Slim Posted June 8, 2012 Share Posted June 8, 2012 I would. And he knows a heck of a lot more about security than you do. Actually - I wouldn't pay much attention to anyone who wouldn't pay much attention to Steve Gibson. Fair enough. Shows how much you know. Helix, not sure posting stolen cracked passwords on here's the best idea. Link to comment Share on other sites More sharing options...
pongo Posted June 8, 2012 Share Posted June 8, 2012 I would. And he knows a heck of a lot more about security than you do. Actually - I wouldn't pay much attention to anyone who wouldn't pay much attention to Steve Gibson. Fair enough. Shows how much you know. I know that he knows a lot more about security and code than you ever will. Despite your hubris. Link to comment Share on other sites More sharing options...
P.K. Posted June 8, 2012 Share Posted June 8, 2012 Is there a code for who has the biggest willy? Link to comment Share on other sites More sharing options...
Slim Posted June 8, 2012 Share Posted June 8, 2012 I know that he knows a lot more about security and code than you ever will. Despite your hubris. Right you are chief. I think you fit the bill in the opening paragraph... http://allthatiswron...son-is-a-fraud/ and http://attrition.org/errata/charlatan/steve_gibson/ Gibson repeatedly proves he doesn't understand many of the subjects he opines loudly about. He's a bit of an idiot. I don't claim to know more than him and never have, but I do claim to have spotted when he's wrong. He does it quite a bit. There's some very smart people around in infosec, follow them, not him. Link to comment Share on other sites More sharing options...
pongo Posted June 8, 2012 Share Posted June 8, 2012 Slim - if you think about it for even a second - only idiots and nobodies ever take the time to write the sorts of personal polemics and rants which you have linked to. Think about it. These sorts of web pages speak the most about the sort of people who write them. Many of the the points raised can be quickly dismissed. Eg the stuff about XP which was initially a security disaster until they switched on the firewall by default. But if you Google hard enough you can always find something to justify your latest argument. Link to comment Share on other sites More sharing options...
Slim Posted June 8, 2012 Share Posted June 8, 2012 Slim - if you think about it for even a second - only idiots and nobodies ever take the time to write the sorts of personal polemics and rants which you have linked to. Think about it. These sorts of web pages speak the most about the sort of people who write them. Many of the the points raised can be quickly dismissed. Eg the stuff about XP which was initially a security disaster until they switched on the firewall by default. But if you Google hard enough you can always find something to justify your latest argument. Okay. Link to comment Share on other sites More sharing options...
slinkydevil Posted June 8, 2012 Share Posted June 8, 2012 But if you Google hard enough you can always find something to justify your latest argument. You don't have to Google very hard in Steve Gibson's case. Link to comment Share on other sites More sharing options...
HeliX Posted June 9, 2012 Author Share Posted June 9, 2012 Helix, not sure posting stolen cracked passwords on here's the best idea. There's no usernames associated with them, so it's just a list of no-context strings. If you want to try each one against the 125million LinkedIn accounts, that's not really my shout... Link to comment Share on other sites More sharing options...
Slim Posted June 9, 2012 Share Posted June 9, 2012 There's no usernames associated with them, so it's just a list of no-context strings. If you want to try each one against the 125million LinkedIn accounts, that's not really my shout... Oh I don't mean that they're of any use, more that it's not a great idea to post anything stolen. Good analysis of the password database vs various techniques here: http://erratasec.blogspot.com/2012/06/linkedin-vs-password-cracking.html Link to comment Share on other sites More sharing options...
JumpUp Posted June 9, 2012 Share Posted June 9, 2012 For anyone wondering if their password has been cracked yet: http://leakedin.org/ Though this is PURELY for curiosity, whatever result it comes back with change your blummin' pass! i changed my p/word shortly after this news broke as a standard recourse, i have entered my old p/word into this link to for it to say it HAS NOT been leaked, curiously my new p/word has been leaked! this link definitely is dodgy and im going to change my p/word once again thanks helix! Link to comment Share on other sites More sharing options...
HeliX Posted June 9, 2012 Author Share Posted June 9, 2012 For anyone wondering if their password has been cracked yet: http://leakedin.org/ Though this is PURELY for curiosity, whatever result it comes back with change your blummin' pass! i changed my p/word shortly after this news broke as a standard recourse, i have entered my old p/word into this link to for it to say it HAS NOT been leaked, curiously my new p/word has been leaked! this link definitely is dodgy and im going to change my p/word once again thanks helix! The link is NOT dodgy, it simply means your "new" password is one that one of those 125million people has already used. Link to comment Share on other sites More sharing options...
Slim Posted June 9, 2012 Share Posted June 9, 2012 The link is NOT dodgy, it simply means your "new" password is one that one of those 125million people has already used. Also, if it's strong, it's probably uncracked and you're not at risk. All that page is doing is matching the hashes. Link to comment Share on other sites More sharing options...
JumpUp Posted June 9, 2012 Share Posted June 9, 2012 it seems suspicious that since the story came about, my old password says it wasnt leaked but the new one has! i think you have to be more open minded about the ingenious ways hackers work, this site you have posted it most probably a data capture site which will link up the password when it is entered again on my browser and used with an email. you cant rule out that it isnt dodgy, its just another tool used by the cybercriminals. having worked in the IT security industry for many years i have enough awareness of the techniques either used or can be employed by these people. check theregister.co.uk Link to comment Share on other sites More sharing options...
HeliX Posted June 9, 2012 Author Share Posted June 9, 2012 I, too, have workedin IT Security. If you think the site is dodgy then hash your passwords to SHA1 before putting them in. It bothers me that you think it's possible to "link up the password when it is entered again on my browser and used with an email" if you're an IT Security Professional.. Outside of XSS attacks (which your browser will warn you against provided you're not using some godawful browser), and keyloggers, which you should know if you have, that's not possible. Also if it was a keylogger the website becomes irrelevant... The source code for the site will show you exactly what it's doing, which is using javascript to hash your pass client side before it's sent to the server anyway. Link to comment Share on other sites More sharing options...
ans Posted June 9, 2012 Share Posted June 9, 2012 Isn't it amusing that the two people claiming to be knowledgeable in the in the infosec field are citing Gibson and TheReg as security sources? Don't get me wrong, I've read El Reg plenty, but anyone who doesn't think it's a lightweight tech news site for the masses is seriously deluded. It's not really well known as an in depth security research and information source. As for Gibson, well, whatever credibility he started with 15 years ago has pretty much vanished... I'd be interested to see your summary of how the LeakedIn site performs the check, as well as where you think the risks are. It's a fairly basic process so it shouldn't take someone who has "worked in the IT security industry for many years" more than a few minutes to enlighten us all. Edit: Bah, I knew I should have hit submit before going to make a coffee. Beaten! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.