Call Search
     

New to Ham Radio?
My Profile

Community
Articles
Forums
News
Reviews
Friends Remembered
Strays
Survey Question

Operating
Contesting
DX Cluster Spots
Propagation

Resources
Calendar
Classifieds
Ham Exams
Ham Links
List Archives
News Articles
Product Reviews
QSL Managers

Site Info
eHam Help (FAQ)
Support the site
The eHam Team
Advertising Info
Vision Statement
About eHam.net

donate to eham
   Home   Help Search  
Pages: [1] 2 Next   Go Down
  Print  
Author Topic: COMPUTER SECURITY????  (Read 1612 times)
N9LCD
Member

Posts: 125




Ignore
« on: September 10, 2018, 06:47:44 AM »

USER ID:

Recently I was trying to set-up a new "online account" to make a purchase.  I entered my user ID as I write it: XyXyXyyyy.  Hit enter and got a confirmation that my account was ready to use.

I tried to log-in with my user ID xyxyxyyyy.  No luck.  I called the user support line.

Guess what.  THE USER ID IS CASE SENSITIVE -- BUT THE NEW ACCOUNT PAGE DOESN'T SAY THAT!!!!!

PASSWORD:

I frequently log into a business / professional website.  A couple of weeks ago I received an email saying that their website had been upgraded and users could now enter a password of up to 128 characters.

USING THE JUST THE ALPHABET AND TEN NUMERALS, THAT'S SOMETHING LIKE 3.62 * 10 TO THE 48th POWER PASSWORDS WITH JUST 62 POSITIONS!

Heck, eight-position passwords are hard enough to remember, but a 128 position one?  That's almost a Tweet!!!

I wonder how long it would take a hacker to crack a 128 position password using random combinations of alphabet and numerals?  Heck, if it takes long enough, it might "blow" their computer!

N9LCD  Huh Roll Eyes
Logged
PU2OZT
Member

Posts: 115




Ignore
« Reply #1 on: September 10, 2018, 07:01:00 AM »

A piece of cake to crack... provided you cool the machine with liquid nitrogen...

Now... let's settle up two-factor authentification via FT8, and hackers are on the dole.

Oliver
Logged
KC4ZGP
Member

Posts: 1961




Ignore
« Reply #2 on: September 10, 2018, 07:14:55 AM »


A tweet?

Kraus
Logged
DL8OV
Member

Posts: 1057




Ignore
« Reply #3 on: September 10, 2018, 09:34:50 AM »

If the 'password' can be up to 128 characters then it's not a password, it's a pass phrase. This is a good thing. Make use of the facility, maybe practice your skills in other languages. As an example the motto on the coat of arms of my old school would probably foil most dictionary attacks as it's in medieval Latin, and as we all know:

Te audire no possum. Musa sapientum fixa est in aure.

Peter DL8OV
Logged
N9LCD
Member

Posts: 125




Ignore
« Reply #4 on: September 10, 2018, 06:57:41 PM »

I had A FSC that was a fanatic on Latin.  He managed to teach us almost three years of Latin in only two.  CENSORED!

Unfortunately the Church quit using Latin in '63 -- just when our studies finished.
Logged
G4LNA
Member

Posts: 249




Ignore
« Reply #5 on: September 11, 2018, 03:52:01 AM »

I've given up trying to remember any passwords now-a-days, it's just getting ridiculous, I use a password manager and remember just the one password now.
Logged

NA4IT
Member

Posts: 194


WWW

Ignore
« Reply #6 on: September 11, 2018, 04:00:10 AM »

I still like my password... password.
Logged
KC4ZGP
Member

Posts: 1961




Ignore
« Reply #7 on: September 11, 2018, 04:50:54 AM »


I use asterisks.

Kraus

Logged
N9LCD
Member

Posts: 125




Ignore
« Reply #8 on: September 11, 2018, 07:33:23 AM »

Having trained as a specialist in the detection, prevention and investigation of fraud, I can say one thing:

THERE IS NO SUCH THING AS AN ABSOLUTELY INVULNERABLE SYSTEM.  ANY SYSTEM DEVISED BY ONE MAN CAN DEFEATED BY ANOTHER WHO WANTS TO BAD ENOUGH AND TRIES HARD ENOUGH.

There are much more attractive and lucrative targets than the users of this site.
Logged
N8YX
Member

Posts: 1391




Ignore
« Reply #9 on: September 11, 2018, 07:38:51 AM »

There are much more attractive and lucrative targets than the users of this site.
Unless said users are high profile and well-known in the ARC.

Think along the lines of gear flippers who move volumes of stuff, or the owners of online equipment dealerships. Etc.

For purposes of war gaming, I can think of a couple of social engineering exploits off the top of my head involving such people.
Logged
KC4ZGP
Member

Posts: 1961




Ignore
« Reply #10 on: September 11, 2018, 09:35:56 AM »


N8YX,

You're right. There are hidden dangers within.

Bwaaa!!!

Kraus
Logged
W3WN
Member

Posts: 849




Ignore
« Reply #11 on: September 11, 2018, 11:58:19 AM »

I still like my password... password.
#2 on the 2017 "25 Most Commonly Used Passwords" list.
Logged
G3RZP
Member

Posts: 1313




Ignore
« Reply #12 on: September 11, 2018, 01:12:36 PM »

How good is something like GKA42deMTXZ? Ship MTXZ calling Portishead Radio on 4 MHz. Especially since Portishead radio no longer exists. OK, IF you know that the guy whose password you are trying to break was a marine radio officer or was involved with marine radio, you might have a clue, but you have an awful lot of possibilities for the coast station call sign alone, let alone the ship station one. Especially if as a  Brit you chose something like FFBdeFNVG1....(French ship's lifeboat calling Boulogne Radio)
Logged
KD0REQ
Member

Posts: 2399




Ignore
« Reply #13 on: September 11, 2018, 01:53:30 PM »

the only really secure computer, as was told to me in the days of the VAX 11/785, is one that has no connections and no power, encased in reinforced concrete 60 feet down.

that said... never click on pop-ups, do all your patches the day after release to avoid ones that delete critical OS files (most AV programs have done that at least once,) don't surf dicey sites, and use complex passwords.  begin typing all browsing links with https:// not just www. keep the AV current. have backups.  get a master OS disk for your machine if you can, in case you have to rebuild from scratch.
Logged
SOFAR
Member

Posts: 1489




Ignore
« Reply #14 on: September 11, 2018, 03:23:18 PM »

the only really secure computer, as was told to me in the days of the VAX 11/785, is one that has no connections and no power, encased in reinforced concrete 60 feet down.

that said... never click on pop-ups, do all your patches the day after release to avoid ones that delete critical OS files (most AV programs have done that at least once,) don't surf dicey sites, and use complex passwords.  begin typing all browsing links with https:// not just www. keep the AV current. have backups.  get a master OS disk for your machine if you can, in case you have to rebuild from scratch.

How many people type www, or https://?




Logged
Pages: [1] 2 Next   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!