Page 6 of 10 FirstFirst ... 45678 ... LastLast
Results 51 to 60 of 99

Thread: OT: password protection

  1. #51
    Join Date
    Dec 2004
    Location
    East Coast, USA
    Posts
    7,381

    Default

    Wow.... talk about...

    Work hard play hard

  2. #52
    Join Date
    Jan 2004
    Location
    Missouri
    Posts
    30,054

    Default

    Quote Originally Posted by loose nut View Post
    Biometric scanning will not be secure for long if it is used for web access. Biometric data is just that date. It has to be stored in a file which has to be accessible in the same manner that passwords are for the security programs to work. Just numbers that can be hacked like any other data ......
    Precisely.

    ANY "data" can be accessed and, given the capability, hacked, back-driven, or otherwise stolen in order to obtain access to whatever it protects.

    This is not unlike locking your doors. That deters casual thieves, but will not protect you against determined thieves. Locks, safes, vaults, etc do not protect absolutely. A standard password like your address, is pretty much like a suitcase lock if someone targets you sufficiently to do the research (unlikely in itself). a better password is more like a decent door lock. But when the door is locked, you use a bump key, jemmy, kick it in, or go in through the window.

    Point being, that if your account is sufficiently valuable, or is part of something sufficiently valuable, it WILL BE HACKED. Just get used to that idea. It is the "elephant in the room" that nobody wants to talk about when it comes to the matter of doing everything on-line, banking via your phone, etc. Oh, yeah... YOU will be blamed for the hack.... not that you did it, but that some failure on YOUR part is responsible for access to your account, and the money being gone.... it could not possibly be the "very secure" bank software.

    Once hacked, information may be sold to small-time thieves who will certainly try to use whatever the passwords give access to.

    ANY piece of data used as a key can be cracked, back-driven, etc, or if not cracked, just "avoided". Just HOW that piece of data is generated is not very important, that supposed importance is related to the way PEOPLE think, but not the way computers operate.

    People freaking out about needing to use unique "hard" passwords for inconsequential accounts are just hyperventilating. Use the tough stuff where you need to, it might even help, who knows? Otherwise there is zero need to cause yourself hassles.

    It is very unlikely that someone with your password to this forum will be able to hack into the VP computer system and thereby gain access to your bank account to "empty" it.... Unless, of course, you are fool enough to use the very same password for your on-line banking, assuming you even do on-line banking.

    If you do NOT do online banking, then your "account" is even safer.... (although I suppose there is some point to establishing an online banking account just to make sure someone else does not do that themselves)

    If one insists on good passwords, and assuming the system were actually secured against every possible backdoor way in (it's a computer program, don't make me laugh), then a long enough password would make it hard to attack with a straight up method of exhausting the possibilities. That happy state of affairs is a long way off.

    Here you go.... My password to this forum is the name of one of the machines in my shop. Go for it.... use that to get to my bank account... or to any other account I may have used it for. I gave you the hint, I cut down your possible "fits" to a few hundred. It's up to you now.
    Last edited by J Tiers; 01-10-2019 at 12:47 PM.
    1601

    Keep eye on ball.
    Hashim Khan

  3. #53
    Join Date
    Nov 2008
    Location
    SF East Bay.
    Posts
    6,153

    Default

    To the readers in general.... JTiers is, of course entitled to his opinion. Please note that it is based on his imagination and has nothing to do with reality. His accuracy rate is lower than the Mattel battery powered plastic lathe.

    There are several trained security experts contributing to this thread. I suggest that you place MUCH more importance on their posts.
    Measure twice. Cut once. Weld. Repeat.
    ( Welding solves many problems.)

  4. #54
    Join Date
    Jan 2004
    Location
    Missouri
    Posts
    30,054

    Default

    Experts are very familiar with the details of security systems.

    Experts will be very hard pressed to deny the large number of successful hacks into high profile, and presumably well protected systems. There are MORE than you have read about.

    Experts were retained to secure these systems. They failed to do so, in large part not due to their own efforts, but due to vulnerabilities they have no control over. Those vulnerabilities are in other software, and, in the most important part of the system, the people whose "stuff" is intended to be protected. They are not blameless, their own systems have failed in various cases as well.

    There will be more and larger hacks. You will be personally affected by them, assuming you have not yet been affected.

    I dare any of the experts here to do either of two things....

    1) deny the existence of numerous very large scale hacks of systems that were supposedly protected by experts.

    2) I gave a strong hint as to my own password to this forum. Let them discover it, and prove it by posting using my login. Bonus points if they can do so on any OTHER place that same one is used. After all, dan says it is easy, and that it will give access to my bank and other things....

    Stop the ad-hominem attacks (your specialty, danlb) and put the money where the mouth is.
    Last edited by J Tiers; 01-10-2019 at 03:48 PM.
    1601

    Keep eye on ball.
    Hashim Khan

  5. #55
    Join Date
    Nov 2008
    Location
    SF East Bay.
    Posts
    6,153

    Default

    Hey Jerry, Please note that there were no attacks on your personality, but were strictly related to the content of your posts. I'm sure you are a fine fellow with a vast imagination and great skills at consuming and regurgitating huge amounts of information.

    Please also note that, in your ignorance, you are confusing a directed attack on a specific person's account with the use of your credentials to leverage other system weaknesses. I can't tell if you have not read the thread or did not understand the concepts, but I'm satisfied that most of the readers got the idea.

    BTW, there are laws that could make it illegal to try you brute force your password as you suggested. Both the Computer Fraud and Abuse Act (CFAA) of 1986 and California Penal Code Section 502(c) PC can be invoked to prosecute that as a crime.


    Dan
    Measure twice. Cut once. Weld. Repeat.
    ( Welding solves many problems.)

  6. #56
    Join Date
    Jan 2004
    Location
    Missouri
    Posts
    30,054

    Default

    I am not confusing anything with anything else. In fact I have made the distinction.... but you missed that. And you have basically said that most of what I write is BS...

    Whatever.....

    I specifically suggested that most are under no danger of a specific attack on them, other than general phishing... but I think you are are very likely to see effects from the large scale attacks directed against institutions, government, and companies, often facilitated by successful "phishing".

    I have no intention of prosecuting or even complaining..... you could just PM me the password and it would work for me.... you can sort out the legalities.

    That leaves the "deny the existence of big hacks".... which you suggested result from use of passwords in multiple places such as this forum.

    I put it to you that on the contrary "phishing" is both far easier, and far more direct, as well as likely to produce results. Any hacker that tries to trace passwords, or try them in multiple places is going to do poorly compared to phishing attempts. THAT is how to get at passwords by first compromising the user machine. Some of those folks will likely have access to higher value targets, and will make their passwords available one way orr another..
    1601

    Keep eye on ball.
    Hashim Khan

  7. #57
    Join Date
    Nov 2008
    Location
    SF East Bay.
    Posts
    6,153

    Default

    You are free to believe that Jerry, but it's not what the facts show. You need to do more research.

    There is no doubt that spear-phishing is a very effective tool when you want to access a specific person, system or account. That has nothing to do with the discussion at hand.

    You seem to have trouble setting up the straw man that you started with post #54 with [quote]I dare any of the experts here to do either of two things....

    1) deny the existence of numerous very large scale hacks of systems that were supposedly protected by experts.[quote] and altered in post #56 to something different in [quote] That leaves the "deny the existence of big hacks".... which you suggested result from use of passwords in multiple places such as this forum. [quote]


    Let me make it easier for you. Big systems have been hacked. Some of them were thought to be adequately secure. Does that work for you?

    Let me make it even easier for you. Some of the most notorious system breaches have resulted from an authorized user clicking on a link to a trojan program disguised as a request from the help desk. John Podesta comes to mind. Spear-phishing at it's finest.

    None of this changes the fact that it's bad form to use the same username/password on multiple systems.

    Dan
    Measure twice. Cut once. Weld. Repeat.
    ( Welding solves many problems.)

  8. #58
    Join Date
    Jan 2004
    Location
    Missouri
    Posts
    30,054

    Default

    Well you finally admitted what I was saying is correct...

    "Spear phishing", sure...

    AND general phishing, looking for unprotected bank passwords, etc. A bit of installed malware, and you can have a nice saleable and usable set of user and passwords paired with the applicable sites.

    Why do you think you get lots of mail from "Fedex", or "USPS", etc? General phishing for whatever pops up that can be used or sold. (even if you do not get it, it was probably sent... I expect you block that junk)

    We have exhausted this argument... pull ahead please....
    1601

    Keep eye on ball.
    Hashim Khan

  9. #59
    Join Date
    Nov 2008
    Location
    SF East Bay.
    Posts
    6,153

    Default

    Yep, you said something obvious and got 2 of 20 assertions correct. Good work!

    Yep, we've watered this dead plant enough. Next!
    Measure twice. Cut once. Weld. Repeat.
    ( Welding solves many problems.)

  10. #60
    Join Date
    Jan 2013
    Location
    Michigan
    Posts
    1,534

    Default

    The proper way for you guys to settle this is with a tournament of Core War.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •