Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-07 Thread Tim Crone via Mercedes 
On Dec 5, 2015 10:22 PM, "Curly McLain via Mercedes" 
wrote:
>
> a brute force attack on that trying various passwords incrementally will
take years (without using numbers or $p3c1al characters.)

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

I switched to a fully random password generator for most of my
financial-type accounts, after reading this article (now 2.5 years out of
date!).  If everything is properly salted it's not as bleak, but I don't
trust every vendor to get that right - even Ashley Madison thought they
were doing everything right, and an error was found such that most of the
passwords were cracked.

Best,
Tim
Has experienced that problem where he misplaced the password to his Mercedes
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Meade Dillon via Mercedes 
I wouldn't change email address, just increase the complexity of your email
account password.  I like "diceware" for picking complex passwords.

Get three dice (or use a random number generator) and a paper dictionary.
Roll the dice, open dictionary to corresponding page.  Pick the first 4 or
5 letter word on that page.  Repeat until you have three or four words.
String them together, mix in upper and lower case, replace letters with
numbers or special characters.  Add some punctuation, and voila, a password
that no brute force attack will penetrate in this century.

When I sit down with the dictionary and pick words, I fill up a sheet with
strings of three words, and then rotate through those as needed.

I recommend you write down your new password, unless your memory is better
than mine.

If your email provider will allow two-factor authentication for password
changes, that would also be helpful.

-
Max
Charleston SC

On Sat, Dec 5, 2015 at 7:21 PM, Craig via Mercedes 
wrote:

> I got a virus email today at my address used on the list. (I've deleted
> the "ZIP" file that was attached to the email.)
>
> Hmmm ...
>
> I guess I may have to change my email address.
>
> In addition, I received a couple of days ago a letter from the Office of
> Personnel Management that my information was part of that stolen during
> their recent hack attack. At least they are offering identity theft
> protection.
>
>
> Craig
>
> 
>
> Begin forwarded message:
>
> Date: Sat, 5 Dec 2015 03:32:44 -0700
> From: "America Airlines" 
> To: diese...@pisquared.net
> Subject: Your ticket order #0675441 approved
>
>
> Dear customer,
>
> Your order was successfully processed.
>
> E-Ticket is attached to this email.
>
> Order summary:
>
> FLIGHT NUMBER / MO927369
> DATE & TIME / Dec 09 2015, 17:50
> DEPARTING / Charlotte
> TOTAL PRICE / $ 340.00
>
> Thank you for flying with America Airlines.
>
> ___
> http://www.okiebenz.com
>
> To search list archives http://www.okiebenz.com/archive/
>
> To Unsubscribe or change delivery options go to:
> http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com
>
>
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

[MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Craig via Mercedes 
I got a virus email today at my address used on the list. (I've deleted
the "ZIP" file that was attached to the email.)

Hmmm ...

I guess I may have to change my email address.

In addition, I received a couple of days ago a letter from the Office of
Personnel Management that my information was part of that stolen during
their recent hack attack. At least they are offering identity theft
protection.


Craig



Begin forwarded message:

Date: Sat, 5 Dec 2015 03:32:44 -0700
From: "America Airlines" 
To: diese...@pisquared.net
Subject: Your ticket order #0675441 approved


Dear customer,

Your order was successfully processed.

E-Ticket is attached to this email.

Order summary:

FLIGHT NUMBER / MO927369
DATE & TIME / Dec 09 2015, 17:50
DEPARTING / Charlotte
TOTAL PRICE / $ 340.00

Thank you for flying with America Airlines.

___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Rich Thomas via Mercedes 
I get like 3 of those a day on another addy, most from some supposed Brit 
outfits. 

--R (sent from my miniPad)

On Dec 5, 2015, at 7:21 PM, Craig via Mercedes  wrote:

I got a virus email today at my address used on the list. (I've deleted
the "ZIP" file that was attached to the email.)

Hmmm ...

I guess I may have to change my email address.

In addition, I received a couple of days ago a letter from the Office of
Personnel Management that my information was part of that stolen during
their recent hack attack. At least they are offering identity theft
protection.


Craig



Begin forwarded message:

Date: Sat, 5 Dec 2015 03:32:44 -0700
From: "America Airlines" 
To: diese...@pisquared.net
Subject: Your ticket order #0675441 approved


Dear customer,

Your order was successfully processed.

E-Ticket is attached to this email.

Order summary:

FLIGHT NUMBER / MO927369
DATE & TIME / Dec 09 2015, 17:50
DEPARTING / Charlotte
TOTAL PRICE / $ 340.00

Thank you for flying with America Airlines.

___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com


___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Meade Dillon via Mercedes 
Yep, that's it!

However, upon re-reading Craig's post, his account wasn't "hacked", he
simply received some spam, so please forget my password suggestion - that
won't fix spam!!!

-
Max
Charleston SC

On Sat, Dec 5, 2015 at 8:41 PM, Curt Raymond via Mercedes <
mercedes@okiebenz.com> wrote:

> https://xkcd.com/936/
>
>
> -Curt
>
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Curly McLain via Mercedes 
I get like 3 of those a day on another addy, most from some supposed 
Brit outfits.


--R (sent from my miniPad)



Brit probably means Paki.  The pakis have pretty much overrun the 
place, so they consider pakiland to be Brit for all ill icit purposes.


___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Curt Raymond via Mercedes 
A particularly bad piece of spam if I've ever seen one...
-Curt


  From: Craig via Mercedes <mercedes@okiebenz.com>
 To: Mercedes Discussion List <mercedes@okiebenz.com> 
Cc: Craig <diese...@pisquared.net>
 Sent: Saturday, December 5, 2015 7:21 PM
 Subject: [MBZ] Fw: Your ticket order #00000675441 approved
   
I got a virus email today at my address used on the list. (I've deleted
the "ZIP" file that was attached to the email.)

Hmmm ...

I guess I may have to change my email address.

In addition, I received a couple of days ago a letter from the Office of
Personnel Management that my information was part of that stolen during
their recent hack attack. At least they are offering identity theft
protection.


Craig



Begin forwarded message:

Date: Sat, 5 Dec 2015 03:32:44 -0700
From: "America Airlines" <ord...@santanasalsa.com>
To: diese...@pisquared.net
Subject: Your ticket order #0675441 approved


Dear customer,

Your order was successfully processed.

E-Ticket is attached to this email.

Order summary:

FLIGHT NUMBER / MO927369
DATE & TIME / Dec 09 2015, 17:50
DEPARTING / Charlotte
TOTAL PRICE / $ 340.00

Thank you for flying with America Airlines.

___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com



  
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Curt Raymond via Mercedes 
https://xkcd.com/936/


-Curt
  From: Meade Dillon via Mercedes <mercedes@okiebenz.com>
 To: Mercedes Discussion List <mercedes@okiebenz.com> 
Cc: Meade Dillon <dillonm...@gmail.com>
 Sent: Saturday, December 5, 2015 8:22 PM
 Subject: Re: [MBZ] Fw: Your ticket order #00000675441 approved
   
I wouldn't change email address, just increase the complexity of your email
account password.  I like "diceware" for picking complex passwords.

Get three dice (or use a random number generator) and a paper dictionary.
Roll the dice, open dictionary to corresponding page.  Pick the first 4 or
5 letter word on that page.  Repeat until you have three or four words.
String them together, mix in upper and lower case, replace letters with
numbers or special characters.  Add some punctuation, and voila, a password
that no brute force attack will penetrate in this century.

When I sit down with the dictionary and pick words, I fill up a sheet with
strings of three words, and then rotate through those as needed.

I recommend you write down your new password, unless your memory is better
than mine.

If your email provider will allow two-factor authentication for password
changes, that would also be helpful.

-
Max
Charleston SC

On Sat, Dec 5, 2015 at 7:21 PM, Craig via Mercedes <mercedes@okiebenz.com>
wrote:

> I got a virus email today at my address used on the list. (I've deleted
> the "ZIP" file that was attached to the email.)
>
> Hmmm ...
>
> I guess I may have to change my email address.
>
> In addition, I received a couple of days ago a letter from the Office of
> Personnel Management that my information was part of that stolen during
> their recent hack attack. At least they are offering identity theft
> protection.
>
>
> Craig
>
> 
>
> Begin forwarded message:
>
> Date: Sat, 5 Dec 2015 03:32:44 -0700
> From: "America Airlines" <ord...@santanasalsa.com>
> To: diese...@pisquared.net
> Subject: Your ticket order #0675441 approved
>
>
> Dear customer,
>
> Your order was successfully processed.
>
> E-Ticket is attached to this email.
>
> Order summary:
>
> FLIGHT NUMBER / MO927369
> DATE & TIME / Dec 09 2015, 17:50
> DEPARTING / Charlotte
> TOTAL PRICE / $ 340.00
>
> Thank you for flying with America Airlines.
>
> ___
> http://www.okiebenz.com
>
> To search list archives http://www.okiebenz.com/archive/
>
> To Unsubscribe or change delivery options go to:
> http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com


>
>
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com



 
___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com

Re: [MBZ] Fw: Your ticket order #00000675441 approved

2015-12-05 Thread Curly McLain via Mercedes 
Mark Minasi,  (windows server guru, and serial author)  recommended 
using a passphrase, not a password, and that the phrase should have 
at least 14 characters.  He claims that a brute force attack on that 
trying various passwords incrementally will take years (without using 
numbers or $p3c1al characters.)  Using some numbers and special 
characters adds very little to the time to crack when you have 14 
character length.


On Active Directory, I just set the requirements to 14 characters and 
turned off the others.  We had successful ph ishing attacks a couple 
of times on win XP users, but nobody ever cracked a password.  On one 
new server that was set up by the "experts" they left it wide open to 
the internet with a simple password (short) so they could easily 
remote into it.The first thing we did when they left was to 
change the  password to a 14 character passphrase.  Within 24 hours, 
someone was hammering on it trying to break the user name/pas sword. 
We figured out it was from one of the northern territories formerly 
controlled by Crazy Uncle Jozef (Stall in).  We let them play for a 
few days but eventually grew tired of watching their failures, so we 
closed the access except for a couple of IP addresses.  That ended 
that.




I wouldn't change email address, just increase the complexity of your email
account password.  I like "diceware" for picking complex passwords.

Get three dice (or use a random number generator) and a paper dictionary.
Roll the dice, open dictionary to corresponding page.  Pick the first 4 or
5 letter word on that page.  Repeat until you have three or four words.
String them together, mix in upper and lower case, replace letters with
numbers or special characters.  Add some punctuation, and voila, a password
that no brute force attack will penetrate in this century.

When I sit down with the dictionary and pick words, I fill up a sheet with
strings of three words, and then rotate through those as needed.

I recommend you write down your new password, unless your memory is better
than mine.

If your email provider will allow two-factor authentication for password
changes, that would also be helpful.

-
Max
Charleston SC

On Sat, Dec 5, 2015 at 7:21 PM, Craig via Mercedes 
wrote:


 I got a virus email today at my address used on the list. (I've deleted
 the "ZIP" file that was attached to the email.)

 Hmmm ...

 I guess I may have to change my email address.

 In addition, I received a couple of days ago a letter from the Office of
 Personnel Management that my information was part of that stolen during
 their recent hack attack. At least they are offering identity theft
 protection.


 Craig

 

 Begin forwarded message:

 Date: Sat, 5 Dec 2015 03:32:44 -0700
 From: "America Airlines" 
 To: diese...@pisquared.net
 Subject: Your ticket order #0675441 approved


 Dear customer,

 Your order was successfully processed.

 E-Ticket is attached to this email.

 Order summary:

 FLIGHT NUMBER / MO927369
 DATE & TIME / Dec 09 2015, 17:50
 DEPARTING / Charlotte
 TOTAL PRICE / $ 340.00

 Thank you for flying with America Airlines.

 ___
 http://www.okiebenz.com

 To search list archives http://www.okiebenz.com/archive/

 To Unsubscribe or change delivery options go to:
 http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com



___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com



___
http://www.okiebenz.com

To search list archives http://www.okiebenz.com/archive/

To Unsubscribe or change delivery options go to:
http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com