|
|||||||
Tech: Security breach? |
Share Thread
|
Subject: RE: Tech: Security breach? From: MaJoC the Filk Date: 26 Feb 24 - 09:37 AM Warning from history: I remember reading, many years ago, of one chap who had a super-unbreakable password which he was requested and required to use for sensitive logins (possibly NSA-sensitive). One day, he tried his magic password on a password-strength program, which said: "Bingo: that password is well-known." Turns out he'd used his super-unbreakable password on a talker, and that the talker's owner, who also happened to write the password test program, had tipped the talker's password file (kept in plain text) into the tester's list of well-known passwords. |
Subject: RE: Tech: Security breach? From: Dave the Gnome Date: 26 Feb 24 - 03:28 AM Yea, like you say, who cares! I only use this password here so it doesn't compromise anything else. One thing I must point out though. I know that someone has been banned for sharing their login details as I am still in touch with him. If anyone's password is compromised here, you could get multiple people logging in with the same ID. How will you prevent that? |
Subject: RE: Tech: Security breach? From: Joe Offer Date: 26 Feb 24 - 12:26 AM I get a lot of reports of compromised Mudcat passwords. Usually, the member has a number of compromised passwords reported at the same time. I don't really know how terrible it is to have a Mudcat password compromised. Mudcat's password system is like a lock on a bathroom door - it's fairly easy to get past, but who'd bother? Most people don't want to see you pooping anyhow. Our password system gives a modest amount of security, but it's not enough to protect financial transactions or other things you want to keep secret. We're a folk music discussion forum, not Fort Knox. You should not be keeping your darkest secrets here. But if you want to change your password or update your contact information, email me and tell me what you want for your new password, and I'll change it for you. One guy got all upset about that because that meant I knew his password. He left in a huff, and I haven't heard of his since. Oh, and if you forgot your password, our automatic password sender rarely works. Email me, and I'll send you your password. DaveRo asks how I know who people are. Well, I've been here 25 years and I usually know. Joe Offer joe@mudcat.org |
Subject: RE: Tech: Security breach? From: GUEST,.gargoyle Date: 25 Feb 24 - 10:20 PM Do NOT visit, even accidently, Russian porn places. Sincerely, Gargoyle Some of the silk lingerie ads posted as "pop-ups" on Mudcat are quite provocative ... unfortunately they are never my size. |
Subject: RE: Tech: Security breach? From: Dave the Gnome Date: 25 Feb 24 - 01:37 PM I think I'll leave it for now but if someone else logs in as me I hope someone lets me know! |
Subject: RE: Tech: Security breach? From: Stilly River Sage Date: 25 Feb 24 - 01:26 PM Well, we used to be able to do it ourselves and ended up with hundreds of The Mudcat Troll's fake accounts that he used to stalk and torment people. Study of the patterns used by that individual revealed that he reused 3 or 4 passwords so they were all tracked down and the fake accounts were out. Dreadful days, those were. It's better now. |
Subject: RE: Tech: Security breach? From: DaveRo Date: 25 Feb 24 - 01:24 PM Also, how would Joe know it's really you? |
Subject: RE: Tech: Security breach? From: Dave the Gnome Date: 25 Feb 24 - 01:05 PM No - It was a poor password but only used here. Doesn't it defeat the security objective to ask someone else to set up a passoord for you?!?! |
Subject: RE: Tech: Security breach? From: Stilly River Sage Date: 25 Feb 24 - 12:39 PM The point is did you reuse that password anywhere else? You can write to Joe@mudcat.org about changing your password at Mudcat, but you may have to check your records if it is in use other places because if someone is determined to crack any of your accounts, a hacker testing them with a known password is the fastest way for it to happen. |
Subject: RE: Tech: Security breach? From: Dave the Gnome Date: 25 Feb 24 - 12:26 PM Where do I change my Mudcat password then? |
Subject: RE: Tech: Security breach? From: DaveRo Date: 25 Feb 24 - 11:12 AM This one? Cit0day (unverified): In November 2020, a collection of more than 23,000 allegedly breached websites known as Cit0day were made available for download on several hacking forums. The data consisted of 226M unique email address alongside password pairs, often represented as both password hashes and the cracked, plain text versions. Independent verification of the data established it contains many legitimate, previously undisclosed breaches. The data was provided to HIBP by dehashed.com.Me too. If your password looks like that and you think someone might impersonate you, then change it. Take a look at Have I been pwned? |
Subject: RE: Tech: Security breach? From: Stilly River Sage Date: 25 Feb 24 - 11:07 AM Last week I got a message like that from a monitoring program (free for members of AAA) that has my phone number, supposedly found on the "dark web." The rest of the content with it is the same name I've seen for years, some guy seems to give my phone number as his and I get calls from people wanting to collect his debts, wanting to buy his house, wanting to do many things that are tied to his misbehavior. I've also seen them regarding my main email address, and as you suggest, I changed the password. There really isn't much else you can do. |
Subject: Tech: Security breach? From: Dave the Gnome Date: 25 Feb 24 - 09:24 AM I have only just started to monoitor security via Google 1 so apologies if this has been asked before but this came up - mudcat.org Your info was in a data breach and found on the dark web on 3 Dec 2020 Monitoring profile info was found Info that you put in your monitoring profile matched info found in this data breach. dpolshaw@******.com dpolshaw@******.com Other info was found that isn't in your monitoring profile Other info was found on the dark web alongside the info in your monitoring profile. The full details are hidden in case this info isn't yours. Password b•••• B•••• Do I need to do anything but changethe password? |
Share Thread: |
Subject: | Help |
From: | |
Preview Automatic Linebreaks Make a link ("blue clicky") |