I’ve asked someone who had a pretty solid password get compromised if she had used that password anywhere else, and she answered, “yes, I use the same password everywhere.” If one site they use (which has poor security and stores passwords somewhere in plaintext) gets compromised, and the hackers now have their e-mail and their “secure” password. Voila!
From: Af [mailto:[email protected]] On Behalf Of Bill Prince Sent: Wednesday, May 25, 2016 7:28 PM To: [email protected] Subject: Re: [AFMUG] OT I un-screwed myself There are a lot of people that sign up for stuff on the internet where they use your email as a user id (not an all-together bad idea), then the user gets confused, or doesn't distinguish that this is a different set of credentials. They use their actual email password to sign in to a web site. Too many people don't parse what they are actually talking to. They give me one of those questions saying "It's asking me do do X, Y, or Z." I ask them who's asking. They respond that they don't know, because they really don't know. bp <part15sbs{at}gmail{dot}com> On 5/25/2016 5:13 PM, Ken Hohhof wrote: What I often wonder about is the people whose email credentials get compromised. Our email server bans an IP address for 60 minutes after 10 wrong attempts, so I don’t think it’s a brute force attack. It did occur to me that a botnet could be used for a bruteforce attack from many different IP addresses. But then it would happen to everyone, which it doesn’t. It’s usually the same small group of people. And not necessarily with passwords that are trivial to guess like 1234. My best guess is either their computer is compromised and has been mined for stored passwords, or they use the same password lots of places and one of those got compromised. Stuff like man-in-the-middle attacks grabbing plaintext passwords seems too spy-vs-spy for spammers. Anybody have a more educated guess or even actual knowledge of how spammers keep getting certain peoples passwords? From: Eric Kuhnke <mailto:[email protected]> Sent: Wednesday, May 25, 2016 6:35 PM To: [email protected] Subject: Re: [AFMUG] OT I un-screwed myself https://diogomonica.com/posts/password-security-why-the-horse-battery-staple-is-not-correct/ On Wed, May 25, 2016 at 4:21 PM, Nate Burke <[email protected]> wrote: I'm late to the thread, but this seems topical if someone hasn't already posted it. https://xkcd.com/936/ On 5/25/2016 6:14 PM, Robert Andrews wrote: Hence how the employee of a certain slot machine almost made himself rich.. Alas, greed was more powerful that intellect.. Yet there may be unknown people out there that are not greedy that are to this day using the predictability of RNG's to keep the beer fridge filled and the tax man at bay... On 05/25/2016 03:54 PM, Eric Kuhnke wrote: for serious applications, generating cryptographically sound "random" numbers is quite a hard computer science problem... https://wiki.archlinux.org/index.php/Random_number_generation one of the main methods of attacking a cryptosystem is if the adversary knows that the RNG used to produce the keys is not truly random, but have some element of predictability in it. On Wed, May 25, 2016 at 3:10 PM, Ken Hohhof <[email protected] <mailto:[email protected]>> wrote: I think I’ll start a business selling random numbers. Who’s to say 12345 isn’t a random number? Wait, this sounds a lot like the fortune cookie business. *From:* Cassidy B. Larson <mailto:[email protected]> *Sent:* Wednesday, May 25, 2016 4:11 PM *To:* [email protected] <mailto:[email protected]> *Subject:* Re: [AFMUG] OT I un-screwed myself http://www.telegraph.co.uk/technology/2016/01/21/11-year-old-girl-sets-up-business-selling-secure-passwords-for-2/ On May 25, 2016, at 3:07 PM, Chuck McCown <[email protected] <mailto:[email protected]>> wrote: I unscrewed myself. In windows file explorer, there is a view option that has a preview option. With preview selected you get the contents of a file on the right side of the screen. I was trying various combinations of my password and noticed that on one of the tries, the preview pane showed some content. After a few more tries I discovered that putting a zero in front of the alt code allowed the preview to show content. The file still would not open, but I could cut and paste from the preview pane and I got it all. Sometimes you luck out. -----Original Message----- From: Chuck McCown Sent: Wednesday, May 25, 2016 3:04 PM To: [email protected] <mailto:[email protected]> Subject: Re: [AFMUG] OT I screwed myself baby monkey puppy -----Original Message----- From: Chuck McCown Sent: Wednesday, May 25, 2016 2:53 PM To: [email protected] <mailto:[email protected]> Subject: Re: [AFMUG] OT I screwed myself I'll say. For a new password I am considering: inside housing puppets stay warm oxygen puppet dagger manganese electricity wire wrapped around the anus Dong porcelain l swear -----Original Message----- From: Seth Mattinen Sent: Wednesday, May 25, 2016 2:50 PM To: [email protected] <mailto:[email protected]> Subject: Re: [AFMUG] OT I screwed myself On 5/25/16 13:36, Chuck McCown wrote: My oldest son is a computer security specialist / forensic guy. He was telling my my super complicated password was not so secure. He cracked it pretty easy. He suggested I add an alt code. So I did. Now, neither one of us can open the file. Guess alt codes in passwords for some Office products cause big problems. Arrgh..... But it's secure now, technically.
