|
A chair, I get tired standing!
Give me coffee to change the things I can and wine to accept the things I cannot!
JaxCoder.com
|
|
|
|
|
You should get the camera to record the event.
CQ de W5ALT
Walt Fair, Jr., P. E.
Comport Computing
Specializing in Technical Engineering Software
|
|
|
|
|
throw OperationInvalidForAudienceException ( "I find that in rather poor taste" ) ;
|
|
|
|
|
Offended by wife/mother-in-law jokes...you must be new on this planet.
|
|
|
|
|
No, it's just that I never got a chance to meet the woman who would have held that position.
Cancer is a bitch.
|
|
|
|
|
Beer
Caveat Emptor.
"Progress doesn't come from early risers – progress is made by lazy men looking for easier ways to do things." Lazarus Long
|
|
|
|
|
|
after you throw a life-preserver to the one with the smallest insurance payout for accidental death: probably beer.
«Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?» T. S. Elliot
|
|
|
|
|
Here is a quick question for you all.......
Has anybody else recently received a random email from random email addresses and all the content basically contained was a password that you used to (maybe you still do!)
I had a couple of them lately that had just that, fortunately the password is no longer in use (I think, or at least not in anything current/critical!)
I am just intrigued at which site must have been hacked, but guess I will never know.
|
|
|
|
|
Oh dear. You've been visiting "those sites" again, haven't you?
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Strangely, out of curiosity I went to see what my CodeProject password as don't think? I had ever changed it since I joined.....and guess what.....it matched, I am sure it is just coincidence as I remember a discussion on here they are hashed and salted.
|
|
|
|
|
Chris has said so on numerous occasions, and I believe him.
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Just like bacon, Yum!
|
|
|
|
|
Yes, those have been doing the rounds in the past year or so.
It may even have been a google hacks that took place a long time ago, with the passwords being sold on to some fool who thinks they can extort people.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
|
Hi,
I actually think it may be a good samaritan informing you that you need to change your password. Many of the databases containing your password are available for anyone (including you) to download. They are in the public domain... you just need to know where to look.
But don't worry... Microsoft Regional Director Troy Hunt has already downloaded all of those hacked databases for you. He's managed to collect over 7 Billion hacked accounts from all over the world.
You can easily check to see if any of your e-mail addresses have been compromised by visiting his website and entering your e-mail.
Have I Been Pwned?
Best Wishes,
-David Delaune
P.S.
He is actually looking for someone to buy the website. So if you know anyone... contact him.
|
|
|
|
|
Thanks, I know all that......
It was more the fact;
1) that I had only got these emails recently, never before
and
2) curios as to which site it was
just like many of us I am sure, in the early days the same password was used everywhere for all non critical sites and forums, so it could be from anywhere. I couldn't even begin to think what some of the sites I might have been registered on all those years ago....
|
|
|
|
|
DaveAuld wrote: 2) curios as to which site it was
If you visit the site I gave you... the accounts are listed at the bottom after you enter your e-mail address. Just scroll down to the bottom.
Best Wishes,
-David Delaune
|
|
|
|
|
As the link I provided states, "someone" had 12.000 files of passwords and leaked them recently.
Imagine the banks leaking your PIN, and not be accountable
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Randor wrote: Microsoft Regional Director Troy Hunt
iS HE ANY RELATION TO mIKE hUNT OR YuRK hUNT?
CQ de W5ALT
Walt Fair, Jr., P. E.
Comport Computing
Specializing in Technical Engineering Software
|
|
|
|
|
That's spam, my quarantine box is chock full of them. Don't reply, fret or otherwise feed the beast at all.
|
|
|
|
|
DaveAuld wrote: am just intrigued at which site must have been hacked, but guess I will never know.
You could reply back with the correct password, so they can at least pass out good information.
CQ de W5ALT
Walt Fair, Jr., P. E.
Comport Computing
Specializing in Technical Engineering Software
|
|
|
|
|
I had to calm down a panicked friend who received an email with the password of his internet bank account. He had changed it some time ago (he couldn't tell exactly when; he had actually changed it a couple times since the leaked one), but was scared that the sender might have his current password as well.
First: All banks in Norway use two-factor authenticaton. In addition to the password, you must specify a six-digit one-time pin code generated by a code chip (or your smartphone). The password alone gets you nowhere.
Second: But the password was leaked... Sure, but when did you first use that password? In 2004 you say?? At that time, "noone" was using HTTPS, not even the banks. Anyone who handled the IP packets along the path between your PC and the bank, any man-in-the-middle, could have picked up the password. Banks introduced HTTPS many years ago. If the password was a recent one, introduced after the switch to HTTPS, I would have been worried. Any "leaked" password from pre-HTTPS days should not worry anyone, as long as you have changed your password since HTTPS came in place.
I succeeded in calming down my friend
|
|
|
|
|
Member 7989122 wrote: Second: But the password was leaked... Sure, but when did you first use that password? In 2004 you say?? At that time, "noone" was using HTTPS, not even the banks. Anyone who handled the IP packets along the path between your PC and the bank, any man-in-the-middle, could have picked up the password. Banks introduced HTTPS many years ago. If the password was a recent one, introduced after the switch to HTTPS, I would have been worried. Any "leaked" password from pre-HTTPS days should not worry anyone, as long as you have changed your password since HTTPS came in place. How many IP-packets would you think you handled?
Most of these passwords come not from hacks, but simply leaks. And yes, we already knew about hashing and salt. Too many sites that stored passwords in plain text, and for too long there were no consequences when doing so, only associated costs without a return-on-investment.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Too many sites that stored passwords in plain text - there is no doubt about that.
Yet, I haven't yet heard about any significant passwork leaks from established banks in this country. They have been security aware since the days when coins were real silver. They were the very first to make two-factor authentication standard: Before the electronic PIN chips became available, they used code charts sent to you as registred mail. That must have been in the early 1990. The PIN chips came in the mid 1990s, long before anyone else was using it. And they used HTTPS many years before we began demanding everybody over to HTTPS.
I am more surprised that someone has eavesdropped on the line many years ago, and then comes today threatening to reveal intimate photos of you unless you transfer a number of BitCoins to him before a given date. This eavesdropper must be assuming that most people never change their password, so that what was leaked five or ten years ago is still the valid one. And he assumes that none of these bank customers understand that the password alone can do nothing harm. Maybe the customers really are that naive! After having ridiculed "Nigeria scam" for ten years or more, there were still lots of people believing in it.
|
|
|
|