There are a lot of people that sign up for stuff on the internet where
they use your email as a user id (not an all-together bad idea), then
the user gets confused, or doesn't distinguish that this is a different
set of credentials. They use their actual email password to sign in to a
web site.
Too many people don't parse what they are actually talking to. They give
me one of those questions saying "It's asking me do do X, Y, or Z." I
ask them who's asking. They respond that they don't know, because they
really don't know.
bp
<part15sbs{at}gmail{dot}com>
On 5/25/2016 5:13 PM, Ken Hohhof wrote:
What I often wonder about is the people whose email credentials get
compromised.
Our email server bans an IP address for 60 minutes after 10 wrong
attempts, so I don’t think it’s a brute force attack. It did occur to
me that a botnet could be used for a bruteforce attack from many
different IP addresses.
But then it would happen to everyone, which it doesn’t. It’s usually
the same small group of people. And not necessarily with passwords
that are trivial to guess like 1234.
My best guess is either their computer is compromised and has been
mined for stored passwords, or they use the same password lots of
places and one of those got compromised.
Stuff like man-in-the-middle attacks grabbing plaintext passwords
seems too spy-vs-spy for spammers.
Anybody have a more educated guess or even actual knowledge of how
spammers keep getting certain peoples passwords?
*From:* Eric Kuhnke <mailto:eric.kuh...@gmail.com>
*Sent:* Wednesday, May 25, 2016 6:35 PM
*To:* af@afmug.com <mailto:af@afmug.com>
*Subject:* Re: [AFMUG] OT I un-screwed myself
https://diogomonica.com/posts/password-security-why-the-horse-battery-staple-is-not-correct/
On Wed, May 25, 2016 at 4:21 PM, Nate Burke <n...@blastcomm.com
<mailto:n...@blastcomm.com>> wrote:
I'm late to the thread, but this seems topical if someone hasn't
already posted it.
https://xkcd.com/936/
On 5/25/2016 6:14 PM, Robert Andrews wrote:
Hence how the employee of a certain slot machine almost made
himself rich.. Alas, greed was more powerful that
intellect.. Yet there may be unknown people out there that
are not greedy that are to this day using the predictability
of RNG's to keep the beer fridge filled and the tax man at bay...
On 05/25/2016 03:54 PM, Eric Kuhnke wrote:
for serious applications, generating cryptographically
sound "random"
numbers is quite a hard computer science problem...
https://wiki.archlinux.org/index.php/Random_number_generation
one of the main methods of attacking a cryptosystem is if
the adversary
knows that the RNG used to produce the keys is not truly
random, but
have some element of predictability in it.
On Wed, May 25, 2016 at 3:10 PM, Ken Hohhof
<af...@kwisp.com <mailto:af...@kwisp.com>
<mailto:af...@kwisp.com <mailto:af...@kwisp.com>>> wrote:
I think I’ll start a business selling random numbers.
Who’s to say 12345 isn’t a random number?
Wait, this sounds a lot like the fortune cookie business.
*From:* Cassidy B. Larson <mailto:c...@infowest.com
<mailto:c...@infowest.com>>
*Sent:* Wednesday, May 25, 2016 4:11 PM
*To:* af@afmug.com <mailto:af@afmug.com>
<mailto:af@afmug.com <mailto:af@afmug.com>>
*Subject:* Re: [AFMUG] OT I un-screwed myself
http://www.telegraph.co.uk/technology/2016/01/21/11-year-old-girl-sets-up-business-selling-secure-passwords-for-2/
On May 25, 2016, at 3:07 PM, Chuck McCown
<ch...@wbmfg.com <mailto:ch...@wbmfg.com>
<mailto:ch...@wbmfg.com <mailto:ch...@wbmfg.com>>>
wrote:
I unscrewed myself.
In windows file explorer, there is a view option
that has a
preview option.
With preview selected you get the contents of a
file on the right
side of the screen.
I was trying various combinations of my password
and noticed that
on one of the tries, the preview pane showed some
content.
After a few more tries I discovered that putting a
zero in front
of the alt code allowed the preview to show content.
The file still would not open, but I could cut and
paste from the
preview pane and I got it all.
Sometimes you luck out.
-----Original Message----- From: Chuck McCown
Sent: Wednesday, May 25, 2016 3:04 PM
To: af@afmug.com <mailto:af@afmug.com>
<mailto:af@afmug.com <mailto:af@afmug.com>>
Subject: Re: [AFMUG] OT I screwed myself
baby monkey puppy
-----Original Message----- From: Chuck McCown
Sent: Wednesday, May 25, 2016 2:53 PM
To: af@afmug.com <mailto:af@afmug.com>
<mailto:af@afmug.com <mailto:af@afmug.com>>
Subject: Re: [AFMUG] OT I screwed myself
I'll say.
For a new password I am considering:
inside housing puppets stay warm
oxygen puppet dagger manganese
electricity wire wrapped around the anus
Dong porcelain l swear
-----Original Message----- From: Seth Mattinen
Sent: Wednesday, May 25, 2016 2:50 PM
To: af@afmug.com <mailto:af@afmug.com>
<mailto:af@afmug.com <mailto:af@afmug.com>>
Subject: Re: [AFMUG] OT I screwed myself
On 5/25/16 13:36, Chuck McCown wrote:
My oldest son is a computer security specialist /
forensic guy.
He was telling my my super complicated
password was not so secure.
He cracked it pretty easy. He suggested I add
an alt code.
So I did. Now, neither one of us can open the
file.
Guess alt codes in passwords for some Office
products cause big
problems.
Arrgh.....
But it's secure now, technically.
