http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/

"In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim,"

http://securityledger.com/wp-content/uploads/2012/12/Password_Cracking_HPC-300x225.jpg (http://securityledger.com/wp-content/uploads/2012/12/Password_Cracking_HPC.jpg)

http://keepass.info/

http://keepass.info/

Make sure you set up key stretching

The key to secure passwords is length - lots of characters. For my most secure files I use a 28 character password containing numbers, upper and lower case letters, and symbols hashed in 448-bit Blowfish. It is uncrackable.

The key to secure passwords is length - lots of characters. For my most secure files I use a 28 character password containing numbers, upper and lower case letters, and symbols hashed in 448-bit Blowfish. It is uncrackable.

Titanic unsinkable too.

I paid off credit cards and locked the accounts.
I borrow from myself.. pay interest to myself. Rebuilds what I spent.
Have not had a debit card since 2004.
I save in gold and silver since 1999,(In my possession)
I burn all mail and documents when finished with.
I keep cash on hand in safe place..about enough to buy a new car since banks pay nothing and a banking holiday would kill access to cash.
I keep all magnetic strip cards in an aluminum case when I leave the house.

I do very little in transactions electronically.
I never save passwords to a computer and change them often.
I do not use a cellphone unless in an emergency. It stays in an aluminum case in my car car console and is a "drop phone".

House to vehicles on my land and around my area SSB Radios.

I like privacy. I live on 165 acres away from crowds. Use land as buffer and hunting-growing ground. Privacy invasion is BS from a Government that lost it's pride.

The key to secure passwords is length - lots of characters. For my most secure files I use a 28 character password containing numbers, upper and lower case letters, and symbols hashed in 448-bit Blowfish. It is uncrackable.
It's for people like you honey traps are set! I guess it is one of the better ways to become compromised though...()\\uu\:)sal

my old 12 digit password for Yahoo mail was hacked on about November 14. someone sent emails bearing my name to about 10,000 people, all names from my "Sent" box.

i guess from a spammer's point of view, a "Sent" box is like gold, because usually when a person sends emails, they are to a real person.

fortunately, whoever did it didn't change my password. my new password is about 30 digits long.

of course, it's possible that Yahoo was hacked. they are in a state of total denial. i placed a statement describing the hack on the Yahoo Finance board. Yahoo deleted it - which normally they never do.


since the net effect of a hack like that is to make me consider Gmail, it makes me wonder more about the motivations of email server hackers - if they just want valid emails, or if they are playing a 'bigger game'. since it happened so soon after Marissa Mayer left Google for Yahoo, i couldn't help but wonder.

a carpenter i used to work with told me about a friend of his who is a professor @ berkley. to test their computer systems they would occasionally download the net.

by that i mean they would download ALL traffic from the web for a 24hr period. WORLDWIDE.
there is nothing safe on the internet. i dont think there is any encryption available that is 100% secure.

a lot of systems "kick you out" after 3 or however many unsuccessful password attempts.

how do the hackers get around that ?

a carpenter i used to work with told me about a friend of his who is a professor @ berkley. to test their computer systems they would occasionally download the net.

by that i mean they would download ALL traffic from the web for a 24hr period. WORLDWIDE.
there is nothing safe on the internet. i dont think there is any encryption available that is 100% secure.

Sure there is, it's called One-Time Pad, even if you had infinite computational power at your hands, without the key it cannot be cracked.

https://en.wikipedia.org/wiki/One-time_pad

a lot of systems "kick you out" after 3 or however many unsuccessful password attempts.

how do the hackers get around that ?

They don't. You most likely got some malware that runs in your browser. Logged into your mail account, it looks for your e-mail address book and then e-mails those people in it on your behalf. I've had that happen to me, and I know for a fact that my password was not compromised. But I found out later that I had malware on my computer, so formatted and started over. Haven't had it happen since.

On another note, you guys know about the linksys/cisco wireless firmware based router vulnerability with WPS right?

Huge problem.

If you have a linksys router that supports WPS, your wireless can be hacked in a few hours... even with WPA2 enabled, and a maximum length password.

As well, if your firmware has the ability to disable WPS, it still doesn't really disable it. What a disaster for Linksys.

Check out their their matrix to see if your router has a firmare update avail. Your options are to "dd-wrt", or "tomato" it (3rd party firmware)...or buy a new router.

Firmware matrix: http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=25154 Hacking

Hacking WPS with reaver: http://arstechnica.com/business/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver/

They don't. You most likely got some malware that runs in your browser. Logged into your mail account, it looks for your e-mail address book and then e-mails those people in it on your behalf. I've had that happen to me, and I know for a fact that my password was not compromised. But I found out later that I had malware on my computer, so formatted and started over. Haven't had it happen since.

Insidious process isn't it. I've had to explain this reality to countless clients. I run a corporate mail server for one client that is relentlessly targeted for spam. To the point it DDOS's the SMTP service, and crashes.

Malware bot nets can be brutal.

I've actually gone so far as to ban entire countries by setting up an IP block list matrix in Linux (linux firewall). So far so good. Radical, but so far fairly effective.

It's for people like you honey traps are set! I guess it is one of the better ways to become compromised though...()\\uu\:)sal

In the absolute no keyword encryption is secure, in the absolute. In practice, it takes a lot of time and effort to crack an encryption algorithm. Therefore, the hacker has to have a strong motivation to do so. You can string together as many Cray supercomputers as you want and it is easier for me to add a few characters to my password to more than compensate for processor power. BTW, no one has ever cracked the Blowfish algorithm. There are 42 upper and lower case letters, 10 numerals and 20 symbol/punctuation characters for a grand total of 72. A 28 character password has a theoretical number of permutations of 10^52. You could dedicate every computer on the planet to a brute force attack on that and not hit the password in 1 billion years.

Wouldn't the speed of your server come into play here? Sure the super computer can run at unreal speeds but that info still has to go back and fourth.

They don't. You most likely got some malware that runs in your browser. Logged into your mail account, it looks for your e-mail address book and then e-mails those people in it on your behalf. I've had that happen to me, and I know for a fact that my password was not compromised. But I found out later that I had malware on my computer, so formatted and started over. Haven't had it happen since.

so Anti-Malware Bytes does not protect against that, I guess.

Wouldn't the speed of your server come into play here? Sure the super computer can run at unreal speeds but that info still has to go back and fourth.

I'm not a security expert, (far from it) but I believe the problem arises with Microsoft security vulnerabilities, and malware.

If you look at a lot (most) MS critical security updates, they frequently state the reason for the update as "prevents a remote user from gaining access to your computer/network".

If they grab your password hash file they can crank on it locally with their own hardware.

This would be devastating for a company where a user gets hit up with a virus, the hacker grabs the server password hash file, then gets a whole pile of user accounts to play around with...including admin.

i hate Windows 7. but i'm stuck with it for the time being.

so i guess i need to go to this URL
http://windows.microsoft.com/en-US/windows7/products/features/windows-update


do you guys trust the Windows 7 update ... is it better to stick with the original install (i have Win 7 Pro) ?

i've been using PC Tools Antivirus, with definitions up to date.

i just installed Avast on an XP64 machine.

not sure what really protects the computer.

the browser updates itself regularly.

I think you absolutely have to keep windows up to date. The browser, antivirus, etc, all run inside windows. If something can circumvent windows itself, it doesn't matter what programs are running inside of windows, they can't protect you.

What vacuum said. It's a bitter pill you have to swallow. Alternately you could install VMware, and only browse the internet in a Virtual Machine. There is another program that sandboxes your browser called "sanboxie", but it's pay now.

Not too difficult to run a Linux distro in VMware.
https://thepiratebay.se/torrent/7560527/VMware_Workstation_v9.0.0.812388_Incl_Keymaker-ZWT

Stay off the scheduled automatic updates option, and choose just to get notifications of updates, then do manual installations.

I always wait few days to a week or so, after the update comes out as there have been some in the past that can brick your O/S. MS puts them out, then quietly revises them a few days later. Had this on happen a Win 2000 server with a botched kernel update. Server died overnight during the update, came in to a persistent bluescreen on a domain controller. Great fun. You make that mistake in your life only once.

In the absolute no keyword encryption is secure, in the absolute. In practice, it takes a lot of time and effort to crack an encryption algorithm. Therefore, the hacker has to have a strong motivation to do so. You can string together as many Cray supercomputers as you want and it is easier for me to add a few characters to my password to more than compensate for processor power. BTW, no one has ever cracked the Blowfish algorithm. There are 42 upper and lower case letters, 10 numerals and 20 symbol/punctuation characters for a grand total of 72. A 28 character password has a theoretical number of permutations of 10^52. You could dedicate every computer on the planet to a brute force attack on that and not hit the password in 1 billion years.

What the hell are you securing, bagel recipes?

What the hell are you securing, bagel recipes?
His password just happens to be: Mambonibagelrecipes#1IloveJew