Become a part of the TranceAddict community!Frequently Asked Questions - Please read this if you haven'tSearch the forums
TranceAddict Forums > Main Forums > Chill Out Room > Nude Photo (iCloud?) hack affecting celebs (Jennifer Lawrence/Kate Upton...) via 4chan
Pages (7): « 1 2 3 4 5 [6] 7 »   Last Thread   Next Thread
Share
Author
Thread    Post A Reply
djnitride
Tiesto played my record



Registered: Nov 2009
Location: Texas

quote:
Originally posted by DJ RANN
Good passwords don't mean anything. A brute force checks millions of combinations of every possible key combination so whether it's simple or has upper and lower case, with special characters, just means it takes the brute force attack slightly longer, but trust me, these guys were at it for months, if not years.


Each additional digit adds another power to the potential number of combinations, past a certain point it doesn't matter if they rate limit brute force or not, it simply isn't feasible to crack the password.

For example, a 20 char alpha numeric password with capital letters would be 62^20 = 7.0442342554699802296833026461637e+35 possible combinations. Even if the attacker could run 1 million combinations a second, it would take 670113608777585638287985 days to crack if they had to check 50% of combinations before finding the password.

Yeah, I am sure some of them used extremely targeted and personalized social engineering techniques to get peoples pictures who had better security.

Here is one problem, there is no definitive defense against social engineering attacks besides restricting yourself to a very limited list of service providers. For example, gmail is extremely strict about providing account access if you lose your password.

Old Post Sep-08-2014 22:44  United States
Click Here to See the Profile for djnitride Click here to Send djnitride a Private Message Add djnitride to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Swamper
Webmonstah



Registered: Jan 2000
Location: Toronto, Canada

In my hacking/wannabe-unix-security-nerd days (circa 1994-1995) I used a spare 486 and it took 2 weeks running 24/7 against a bunch of dictionaries (in multiple languages) before it cracked anything. I used Crackerjack.

I can still remember the audible beep... it was like christmas in july. lol

Good times.

As for password difficulty... have some numbers... mixed case...and a word you know and then vary the numbers within a certain range and that's all you need.


___________________

"In a world of illusion you only see what you feel"

Old Post Sep-09-2014 03:50  Canada
Click Here to See the Profile for Swamper Click here to Send Swamper a Private Message Visit Swamper's homepage! Add Swamper to your buddy list Report this Post Reply w/Quote Edit/Delete Message
DJ RANN
Supreme tranceaddict



Registered: May 2001
Location: Hollywood....

quote:
Originally posted by djnitride
Each additional digit adds another power to the potential number of combinations, past a certain point it doesn't matter if they rate limit brute force or not, it simply isn't feasible to crack the password.

For example, a 20 char alpha numeric password with capital letters would be 62^20 = 7.0442342554699802296833026461637e+35 possible combinations. Even if the attacker could run 1 million combinations a second, it would take 670113608777585638287985 days to crack if they had to check 50% of combinations before finding the password.

Yeah, I am sure some of them used extremely targeted and personalized social engineering techniques to get peoples pictures who had better security.

Here is one problem, there is no definitive defense against social engineering attacks besides restricting yourself to a very limited list of service providers. For example, gmail is extremely strict about providing account access if you lose your password.


But that's the problem; 20 digit alpha numeric passwords aren't really realistic. I have to use one system for one of ht businesses that requires me (and 4 of my employees) to log in at least 20-40 times a day. Having to type 20 mixed fucking characters is an absolute ballache that many times a day so guess what? Everyone does the minimum (8 chars, 1 num, one spec char). That's really not that difficult to brute force in a couple of days.

Average password length is guess what? 8-9 characters (in fact the actual figure is 61% of the worlds population uses a password that is within one digit of the minimum required).

But again, this was only part of the breach in question - several of the people involved were phished, some it's now believed were straight up hacked with malware, and one or two others had their phones actually compromised/data copied/stolen.

Unless you're going to add two step verification (and still keylogging attacks do nothing against this) or algorithmic dongles, passwords are not going to get more secure.

I mean if the swampmeister was able to do it on a 486 fifteen years ago then imagine what's possible today.

Combine these attacks with just a tiny bit of social engineering, and basically anyone can get access to any normal password protection system.

Last edited by DJ RANN on Sep-10-2014 at 00:06

Old Post Sep-09-2014 23:40 
Click Here to See the Profile for DJ RANN Click here to Send DJ RANN a Private Message Add DJ RANN to your buddy list Report this Post Reply w/Quote Edit/Delete Message
djnitride
Tiesto played my record



Registered: Nov 2009
Location: Texas

quote:
Originally posted by DJ RANN
But that's the problem; 20 digit alpha numeric passwords aren't really realistic. I have to use one system for one of ht businesses that requires me (and 4 of my employees) to log in at least 20-40 times a day. Having to type 20 mixed fucking characters is an absolute ballache that many times a day so guess what? Everyone does the minimum (8 chars, 1 num, one spec char). That's really not that difficult to brute force in a couple of days.

Average password length is guess what? 8-9 characters (in fact the actual figure is 61% of the worlds population uses a password that is within one digit of the minimum required).

But again, this was only part of the breach in question - several of the people involved were phished, some it's now believed were straight up hacked with malware, and one or two others had their phones actually compromised/data copied/stolen.

Unless you're going to add two step verification (and still keylogging attacks do nothing against this) or algorithmic dongles, passwords are not going to get more secure.

Combine these attacks with just a tiny bit of social engineering, and basically anyone can get access to any normal password protection system.


This problem has been solved. Its not without its own problems, but it is a far more secure system then using a short password.

Just one example:
http://keepass.info/

2FA in addition to that is a must for anyone who might have a big target painted on them

Old Post Sep-10-2014 00:06  United States
Click Here to See the Profile for djnitride Click here to Send djnitride a Private Message Add djnitride to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Jon_Snow
Guest



Registered: Not Yet
Location:

Ariana Grande Nude Photos

Old Post Sep-10-2014 00:35 
Add  to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Swamper
Webmonstah



Registered: Jan 2000
Location: Toronto, Canada

^ She's 21? I thought she was like 17.


___________________

"In a world of illusion you only see what you feel"

Old Post Sep-10-2014 03:11  Canada
Click Here to See the Profile for Swamper Click here to Send Swamper a Private Message Visit Swamper's homepage! Add Swamper to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Sushipunk
Flickering, I roam



Registered: Sep 2006
Location: Chateau Verdafloor


___________________

Old Post Sep-10-2014 03:52  Australia
Click Here to See the Profile for Sushipunk Click here to Send Sushipunk a Private Message Visit Sushipunk's homepage! Add Sushipunk to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Lews
Platipus And Prog Addict



Registered: Feb 2007
Location: Hugging Whales And Saving Trees

On the topic of password length, I hate the companies that have a maximum password length, especially one that is only 8-12 characters. Which I find it completely ludicrous to blame those who were hacked, I do try to have my own internet stuff secure (at least banking/email/etc). It's not that hard to remember a line of poetry that can end up being 25-30 characters. Muscle memory easily remembers it, too.


___________________
Quarantine Classics Brunello di Montalcino (In Transit) Edition [Progressive Classics] (August 2020)
Quarantine Classics - Puligny-Montrachet Edition [Progressive Classics] (April 2020)
What Is Progressive Anyways? [Progressive House Classics] (November 2019)

Old Post Sep-10-2014 04:01 
Click Here to See the Profile for Lews Click here to Send Lews a Private Message Add Lews to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Jon_Snow
Guest



Registered: Not Yet
Location:

quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.
She was 17... 4 years ago

Never heard of her until the leak and started to feel bad for her then I read that article lol

Old Post Sep-10-2014 04:06 
Add  to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Viber
In Search Of Unicorns



Registered: Jun 2003
Location: City, Country format

quote:
Originally posted by Lews
a line of poetry that can end up being 25-30 characters. Muscle memory easily remembers it, too.


That's a brilliant idea

Old Post Sep-10-2014 10:26 
Click Here to See the Profile for Viber Click here to Send Viber a Private Message Add Viber to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Dykes_on_Jay
Ape me.



Registered: Aug 2012
Location: Shenzhen LBC

Lews.

Vegetarians protect the world with haiku's.


___________________
Freak Out Tóng Zhì

Old Post Sep-10-2014 16:38  China
Click Here to See the Profile for Dykes_on_Jay Click here to Send Dykes_on_Jay a Private Message Visit Dykes_on_Jay's homepage! Add Dykes_on_Jay to your buddy list Report this Post Reply w/Quote Edit/Delete Message
Silky Johnson
International Playa Hater



Registered: Nov 2003
Location:

quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk


quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk


quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk


quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk


quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk



quote:
Originally posted by Swamper
^ She's 21? I thought she was like 17.


quote:
Originally posted by Sushipunk

Old Post Sep-10-2014 16:58 
Click Here to See the Profile for Silky Johnson Click here to Send Silky Johnson a Private Message Add Silky Johnson to your buddy list Report this Post Reply w/Quote Edit/Delete Message

TranceAddict Forums > Main Forums > Chill Out Room > Nude Photo (iCloud?) hack affecting celebs (Jennifer Lawrence/Kate Upton...) via 4chan
Post New Thread    Post A Reply

Pages (7): « 1 2 3 4 5 [6] 7 »  
Last Thread   Next Thread
Click here to listen to the sample!Pause playbackAny ideas? [2004] [1]

Click here to listen to the sample!Pause playbackGolden Girls - "Kinetic" [2007]

Show Printable Version | Subscribe to this Thread
Forum Jump:

All times are GMT. The time now is 13:00.

Forum Rules:
You may not post new threads
You may not post replies
You may not edit your posts
HTML code is ON
vB code is ON
[IMG] code is ON
 
Search this Thread:

 
Contact Us - return to tranceaddict

Powered by: Trance Music & vBulletin Forums
Copyright ©2000-2026, Jelsoft Enterprises Ltd.
Privacy Statement / DMCA
Support TA!