I posted this in Computers too...

I had a message board (ESPN to be exact) password stolen a couple years ago, and I was just curious how the process works. Some kind of script you write or what? (No, not looking to steal anyone's myself).

do you think you had a keylogger on your computer?
Maybe someone guessed it

[ QUOTE ]
do you think you had a keylogger on your computer?


[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?


[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

I'm sure there are scripts like that. But why anyone would waste their time using one for a silly message board is beyond me. Do you ever use public computers (library, internet cafe etc) when browsing forums? Maybe that's how it happened.

Swede

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?


[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

[/ QUOTE ]

Maybe. How does that make it easy to steal??

Brute-force (I'm not kidding).

"And that's all I have to say about that..."

Other then to say always whenever possible, use some sort of punctuation in your passwords, perferably in the first, or first few, characters.

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?


[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

[/ QUOTE ]

Maybe. How does that make it easy to steal??

[/ QUOTE ]

It depends on how much you trust the admins of all the sites you used that password at.

Writing a brute force password guessing script is not the hard part. The problem is the amount of time it would take. There's some 100 (just a guess) characters that you could use in your password. Even if you told me that your password has 8 characters, that's 100^8 = 10^16 = 10,000,000,000,000,000 different combinations. Even if you somehow managed to try a million per second, it'd still take you ten billion seconds, which is over 300 years. If they're trying to guess a password to an online site, it won't even be close to 1 million guesses per second.

Yep. My company requires an 8-character p'word, must contain a number, a capital letter, and a special character.

[ QUOTE ]
Writing a brute force password guessing script is not the hard part. The problem is the amount of time it would take. There's some 100 (just a guess) characters that you could use in your password. Even if you told me that your password has 8 characters, that's 100^8 = 10^16 = 10,000,000,000,000,000 different combinations. Even if you somehow managed to try a million per second, it'd still take you ten billion seconds, which is over 300 years. If they're trying to guess a password to an online site, it won't even be close to 1 million guesses per second.

[/ QUOTE ]

8 hours or so for an NT password with no special characters, 24-72 hrs with, depending on length.

[ QUOTE ]
Yep. My company requires an 8-character p'word, must contain a number, a capital letter, and a special character.

[/ QUOTE ]

Ours is 8 characters and must contain one capital letter, one lower case letter, two number, a special character and we have to change it ever months and not use any of our last five passwords. The result of course is that everyone writes them down...very secure. /images/graemlins/tongue.gif

I work graveyard shift at the Network Operations Center (NOC). We take help desk calls during that time. Our password policy is pretty new, so this is a typical call:

Client: It's not taking my password.
Me: (what we said earlier)
Client: wtf?