EPTBlizzard Security Breach - Page 11
| Forum Index > SC2 General |
|
YungLee
29 Posts
| ||
|
EvanED
United States111 Posts
On August 10 2012 10:30 Wuster wrote: 1 business week isn't all that long. What they said is pretty reasonable at face value. After all, the PSN mess was exacerbated by them claiming that no personal data was lost, then no financial data was lost, then 'actually they got everything'. That's not just bad PR, it also prevents customers from actually doing anything about the security breach in a timely manner So does not saying anything for a week... On August 10 2012 10:58 Sir.Kimmel wrote: This takes into account a basic desktop server..... which can do roughly I think 25k passwords a second with standard bruteforcing it really depends... while our system at work using 4 gpus (mmm cuda) can do 1.7 billion a second... there are custom password cracking machines such as Reliks which does 25 billion a second http://www.hackingtheuniverse.com/infosec/tools/gpu-password-cracking Their time numbers are based off of 4 billion passwords/sec. On August 10 2012 11:30 Sinensis wrote: People should learn to use passphrases. Contrary to popular belief having numbers and symbols in your password does not make it more difficult to crack. Adding length to your password is the only way to make it more secure. That's not true! It's barely even partly true. Common substitutions like "1" for "l" and "0" for "o" don't add nearly as much security as you might think, nor do non-alphanumeric characters stuck at the beginning or end of you passwords. However, "not adding as much as you think" is still adding some, and better application of symbols can add quite a bit of extra strength without adding length. (Now, that said... I have pass "phrases" (somewhere between a phrase and an XKCD-style "correct horse battery staple" collection of unrelated words) that I use for a couple of my higher-value accounts. (That is, those that I don't use "hunter2" on. :-)) So I'm not dissing the idea -- in fact, I'd recommend it. Though I'd go for a much less common phrase than any of your examples.) | ||
|
Deleted User 135096
3624 Posts
On August 10 2012 07:42 mataxp wrote: As a PSN user, dejá vu save for the whole unencrypted text file full of sensitive information...or am I not remembering that right? | ||
|
Azera
3800 Posts
| ||
TheEmulator
28090 Posts
| ||
|
Ballistixz
United States1269 Posts
maybe now blizz will finnally step up there damn security instead of telling everyone and there mom to "get a authenticator and u will be 99.99% safe derp". | ||
|
julianto
2292 Posts
On August 10 2012 12:23 TheEmulator wrote: This is so annoying. I have to spend 3 minutes changing my password. I spent 30 minutes changing passwords and security questions connected in any way to my blizzard account. Now all I need to do is change my security questions for battlenet itself. Too bad there wasn't an option to change the security questions in the first place. edit: I'd really like Blizzard's password character limit to be much, much higher. On August 10 2012 11:13 Nosferatos wrote: I've been e-mailed by an "fake" blizzard e-mail account since the 25th of last month, with new mails every 3rd day since. Asking me to give up personal/account info, because im trying to "Sell my Diablo 3 Account". I venture to guess that the breach must have happend around the 25th of July, if so the detection time was pretty slow.... If I was in your situation, I'd troll them back. Give them some derogatory message in the form of a password. | ||
|
Zato-1
Chile4253 Posts
On August 10 2012 07:38 Probe1 wrote: So change your passwords. Got it. (Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?") Salted hashes of passwords are still easy to crack if the password itself is common (read: if it can be found on a password dictionary that hackers use to brute force passwords), and Battle.net passwords are capped at 16 characters for some stupid reason, so I'd wager that a large percentage of these "cryptographically scrambled" versions of passwords can and will be cracked. So as Probe said... change your passwords, yeah. | ||
|
Dodgin
Canada39254 Posts
On August 10 2012 12:28 Ballistixz wrote: this was bound to happen sooner or later. the sheer ammount of ignorance and arrogance blizzard was posing with there security has finnally backfired on them. the thousands of hacks D3 got during the first few weeks/months of D3s released was brushed aside by blizzard saying "lol get an authenticator." at times they act like they couldnt be breached just because of the fact that "we have never been breached before in all of blizzards history". maybe now blizz will finnally step up there damn security instead of telling everyone and there mom to "get a authenticator and u will be 99.99% safe derp". Well, if you have an authenticator you would be safe even if they did get your password. | ||
|
zhurai
United States5660 Posts
On August 10 2012 10:16 Integra wrote: according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that. maybe if they try cracking it on one computer with a single core | ||
|
bakedace
United States672 Posts
On August 10 2012 12:28 Ballistixz wrote: this was bound to happen sooner or later. the sheer ammount of ignorance and arrogance blizzard was posing with there security has finnally backfired on them. the thousands of hacks D3 got during the first few weeks/months of D3s released was brushed aside by blizzard saying "lol get an authenticator." at times they act like they couldnt be breached just because of the fact that "we have never been breached before in all of blizzards history". maybe now blizz will finnally step up there damn security instead of telling everyone and there mom to "get a authenticator and u will be 99.99% safe derp". Nothing is ever completely secure. Anything can be hacked. Using an authenticator is just common sense for anything you want to protect on the internet. | ||
|
Aberu
United States968 Posts
On August 10 2012 07:42 mataxp wrote: As a PSN user, dejá vu Well not quite, Blizzard wasn't storing their passwords unencrypted. I'm not panicking my password would take over 63 million years to crack apparently. | ||
|
babysimba
10466 Posts
All in all, I learn quite a few things about passwords in this thread though :D | ||
|
Integra
Sweden5626 Posts
On August 10 2012 10:34 ggrrg wrote: I feel like you're somewhat overdoing it ^^ Do you really feel like typing 29 characters just to enter bnet? According to that website my bnet password is crackable in 19 seconds... I use this password for most stuff I don't care about. But my "secure" password feels somewhat weak, too. 345k years for a regular desktop... I guess it's time to add a number and a special character. I'm a IT specialist, so its a habit from work. My normal passwords (yes I have a different password for each website and program I use) usually are around 50 letters. All websites can't take those kinds of passwords though. And the time constraints is no problem for me since I'm a seasoned programmer, I type fairly fast, hell it happens that I even use programming code, like parts of functions as my passwords  Think I used some newly developed php code I made for the simpleMachine forum as my password for my twitter account, lol | ||
|
Jedclark
United Kingdom903 Posts
| ||
|
Zato-1
Chile4253 Posts
On August 10 2012 12:39 zhurai wrote: maybe if they try cracking it on one computer with a single core Actually, if you're serious about cracking a large number of passwords then you don't care so much about your processor, you'll get a high-end graphics card to do the brunt of the work because they have orders of magnitude more computing power for this purpose. Also, in its estimate, that site makes the rather huge (and probably incorrect) assumption that the programs hackers use will be sequentially trying completely random sequences of characters, when there are substantially more efficient ways to crack more than enough bad passwords to make it worth your while. | ||
|
EvanED
United States111 Posts
And that password strength site says that my new Google password will take 97,807,199,722,288,020,000,000,000,000,000,000,000,000,000 (97 tredecillion) years to crack :-). On the downside, I also figured I'd bump up the length on the password for my bank, and... it has a max length of 10 characters. That just boggles my mind, especially because otherwise they're really quite good and have a pretty sophisticated and nice web banking setup. | ||
|
Pucca
Taiwan1280 Posts
| ||
|
MVega
763 Posts
| ||
|
sudosu
France120 Posts
"each password would have to be deciphered individually" And why the hell are the passwords ciphered and not hashed ? There is absolutely no reason to store ciphered passwords because there is even less reason to decipher a password. Anyway Blizzard seems to have reacted in a good and quick way, that's nice. | ||
| ||
