DVD Talk Forum

DVD Talk Forum (https://forum.dvdtalk.com/)
-   Other Talk (https://forum.dvdtalk.com/other-talk-9/)
-   -   YEAT: My eBay account was hijacked!!! (https://forum.dvdtalk.com/other-talk/472365-yeat-my-ebay-account-hijacked.html)

zuffy 07-23-06 12:16 PM


Originally Posted by Buford T Pusser
:eek:

That's one of my passwords at work.

Awesome. Next step, find out your user ID. :lol:

zuffy 07-23-06 12:20 PM


Originally Posted by Bandoman
No one is that stupid.

Once in a while, I would ran a password cracking on the users' password. You would not believe the password people uses.

movielib 07-23-06 02:29 PM


Originally Posted by Bushdog
Were you retarded enough to make your password something like "Password"???

Originally Posted by Bandoman
No one is that stupid.


Allen Ludden probably couldn't resist. If he were alive.

vaporware 07-23-06 04:11 PM


Originally Posted by Bandoman
No one is that stupid.

At a minimum someone should at least have 8 characters of both letter and numbers. Like figg21newton.

zuffy 07-23-06 04:17 PM


Originally Posted by waporvare
At a minimum someone should at least have 8 characters of both letter and numbers. Like figg21newton.

Password1!

I met the complexity requirement of uppercase, lowercase, numeric and symbol :D

NotThatGuy 07-23-06 05:45 PM

Bando1Blows!

I heard that is a popular one.

-p

Buford T Pusser 07-23-06 09:57 PM


Originally Posted by zuffy
Awesome. Next step, find out your user ID. :lol:


and then get in the building.

Michael Corvin 07-24-06 08:21 AM


Originally Posted by Bushdog
Were you retarded enough to make your password something like "Password"???

No, but I hear this one is popular: 12345

BuddhaWake 07-24-06 10:00 AM

this just happened to me on sunday. some jackass hacked into my account and listed 20+ chanel bags. WTF? they didn't change any personal info nor email or anything. thankfully ebay stopped the madness quick.

jdodd 07-24-06 12:03 PM


Originally Posted by Michael Corvin
No, but I hear this one is popular: 12345

That's amazing, I have the same combination on my luggage!

dcswirl 07-24-06 11:54 PM

I got a notice today and had to change mine. I didn't notice anything strange.

Morf 07-25-06 08:20 AM

Regarding passwords, check out this nifty password evaluator on Microsoft's site:

http://www.microsoft.com/athome/secu...d_checker.mspx

Really handy for determining secure passwords for your sites and systems. :up:

Cygnet74 07-25-06 09:25 AM


Originally Posted by dcswirl
I got a notice today and had to change mine. I didn't notice anything strange.

uhh, i hope you didnt click the link in that email. sounds like you just gave your password to someone. ebay doesnt send out emails requesting account information, they send it to your "MyEbay" account.

Fielding Mellish 07-25-06 09:35 AM


Originally Posted by Morf
Regarding passwords, check out this nifty password evaluator on Microsoft's site:

http://www.microsoft.com/athome/secu...d_checker.mspx

Really handy for determining secure passwords for your sites and systems. :up:


Cool. 'Cuz when I think "internet security", the first word that comes to my mind is Microsoft. :rolleyes:

Morf 07-25-06 10:07 AM


Originally Posted by Fielding Mellish
Cool. 'Cuz when I think "internet security", the first word that comes to my mind is Microsoft. :rolleyes:

Regardless, the site I linked to is of great value to those of you who think you have good passwords or are looking for good passwords.

nodoubt 07-25-06 10:10 AM

lol microsoft's algothrim is length > 8 and at least one or more number/capitalized letter/special character.

Ginwen 07-25-06 10:48 AM


Originally Posted by dcswirl
I got a notice today and had to change mine. I didn't notice anything strange.

I hope you're joking, or at least didn't use the link in the email, since otherwise someone has your password.

maxfisher 07-25-06 11:05 AM


Originally Posted by Morf
Regardless, the site I linked to is of great value to those of you who think you have good passwords or are looking for good passwords.

According to the Microsoft checker...
uzkpklhh = weak
uzkpkl8h = medium
uzKpkl8h = strong
uzKpkl8huzKpkl8h = best

Seeing as I have but a rudimentary knowledge of computers in general, perhaps I'm missing something, but is there really enough of a difference in the first 3 choices to effect the password's security?

Morf 07-25-06 11:25 AM


Originally Posted by maxfisher
According to the Microsoft checker...
uzkpklhh = weak
uzkpkl8h = medium
uzKpkl8h = strong
uzKpkl8huzKpkl8h = best

Seeing as I have but a rudimentary knowledge of computers in general, perhaps I'm missing something, but is there really enough of a difference in the first 3 choices to effect the password's security?

uzkpklhh: weak because it is all lower-case letters. Easy for program to break.
uzkpkl8h: medium simply because now it contains a number
uzKpkl8h: strong because it now contains a number and an upper-case letter
uzKpkl8huzKpkl8h: best because of its length and combination of lower/upper-case letters and numbers

If something is all lowercase letters, each character only has 26 possibly entries (a-z). An 8-digit password has 26^8 (or 208,827,064,576 - that's 208 billion) possibilities.

If something now has lowercase AND numbers, there are now 36 possible entries for each character (a-z and 0-9), making 36^8 (or 2,821,109,907,456 - that's 2 trillion) possibilities.

If something has lowercase, numbers, AND uppercase letters, there are now 62 possible entries for each character (a-z, A-Z, and 0-9), making 62^8 (or 218,340,105,584,896 - that's 218 trilion) possibilities.

Add special characters, spaces, and make the password 14 or more characters long, the password becomes nearly impossible for a brute-force attack to compromise.

(Hope my math is right! It's been a LONG time since I've done this stuff)

Morf 07-25-06 11:32 AM


Originally Posted by nodoubt
lol microsoft's algothrim is length > 8 and at least one or more number/capitalized letter/special character.

Actually, that is not true.

12345678* only ranks medium, yet it is length > 8 and one special character.

nodoubt 07-25-06 11:44 AM

as long as you have one of each of the 3 and length > 8 and it's considered strong. length > 10? Best! i.e. A1234567890123! I'm not arguing that's not a good enough algorithm (as evidenced with your mathematical proof). I'm just pointing out that it takes no consideration of the actual password, i.e. Password123! vs. Uj25L8*yB. but i guess it really doesn't matter

maxfisher 07-25-06 11:46 AM


Originally Posted by Morf
uzkpklhh: weak because it is all lower-case letters. Easy for program to break.
uzkpkl8h: medium simply because now it contains a number
uzKpkl8h: strong because it now contains a number and an upper-case letter
uzKpkl8huzKpkl8h: best because of its length and combination of lower/upper-case letters and numbers

If something is all lowercase letters, each character only has 26 possibly entries (a-z). An 8-digit password has 26^8 (or 208,827,064,576 - that's 208 billion) possibilities.

If something now has lowercase AND numbers, there are now 36 possible entries for each character (a-z and 0-9), making 36^8 (or 2,821,109,907,456 - that's 2 trillion) possibilities.

If something has lowercase, numbers, AND uppercase letters, there are now 62 possible entries for each character (a-z, A-Z, and 0-9), making 62^8 (or 218,340,105,584,896 - that's 218 trilion) possibilities.

Add special characters, spaces, and make the password 14 or more characters long, the password becomes nearly impossible for a brute-force attack to compromise.

(Hope my math is right! It's been a LONG time since I've done this stuff)

How many variations can a program check though? I mean, if someone's trying to get into my eBay account and they set up a program to check for passwords with all lowercase letters, that's got to take some time. Let's say it can check 1,000 per minute, which seems unrealistically high to me. If your math's correct, it'd take over 395 years to check all the possible combinations. I'm not sure what criteria would be used to make this more efficient, but it still seems to me that my example string of 8 completely random lowercase letters (uzkpklhh) would be a hell of a lot better of a password than 'Password1', which the Microsoft checker ranks as strong.

Morf 07-25-06 11:55 AM


Originally Posted by maxfisher
How many variations can a program check though? I mean, if someone's trying to get into my eBay account and they set up a program to check for passwords with all lowercase letters, that's got to take some time. Let's say it can check 1,000 per minute, which seems unrealistically high to me. If your math's correct, it'd take over 395 years to check all the possible combinations. I'm not sure what criteria would be used to make this more efficient, but it still seems to me that my example string of 8 completely random lowercase letters (uzkpklhh) would be a hell of a lot better of a password than 'Password1', which the Microsoft checker ranks as strong.

No idea on how fast a program can generate and test passwords, sorry - I'm not a security expert.

Most sites (like eBay, I'd presume) have other built-in security features that, say, lock an account after 3 or more invalid attempts. So a brute-force attack won't really work, so don't really worry about your eBay password per se. In that case, uzkpklhh would probably be better than password1 because it is random, and the site probably only gives a person 3-5 chances to log in before locking or flagging the account.

Password1, while Microsoft says it is better, is theoretically better because it contains a combo of uppercase, lowercase and numbers, making it more difficult for a stupid brute-force attack to guess. But since a plain dictionary word makes up 89% of the password, any dummy could potentially guess it.

A good password mixes randomness, special characters, and length.

HN 07-25-06 11:58 AM


Originally Posted by Buford T Pusser
What was the password?

ebay?

5683?


fuck?


shit?

yeat

gimmepilotwings 07-25-06 12:48 PM


Originally Posted by HN
yeat

:lol:

I had to check my ebay account just to make sure.

Already hit by a fradulent seller a month ago.


All times are GMT -5. The time now is 01:56 AM.


Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.