- Apr 2, 2009
- 1,675
- 0
- 0
Posted by: Rory33
Since more people are getting hacked I feel the need to express how easy its done, to educate you on the importance of your password and emails. This is the main area people neglect.
First there is a whole range of tools that hackers use to get access into your site. The best protection you have is your password.
Lets say I felt the need to go after a specific username or persons email. I would use a brute force attack via computer software to login to the site with your email as a username to get into an email account or your username if it was another service. I would unleash the software on the site server with your information and instructions to try 100,000 different password combinations. I'll go out, grab a drink with some friends and come home and HEY, there it is!
How long it takes depends on the speed of my computer, internet connection, and how complex your password is.... Most hackers or "Security Consultants"
have multiple computers anyway (I have 5, 2 macs and 3 windows) so it doesnt bother them on how long the computer is running for.
Lets say you have a password of 8 characters in length.
If your password were all lowercase letters, I can have it in about 2-3days
If your password were various characters, it could take 2-3 years
Keep in mind EVERY word or name in the dictionary would be found extremely fast in a brute force attack. Make sure your forum password is NOT your email password, and every online account you have should be different.
One thing that bothers me from a security standpoint on the board is the sponsors listing their direct login emails, instead of using email aliases that are easier to control and not give out their direct login to the public. Also gives them a way of tracking board activity and such as well in the event they need to change or trace something. Just a tip there for the sponsors...
Also most auto password generators are made with an algorithm that some hackers use too... (how great would it be for a hacker to provide a password generator for people with sensitive material and then go back and use the same algorithm in a different software to hack it and see what was so important in protecting )
Use an encrypted software to store the passwords on your computer if needed. I recommend 1Password personally.
Keep in mind there are MANY other ways to hack into a system but brute force attacks are the most common and easiest.
Since more people are getting hacked I feel the need to express how easy its done, to educate you on the importance of your password and emails. This is the main area people neglect.
First there is a whole range of tools that hackers use to get access into your site. The best protection you have is your password.
Lets say I felt the need to go after a specific username or persons email. I would use a brute force attack via computer software to login to the site with your email as a username to get into an email account or your username if it was another service. I would unleash the software on the site server with your information and instructions to try 100,000 different password combinations. I'll go out, grab a drink with some friends and come home and HEY, there it is!
How long it takes depends on the speed of my computer, internet connection, and how complex your password is.... Most hackers or "Security Consultants"
have multiple computers anyway (I have 5, 2 macs and 3 windows) so it doesnt bother them on how long the computer is running for. Lets say you have a password of 8 characters in length.
If your password were all lowercase letters, I can have it in about 2-3days
If your password were various characters, it could take 2-3 years
Keep in mind EVERY word or name in the dictionary would be found extremely fast in a brute force attack. Make sure your forum password is NOT your email password, and every online account you have should be different.
One thing that bothers me from a security standpoint on the board is the sponsors listing their direct login emails, instead of using email aliases that are easier to control and not give out their direct login to the public. Also gives them a way of tracking board activity and such as well in the event they need to change or trace something. Just a tip there for the sponsors...
Also most auto password generators are made with an algorithm that some hackers use too... (how great would it be for a hacker to provide a password generator for people with sensitive material and then go back and use the same algorithm in a different software to hack it and see what was so important in protecting
)Use an encrypted software to store the passwords on your computer if needed. I recommend 1Password personally.
Keep in mind there are MANY other ways to hack into a system but brute force attacks are the most common and easiest.