm[09h[qh8n08[hb[hg cjnm4p98typ894y4um2pn7g7i56b8bn9py8nP(Y&*O&*^*R$%& EVVBO*^TRBODUSC$cvidvbognbfo5dcvOR HEREii56fbvfku6fg nl7ign7n7itf6f8lb6if6skbkrg6bvYOUR PASSWORD HEREad/bva'vjne'bjh0t8gyu]894y4um2pn7g7i56b8bn9py8nP(Y &*O&*^30'efhv08fm[09h[qh8n08[hbv[hgcjnm4p98typ894y 4um2pn7g7i56b8bn9py8nPY&*O&*^*R$%&EVVBO*^TRBODUSC8 94y4um2pn7g7i56b8bn9py8nP(Y&*O&*^894y4um2pn7g7i56b 8bn9py8nP(Y&*O&*^$cvidvbognbfo5dcvvii56fbvfku6fgnl
7ign7n7itf6f8lb6OR HEREif6skbkrg6bvnm4p98typ894y4um2pnOR HERE7g7i56b8bn9py8894y4um2pn7g7i56b8bn9py8nP(Y&*O&*^
How can someone encrypt a file or folder or a usb stick that holds the txt file? |
Xdigitalx
| | Posted on Friday, February 18, 2011 - 08:07 pm: |
|
What if I make a txt file and for each password, I could just select a random section (cut/paste) remembering the 1st and last symbol?
ad/bva'vjne'bjh0t8gyu]30'efhv08fm[09h[qh8n08[hb[hg cjnm4p98typ894y4um2pn7g7i56b8bn9py8nP(Y&*O&*^*R$%& EVVBO*^TRBODUSC$cvidvbognbfo5dcvOR HEREii56fbvfku6fg nl7ign7n7itf6f8lb6if6skbkrg6bvYOUR PASSWORD HEREad/bva'vjne'bjh0t8gyu]894y4um2pn7g7i56b8bn9py8nP(Y &*O&*^30'efhv08fm[09h[qh8n08[hbv[hgcjnm4p98typ894y 4um2pn7g7i56b8bn9py8nPY&*O&*^*R$%&EVVBO*^TRBODUSC8 94y4um2pn7g7i56b8bn9py8nP(Y&*O&*^894y4um2pn7g7i56b 8bn9py8nP(Y&*O&*^$cvidvbognbfo5dcvvii56fbvfku6fgnl
7ign7n7itf6f8lb6OR HEREif6skbkrg6bvnm4p98typ894y4um2pnOR HERE7g7i56b8bn9py8894y4um2pn7g7i56b8bn9py8nP(Y&*O&*^
How can someone encrypt a file or folder or a usb stick that holds the txt file? |
Cityxslicker
| | Posted on Friday, February 18, 2011 - 08:50 pm: |
|
it is what basic encryption did with Pi, circa 1960
" Hi, my name is Werner Brandes. My voice is my passport. Verify Me."
You could also go biometric with card reader and voice recognition back.
.... at this point I am just stealing your laptop and not worrying about cracking you password there was a department that had geeks for that. Those MIT graduates need something to do.
or in a very pizzy low tech denial of service, I squirting eye drops down your home row. |
Reepicheep
| | Posted on Friday, February 18, 2011 - 11:25 pm: |
|
The most reasonable next step is phone factor. You do something important (like post an auction or try and move a lot of money) and you get a call or SMS, and have to enter the code they gave you into the web site to continue. Ebay is already doing it.
Stops the "man in the box" attacks, as the code can only be used once. So they would have to take over your cell phone also (not impossible, but an entire additional compromise they have to pull off).
We make our high risk / high revenue apps use IP authentication. Contrary to popular believe among even the technical circles, You can't fake an IP for web requests (unless you control a box in the communication chain, at which point you are basically man in the box). |
Nillaice
| | Posted on Friday, February 18, 2011 - 11:58 pm: |
|
Face it Nally, you're not much of a hacker.
You'll have to think up a better trick than that to steal someone's Badweb identity!
~SM
drat. ... you foiled my plans for teh biggest flame-throwing internet argument EVAR ... -sigh-
and it's NILLY or NELLY but not NALLY } |
|
