Re: [FRIAM] [EXTERNAL] Forum hacked

What would really help is websites publishing a file that can be found in an automated way (perhaps, like robots.txt, it is standardly named at the root) that defines what areas of the site require what type of login (for example, it could say that forums.foobricks.ninja requires an OpenID, and the

Re: [FRIAM] [EXTERNAL] Forum hacked

Great info, thanks! Do you recall how many logins you have? And how did you use 1P to retroactively change/evolve to their system? And for "apps" I presume you use copy/paste? Boy wouldn't it be great if they invented a way to *change* the passwords that they manage easily? -- Owen On Thu,

Re: [FRIAM] [EXTERNAL] Forum hacked

For what it's worth, here are my answers: 1. I use 1Password on the Mac, Windows, and IOS, which is currently all the computers I use. The passwords it generates for me are currently 20 characters including upper and lower case, digits, punctuation, and symbols. I never (well, hardly ever) have

Re: [FRIAM] [EXTERNAL] Forum hacked

TL;DR - Current GPU-based password cracking using 20-million word dictionaries make truly random passwords below 14 characters and nearl all pass-phrases susceptible to cracking in a relatively short time. There are an increasing variety of cryptographic algorithms being developed unde

Re: [FRIAM] [EXTERNAL] Forum hacked

[a bit late, but...] These are *great* sites, thanks! Fascinating read about becoming a cracker-for-a-day! It might be worth trying that for ourselves just to understand what we're up against. I just had my twitter account apparently hacked so got pretty interested in this. Bruce Schneier's advi

Re: [FRIAM] [EXTERNAL] Forum hacked

On 12/18/13, 11:13 AM, Arlo Barnes wrote: CryptoCards Anything like a SecurID? Organizations that use SecurID may prepend or append a password to a token provided by a device. The token changes every few seconds. CryptoCards (the brand) are different in that the password is set when th

Re: [FRIAM] [EXTERNAL] Forum hacked

> > CryptoCards Anything like a SecurID? >From Kevin Mitnick's autobiography excerptedon Google Books: [image: Inline image 1] [image: Inline image 2] -Arlo James Barnes FRIAM Applied Comp

Re: [FRIAM] [EXTERNAL] Forum hacked

On 11/18/2013 08:35 PM, Gillian Densmore wrote: Password cracking? Hmm- as to how? I can add a little insight into this one. Password cracking is just one tool. You can always just _ask_ for their passwords, too! ;-) Exclusive: Snowden persuaded other NSA workers to give up passwords - sources

Re: [FRIAM] [EXTERNAL] Forum hacked

On 11/18/2013 08:35 PM, Gillian Densmore wrote: > Password cracking? Hmm- as to how? I can add a little insight into this > one. Password cracking is just one tool. You can always just _ask_ for their passwords, too! ;-) Exclusive: Snowden persuaded other NSA workers to give up passwords - sourc

Re: [FRIAM] [EXTERNAL] Forum hacked

You have found the weakest point in programs like 1PassWord. In the last few weeks, though, some things have come out to ameliorate the situation. 1. Apple now has its iCloud keychain, which means for a certain class of secrets, web passwords and credit card numbers, you can have automatic pasti

Re: [FRIAM] [EXTERNAL] Forum hacked

This an interesting if dense approach to doing away with the password: https://www.grc.com/sqrl/sqrl.htm a little more high level: http://www.sqrl.pl/ Basically use an app on your phone or desktop to confirm your unique identity using a cryptographic signature. One click login… No passwords

Re: [FRIAM] [EXTERNAL] Forum hacked

Now that you mention it I do see a peacock almost ever time I go through Nambe. Cody Smith It's the same one, and he's got his eye on YOU! Peacocks are almost as creepy as clowns. Remember that next time you go through Nambe. Stop in and visit Doug... but lock your doors... that Peacock m

Re: [FRIAM] [EXTERNAL] Forum hacked

Owen - Good observations... Why? 1 - To be secure, you depend on the ISP to be secure. That's OK, but does fail often. Do you mean the server(s) and intranet of the service being used? Or do you mean your (and their) first-mile provider? If you mean the former, any service is only as secur

Re: [FRIAM] [EXTERNAL] Forum hacked

Now that you mention it I do see a peacock almost ever time I go through Nambe. Cody Smith On Tue, Nov 19, 2013 at 10:51 AM, Owen Densmore wrote: > As a quick followup: > - I use 1password. Why? To collect a list of my logins. Most of us do > not know half of the logins we have! This lets

Re: [FRIAM] [EXTERNAL] Forum hacked

As a quick followup: - I use 1password. Why? To collect a list of my logins. Most of us do not know half of the logins we have! This lets me at least spend an afternoon updating all my passwords if I want to. 1P seems OK and works well in my ecology. - I use 2-factor with google and their app

Re: [FRIAM] [EXTERNAL] Forum hacked

Ray, you'd have a far better take on passwords, and security of all sorts than most of us, love your input on this. So here's an observation: Passwords are Dead. Just move along and we'll come back with a better solution after the commercial. Why? 1 - To be secure, you depend on the ISP to be

Re: [FRIAM] [EXTERNAL] Forum hacked

Exactly. It's astounding what information critical to the security of computer systems can be found through Open-Source Intelligence (OSINT). The CIA has opened an office that does nothing but OSINT. When we red team (authorized adversary-based assessment for defensive purposes), we always st

Re: [FRIAM] [EXTERNAL] Forum hacked

Password cracking? Hmm- as to how? I can add a little insight into this one. Password cracking is just one tool. So is knowing week points of the audiance in the forums,fake, proxy, and redirecting websites just as a few. This last summer: Live Networks (XBOX live, SkyDrive etc), PSN (the Play Sta

Re: [FRIAM] [EXTERNAL] Forum hacked

The addition of a salt to a password makes rainbow tables much less effective because it makes the table space larger, even trading off chain length for convergence. However, rainbow tables are no longer the thing - with multi-GPU setups, password crackers just brute force passwords. Basically

Re: [FRIAM] [EXTERNAL] Forum hacked

I find passwords really hard to remember. Especially those sites that require numbers, symbols,uppercase, and lower case characters. I personally would rather use a 20 character all lowercase passwordthan an 8 character mixed symbol password. A

Re: [FRIAM] [EXTERNAL] Forum hacked

WRT password cracking - Dan Goodin has a good series of articles on password cracking at Ars Technica. http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/ http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ http://arstechnica.com/secur