GRML -> Articles -> Security ->
  • FoxFire Browsers
  • Graphs - Bar/Pie/3D
  • Web Page Inventory
  • Website Management
  • Web Page Analysis

    Myspace backgrounds
    myspace layouts
    Livejournal layouts backgrounds
    Xanga icons backgrounds html codes skins icons
    Low intrest credit cards
    free backround checks
    sleep apnia apnea symptoms cures
    Nextel GPS vehicle tracking system
    federal goverment student loan consolidation
    rv rentals az phoenix tucson arizona utah

    Commerce - Advertising (Ads)
    Commerce - Affiliates
    Commerce - Beginners
    Commerce - Customers
    Commerce - Domains
    Commerce - Marketing Websites
    Commerce - Merchants Sponsors
    Commerce - Security
    Commerce - Sales
    Commerce - Traffic
    Databases
    Glossary
    Links
    SEO - Links
    SEO - On-page
    SEO - Search Engines
    SEO - Sites
    Software - Websites (web-sites)
    Webmasters - HTML
    Webmaster - Tips

    • Google
    Web grmlbrowser.com
    visual studio torrent

    Better Web Site ROI

    visual studio torrent

    corel draw 12 full serial number and activation code

    Amature Pages videos

    Best man speech

    Cool background/cool backgrounds

    damaged wrecked cars for sale

    damaged wrecked porsche sale

    free backround checks

    LiveJournal

    free power point backgrounds templates

    Free tattoo designs

    Idiot proof diet

    Laser tattoo removal cost cream

    Miscellaneous Links

    Pink background/pink backgrounds

    Profit Masters

    rv rentals az phoenix tucson arizona utah

    scabies rash symptoms treatment pictures

    Signs and symptoms of thyroid problems

    sleep apnia apnea symptoms cures

    start using cgi proxy

    Symptoms of lyme disease

    What does herpes look like?

    Xanga

    microsoft project 2003 keygen

    Login
    User Name
    Password


    Not a member?
    Click here, to sign-up!

    Breaking Website Logins

    Introduction.

    How easy is it to get a password, to just about any website?

    Very!

    This is an attempt to get webmasters to actually do something about their bandwidth and customer service costs.

    The Situation Today.

    Most webmasters don't realize how many passwords are given out, in a day. If they did, something would probably be done about it.

    Often, you hear a webmaster say, "We actually give out passwords to 'password boards', to have them fail in a few hours. Then, we try to get people to buy based on the 401 error page and popup consoles." What is missed, is most people don't get passwords from fake password boards.

    Getting a password.

    Surfers are not stupid, anymore. First, many use one of the oldest technologies, newsgroups. Go to your favorite reader and plug into alt.whatever.passwords. Often, there are anywhere from 10's to 100's of passwords given out daily. Request one and see how fast you get a reply.

    Next, go to the IRC. This is another old technology. Do you see where this is going? That's right, Alt.whatever.Passwords again.

    Go to www.mirc.com and download the latest copy. Load it up and login to thundercity.net. Perhaps the easiest way is this command:

    /server irc.thundercity.net

    Then /join #asp

    Now, make a request in this format,

    !request http://members.url.com/members_area (billing_company)

    Response Time.

    Someone is going to crack you a password in 0 seconds to 1 hour, or so. It is 0 seconds if someone has cracked a ton of passwords, for your site, already. When someone does this, they usually setup a script to automatically fill your request.

    A crack in the barrier.

    Now you are thinking, "So what! I have the most leet password management scripts known to man (or woman). They will block these attempts!" Sorry, but no, they won't. Why not? It is because of AOL, that is why!

    You had to set your passwords for 3 to 5 people with the same IP. This allows the AOL modem/ADSL users to use your service without getting blocked. "Right." you say, "But, these people are giving the same passwords to multiple people every few minutes, they WILL get blocked!"

    Wrong. If you have two systems at your work space, ask for the same password from each different machine. Someone will crack you 2 different passwords... And the other 30 people? They get 30 different passwords... It is actually "bad etiquette" for a cracker to give the same password to 2 people within 2 hours time.

    Running some tests.

    Most people, who sign on to the IRC, don't use proxies. In fact, IRC networks try to make it really hard to do so. So you watch someone get one of your passwords and then see what happens in your logs. Better yet, watch for a 1 hour period.

    Say 20 people ask for your site, in that time frame. Keep track of legitimate users in the same time frame. GREP your logs for their IP's, and see how much bandwidth they use. Compare it to the bandwidth the legit users are using. Is it 20%? 25%? 50%? more?

    See how many passwords get blocked. Do any? If 5 do, do the legit users cancel them. Or, do they chargeback, instead of getting them reactivated? Does the customer service agent make them feel like suspects (password sharing) instead of victims (password cracking)? Do they reset the password with the same password, so this happens again?

    MOre on breaking webiste logins.

    The next steps is to cover using password forums and prevention.



    Copyright © 2002-2008 www.grmlbrowser.com. All Rights Reserved.
    Xanga Myspace LiveJournal | free pics images | free My space Backrounds