Overclock.net › Forums › Industry News › Software News › [Arstechnica] LogMeIn buys LastPass password manager for $110 million
New Posts  All Forums:Forum Nav:

[Arstechnica] LogMeIn buys LastPass password manager for $110 million - Page 2

post #11 of 59
Quote:
Originally Posted by Dyson Poindexter View Post

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

Except, it wouldn't. Knowing it's a dictionary word with one number at the end severely cuts down on the work that would need to be done. And seeing as last time I checked, Overclock.net doesn't impose a login restriction for too many tries ( best thing for a site to do against brute logins ), then depending on the persons connections it would only take a day or two tops to send in all possible variations and wait for a successful attempt.

And as stumped pointed out, since the connection to the site isn't secured with SSL, then if anyone gets on your network, or you use an open network somewhere, then they could snoop your password extremely easy. And the SSL issue has been pushed several times here but each time it gets pushed they say there's no point, even when there's really no reason to do it these days as even a basic SSL cert is free.

Brute forcing logins is extremely fast when there's no restriction in place ( Say, fail five times and gets locked out for an hour ). Remember, security is about increasing the time it takes for someone to get in, not stopping them completely. This is why for most folks, security is an illusion, because they think it's meant to out right stop someone. Given enough time though, any security system can be breached. Brute forcing logins isn't like bruting hashes where the hashing algorithm takes time to generate, and given a proper hash would be run through multiple systems increasing time exponentially.

Take MD5 for example, and why it's not used. You can generate millions upon millions of hashes per second. Whereas with something like LastPass is using, you could only do say... 10,000-20,000 per second. So they've increased the time needed significantly. This is why MD5 is no longer used as it really only takes a few seconds to figure it out, not to mention all the collisions.
Edited by Shrak - 10/9/15 at 11:49am
post #12 of 59
Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

 

Well, you just made your password significantly easier for someone to find out. Put it through a set of rainbow tables, and randomize the number at the end from 0-9. Thank you for the hints :P!

 

Also, by knowing your password scheme over here on OCN, you also significantly open yourself up to having other websites that you go to having your password figured out. Because human tendency is to retain the same password scheme.

post #13 of 59
Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.


Can't tell if serious?

Your password might take a second.
Main Rig
(13 items)
 
Secondary Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Gigabyte 780 OC 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsGraphics
i7 3770k ASRock Z77 Pro4-M 290 XFX DD R9 280X Gigabyte 
GraphicsGraphicsRAMHard Drive
R9 280X MSI Gaming R9 280X Power Cooler Crucial Ballistix  Samsung 830 series 
Hard DriveOptical DriveOSMonitor
WD Black Asus 24x Windows 7 Asus 24in  
MonitorPowerCase
27in 1440p Auria CM 750 600T 
  hide details  
Reply
Main Rig
(13 items)
 
Secondary Rig
(15 items)
 
 
CPUMotherboardGraphicsGraphics
i7 3770k MSI Z77A-GD65 Gigabyte 780 OC Gigabyte 780 OC 
RAMHard DriveHard DriveOptical Drive
Ripjaw  Samsung F3  Samsung 830  Asus CD-Rom 
CoolingMonitorMonitorPower
Cooler master hyper 212+  Asus  27in 1440p Auria EQ276W 760 Watt Silencer 
Case
Haf 912 
CPUMotherboardGraphicsGraphics
i7 3770k ASRock Z77 Pro4-M 290 XFX DD R9 280X Gigabyte 
GraphicsGraphicsRAMHard Drive
R9 280X MSI Gaming R9 280X Power Cooler Crucial Ballistix  Samsung 830 series 
Hard DriveOptical DriveOSMonitor
WD Black Asus 24x Windows 7 Asus 24in  
MonitorPowerCase
27in 1440p Auria CM 750 600T 
  hide details  
Reply
post #14 of 59
Quote:
Originally Posted by airfathaaaaa View Post

Quote:
Originally Posted by Ksireaper View Post

Source
I have had bad experiences with LogMeIn. Might be time to find a new PW manager.
pen and paper...never gets old

This. Though pen, notebook, and a messy area would make it even better.
el rig
(30 items)
 
el portable
(20 items)
 
el servidor
(15 items)
 
CPUMotherboardGraphicsRAM
[AMD] Ryzen 5 1600X [Biostar] X370GT3 [Gigabyte] GTX 1080 windforce oc [G.Skill] Ripjaws V Series 16GB (2 x 8GB) DDR4 ... 
Hard DriveHard DriveHard DriveCooling
[Samsung] 960 evo m.2 250GB [Mushkin] eco2 512GB SSD [Mushkin] enhanced reactor 500GB SSD [Corsairl] h100i v2 
CoolingOSMonitorMonitor
[Noctua] nf-S12a pwm 120mm fan x 5 [M$] Winblows 10 pro fortified and telemetry free [AOC] i2367f 23" IPS [AOC] i2367f 23" IPS 
MonitorKeyboardPowerCase
[Dell] e2311h [Qisan] White Magicforce 68 w/ MX greens [Cougar] CMX 1000 [Fractal Design] Define C mini 
MouseMouse PadAudioAudio
[Logitech] g900 chaos spectrum [GGing] black extended mousepad [Onkyo] TX-SR313 receiver [KLH] Center and rear speakers 
AudioAudioAudioAudio
[Realistic] MC-1000 front speakers [Insignia] Rocketboost subwoofer Audio-Technica] QuietPoint ath-anc7b [Zalman] clip mic 
OtherOtherOtherOther
[Keycool] KC21 keypad w/ Gateron greens [Orico] USB 3.0 HDD dock bay [Orico] 7-port powered USB 3.0 Hub [Rosewill] 10-port powered USB 2.0 Hub 
OtherOther
[Belkin] 7-port powered USB 2.0 Hub [Phanteks] Cable extensions white 
CPUMotherboardGraphicsGraphics
[Intel] i7 6700HQ [Lenovo] ideapad y [Intel] HD 530 [AMD] Radeon R9 M375 4GB 
RAMRAMHard DriveHard Drive
[Samsung] 8GB DDR4 2133 [G.Skill] Ripjaws 8GB DDR4 2133 [Adata] Premier SP550 240GB SATA III M.2 SSD [Sandisk] X400 512GB SSD 
Optical DriveCoolingOSMonitor
[Asus] slim external DVD RW stock [M$] Winblows 10 fortified and telemetry free [Lenovo] 14" 1080p monitor 
KeyboardCaseMouseAudio
[Lenovo] integrated [Lenovo] y700 shell [Lenovo] touchpad integrated 
OtherOtherOtherOther
[Vortex] Poker II keyboard w/ MX Blacks [logitech] g303 daedalus apex mouse [WASD] v2 TKL w/ MX Clears (for work) [Dell] OEM optical mouse (for work) 
CPUMotherboardRAMHard Drive
[Intel] Xeon e5645 x 2 [Dell] Poweredge r710 OEM [Mushkin] 64GB (16x4GB) DDR3 ECC [Sandisk] Cruzer 2.0 16GB  
Hard DriveHard DriveHard DriveHard Drive
[Seagate] Constellation.2 1TB 7200 hdd x 2 [Sandisk] SSD Plus 240GB Sata III [Samsung] 850 EVO 250GB Sata III [WD] Red 1TB 5400 hdd 
Optical DriveCoolingOSPower
[Dell] OEM low-prof DVD RW [Dell] Poweredge r710 stock [VMWare] ESXi 6.5 [Dell] 870W Switching PSU x 2 
CaseOtherOther
[Dell] Poweredge r710 2U OEM all together* [Dell] r710 2.5" hdd bracket x 6 
  hide details  
Reply
el rig
(30 items)
 
el portable
(20 items)
 
el servidor
(15 items)
 
CPUMotherboardGraphicsRAM
[AMD] Ryzen 5 1600X [Biostar] X370GT3 [Gigabyte] GTX 1080 windforce oc [G.Skill] Ripjaws V Series 16GB (2 x 8GB) DDR4 ... 
Hard DriveHard DriveHard DriveCooling
[Samsung] 960 evo m.2 250GB [Mushkin] eco2 512GB SSD [Mushkin] enhanced reactor 500GB SSD [Corsairl] h100i v2 
CoolingOSMonitorMonitor
[Noctua] nf-S12a pwm 120mm fan x 5 [M$] Winblows 10 pro fortified and telemetry free [AOC] i2367f 23" IPS [AOC] i2367f 23" IPS 
MonitorKeyboardPowerCase
[Dell] e2311h [Qisan] White Magicforce 68 w/ MX greens [Cougar] CMX 1000 [Fractal Design] Define C mini 
MouseMouse PadAudioAudio
[Logitech] g900 chaos spectrum [GGing] black extended mousepad [Onkyo] TX-SR313 receiver [KLH] Center and rear speakers 
AudioAudioAudioAudio
[Realistic] MC-1000 front speakers [Insignia] Rocketboost subwoofer Audio-Technica] QuietPoint ath-anc7b [Zalman] clip mic 
OtherOtherOtherOther
[Keycool] KC21 keypad w/ Gateron greens [Orico] USB 3.0 HDD dock bay [Orico] 7-port powered USB 3.0 Hub [Rosewill] 10-port powered USB 2.0 Hub 
OtherOther
[Belkin] 7-port powered USB 2.0 Hub [Phanteks] Cable extensions white 
CPUMotherboardGraphicsGraphics
[Intel] i7 6700HQ [Lenovo] ideapad y [Intel] HD 530 [AMD] Radeon R9 M375 4GB 
RAMRAMHard DriveHard Drive
[Samsung] 8GB DDR4 2133 [G.Skill] Ripjaws 8GB DDR4 2133 [Adata] Premier SP550 240GB SATA III M.2 SSD [Sandisk] X400 512GB SSD 
Optical DriveCoolingOSMonitor
[Asus] slim external DVD RW stock [M$] Winblows 10 fortified and telemetry free [Lenovo] 14" 1080p monitor 
KeyboardCaseMouseAudio
[Lenovo] integrated [Lenovo] y700 shell [Lenovo] touchpad integrated 
OtherOtherOtherOther
[Vortex] Poker II keyboard w/ MX Blacks [logitech] g303 daedalus apex mouse [WASD] v2 TKL w/ MX Clears (for work) [Dell] OEM optical mouse (for work) 
CPUMotherboardRAMHard Drive
[Intel] Xeon e5645 x 2 [Dell] Poweredge r710 OEM [Mushkin] 64GB (16x4GB) DDR3 ECC [Sandisk] Cruzer 2.0 16GB  
Hard DriveHard DriveHard DriveHard Drive
[Seagate] Constellation.2 1TB 7200 hdd x 2 [Sandisk] SSD Plus 240GB Sata III [Samsung] 850 EVO 250GB Sata III [WD] Red 1TB 5400 hdd 
Optical DriveCoolingOSPower
[Dell] OEM low-prof DVD RW [Dell] Poweredge r710 stock [VMWare] ESXi 6.5 [Dell] 870W Switching PSU x 2 
CaseOtherOther
[Dell] Poweredge r710 2U OEM all together* [Dell] r710 2.5" hdd bracket x 6 
  hide details  
Reply
post #15 of 59
Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

Any while you are technically right about the places storing your information, doesn't mean you shouldn't do essentially everything in your power to try and secure yourself against the fallout of that data being breached.
Router
(12 items)
 
  
Reply
Router
(12 items)
 
  
Reply
post #16 of 59
the best compromise in storing your password, is to write it on an encrypted text file, stuff said text file onto an external HDD or thumb drive, and unplug said drive.
the advantage of this is that, its not blatantly left out in the open, and even stumbling upon said drive wouldn't leave you vulnerable, and which "thief" would even steal your drives anyway.

its much like hiding a tree inside a forest on a remote inaccessible island.

Quote:
Originally Posted by lacrossewacker View Post

Can't tell if serious?

Your password might take a second.
if the bruteforce rig had multiples of high-end GPUs, sure.
though a week is somewhat exaggerated, should be more like a few hours, or a few dozen minutes if it got lucky (or unlucky?).
Edited by epic1337 - 10/9/15 at 12:04pm
post #17 of 59
Quote:
Originally Posted by CSCoder4ever View Post

This. Though pen, notebook, and a messy area would make it even better.

My password notebook hangs out in my hidden floor safe. And if someone were to not only find it, but get into it, then the passwords would be my last concern.

Honestly, they're just passwords.
post #18 of 59
Quote:
Originally Posted by Shrak View Post

My password notebook hangs out in my hidden floor safe. And if someone were to not only find it, but get into it, then the passwords would be my last concern.

Honestly, they're just passwords.

i have a locked box where i put my thumb drives and some precious accessories (ones that i'm too scared to wear), which i always keep locked and the key always with me.
i'm pretty sure i'd be more impressed if the thumb drives were to get stolen while the accessories left untouched, though i'd be more concerned about losing said accessories than said thumb drives.
Edited by epic1337 - 10/9/15 at 12:11pm
post #19 of 59
I'd also like to know what's so bad about LogMeIn... Seems a fair question to ask here for those that don't know.
 
ThinkPad Yoga
(10 items)
 
 
CPUMotherboardGraphicsRAM
Baytrail Quad Core @ 2.16 Ghz OEM Lenovo 20DAS02X00 Intel HD Graphics 8GB DDR3L 1600 
Hard DriveOptical DriveOSMonitor
240GB Kingston SSD N/A Windows 8.1 Pro 11.6" IPS Touch Display @ 1366 x 768 
KeyboardAudio
ThinkPad baby... HD Audio 
  hide details  
Reply
 
ThinkPad Yoga
(10 items)
 
 
CPUMotherboardGraphicsRAM
Baytrail Quad Core @ 2.16 Ghz OEM Lenovo 20DAS02X00 Intel HD Graphics 8GB DDR3L 1600 
Hard DriveOptical DriveOSMonitor
240GB Kingston SSD N/A Windows 8.1 Pro 11.6" IPS Touch Display @ 1366 x 768 
KeyboardAudio
ThinkPad baby... HD Audio 
  hide details  
Reply
post #20 of 59
Quote:
Originally Posted by stumped View Post

Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.
Or I can snoop it because overclock.net doesn't use SSL.

Quote:
Originally Posted by Shrak View Post

Quote:
Originally Posted by Dyson Poindexter View Post

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

Except, it wouldn't. Knowing it's a dictionary word with one number at the end severely cuts down on the work that would need to be done. And seeing as last time I checked, Overclock.net doesn't impose a login restriction for too many tries ( best thing for a site to do against brute logins ), then depending on the persons connections it would only take a day or two tops to send in all possible variations and wait for a successful attempt.

And as stumped pointed out, since the connection to the site isn't secured with SSL, then if anyone gets on your network, or you use an open network somewhere, then they could snoop your password extremely easy. And the SSL issue has been pushed several times here but each time it gets pushed they say there's no point, even when there's really no reason to do it these days as even a basic SSL cert is free.

Brute forcing logins is extremely fast when there's no restriction in place ( Say, fail five times and gets locked out for an hour ). Remember, security is about increasing the time it takes for someone to get in, not stopping them completely. This is why for most folks, security is an illusion, because they think it's meant to out right stop someone. Given enough time though, any security system can be breached. Brute forcing logins isn't like bruting hashes where the hashing algorithm takes time to generate, and given a proper hash would be run through multiple systems increasing time exponentially.

Take MD5 for example, and why it's not used. You can generate millions upon millions of hashes per second. Whereas with something like LastPass is using, you could only do say... 10,000-20,000 per second. So they've increased the time needed significantly. This is why MD5 is no longer used as it really only takes a few seconds to figure it out, not to mention all the collisions.

Quote:
Originally Posted by Kinaesthetic View Post

Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.


My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

Well, you just made your password significantly easier for someone to find out. Put it through a set of rainbow tables, and randomize the number at the end from 0-9. Thank you for the hints tongue.gif!

Also, by knowing your password scheme over here on OCN, you also significantly open yourself up to having other websites that you go to having your password figured out. Because human tendency is to retain the same password scheme.

Quote:
Originally Posted by lacrossewacker View Post

Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.


Can't tell if serious?

Your password might take a second.

Quote:
Originally Posted by stumped View Post

Quote:
Originally Posted by Dyson Poindexter View Post

You people are all fools. Anyone who kicks in your door is not going to be doing so just to steal your handwritten facebook password. Unless you're actively pissing off 4chan, even a weak password is fine. Your account will be compromised due to a database leak or site exploit long before someone brute-forces it.

My Overclock.net password is a dictionary word with one number at the end of it. And even then, it would take weeks for any of you to brute force it.

Any while you are technically right about the places storing your information, doesn't mean you shouldn't do essentially everything in your power to try and secure yourself against the fallout of that data being breached.

Still, I would bet that nobody just targets random accounts and tries to brute force them. The only things where I use "secure" passwords are my email and online banking. Even then, some hackers will just dump the credential database long before they waste time on brute forcing a login page.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Arstechnica] LogMeIn buys LastPass password manager for $110 million