Overclock.net banner
Status
Not open for further replies.
1 - 20 of 34 Posts

·
Premium Member
Joined
·
5,047 Posts
Discussion Starter · #1 ·
Quote:


It wasn't yet clear how The Script Kiddies took over the account, but the most likely scenario is that they simply figured out which FoxNews.com email account controlled it and then guessed the Twitter password.

and

Quote:


The entire incident is a reminder to all Internet users: Use strong passwords of at least six or more characters, intersperse lower- and uppercase letters, numbers and punctuation marks, and never use the same password twice for anything important.

http://www.securitynewsdaily.com/fox...asswords-0932/
 

·
Premium Member
Joined
·
5,047 Posts
Discussion Starter · #2 ·
I Did see a thread about the hack yesterday and it was deleted for good reasons. however this post is not just about the hack or political content. its about Security and its a good reminder of why people should use strong passwords including numbers and characters.
 

·
Premium Member
Joined
·
4,403 Posts
Quote:


Originally Posted by Abs.exe
View Post

Even if your password is :
[email protected]#[email protected]#[email protected]#JOSADSDzc14%$#[email protected]#$%@#!#%
It still can be cracked.
/thread

Well, that's like saying that your house can be broken into even if you have 5 deadbolts, 2 dobermans, 3 security cameras and a 20 foot wall with security guards at the gate.

The more protection you have the more people you keep out of your stuff.

The 5 deadbolts stop Joe Smoe, the 2 dobermans stop the guy with a bat, the 3 security camera stops the idiot without a mask, the 20 foot wall stopped Billy "the Blob" Johnson, and the security guards stop the guy with the 9mm. What it didn't stop was the super secret ninja thinking your house was full of Chinese secrets from their Prime Ministers daughter's Spring Break trip last year.

Fact is you stopped the most common assailants....I think you get the point I am trying to make
 

·
Premium Member
Joined
·
5,047 Posts
Discussion Starter · #7 ·
Quote:


Originally Posted by Abs.exe
View Post

Even if your password is :
[email protected]#[email protected]#[email protected]#JOSADSDzc14%$#[email protected]#$%@#!#%
It still can be cracked.
/thread


the time and effort and cpu cycles it would take to guess that password would be insane and most likely an attacker would move on to something else.

a password of jesus. would be cracked in very little effort.

basiclly your rigt. the password can be cracked. but why make them use such little effort to crack your password.

by the way if twitter or facebook or any other site that is prone to popular password attacks should impliment a 3 strick and wait policie. that would really cause havoc on the bruceforce attackers and password guessers
 

·
Premium Member
Joined
·
6,496 Posts
I like this part of the article

Quote:


"because we figured their security would be just as much of a joke as their reporting."

 

·
Registered
Joined
·
1,485 Posts
Quote:


Originally Posted by Trippen Out
View Post

basiclly your rigt. the password can be cracked. but why make them use such little effort to crack your password.

by the way if twitter or facebook or any other site that is prone to popular password attacks should impliment a 3 strick and wait policie. that would really cause havoc on the bruceforce attackers and password guessers

+1! It was all about weakness, and I wouldn't doubt that not only was the password weak, but that some disgruntled former employee that got ripped off on their severance tipped off the kiddie scripters. Or that the account was started by the same kind of boss I have, where a secure password consists of adding the word "super" in front of his name. Well, that beat his last passwords, each of which were characters from Star Trek, a challenge that only surpassed the phase he went through for using the names of characters in Seinfeld...
 

·
Premium Member
Joined
·
5,047 Posts
Discussion Starter · #10 ·
Quote:


Originally Posted by EvanPitts
View Post

+1! It was all about weakness, and I wouldn't doubt that not only was the password weak, but that some disgruntled former employee that got ripped off on their severance tipped off the kiddie scripters. Or that the account was started by the same kind of boss I have, where a secure password consists of adding the word "super" in front of his name. Well, that beat his last passwords, each of which were characters from Star Trek, a challenge that only surpassed the phase he went through for using the names of characters in Seinfeld...


thats awesome. sometimes you want to slap those people. i love it when people use the same password for every single account they have.
 

·
Premium Member
Joined
·
3,044 Posts
Quote:


the Script Kiddies claimed affiliation with the hacktivist group Anonymous and said they'd taken over the Fox News Politics Twitter feed "because we figured their security would be just as much of a joke as their reporting."

Guess they were right


Seriously though, just make a semi-complicated password, and once the bruteforcer realizes it's taking so long they'll move to something else of greater importance.
 

·
Banned
Joined
·
3,931 Posts
Quote:


Originally Posted by Shadowclock
View Post

Well, that's like saying that your house can be broken into even if you have 5 deadbolts, 2 dobermans, 3 security cameras and a 20 foot wall with security guards at the gate.

The more protection you have the more people you keep out of your stuff.

The 5 deadbolts stop Joe Smoe, the 2 dobermans stop the guy with a bat, the 3 security camera stops the idiot without a mask, the 20 foot wall stopped Billy "the Blob" Johnson, and the security guards stop the guy with the 9mm. What it didn't stop was the super secret ninja thinking your house was full of Chinese secrets from their Prime Ministers daughter's Spring Break trip last year.

Fact is you stopped the most common assailants....I think you get the point I am trying to make



If I create 10 notepad txt file, 9 of them contain 1 digit of my CC and are unprotected.
1 is protected and masked as invisible.

Do you think an hacker will go for the 9 txt files or the encrypted one ?

I'd get rid of the txt files and focus on the encrypted one.

EDIT: Everything with a password is attracting and will admit the presence of personnal/classified documents.
 

·
Registered
Joined
·
4,988 Posts
Quote:


Originally Posted by Abs.exe
View Post

If I create 10 notepad txt file, 9 of them contain 1 digit of my CC and are unprotected.
1 is protected and masked as invisible.

Do you think an hacker will go for the 9 txt files or the encrypted one ?

I'd get rid of the txt files and focus on the encrypted one.

EDIT: Everything with a password is attracting and will admit the presence of personnal/classified documents.


You go after both.
 

·
Premium Member
Joined
·
11,178 Posts
Quote:


Originally Posted by Abs.exe
View Post

If I create 10 notepad txt file, 9 of them contain 1 digit of my CC and are unprotected.
1 is protected and masked as invisible.

Do you think an hacker will go for the 9 txt files or the encrypted one ?

I'd get rid of the txt files and focus on the encrypted one.

EDIT: Everything with a password is attracting and will admit the presence of personnal/classified documents.

That's why you encrypt everything. Make them find a needle in a stack of needles. The majority of all stolen important info comes from the lack of security. Well, actually most info comes from dumpster diving...people seriously need to go paperless in a bad way.
 

·
Banned
Joined
·
3,931 Posts
Quote:


Originally Posted by Eagle1337
View Post

You go after both.

You open the first file with the character 4 inside the TXT file.
You open the second file with the character 9 inside the TXT file.
You go on ?
I wouldn't.
I'd skip to the invisible file that is encrypted.

Even Sony said that, since we encrypted our stuff we got hacked.
Everything that is encrypted takes #1 priority IMO.
The hacker would have to figure out that the 9 files are your CC info.
And then ask himself is this in the good order
 

·
Banned
Joined
·
4,564 Posts
I have a few questions.

1. What is everyone's definition of a "script kiddie" because majority of people on this site don't even understand how the data was acquired let alone how to do it and achieve the same goals.

2. Why does no one ever suspect a keylogger or some sort of trojan on these machines making there data very easy to access.

3. Does social engineering ever come to mind any more?

Final thought: Strong passwords don't mean anything. And if there is a strong password, you'd probably be better off trying to get someone to click on an executable and gain access that way and then wait for them to type in their passwords.
 

·
Registered
Joined
·
162 Posts
Quote:


Originally Posted by Abs.exe
View Post

Even if your password is :
[email protected]#[email protected]#[email protected]#JOSADSDzc14%$#[email protected]#$%@#!#%
It still can be cracked.
/thread

true BUT the harder you make your passwords the more "expensive" it gets to crack them ( expensive in man power time resources etc )

But for the average Joe if he has a password that secure and there are still people who spend time / resources / money to crack it you have bigger problems then your password security.
 

·
Turtle Lives Matter
Joined
·
4,972 Posts
AFAIK, they used the password "S.Palin" so it could be easily remembered by a certain new Fox News contributor.
 

·
Premium Member
Joined
·
65,162 Posts
Quote:


Originally Posted by KusH
View Post

I have a few questions.

1. What is everyone's definition of a "script kiddie" because majority of people on this site don't even understand how the data was acquired let alone how to do it and achieve the same goals.

2. Why does no one ever suspect a keylogger or some sort of trojan on these machines making there data very easy to access.

3. Does social engineering ever come to mind any more?

Final thought: Strong passwords don't mean anything. And if there is a strong password, you'd probably be better off trying to get someone to click on an executable and gain access that way and then wait for them to type in their passwords.

Social engineer does wonders and is the easiest appoach at a specific target.

During the hacking HOPE conferences, they have a panel on social engineering.

One of the years, AT&T sent a memo to all employees warning about possible attacks. So what did the panel do that weekend? Social engineer AT&T security live during the conference.
 

·
Registered
Joined
·
162 Posts
Quote:


Originally Posted by KusH
View Post

I have a few questions.

1. What is everyone's definition of a "script kiddie" because majority of people on this site don't even understand how the data was acquired let alone how to do it and achieve the same goals.

...

I will answer just no.1 because the rest depend on perception

A "script kiddie" is a "kid" who wants to be a hacker but doesn't know how to make programs to gain access to a system using know bugs. A real hacker creates the program "script" that exploits those bugs and a "kid" just knows how to use the program.

Its far easier to operate something than to build it.
 
1 - 20 of 34 Posts
Status
Not open for further replies.
Top