Elliquiy unsafe?

[Vekseid]

I do hope you're kidding, Kythia. That isn't how hackers and their tools operate, as I've seen them used against systems I have responsibility for, and have used them myself to ensure that they don't work against systems I work to defend. A password cracking tool basically has a dictionary of common passwords, and then it tries those first. There is no question of expectations: the tools they use are programmed to go after the low-hanging fruit first, which includes accounts with passwords like that. And they do this again and again for all the sites they target, and in the times they do get a password from a database, the first thing they'll do is try those same credentials on other sites.

Back in 1998 my go-to brute force tool checked for every two-word combination in a dictionary of 800,000 words plus up to two digits after the password, with variable capitalization.

These days, it's generally not possible to go without a password manager for passwords of any reasonable strength. Forum software security for passwords is only loosely based on how long and complex your password is - it's a sideshow compared to rate limiting.

[inghippo]

Vekseid, have you a dark past as hacker?  ;D

[Oreo]

^_^ This would surprise me greatly, as Veks is one of the most honorable and intelligent persons I have met on the net.

[inghippo]

I'm sure he was just testing, sometimes there's no other way to check security issues. :)

[Oniya]

Back when I worked for one of the big name ISPs, the head of their security system was a guy who had managed to hack into the servers.  When he informed the ISP of what he'd done, they actually hired him.  (He'd come on board back in the late '80's, so there was also a sliiiiight cultural difference in effect.)  There is a subdivision among 'those who try to get onto servers through unapproved methods':  There are the people who are doing it to alert the admins to holes, and there are the people who are doing it to exploit said holes.  The 'white hats' tend to scornfully refer to the latter as 'crackers' (as in safe-cracker), although the 'black hats' seem to refer to both groups as 'hackers' without distinction.

[Alkrdaam]

Vekseid, have you a dark past as hacker?  ;D

I'm sure he was just testing, sometimes there's no other way to check security issues. :)

Ah, the white hat vs black hat conundrum. Computer hacking is almost always looked at as a bad thing, just like burglary is, but many places hire both just to have their flaws pointed out in advance. These hackers are normally called white hats, a trope referring to old Western movies and shows, such as the lone ranger. They technically possess skills that are clandestine or could be used for bad shit, but they do good stuff with said skills. Other hackers are either black hats or grey hats.

Black hats are your normal creators of malware/viruses with the ability to hack. Grey hats are the strange group, and there aren't really a whole lot of them. Really, they're the trope who hacks just for the fun/challenge of hacking... not because they actually want to steal stuff, though information seekers who steal military secrets to put them out on the net could sometimes be considered grey hats. Not to trudge up old stories or anything, but if the government is doing something illegal, and call someone a traitor for revealing secrets connecting them to it, it puts both sides in an odd situation.

[inghippo]

Yap, beyond semantics, It's always a matter of law and the law is applied to an event.
A single guy finding a vulnerability and reporting that can be accused for an unauthorized access to a system otherwise maybe he can get a job.
In my opinion doesn't matter what you do or how you do, if you make someone upset they will give you a lot of problems.
For the common user I think that the worst threat is not the single hacker/cracker/scammer ecc but the big companies and the way they use your data.

[jaybee55]

^_^ This would surprise me greatly, as Veks is one of the most honorable and intelligent persons I have met on the net.

That's my perception of Veks as well, though I only know him from posts on E...

But I would describe many of my hacker friends - including those who wear decidedly darker hats than the Lone Ranger - using precisely the same terms.  Some are idealistic to the core, using their "skills" only for what they perceive as worthy causes.  And I've always avoided those that are motivated by greed or hate or "glory".

Stereotypes are dangerous.

[inghippo]

That's true but think about a smaller context.
Maybe you're a developer or system admin or some kind of tech engineer, now how many times friends, parents,relatives and neighbors ask you to fix their computer?
Even that is a stereotype. For the world a person with a technical job must fix emails and install antivirus as hobby.

I think that most the people have no idea that being a developer it's different from being a systems engineer or it support.
For the same reason if they read on paper that a 18 yo guy is an evil bad hacker for the world he became an evil bad hacker.

It's the same with everything, it's just a matter of how we get informations and how much we accept those informations as true.

[Vekseid]

I'm sure he was just testing, sometimes there's no other way to check security issues. :)

More like, I get asked to do something, and sometimes we didn't have time for IT to get off their butt and make us able to do it. This was not an uncommon problem, and ended up in a bit of a turf war between IT and Software Engineering.

IT lost.

[Oniya]

*snickerfits*

[inghippo]

IT lost.

epic xD

[jaybee55]

That's true but think about a smaller context.
Maybe you're a developer or system admin or some kind of tech engineer, now how many times friends, parents,relatives and neighbors ask you to fix their computer?
Even that is a stereotype. For the world a person with a technical job must fix emails and install antivirus as hobby.

I get that all the time.  My preferred response:
What?  You want me to use my awesome predictive modeling and software engineering skills to fix your email or remove that horrible infection that you picked up while browsing too many porn sites or try to salvage the photos of your collection of Beanie Babies from the external hard disk that you dropped... Muahahahahaha... *rubs hands together with glee and pulls out a crescent wrench and a 16oz claw hammer*  Sure!  Happy to!  I don't know much about Windoze, but I love to experiment!


Like I said, stereotypes are dangerous.

[alextaylor]

If anyone needs advice on choosing new passwords, I think this is the best advice out there: http://xkcd.com/936/

Some more advice that confirms this and goes into detail: http://security.stackexchange.com/a/6103

But cracking tools have kinda adapted to the 4 dictionary word password because of xkcd. I add a smiley face to my passwords for added security :)