get offline ya pc isnt safe at all

holly molly i just watehced a good show that airs daily live on computers s he showeda program that can crack any pass word in 9 minutes

Hey rag, can you give us more info??????????????? ? ? ? /ubbthreads/images/graemlins/confused.gif /ubbthreads/images/graemlins/popcorn.gif

lol id post a link but i dont want know one to hackme lol watch techtv today they will reaire it im sure it used to be a freee program hackers can get now they sell it claiming it is to protect ya lol

How is that possible? My dial-up connection is so slow it takes nine minutes just to send one password.

Brute force cracker. I doubt it can crack any password, but 90% of the ones out there that are a simple dictionary word.

For example: 'corvette' is a LOT easier to crack than 'K0rve11e' even better would be something that's not based on a dictionary word, or if so 2 random words jammed together like 'K0rdB33f'

Password crackers have been around for a long time.... I used one years ago to open a pw-protected file I forgot the code from... /ubbthreads/images/graemlins/twakfl.gif
It took the prog 2 weeks... /ubbthreads/images/graemlins/smoker5.gif /ubbthreads/images/graemlins/faint.gif

The program raggie is refering to is LophtCrack. Newer versions require you to know the admin password to be able to use it to crack passwords. Of course there are other programs out there that don't have this limitation. I can blank or change any password, including the admin password, in less than 5 minutes on an NT based OS with a boot CD that's easily made. I try to use my powers for good and not evil though! /ubbthreads/images/graemlins/naughty.gif

[ QUOTE ]
Fitz said:
I can blank or change any password, including the admin password, in less than 5 minutes on an NT based OS with a boot CD that's easily made.

[/ QUOTE ]

But only if FAT not NTFS-encrypted, right? /ubbthreads/images/graemlins/icon23.gif

Wrong- It doesn't matter if it's NTFS or FAT. It will extract the sam file that the pw is stored in and change or delete the pw hash. Comes in handy when somebody forgets the password on their machine!

I've started using Alphanumeric stuff that wouldn't make a bit of sense to someone not on my wavelength....

That ought to slow 'em down to 40 or 50 minutes eh?

I've memorized a 239 bit encryption password for things I encrypt. It's highly unlikely anybody could decrypt them, not that anybody would want to. A few precautions when doing things like banking online are in order, but for the most part, there isn't too much to worry about. I don't think I'll ever bank online myself however.

If you are talking about cracking user passwords on xp, this is easily done using windows 2000 or linux boot disks. Solution to this would be to password protect bios after disabling ability to use boot disks, which would force the user to reset the CMOS or remove the hard drive, and if they have this kind of access to you computer, well there's nothing they can't do.

is this where the classic amature pc user line "BUT I HAVE FIREWALLS SO I AM NOT AFFECTED BY THAT." comes in?

Yep, I've used a linux boot disk many times to recover lost passwords. My wife used to work in the accounting dept. at a law firm. She paid the bill one time for "password recovery or windows NT 4.0 server" for $250. I told her to tell their IT department that next time they need one I'll do it for 1/2 price.
The internet today is like the new frontier, its like the wild west and a Mad Maxx future with no law and order combined into one. You have script kiddies that want to use your pc to DDOS whomever they don't like at this moment, you have the spammers wanting to relay their "marketing" off of anything they can, the swappers want to take over your server to put their "Warez Downloadz". Since the internet spans the world no one government can control it. Shut down a credit card number stealing site in the US and it moves to Russia, kiddie P0rn illegal in one country, put the server in China. The average computer users are like cattle just grazing away being rounded up by the cowboyz. I've been a big promotor of computer security for a long time.
First thing to remember is security takes a layered approach. Many people think that since they have a firewall or run OSX they are safe, many of those that think they are safe have already been breached in some way or another.
Second thing is ANY security system can be broken, your goal is to slow down the break in or make them pass you up for someone else.
Start with physical security, remove and throw away the floppy drive (its useless anyway), disable autoboot on the cd-rom and password protect the cmos setup so it can't be changed. Now you have went from 30 seconds to pop in a linux floppy and reset your password to making me pull out my leatherman, take the screws out of your system (you have the case locked and cabled to the desk so I have to take the time to break through all that right) and short the cmos battery to clear the password before I can even boot the cd assuming I have my boot cd and/or burner with me.
Stop using HTML mail. HTML code can have things you can't even see embedded in it such as a 1 pixel picture the same color as the background with HTML code which can report back to a web site for tracking. Stop using Microsoft e-mail programs completely is even better, use Mozilla mail or something else more secure from the start. Start with popup blockers (my wife got a toolbar from a popup ad before), anti-spyware, etc and/or stop using internet explorer until Microsoft actually fixes it once and for all. I still work with and support many Microsoft servers and have always used their products but they are now just too unsafe to trust anymore for my own work. To put it terms that board can relate to, the internet it a vast dark place and going there with Internet Explorer and Outlook Express/Outlook is like taking a Mag with no spare bulb and old batteries /ubbthreads/images/graemlins/smile.gif

[ QUOTE ]
To put it terms that board can relate to, the internet it a vast dark place and going there with Internet Explorer and Outlook Express/Outlook is like taking a Mag with no spare bulb and old batteries /ubbthreads/images/graemlins/smile.gif

[/ QUOTE ]

LOL - good one!

Well stated, Eugene!

Actually, if everybody who used windows xp password protected their administrator accounts, including the hidden one accessed in safe mode, and surfed the internet with a limited account only , that alone would eliminate the majority of problems that occur, as no files can be modified or deleted with limited accounts except users files..

example.. documents and settings/username

So even if something did make it through your defenses, it couldn't do much if any damage.

I just switched to firefox yesterday as well, and will probably never go back to internet explorer. If you haven't tried it, you should, particularly if you know a bit about windows and how to customize the browsers settings and features.. the tabs and middle mouse button are real time savers... the download manager is pretty nice, as is the search bar that can be used for google, amazon, ebay, dictionary.com, etc.

I use xp pro zone alarm and ie6
I never have any problems (knock on wood)

[ QUOTE ]
Fitz said:
Well stated, Eugene!

[/ QUOTE ]

I'll second that. Layers are where it's at.

I don't know if it's true but I've read that a good social engineer can quess 85% of all passwords (at least that many are lame) by looking very carefully at your work area. It is usually easier to hack the user than his system.

I use a layered approach and I have rules for my passwords:

-- At least 12 charactors,
-- Must consist of upper and lower case, also numbers, also special chars.
-- Must be gibberish to foil dictionary attacks.

It is very easy to remember something like the first letter of a phrase in a song, like:

Up Up And Away In My Beautiful My Beautiful Balloon, The World's

The first letters would be easy to remember and foil dictionary attacks.

UUAAIMBMBBTW

Make some lower case:

UuAaIMBmbbTw

Some alpha chars can be changed out for numbers and special chars that look or seem like them and are still easy to remember if you know the phrase:

^u+a1MBmb8Tw

By making up your own system like this and always using your own rules you can have a password that is much more random than everyone else's, but you don't have to write it down and you can still remember it.

Just don't hum or sing the song while you type it!

[ QUOTE ]
stockwiz said:
Actually, if everybody who used windows xp password protected their administrator accounts, including the hidden one accessed in safe mode, and surfed the internet with a limited account only , that alone would eliminate the majority of problems that occur, as no files can be modified or deleted with limited accounts except users files..

example.. documents and settings/username

So even if something did make it through your defenses, it couldn't do much if any damage.



[/ QUOTE ]
Interesting to note that I ran that way, non admin under xp with IE settings very secure, popup stopper, behind a firewall, etc. I mis-typed an address and was taken to a porn site, hit home and they typed the correct address and went on with what I was doing. Later when I opened IE again I had a porn search toolbar. I removed it but this was one of the last straws as I kept everything as secure as I could and still something got in. I was experimenting with Linux then under vmware and between the time I wasted each night running ad aware, antivirus, etc, the porn bar still getting through and my external usb hard disk not working I gave up on XP and made the switch. Now since I don't spend 2 hours every night fixing my pc from my internet exploring I can bore more people on forums. It was like owning a "reliable" Japanese car, you know the ones that have to go to the dealer every so often for "maintenance" to keep it reliable. Now I have an OS that doesn't even need an oil change so now any computer work I do is additions and upgrades /ubbthreads/images/graemlins/smile.gif

Very good commments!!!

Here are some super simple things to make you system more secure:

1. Change default settings. It's amazing the number of systems with default admin passwords
2. Run some type of spyware detector. Two very good free ones are spybot and Adware. Be sure and update signiture files.
3. Run some type of anti-virus software. Be sure and update at least once a week. It's cat & mouse, keep that signiture file updated!
4. Run some type of firewall, not perfect security, but certainly improves your chances. Several good free ones out there, Sygate is a good one.
5. Use easy to remember complex paSsw0rds using rules above.
6. Never give your info to any email link (phishing)
7. Use free Thunderbird for mail client, has setting to disable loading of HTML. Also built-in intelligent spam filtering.
8. Never open any attachments unless you know in advance, it's coming. There are no trusted sources.

Remember spyware detector and anti-virus needs to updated frequently (weekly). Sygate will self-configure by asking you what needs access to the web.

Pro's can make things more secure, but any resistance and likely someone trying to breakin will go on to an easier target.

Gain almost total control of what your browser is doing by setting up a proxy, but that usually is more technical than most want to tackle.