RE: SPAM email, hacked email accounts and password safety
All very true. Still, the two-step verification system, as pain in the ass as it is to set up, goes a long way toward providing a little more security. Google, Dropbox and other popular providers now offer this option.--Joe From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf Of Eric Oyen Sent: Monday, January 14, 2013 10:44 PM To: viphone@googlegroups.com Subject: Re: SPAM email, hacked email accounts and password safety a lot of the password problem has to do with the power of modern systems. my machine here cn crack most passwords within 6 hours for most passwords of 12 ro 20 characters. A big part of this capability has to do with a rainbow dictionary file. I spent about 5 days letting a password generator create every sequential password combination starting from 4 characters and proceeding through the 40 character limit. the passwords included every generatible character (15 symbols, punctuation, numbers, upper and lower case letters). the file was approximately 1.5 TB. This is what most modern script kiddies (I refuse to honor them with the title hacker) uses. Some educated guesses (such as birthdate, sun, other personal info) can be made on available data (no one is immune to having an online profile these days). this will tend to cut down the time required. Still, the oldest (and most tried and true) method is still the classic social engineering. the second is hidden code (virii, worms, and trojans). With the plethora of vectors available, its a wonder that more doesn't happen. anyway, this my 2 cents worth. -eric On Jan 14, 2013, at 12:49 PM, Alan Paganelli wrote: Um, any password can be hacked. No matter how careful you are and all that, given enough time, password can be hacked. I had a password of 14 spaces with both upper and lower case letters etc as you described and changed it every other month and yet I still got hacked. They aren't using trial and error any more. The providers are doing all they can to protect users but it still happens and even to the best of us. - Original Message - From: Sieghard Weitzel mailto:siegh...@live.ca To: viphone@googlegroups.com Sent: Monday, January 14, 2013 8:15 AM Subject: SPAM email, hacked email accounts and password safety Hi List, I have seen this before, it is clearly SPAM and since Anna is a legitimate list member it probably means somebody hacked her account. This is why I am also forwarding this message to Raul directly in case he didn't have time yet to read it. Hopefully he has a way to contact Anna or maybe she will read this post. She needs to change her password immediately and I would probably hazard a guess and say her password was probably a fairly simple word. I can only stress again how important it is for people who use a word even if it is 8 or 10 characters long and contains maybe a number or 2 to change it to a random password with upper case and lower case letters, numbers and symbols. Not all websites allow symbols, but if they do use them. Here is a good article about password strength and it contains a method I have been using for some time. The article gets a bit technical at times, but I encourage everybody to read it anyhow: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwor ds In section 5.2 a method called mnemonic passwords is described like this: Password policies sometimes suggest memory techniques to assist remembering passwords: mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable. I suggest not to use a well-known quote like To be or not to be, that is the question. Use something out of your life that makes sense to you. For example: I really like Clive Cussler books, for those who aren't familiar with them the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite books of his is called Inca Gold, it was first published in 1994. Using this information I make up the following sentence: Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 Note I used upper case for the first leeters of the book titleInca Gold and capitalized the first letters of all the names. I used a semicolon in the middle of the sentence an exclamation mark at the end and I stick the year when the book was published at the end. This sentence contains 12 words, 2 symbols and 4 numbers. If I use the first letter of each word, the 2 symbols and numbers it gives me an 18-character password. I know this may be too long for many and it's sort of a pain to enter it especially on a virtual keyboard, but this is just an example although you should use at least 12 characters to have a really secure password. If I were to use this, the resulting
RE: SPAM email, hacked email accounts and password safety
Though this info is useful you have forgotten about the simple malware that may or may not be on her computer. It also can cause mass Email messages to be sent out if the address of the group is in her address book. All it takes is a simple bit of malware to do what you have seen here. It doesn't have to be as complicated as a hacked account for this to happen. It should be noted that this probably came from a PC Email address book hack and not from an iPhone hack as I have never heard of anything like that happening from such a device. Thank you Apple for your built in security! Jay From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf Of Sieghard Weitzel Sent: Monday, January 14, 2013 11:15 AM To: viphone@googlegroups.com Subject: SPAM email, hacked email accounts and password safety Hi List, I have seen this before, it is clearly SPAM and since Anna is a legitimate list member it probably means somebody hacked her account. This is why I am also forwarding this message to Raul directly in case he didn't have time yet to read it. Hopefully he has a way to contact Anna or maybe she will read this post. She needs to change her password immediately and I would probably hazard a guess and say her password was probably a fairly simple word. I can only stress again how important it is for people who use a word even if it is 8 or 10 characters long and contains maybe a number or 2 to change it to a random password with upper case and lower case letters, numbers and symbols. Not all websites allow symbols, but if they do use them. Here is a good article about password strength and it contains a method I have been using for some time. The article gets a bit technical at times, but I encourage everybody to read it anyhow: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwor ds In section 5.2 a method called mnemonic passwords is described like this: Password policies sometimes suggest memory techniques to assist remembering passwords: mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable. I suggest not to use a well-known quote like To be or not to be, that is the question. Use something out of your life that makes sense to you. For example: I really like Clive Cussler books, for those who aren't familiar with them the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite books of his is called Inca Gold, it was first published in 1994. Using this information I make up the following sentence: Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 Note I used upper case for the first leeters of the book titleInca Gold and capitalized the first letters of all the names. I used a semicolon in the middle of the sentence an exclamation mark at the end and I stick the year when the book was published at the end. This sentence contains 12 words, 2 symbols and 4 numbers. If I use the first letter of each word, the 2 symbols and numbers it gives me an 18-character password. I know this may be too long for many and it's sort of a pain to enter it especially on a virtual keyboard, but this is just an example although you should use at least 12 characters to have a really secure password. If I were to use this, the resulting password would be this: IGimfCb;PaGaa!1994 I do actually use 14 to 18-character passwords for iTunes and other sites where my credit card is stored, entering them becomes pretty easy after you do it a few times and on the PC I use Roboform to fill them for me. Anyhow, I think my point is clear, a sentence like this is easier to remember than a 12-character password generated by a random password generator, but it's just as random to anybody else or to a password cracking program. OK, enough said, keep save online and for those who have kids, teach them not to use their best friends name or birth date as a password, if you use this method coming up with good passwords becomes a habit like brushing your teeth. Regards, Sieghard -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en. -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send
Re: SPAM email, hacked email accounts and password safety
Um, any password can be hacked. No matter how careful you are and all that, given enough time, password can be hacked. I had a password of 14 spaces with both upper and lower case letters etc as you described and changed it every other month and yet I still got hacked. They aren't using trial and error any more. The providers are doing all they can to protect users but it still happens and even to the best of us. - Original Message - From: Sieghard Weitzel To: viphone@googlegroups.com Sent: Monday, January 14, 2013 8:15 AM Subject: SPAM email, hacked email accounts and password safety Hi List, I have seen this before, it is clearly SPAM and since Anna is a legitimate list member it probably means somebody hacked her account. This is why I am also forwarding this message to Raul directly in case he didn't have time yet to read it. Hopefully he has a way to contact Anna or maybe she will read this post. She needs to change her password immediately and I would probably hazard a guess and say her password was probably a fairly simple word. I can only stress again how important it is for people who use a word even if it is 8 or 10 characters long and contains maybe a number or 2 to change it to a random password with upper case and lower case letters, numbers and symbols. Not all websites allow symbols, but if they do use them. Here is a good article about password strength and it contains a method I have been using for some time. The article gets a bit technical at times, but I encourage everybody to read it anyhow: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwords In section 5.2 a method called mnemonic passwords is described like this: Password policies sometimes suggest memory techniques to assist remembering passwords: mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable. I suggest not to use a well-known quote like To be or not to be, that is the question. Use something out of your life that makes sense to you. For example: I really like Clive Cussler books, for those who aren't familiar with them the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite books of his is called Inca Gold, it was first published in 1994. Using this information I make up the following sentence: Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 Note I used upper case for the first leeters of the book titleInca Gold and capitalized the first letters of all the names. I used a semicolon in the middle of the sentence an exclamation mark at the end and I stick the year when the book was published at the end. This sentence contains 12 words, 2 symbols and 4 numbers. If I use the first letter of each word, the 2 symbols and numbers it gives me an 18-character password. I know this may be too long for many and it's sort of a pain to enter it especially on a virtual keyboard, but this is just an example although you should use at least 12 characters to have a really secure password. If I were to use this, the resulting password would be this: IGimfCb;PaGaa!1994 I do actually use 14 to 18-character passwords for iTunes and other sites where my credit card is stored, entering them becomes pretty easy after you do it a few times and on the PC I use Roboform to fill them for me. Anyhow, I think my point is clear, a sentence like this is easier to remember than a 12-character password generated by a random password generator, but it's just as random to anybody else or to a password cracking program. OK, enough said, keep save online and for those who have kids, teach them not to use their best friends name or birth date as a password, if you use this method coming up with good passwords becomes a habit like brushing your teeth. Regards, Sieghard -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en. -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at
RE: SPAM email, hacked email accounts and password safety
Also turn on two-step verification.--Joe From: viphone@googlegroups.com [mailto:viphone@googlegroups.com] On Behalf Of Sieghard Weitzel Sent: Monday, January 14, 2013 11:15 AM To: viphone@googlegroups.com Subject: SPAM email, hacked email accounts and password safety Hi List, I have seen this before, it is clearly SPAM and since Anna is a legitimate list member it probably means somebody hacked her account. This is why I am also forwarding this message to Raul directly in case he didn't have time yet to read it. Hopefully he has a way to contact Anna or maybe she will read this post. She needs to change her password immediately and I would probably hazard a guess and say her password was probably a fairly simple word. I can only stress again how important it is for people who use a word even if it is 8 or 10 characters long and contains maybe a number or 2 to change it to a random password with upper case and lower case letters, numbers and symbols. Not all websites allow symbols, but if they do use them. Here is a good article about password strength and it contains a method I have been using for some time. The article gets a bit technical at times, but I encourage everybody to read it anyhow: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwor ds In section 5.2 a method called mnemonic passwords is described like this: Password policies sometimes suggest memory techniques to assist remembering passwords: mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable. I suggest not to use a well-known quote like To be or not to be, that is the question. Use something out of your life that makes sense to you. For example: I really like Clive Cussler books, for those who aren't familiar with them the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite books of his is called Inca Gold, it was first published in 1994. Using this information I make up the following sentence: Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 Note I used upper case for the first leeters of the book titleInca Gold and capitalized the first letters of all the names. I used a semicolon in the middle of the sentence an exclamation mark at the end and I stick the year when the book was published at the end. This sentence contains 12 words, 2 symbols and 4 numbers. If I use the first letter of each word, the 2 symbols and numbers it gives me an 18-character password. I know this may be too long for many and it's sort of a pain to enter it especially on a virtual keyboard, but this is just an example although you should use at least 12 characters to have a really secure password. If I were to use this, the resulting password would be this: IGimfCb;PaGaa!1994 I do actually use 14 to 18-character passwords for iTunes and other sites where my credit card is stored, entering them becomes pretty easy after you do it a few times and on the PC I use Roboform to fill them for me. Anyhow, I think my point is clear, a sentence like this is easier to remember than a 12-character password generated by a random password generator, but it's just as random to anybody else or to a password cracking program. OK, enough said, keep save online and for those who have kids, teach them not to use their best friends name or birth date as a password, if you use this method coming up with good passwords becomes a habit like brushing your teeth. Regards, Sieghard -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en. -- You received this message because you are subscribed to the VIPhone Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
Re: SPAM email, hacked email accounts and password safety
a lot of the password problem has to do with the power of modern systems. my machine here cn crack most passwords within 6 hours for most passwords of 12 ro 20 characters. A big part of this capability has to do with a rainbow dictionary file. I spent about 5 days letting a password generator create every sequential password combination starting from 4 characters and proceeding through the 40 character limit. the passwords included every generatible character (15 symbols, punctuation, numbers, upper and lower case letters). the file was approximately 1.5 TB. This is what most modern script kiddies (I refuse to honor them with the title hacker) uses. Some educated guesses (such as birthdate, sun, other personal info) can be made on available data (no one is immune to having an online profile these days). this will tend to cut down the time required. Still, the oldest (and most tried and true) method is still the classic social engineering. the second is hidden code (virii, worms, and trojans). With the plethora of vectors available, its a wonder that more doesn't happen. anyway, this my 2 cents worth. -eric On Jan 14, 2013, at 12:49 PM, Alan Paganelli wrote: Um, any password can be hacked. No matter how careful you are and all that, given enough time, password can be hacked. I had a password of 14 spaces with both upper and lower case letters etc as you described and changed it every other month and yet I still got hacked. They aren't using trial and error any more. The providers are doing all they can to protect users but it still happens and even to the best of us. - Original Message - From: Sieghard Weitzel To: viphone@googlegroups.com Sent: Monday, January 14, 2013 8:15 AM Subject: SPAM email, hacked email accounts and password safety Hi List, I have seen this before, it is clearly SPAM and since Anna is a legitimate list member it probably means somebody hacked her account. This is why I am also forwarding this message to Raul directly in case he didn’t have time yet to read it. Hopefully he has a way to contact Anna or maybe she will read this post. She needs to change her password immediately and I would probably hazard a guess and say her password was probably a fairly simple word. I can only stress again how important it is for people who use a word even if it is 8 or 10 characters long and contains maybe a number or 2 to change it to a random password with upper case and lower case letters, numbers and symbols. Not all websites allow symbols, but if they do use them. Here is a good article about password strength and it contains a method I have been using for some time. The article gets a bit technical at times, but I encourage everybody to read it anyhow: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwords In section 5.2 a method called “mnemonic passwords” is described like this: Password policies sometimes suggest memory techniques to assist remembering passwords: mnemonic passwords: Some users develop mnemonic phrases and use them to generate high-entropy (more or less random) passwords which are nevertheless relatively easy for the user to remember. For instance, the first letter of each word in a memorable phrase. Silly ones are possibly more memorable. I suggest not to use a well-known quote like “To be or not to be, that is the question”. Use something out of your life that makes sense to you. For example: I really like Clive Cussler books, for those who aren’t familiar with them the 2 main characters are Dirk Pitt and Al Giordino, one of my favourite books of his is called “Inca Gold”, it was first published in 1994. Using this information I make up the following sentence: Inca Gold is my favorite Cussler book; Pitt and Giordino are awesome! 1994 Note I used upper case for the first leeters of the book title”Inca Gold” and capitalized the first letters of all the names. I used a semicolon in the middle of the sentence an exclamation mark at the end and I stick the year when the book was published at the end. This sentence contains 12 words, 2 symbols and 4 numbers. If I use the first letter of each word, the 2 symbols and numbers it gives me an 18-character password. I know this may be too long for many and it’s sort of a pain to enter it especially on a virtual keyboard, but this is just an example although you should use at least 12 characters to have a really secure password. If I were to use this, the resulting password would be this: IGimfCb;PaGaa!1994 I do actually use 14 to 18-character passwords for iTunes and other sites where my credit card is stored, entering them becomes pretty easy after you do it a few times and on the PC I use Roboform to fill them for me. Anyhow, I think my point is clear, a sentence like this is easier to remember than a 12-character password generated by a random
