What I often wonder about is the people whose email credentials get compromised.
Our email server bans an IP address for 60 minutes after 10 wrong attempts, so I don’t think it’s a brute force attack. It did occur to me that a botnet could be used for a bruteforce attack from many different IP addresses. But then it would happen to everyone, which it doesn’t. It’s usually the same small group of people. And not necessarily with passwords that are trivial to guess like 1234. My best guess is either their computer is compromised and has been mined for stored passwords, or they use the same password lots of places and one of those got compromised. Stuff like man-in-the-middle attacks grabbing plaintext passwords seems too spy-vs-spy for spammers. Anybody have a more educated guess or even actual knowledge of how spammers keep getting certain peoples passwords? From: Eric Kuhnke Sent: Wednesday, May 25, 2016 6:35 PM To: af@afmug.com Subject: Re: [AFMUG] OT I un-screwed myself https://diogomonica.com/posts/password-security-why-the-horse-battery-staple-is-not-correct/ On Wed, May 25, 2016 at 4:21 PM, Nate Burke <n...@blastcomm.com> wrote: I'm late to the thread, but this seems topical if someone hasn't already posted it. https://xkcd.com/936/ On 5/25/2016 6:14 PM, Robert Andrews wrote: Hence how the employee of a certain slot machine almost made himself rich.. Alas, greed was more powerful that intellect.. Yet there may be unknown people out there that are not greedy that are to this day using the predictability of RNG's to keep the beer fridge filled and the tax man at bay... On 05/25/2016 03:54 PM, Eric Kuhnke wrote: for serious applications, generating cryptographically sound "random" numbers is quite a hard computer science problem... https://wiki.archlinux.org/index.php/Random_number_generation one of the main methods of attacking a cryptosystem is if the adversary knows that the RNG used to produce the keys is not truly random, but have some element of predictability in it. On Wed, May 25, 2016 at 3:10 PM, Ken Hohhof <af...@kwisp.com <mailto:af...@kwisp.com>> wrote: I think I’ll start a business selling random numbers. Who’s to say 12345 isn’t a random number? Wait, this sounds a lot like the fortune cookie business. *From:* Cassidy B. Larson <mailto:c...@infowest.com> *Sent:* Wednesday, May 25, 2016 4:11 PM *To:* af@afmug.com <mailto:af@afmug.com> *Subject:* Re: [AFMUG] OT I un-screwed myself http://www.telegraph.co.uk/technology/2016/01/21/11-year-old-girl-sets-up-business-selling-secure-passwords-for-2/ On May 25, 2016, at 3:07 PM, Chuck McCown <ch...@wbmfg.com <mailto:ch...@wbmfg.com>> wrote: I unscrewed myself. In windows file explorer, there is a view option that has a preview option. With preview selected you get the contents of a file on the right side of the screen. I was trying various combinations of my password and noticed that on one of the tries, the preview pane showed some content. After a few more tries I discovered that putting a zero in front of the alt code allowed the preview to show content. The file still would not open, but I could cut and paste from the preview pane and I got it all. Sometimes you luck out. -----Original Message----- From: Chuck McCown Sent: Wednesday, May 25, 2016 3:04 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] OT I screwed myself baby monkey puppy -----Original Message----- From: Chuck McCown Sent: Wednesday, May 25, 2016 2:53 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] OT I screwed myself I'll say. For a new password I am considering: inside housing puppets stay warm oxygen puppet dagger manganese electricity wire wrapped around the anus Dong porcelain l swear -----Original Message----- From: Seth Mattinen Sent: Wednesday, May 25, 2016 2:50 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] OT I screwed myself On 5/25/16 13:36, Chuck McCown wrote: My oldest son is a computer security specialist / forensic guy. He was telling my my super complicated password was not so secure. He cracked it pretty easy. He suggested I add an alt code. So I did. Now, neither one of us can open the file. Guess alt codes in passwords for some Office products cause big problems. Arrgh..... But it's secure now, technically.
