GG Apple...
Konohas Perverted Hermit
Join Date: 2008-09-26 Member: 65075Members
Join Date: 2008-09-26 Member: 65075Members
<div class="IPBDescription">iTunes, hacked?</div>So it appears that Apple's security for iTune's has been compromised.
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->Dear <b>NAME</b>,
Your Apple ID, <b>EMAIL</b>, was just used to make a purchase in å® ç‰©çŒŽäºº from the App Store on a computer or device that had not previously been associated with that Apple ID.<!--QuoteEnd--></div><!--QuoteEEnd-->
I am not the only person...
<a href="http://www.multipleshotsfired.com/blog/2012/3/6/your-apple-id-has-been-disabled-translation-youve-been-hacke.html" target="_blank">http://www.multipleshotsfired.com/blog/201...been-hacke.html</a>
<a href="https://www.google.com/search?hl=en&safe=off&biw=1440&bih=820&q=%E5%AE%A0%E7%89%A9%E7%8C%8E%E4%BA%BA+unauthorized+purchase+itunes&oq=%E5%AE%A0%E7%89%A9%E7%8C%8E%E4%BA%BA+unauthorized+purchase+itunes&aq=f&aqi=&aql=&gs_sm=3&gs_upl=12273l18145l0l18364l30l30l1l0l0l0l222l3416l13.12.4l29l0&gs_l=serp.3...12273l18145l0l18364l30l30l1l0l0l0l222l3416l13j12j4l29l0.llsin" target="_blank">Google Search result</a>
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->Dear <b>NAME</b>,
Your Apple ID, <b>EMAIL</b>, was just used to make a purchase in å® ç‰©çŒŽäºº from the App Store on a computer or device that had not previously been associated with that Apple ID.<!--QuoteEnd--></div><!--QuoteEEnd-->
I am not the only person...
<a href="http://www.multipleshotsfired.com/blog/2012/3/6/your-apple-id-has-been-disabled-translation-youve-been-hacke.html" target="_blank">http://www.multipleshotsfired.com/blog/201...been-hacke.html</a>
<a href="https://www.google.com/search?hl=en&safe=off&biw=1440&bih=820&q=%E5%AE%A0%E7%89%A9%E7%8C%8E%E4%BA%BA+unauthorized+purchase+itunes&oq=%E5%AE%A0%E7%89%A9%E7%8C%8E%E4%BA%BA+unauthorized+purchase+itunes&aq=f&aqi=&aql=&gs_sm=3&gs_upl=12273l18145l0l18364l30l30l1l0l0l0l222l3416l13.12.4l29l0&gs_l=serp.3...12273l18145l0l18364l30l30l1l0l0l0l222l3416l13j12j4l29l0.llsin" target="_blank">Google Search result</a>
Comments
lets see how this develops
Rather than say, not letting you do that without email authorisation in the first place...
$TuM|3leBu7T
Problem is a lot of sites don't allow symbols in PWs.... also, memorizing them is a pain in the ######. But hey, who knew that l33t would be good for anything?
$TuM|3leBu7T<!--QuoteEnd--></div><!--QuoteEEnd-->
Also also nearly impossible to remember. It also doesn't do anything against brute force approaches because they don't care how obscure your password is, only its length.
So I could just use "Aa4AAAAAAAAAAAAAA" as a pass and it will be SUPER strong in the face of a brute force attempt? The "a4" just to throw off guessing a bit.
So yes, the strength of your password against brute force attacks does depend on more than its length.
For that matter, if brute-forcing even works at all, that is truly and utterly pathetic on the part of whoever is running security, considering how easy it is to defeat.
$TuM|3leBu7T<!--QuoteEnd--></div><!--QuoteEEnd-->
<a href="http://xkcd.com/936/" target="_blank">Relevant XKCD</a>
If your password has been hacked several times I'd suggest you search your PC for trojans and keyloggers and stuff...
Also update all your software. Don't trust any ###### firefox addon, use virtualbox for unknown software.
Well, I'd suggest using letters closer to the end of the alphabet but probably, yeah.
<!--quoteo(post=1913205:date=Mar 15 2012, 04:32 PM:name=lolfighter)--><div class='quotetop'>QUOTE (lolfighter @ Mar 15 2012, 04:32 PM) <a href="index.php?act=findpost&pid=1913205"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Brute force password cracking tend to use slightly more sophisticated methods than just iterating through every character known to man. They start with only the standard english alphabet, then alphanumeric, then including symbols, and so on. Capital letters are also omitted at first because many passwords are all lowercase.
So yes, the strength of your password against brute force attacks does depend on more than its length.
For that matter, if brute-forcing even works at all, that is truly and utterly pathetic on the part of whoever is running security, considering how easy it is to defeat.<!--QuoteEnd--></div><!--QuoteEEnd-->
To an extent, but it's much easier to remember say, the <a href="http://www.youtube.com/watch?v=Z0GFRcFm-aY" target="_blank">lyrics to an REM song</a> than some weird alphanumeric sequence, and it'll be about as hard to crack.
I mean, if you avoid using extremely obvious phrases, so that words can be treated like an alphabet, you essentially are creating a password where, in equivalence, the number of words = the number of letters, except in an alphabet where the number of letters is so huge that even a three or four letter long word would take forever to guess if you used random letter combinations.
There are far more words out there than there are letters even in the most extensive ascii alphabet, and words are easier for humans to remember, and we don't have the technology to construct sensible sentences yet, so even just writing a short sentence as your password would be one of the most secure methods against any cryptographic apporoach to cracking it.
Of course, there is <a href="http://xkcd.com/538/" target="_blank">another relevant xkcd strip</a>. No matter how mathematically strong your password is, you still have to take into account that people will cheat and just record you entering it/beat you up until you tell them it.
$TuM|3leBu7T
Problem is a lot of sites don't allow symbols in PWs.... also, memorizing them is a pain in the ######. But hey, who knew that l33t would be good for anything?<!--QuoteEnd--></div><!--QuoteEEnd-->
My passwords are always over 8 characters and consist of capital letters as well as numbers. So I doubt that "easy" to crack bit.
It would if it wasn't a common phrase. My own passwords use XKCD plus numeric/symbol salting.
One I've used before is Jello@TABLE2plug!, which is fairly easy to remember by the simple mnemonic of a jello cork in a hole in a table. Mixing around word-case, symbol/number location, symbol/number count and so on with each password change. It's also strong against dictionary attacks, rainbow tables, and is IMMENSELY stronger against a brute-force than |3SHw3E! would be, as it's 17 characters long instead of only 8.
In fact, until it was put up here on the forum, it would be considered an 'uncrackable' password due to length and complexity, with today's computing power. Now that it's visible, it's no longer a viable password and I also can't use that exact capitalization or salting format again.
I have a dropbox account with a super ridiculously long generated password that I'll never remember.
In that dropbox account is a keypass database with an even longer ridiculously long generated password I'll never remember, and the anti-bruteforce cycle count is set to take a couple million cycles.
In that keypass database are generated passwords for all the sites I frequent, generated to meet the maximum security supported by the individual sites.
I have an offline copy of the dropbox database and a semi-weakly passworded database with a ridiculously long number of cycles for anti-bruteforce. That semi-weak database only contains the password for the dropbox database.
For each individual computer I trust. I copy the semi-weak database to and link to dropbox.
Lastly, I let my guard down in the browser step and let chrome remember my passwords.
So, logging in for a site I haven't visited on the computer goes like this. Open the semi-weak with a memorized password, wait a few seconds for that to open due to the anti-bruteforce cycles. Copy the dropbox database password and open the dropbox database with it. Copy password for site. Login.
At no point did I type the password for the site or the dropbox database (defeat keylogger). Someone needs access to MY computer (either physically or compromising chrome) as a first step to breaking this setup. Which severely cuts down on random hacks. I guess someone could also bruteforce my dropbox database (assuming dropbox itself has another lapse in their login security), but the password is strong enough that I'm writing that off as a mathematical impossibility for the forseeable future.
On top of this I also have 2 IronKey thumb drives for the "nobody can know this information ever" stuff. They nuke their data if you fail to get the password right 10 times.
Something like:
!QAZ2wsx#Edc4rFV
?
Something like:
!QAZ2wsx#Edc4rFV
?<!--QuoteEnd--></div><!--QuoteEEnd-->
The problem with assuming a pattern is safe relies entirely on the statistics of it. If it's a pattern that a nontrivial percentage of people are likely to use, then consider it compromised. Crackers will pursue the paths of least resistance.
I peeped on the product line a while back
The thing I liked the most was the little things that physically block access to cat5 ports in your network so you can control access
I peeped on the product line a while back
The thing I liked the most was the little things that physically block access to cat5 ports in your network so you can control access<!--QuoteEnd--></div><!--QuoteEEnd-->
No complaints, although they've never even been physically compromised to my knowledge. So they work as intended for the "a trusted user accessing your data" side of thing.
Ironkeys with the hardware encryption always seemed cool, but I bet $5 wrench and druuugs gets thru all the fancypants
[edit]
NS STYLE DISTRACTION: I was reminiscing about [who]modified a few days ago
[/edit]