Um. No. If you relate to a theme when making passwords, you are doing it wrong. There shouldn't be a preferred password length, only a required minimum. And "name of your wife/pussycat/family"? Seriously, Reinier? Those things have no business being in a password in the first place!
Your assumptions on the amount and nature of information which could be derived from a spent password makes me wonder how weak your passwords must be... On 10 December 2012 12:19, Reinier Battenberg < [email protected]> wrote: > ** > > > > > > never ever answer that question! Never! > > > > there is a massive amount of information in that. (your preferred pw > length, the name of your wife/pussycat/family, favorite football club etc) > > > > dont answer/ > > > > > > On Monday 10 December 2012 12:08:39 Benjamin Tayehanpour wrote: > > Most *targeted* breaches are, yes. If you know a specific user and you > want that user's account, specifically, then password-guessing is common. > But this was quite evidently not a targeted breach, otherwise spam would be > the least of his/her problems. Most non-targeted breaches (as in: "I have > this lovely piece of spam I want to distribute, so I need one thousand > hacked accounts") happen through lousy workstation security, with spyware > or MITM attacks swiping the credentials. > > I'm curious. What was your password, Colline? Since you've changed it it > shouldn't hurt to reveal it, right? > > On 10 December 2012 11:58, Victor van Reijswoud < > [email protected]> wrote: > > Most breaches are because of poor passwords (except this one, of course :) > ). Interesting overview here: > http://nakedsecurity.sophos.com/2012/07/13/yahoo-voices-poor-passwords/ > > > > On Mon, Dec 10, 2012 at 11:19 AM, Benjamin Tayehanpour < > [email protected]> wrote: > > Any idea how the breach happened yet? Password-guessing for spam-related > purposes is quite rare nowadays, with sophisticated brute force protection > and especially if the password is a good strong one (which I assume, since > you're a Linux user and thus have common sense). Did you have your password > written down somewhere accessible? Did you save it with a password manager > on a public computer? Did you link your account to some other account > (Facebook/Twitter/&c.) which is compromised? > > On 10 December 2012 10:28, Colline Waiswa <[email protected]> wrote: > > > > > Seeing as my sent mail folder is full of the that message sent to all my > contacts, i am pretty sure the mailbox was gotten into > > Colline > > ------------------------------ > On Mon, Dec 10, 2012 12:42 AM PST Mike Barnard wrote: > > >On 9 December 2012 17:37, Benjamin Tayehanpour > ><[email protected]>wrote: > > > >> Without SPF protection, I could send e-mails which look like they > >> originate from your account, and the receiver will have no means of > >> verifying the sender address since SPF isn't implemented. That's one of > >> many reasons why Yahoo! is a bad e-mail service provider. I'm not > saying we > >> should ban all users of Yahoo!; I'm saying Yahoo! as a service provider > >> should be boycotted due to the numerous flaws in their service. > >> > >> That said, I'm glad you managed to change the password so you didn't > lose > >> the account. Such things can be a real pain otherwise! Do you know how > the > >> breach happened? > >> > >> > >The "breach" will most likely happen again... I doubt that the person > >actually got into his mailbox. Most spam from yahoo addresses tends to be > >from botnets that take advantage of the fact that one cannot legitimately > >check whether its actually yahoo who sent the email. > > > > > >-- > >Mike > > > >Of course, you might discount this possibility, but remember that one in a > >million chances happen 99% of the time. > >------------------------------------------------------------ > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > > > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > > > > > -- > > rgds, > > > > Reinier Battenberg > > Director > > Mountbatten Ltd. > > www.mountbatten.net > > tel: +256 758 801749 > > twitter: @batje > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. >
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
