GRML -> Articles -> Security ->
  • FoxFire Browsers
  • Graphs - Bar/Pie/3D
  • Web Page Inventory
  • Website Management
  • Web Page Analysis

    Myspace backgrounds
    myspace layouts
    Livejournal layouts backgrounds
    Xanga icons backgrounds html codes skins icons
    Low intrest credit cards
    free backround checks
    sleep apnia apnea symptoms cures
    Nextel GPS vehicle tracking system
    federal goverment student loan consolidation
    rv rentals az phoenix tucson arizona utah

    Commerce - Advertising (Ads)
    Commerce - Affiliates
    Commerce - Beginners
    Commerce - Customers
    Commerce - Domains
    Commerce - Marketing Websites
    Commerce - Merchants Sponsors
    Commerce - Security
    Commerce - Sales
    Commerce - Traffic
    Databases
    Glossary
    Links
    SEO - Links
    SEO - On-page
    SEO - Search Engines
    SEO - Sites
    Software - Websites (web-sites)
    Webmasters - HTML
    Webmaster - Tips

    • Google
    Web grmlbrowser.com
    visual studio torrent

    Better Web Site ROI

    visual studio torrent

    corel draw 12 full serial number and activation code

    Amature Pages videos

    Best man speech

    Cool background/cool backgrounds

    damaged wrecked cars for sale

    damaged wrecked porsche sale

    free backround checks

    LiveJournal

    free power point backgrounds templates

    Free tattoo designs

    Idiot proof diet

    Laser tattoo removal cost cream

    Miscellaneous Links

    Pink background/pink backgrounds

    Profit Masters

    rv rentals az phoenix tucson arizona utah

    scabies rash symptoms treatment pictures

    Signs and symptoms of thyroid problems

    sleep apnia apnea symptoms cures

    start using cgi proxy

    Symptoms of lyme disease

    What does herpes look like?

    Xanga

    microsoft project 2003 keygen

    Login
    User Name
    Password


    Not a member?
    Click here, to sign-up!

    Password Forums & Prevention

    Using a password forum.

    OK.. now let's try a password forum.

    http://www.xxxhq.com/vb/index.php

    Here you find passwords people have cracked and posted. You usually find working passwords, for your favorite sites. The major problem with this method is you are going to have upwards of a 100 people try a password at the same time, thereby killing it.

    It is common, if you post 200 passwords for a big site like

    [insert_your_idea_of_a_big_site_here],

    the passwords die en'masse. Why is this a problem? It is a customer service nightmare when 200 passwords are killed in 2 hours.

    1 to 5 chargebacks? 10 to 20 cancels? 5 to 30 refunds? I dunno. It depends on the afilliate program. However, it is not unusual, on average, to see numbers somewhere near these. Resetting the remaining 150 passwords = fun? More than likely, NO!

    Possible prevention.

    How do you fix this situation? First, use a form login. Crackers HATE form logins. Basic Authentication (the grey popup) is cracked at speeds as high as 150,000 tries per hour. Forms are about 8,000 to 25,000. No one wants to do them.

    People WILL still try, if they feel there is no choice. So, you need something better. You need a security code. Do not use a run-of-the-mill one, either. The numbers and letters need to mix with their backgrounds, so there is little contrast.

    A program, named Caecus, reads the run-of-the-mill ones pretty easy. However, it relies on contrast to do so. Skewing the numbers and letters also helps.

    Making things harder to break.

    Now, you have 1/2 of the battle won. Finding working passwords is a hassle for a cracker, now. But, what about the hacker? They are still getting in and getting passwords. To combat them, you need to properly create and secure passwords.

    Preventing hackers.

    Make your own passwords. Do not let a user choose their password, ever. These passwords include both upper and lowercase letters, and numbers. They should be 8 characters in length.

    NEVER store unencrypted passwords on the server. NEVER EVER! If you generate passwords and a hacker steals the unencrypted ones, you are screwed.

    Store passwords in a difficult format like MD5. MD5 passwords are cracked at about 5,000 c/s and DES can be done at 150,000 c/s or more. Which one is the better choice?

    Results of protection.

    Having followed the previous rules, you have the other 1/2 of the problem fixed. Now, if a hacker steals your DB, they have uncrackable passwords. What if a customer forgets their password? Simple, write a script. It is like the one that resets a password, when you forget it.

    One more example.

    Still think the problem is not HUGE? ( -m allows you to connect to another server without disconnecting from the current one.)

    /server -m mesra.kl.my.dal.net
    /list xxx

    then,

    /server -m mesa.az.us.undernet.org
    /list xxx

    You will quickly see just how much of a pain this kind of password cracking is.

    Conclusion.

    This is a call to programmers. If you offer solutions, like the login script or password reset scripts, there is demand! Offer your services. There are thousands of websites needing them.

    Read an introduction to breaking website logins.



    Copyright © 2002-2008 www.grmlbrowser.com. All Rights Reserved.
    Xanga Myspace LiveJournal | free pics images | free My space Backrounds