Password Stealing

RacersEdge · #1 07-20-2005, 06:14 PM

I posted this in Computers too...

I had a message board (ESPN to be exact) password stolen a couple years ago, and I was just curious how the process works. Some kind of script you write or what? (No, not looking to steal anyone's myself).

Reef · #2 07-20-2005, 06:21 PM

do you think you had a keylogger on your computer?
Maybe someone guessed it

RacersEdge · #3 07-20-2005, 06:27 PM

[ QUOTE ]
do you think you had a keylogger on your computer?

[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

stabn · #4 07-20-2005, 06:31 PM

[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?

[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

swede123 · #5 07-20-2005, 06:33 PM

I'm sure there are scripts like that. But why anyone would waste their time using one for a silly message board is beyond me. Do you ever use public computers (library, internet cafe etc) when browsing forums? Maybe that's how it happened.

Swede

RacersEdge · #6 07-20-2005, 06:35 PM

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?

[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

[/ QUOTE ]

Maybe. How does that make it easy to steal??

touchfaith · #7 07-20-2005, 06:35 PM

Brute-force (I'm not kidding).

"And that's all I have to say about that..."

Other then to say always whenever possible, use some sort of punctuation in your passwords, perferably in the first, or first few, characters.

stabn · #8 07-20-2005, 06:55 PM

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
do you think you had a keylogger on your computer?

[/ QUOTE ]

No.

[ QUOTE ]
Maybe someone guessed it

[/ QUOTE ]

Hard to believe, but possible I guess.

I was thinking there was some kind of script you could run on the login page that goes through a bunch of permutations of letters and numbers. I don't know.

[/ QUOTE ]

You probably used that password on another site.

[/ QUOTE ]

Maybe. How does that make it easy to steal??

[/ QUOTE ]

It depends on how much you trust the admins of all the sites you used that password at.

Dazarath · #9 07-21-2005, 03:11 AM

Writing a brute force password guessing script is not the hard part. The problem is the amount of time it would take. There's some 100 (just a guess) characters that you could use in your password. Even if you told me that your password has 8 characters, that's 100^8 = 10^16 = 10,000,000,000,000,000 different combinations. Even if you somehow managed to try a million per second, it'd still take you ten billion seconds, which is over 300 years. If they're trying to guess a password to an online site, it won't even be close to 1 million guesses per second.

ChipWrecked · #10 07-21-2005, 03:16 AM

Yep. My company requires an 8-character p'word, must contain a number, a capital letter, and a special character.