HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Heartbleed bug or not, I don't think posting your passwords on the internet has ever been a good idea. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
'Some Idiot On The Internet' Story of the Day
- Thread starter HardOCP News
- Start date
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
Something, something, weed out the gene pool, comes to mind.
chockomonkey
[H]F Junkie
- Joined
- Oct 11, 2003
- Messages
- 8,328
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
I worked with a guy who made himself a custom "note sync" system that kept his notes in sync between his phone, home computer, work computer, etc.
Unfortunately, the sync mechanism used his personal website as the storage medium.
And the raw text file, while not linked from anywhere, WAS spidered by search engines.
Turns out he spends at least $200 a week on "erotic massages", making sure to "tip <one name> at least $50, but <other name> gets only $30."
Yes, he had plenty of passwords there, including his online banking. And the one that set off ridiculous red flags: he had our product's default admin user name and password in there, along with login information for how to get in to some customer systems! (AKA: he was mixing work and personal notes, including technical support case notes.)
Amazingly, he wasn't fired over it. We REQUIRED him to immediately take the page down, and filed emergency requests with Google/etc, to have the page caches removed.
Unfortunately, the sync mechanism used his personal website as the storage medium.
And the raw text file, while not linked from anywhere, WAS spidered by search engines.
Turns out he spends at least $200 a week on "erotic massages", making sure to "tip <one name> at least $50, but <other name> gets only $30."
Yes, he had plenty of passwords there, including his online banking. And the one that set off ridiculous red flags: he had our product's default admin user name and password in there, along with login information for how to get in to some customer systems! (AKA: he was mixing work and personal notes, including technical support case notes.)
Amazingly, he wasn't fired over it. We REQUIRED him to immediately take the page down, and filed emergency requests with Google/etc, to have the page caches removed.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
"His accounts were hacked in short order"....jeebus. In what universe does using the passwords someone else moronically provides publicly on the internet qualify as "hacking"
bucketlist
Gawd
- Joined
- Oct 8, 2013
- Messages
- 1,019
Would've been epic if his posted financial passwords.
chockomonkey
[H]F Junkie
- Joined
- Oct 11, 2003
- Messages
- 8,328
Hahaha that was exactly my argument when i got in trouble in grade school for guessing this one guy's password. I mean, it's not hacking if it's the first one i try lol
'nicoleishot' ... i mean seriously?
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
But was Nicole actually hot? If so pics are now necessary.
D
Deleted whining member 223597
Guest
Pics or GTFO comes to mind.
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,689
I got in trouble because I used the password that was written down in the pull out drawer. Don't blame me for their poor security.
Social Engineering or Social Hacking, I guess.
BiH115
Gif Guy
- Joined
- May 12, 2011
- Messages
- 9,327
Chocko, as your best friend on Steam, I immediately am requesting the sending of said pics.
Regards,
Send the pics.
TBH
If you high secure place is putting the security in you making a secure password. The place at hand DOES NOT understand high security. Im still amazed how far behind on online security USA is in regards to their bank and IRS. It was one of the first hing i noticed moving to the states
The fact is t hat no high secure site should have your entire login security passed on a multi use password. it should be based in single use password like in WoW FFXI and the Danish bank/goverment logins. THE user chocied password should only be a strengthening of th login security NOT its base
i saw banks being interview talking about how uses need to make their password long and secure. totally failing to inform that heartbleedbug retrieved you password so that password security itself was not the problem at hand. but its a nice way for the bank to shift blame away form the fact they use in propper and bad security.
Another way to tell if a site has impropper basic security (not high security), is to try to get your password retried/reset. if the site can actually retrieve your password and give it back to you, its stored in a none safe way (none hashed). password should NOT be stored encrypted (adobe learned that) but hashed with a salt.
User should try to get to use password prehasher to help isolate damage from password retrieved by hacking like heartbleed bug.
https://www.pwdhash.com/
But please do NOT buy into the user faults of long secure password thing. DEMAND your bank and IRS to integrate proper single use password.
If you high secure place is putting the security in you making a secure password. The place at hand DOES NOT understand high security. Im still amazed how far behind on online security USA is in regards to their bank and IRS. It was one of the first hing i noticed moving to the states
The fact is t hat no high secure site should have your entire login security passed on a multi use password. it should be based in single use password like in WoW FFXI and the Danish bank/goverment logins. THE user chocied password should only be a strengthening of th login security NOT its base
i saw banks being interview talking about how uses need to make their password long and secure. totally failing to inform that heartbleedbug retrieved you password so that password security itself was not the problem at hand. but its a nice way for the bank to shift blame away form the fact they use in propper and bad security.
Another way to tell if a site has impropper basic security (not high security), is to try to get your password retried/reset. if the site can actually retrieve your password and give it back to you, its stored in a none safe way (none hashed). password should NOT be stored encrypted (adobe learned that) but hashed with a salt.
User should try to get to use password prehasher to help isolate damage from password retrieved by hacking like heartbleed bug.
https://www.pwdhash.com/
But please do NOT buy into the user faults of long secure password thing. DEMAND your bank and IRS to integrate proper single use password.
StillFunkyB
[H]ard|Gawd
- Joined
- Oct 6, 2007
- Messages
- 1,386
You'd think someone who's been around this joint for 10 years would know the rules....YEESH.
Would've been epic if his posted financial passwords.
You are aware that if you have somebody's email account you can normally reset any account that you want for a person and get access to their bank account or anything else.
And too bad society is so hell bent on protecting the idiots its dumbing down society as a whole.
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
Hmm... it seems my [H] password "ihearthardforumlongtimeandtheadminslikechocolate" is not showing up as *s.
Maybe I need to switch to IE8 or earlier for it to work, and uninstall Avast and my router's firewall.
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
(Obviously that's not my real password... )
)Hmm... it seems my [H] password "ihearthardforumlongtimeandtheadminslikechocolate" is not showing up as *s.
Maybe I need to switch to IE8 or earlier for it to work, and uninstall Avast and my router's firewall.
I can fix that for you, I just need to you run a program to give me full control of your computer for a few minutes.
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
Sure, upload the file to my ftp server:
Code:
ftp://192.168.1.1:21
Anonymous log in and no password.Actually FTP access won't work. I need you to run go to assist on your computer and make sure to turn off your monitor after giving me access. the process to fix this issue might cause a lot of flashing on the screen as I have to flash the father port on the motherboard. I have special googles so the flash process won't hurt my eyes but since you don't have this it could cause blindness so it is just best that you give me access and turn off your computer to prevent any damage.
So just go to https://gta.notabadsiteatallforyoutobeon.com and enter in the code 1@mn0t@5uck3r and I will be glad to assist you in these password issues that you are having.
Thats not true for passwords since they can be any length and combination of characters, but it is true for social security numbers, since they're all the same. See: ***-**-****
I read that as "Nicole I shot". I think I might need to see a psychiatrist.
What does it say if not that?
BiH115
Gif Guy
- Joined
- May 12, 2011
- Messages
- 9,327
