| Blogs > NoNameLoser |
|
NoNameLoser
United States1508 Posts
I had the account for around 5 years and its filled with personal info and other stuff... Password was 6 characters with 1 numerical, never had problem with it for 8 years on other emails. Cant login to facebook either, it was linked to gmail account... Filled out google's compromised account form and they replied they couldn't determine if it was stolen, and said to try again... Feel so angry right now.  | ||
|
NoNameLoser
United States1508 Posts
How likely is it that google's server had password hashes stolen and cracked? | ||
Empyrean
17046 Posts
On May 15 2010 13:18 NoNameLoser wrote: Also i didn't login on any other computer at least a few month; unlikely that i have a trojan. How likely is it that google's server had password hashes stolen and cracked? Not likely at all. What's more likely is a bunch of Russians trying the same password on a bunch of different accounts and seeing if they work. What's even more likely is you being phished. | ||
|
floor exercise
Canada5847 Posts
| ||
|
fight_or_flight
United States3988 Posts
| ||
|
mmp
United States2130 Posts
You should change and improve all of your passwords on an annual basis. It's so easy for anyone to write a script that just guesses hundreds of logins per minute. | ||
rotinegg
United States1719 Posts
| ||
|
fight_or_flight
United States3988 Posts
On May 15 2010 14:07 mmp wrote: Was your password dictionaried? It's really easy to brute force these and you may have just been one unlucky one in a thousand. You should change and improve all of your passwords on an annual basis. It's so easy for anyone to write a script that just guesses hundreds of logins per minute. How is that possible? If someone tires to brute force someone's gmail account, obviously google would block further log in attempts after probably 10 or 20 tries. If someone is trying random email addresses with the same password, wouldn't google just block whatever IP address is sending that many requests? I don't see how it is "easy" to write such a script. The only reasonable method I can think of is if someone owns a botnet and each bot tries only a couple accounts. The much more likely scenario I can see is a keylogger, or possibly a website that you registered a username at whose admin accessed your password and tried it with the email address you supplied. On May 15 2010 14:26 rotinegg wrote: i heard there was a pretty big scandal recently where russians attacked the fb server and stole a bunch of accounts... so it might have been the other way around: fb account got hacked, and gmail was linked to it. If thats what happened im sorry keep pursuing google and fb about it If you use the same password for multiple things, thats very possible. If you have a hacked fb account , the obvious thing is to check what email address its linked to and see if the password works there as well. Whatevere password you use for your main email address should be unique from any other password you use. | ||
|
mmp
United States2130 Posts
Botnets exist to achieve just this kind of drudge work, but it's nothing personal. Anyone who has a low security password on a high profile service is playing roulette. If you can extract credit card or bank account information from a compromised email account, then it's entirely worth it if you only get one good hit out of thousand of misses. And anyone who has a basic understanding of internet protocols and has access to numerous machines can write a distributed brute force script. The programming is very elementary, you just have to know how and where to attack. Also keep in mind that it's not a simple matter of blocking spammy IPs. Most botnets are a network of compromised machines infected by shit that your internet browser let in (running Windows without updates is suicide, but most infection occurs in countries where the software is mostly pirated or is simply an old version - the moment you connect Windows to the internet it gets spammed with attempts to catch a virgin system before it's inoculated). If you try to block every IP that does illegal things you risk upsetting a lot of legitimate users. The problem applies to internet retaliation and culpability. Because of proxying/forwarding over neutral or compromised parties, it's difficult to be certain who is attacking you. Anyone in the open (university students, some corporations) who runs Linux and uses sshd (possibly enabled by default) can just check their syslog and see a huge list of failed login attempts in bursts of ~100 attempts for usernames like "root, www, sql, bob, fred, ..." so it's safe to say that if your IP is accessible, someone is trying to break down the door. I get a lot of chitchat from Russia, and I've seen one machine get brute forced from the Phillipines and rooted by a script from Bulgaria. It's quite fun to read the logs. | ||
|
Babel
30 Posts
On May 15 2010 13:15 NoNameLoser wrote: I had the account for around 5 years and its filled with personal info and other stuff... Password was 6 characters with 1 numerical, never had problem with it for 8 years on other emails. Feel so angry right now. /facepalm This is why you change your passwords regularly, not stay on the same one for multiple accounts for 8 years. | ||
|
Mortality
United States4790 Posts
| ||
|
Shrine
Australia107 Posts
Those are my passwords all different for all things. Copy and paste notepad is a wonderful tool vs keyloggers. | ||
|
Biff The Understudy
France7968 Posts
On May 15 2010 18:43 Shrine wrote: sk8d3mz7cm4 Those are my passwords all different for all things. Copy and paste notepad is a wonderful tool vs keyloggers. And how do you connect from other computers? | ||
MasterOfChaos
Germany2896 Posts
On May 15 2010 18:43 Shrine wrote: Copy and paste notepad is a wonderful tool vs keyloggers. Only against very stupid trojans. | ||
|
Shrine
Australia107 Posts
On May 15 2010 20:40 Biff The Understudy wrote: And how do you connect from other computers? I have a psp it opens *.txt in its web browser xD EDIT: I have never had a trojan so no idea what they even do, i've had 1 key logger though. | ||
|
lac29
United States1485 Posts
| ||
|
Kambo_Rambo
Australia79 Posts
On May 15 2010 13:15 NoNameLoser wrote: Password was 6 characters with 1 numerical well theres your problem. im assuming the 6 characters is a dictionary word/name. Try aim for 9+ alpha/numic/symbolic characters. To helop make a password, think of a sentence, and take the first letter of each word. Add some numbers and or symbols somewhere in between and you have yourself a reasonably easy to remember password. | ||
|
MasterOfChaos
Germany2896 Posts
On May 16 2010 00:35 Kambo_Rambo wrote: Try aim for 9+ alpha/numic/symbolic characters. To helop make a password, think of a sentence, and take the first letter of each word. Add some numbers and or symbols somewhere in between and you have yourself a reasonably easy to remember password. For website passwords the entropy of the password itself is usually not that critical (unless you use "Password1" or sth like that). For that use it's more important to not get a trojan, not fall for fishing and use the pw only on one website. The password strength is mainly important for cryptographic uses. For example a TrueCrypt pw should have a high entropy. | ||
| ||
|
|
OSC
Replay Cast
Wardi Open
Monday Night Weeklies
Sparkling Tuna Cup
LiuLi Cup
Reynor vs Creator
Maru vs Lambo
PiGosaur Monday
LiuLi Cup
Clem vs Rogue
SHIN vs Cyan
The PondCast
KCM Race Survival
[ Show More ] |
|
|
EPT
