User Tag List

12 Last

Results 1 to 10 of 16

  1. #1
    Parody Parrot meowington's Avatar
    Join Date
    May 2008
    MBTI
    INFJ
    Enneagram
    6
    Posts
    1,181

    Default Hacking & Security

    If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?

  2. #2
    Senior Member Mal12345's Avatar
    Join Date
    Apr 2011
    MBTI
    IxTP
    Enneagram
    5w4 sx/sp
    Socionics
    LII Ti
    Posts
    13,987

    Default

    Quote Originally Posted by miauwington View Post
    If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?
    How does the webmaster get your password?
    "Everyone has a plan till they get punched in the mouth." Mike Tyson
    “Culture?” says Paul McCartney. “This isn't culture. It's just a good laugh.”

  3. #3
    Post Human Post Qlip's Avatar
    Join Date
    Jul 2010
    MBTI
    ENFP
    Enneagram
    4w5 sp/sx
    Posts
    9,472

    Default

    Quote Originally Posted by miauwington View Post
    If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?
    Kinda. I believe this is happening, because it's easy to do. But with reputable forums, and with standard forum software, the passwords are encrypted and not accessible in-the-clear to anybody. Technically the forum doesn't even know your password, it just knows that what you typed in matches the password you specified when processed through some mathematical operations.

  4. #4
    Parody Parrot meowington's Avatar
    Join Date
    May 2008
    MBTI
    INFJ
    Enneagram
    6
    Posts
    1,181

    Default

    Quote Originally Posted by Mal12345 View Post
    How does the webmaster get your password?
    If it's a site that has been custom programmed by the webmaster, he/she can read it from his/her database.
    I guess @Qlip has a point : most predefined forum platforms use encrypted passes that even the webmaster can't read. But you never quite know what goes on on the other side of the veil.

  5. #5
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,884

    Default

    Quote Originally Posted by miauwington View Post
    If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?
    No that's not right exactly but there is truth to some of what you are saying. Software vulnerabilities and phishing are probably the biggest entry point these days.

    Nobody has access to passwords here for example. VBulletin hashes them with MD5. A hashing function is like a one way encryption algorithm. When you login, it runs the hashing algorithm against what you entered and compares it to the hashed password in the database to see if they match. Of course you could program a site it to do whatever you wanted, including capturing people's passwords but I doubt many webmasters would care to bother. It's more likely that the site would get hacked and software installed to capture passwords or that your PC gets hacked with malware on it and the passwords would be stolen from your machine that way. It does happen sometimes however that databases with passwords are hacked though and it is not a good idea to use say your bank account password for other things.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  6. #6
    Parody Parrot meowington's Avatar
    Join Date
    May 2008
    MBTI
    INFJ
    Enneagram
    6
    Posts
    1,181

    Default

    Yeah phishing : another technique that relies on user stupidity rather than sophistication.
    Or java plugins and other kinds of add-ons on certain websites. When you click accept you basically give full control to whoever programmed the thing, right!?

  7. #7
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,884

    Default

    Quote Originally Posted by miauwington View Post
    Yeah phishing : another technique that relies on user stupidity rather than sophistication.
    Or java plugins and other kinds of add-ons on certain websites. When you click accept you basically give full control to whoever programmed the thing, right!?
    Yes that's true but it typically includes a technical component, like a malware infected attached file.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  8. #8
    RDF
    Guest

    Default

    Quote Originally Posted by miauwington View Post
    If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?
    Speaking of Heartbleed, FYI here's a link to a two-minute video from The Wall Street Journal on how to deal with the Heartbleed hack, including providing a web address for a central site listing which major companies have patched their software:

    http://live.wsj.com/video/heartbleed...0-306A6E3CD680

    If anyone wants more background on the Heartbleed bug, WSJ has been doing lots of coverage; just use the search function at the WSJ home page.

  9. #9
    Senior Member INTP's Avatar
    Join Date
    Jul 2009
    MBTI
    intp
    Enneagram
    5w4 sx
    Posts
    7,823

    Default

    Hackers doesent run websites to gather passwords, they hack websites and then gather the passwords. There was a really big case of this happening a while ago in diablo 3. This one diablo 3 fan site was hacked by some chinese people and gathered the passwords for a long time. People started wondering how its possible that so many people are getting hacked and finally they figured it was that one fan site that was hacked and they just tested everyones passwords if they were the same as their diablo 3 account. I think they got like tens of thousands of people, whose account they cleaned and sold the items/gold and then sold the accounts dirt cheap for someone else to use them as a spam bots in game.
    "Where wisdom reigns, there is no conflict between thinking and feeling."
    — C.G. Jung

    Read

  10. #10
    Parody Parrot meowington's Avatar
    Join Date
    May 2008
    MBTI
    INFJ
    Enneagram
    6
    Posts
    1,181

    Default

    Quote Originally Posted by INTP View Post
    Hackers doesent run websites to gather passwords, they hack websites and then gather the passwords. There was a really big case of this happening a while ago in diablo 3. This one diablo 3 fan site was hacked by some chinese people and gathered the passwords for a long time. People started wondering how its possible that so many people are getting hacked and finally they figured it was that one fan site that was hacked and they just tested everyones passwords if they were the same as their diablo 3 account. I think they got like tens of thousands of people, whose account they cleaned and sold the items/gold and then sold the accounts dirt cheap for someone else to use them as a spam bots in game.
    Yeah I remember that. Didn't know the details behind it though.
    I was an avid D3 player the first few months (Witch doctor mostly )

    I started changing all my accounts (30+) yesterday, using a pass generator.
    But even then I do not have the false pretention anymore that my data is exclusively mine.
    That's one thing the last few years have learned.

Similar Threads

  1. Tor, DarkWeb, Hacking, Anonymity, Security & other resources
    By LovecraftianMonstrosity in forum Science, Technology, and Future Tech
    Replies: 61
    Last Post: 09-18-2017, 06:47 PM
  2. Reuters: Has power grid been hacked? U.S. won't say
    By cogdecree in forum Politics, History, and Current Events
    Replies: 5
    Last Post: 04-08-2009, 11:48 PM
  3. Social Security: Analysis, Diagnosis, and Prognosis
    By Kiddo in forum Politics, History, and Current Events
    Replies: 21
    Last Post: 03-24-2008, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO