IntegraMOD

why are the hackers always one step ahead?

2006-06-08T13:23:14-07:00

Yes I am already aware of 2 such dictionarys that you can enter the md5 string and you may get the users password. josie1 is not a good enough password. I am actually proposing to phpbb that they make a double md5 pass. This means that the user password is encrypted and that is then encrypted again to make this type of lookup harder. However I feel it will only be a matter of ime before we have to look at further secure systems to promote true user identification.

A

Statistics: Posted Author: Adrian Rea — Thu Jun 08, 2006 1:23 pm

why are the hackers always one step ahead?

2006-06-08T12:30:20-07:00

Agreed with adrian. I have had to use my "hacker mind" to get into my forums a couple times when I was upgrading and accidentally locked myself out. I had to get in via SQL and change the password for the first admin because the email address it was registered to didn't exist anymore and I had no clue what the password was.

I need to tell you guys this quick story so that you guys can check into this on your own forums:

My site was partnered with another local car club site that was slightly bigger than us. The owner of that site had created a game on his site that you had to register (seperate from phpbb) to play. Well, many of my moderators hopped over there and registered for his game using the same password that they used for my website.

The problem was that his passwords for that game were not MD5 hash they were not encrypted at all so when things got sour between the two clubs he started logging into my moderator's accounts and reading our private moderator forums. He could have done so much more though so I am grateful at least that he was upfront and honest and told me about it but the first thing I had to do was get all the moderators to change their passwords.

Lesson for the day: make sure your moderators use different passwords, especially on a competing or even a partner site. MD5 hash may not be reversible but even MD5 hash can sometimes be revealed by dictionary lookup.

Zac

Statistics: Posted Author: ZacFields — Thu Jun 08, 2006 12:30 pm

why are the hackers always one step ahead?

2006-06-08T10:03:31-07:00

Only when you worry about it heheh

Statistics: Posted Author: Adrian Rea — Thu Jun 08, 2006 10:03 am

why are the hackers always one step ahead?

2006-06-08T09:58:11-07:00

But is it really paranoia when they really are out to get you?

Statistics: Posted Author: Jason Sanborn — Thu Jun 08, 2006 9:58 am

why are the hackers always one step ahead?

2006-06-08T09:44:57-07:00

I thought I would split this off-topic

Hackers are sometimes one step ahead, but often security measures stop other attempts

Also it is being human that wants to test boundaries. Most people put this trait to good use, there are only a relative few who are bad apples!

It is a shame really as hackers would probably make fantastic bug fixers, as they are very good at problem solving and latteral thinking.

To add something to this, I have often used the mind of a hacker to help maintain security here. I have made several successful ventures in breaking security in order to fix the hole.

When there are situations of hackers being successful, most of the time it is not the human error of the coders, it is often the poor understanding or vigilance of individuals.

Please remember it is always best to have alphanumeric passwords, even better if upper and lower case. It is also best to have different passwords for each site and a password store like robo-form is a useful accessory but do safeguard the info on it.

Updating to the latest patches is always recommended.

Always keep a backup

And a slightly paranoid mind is a helkp but too much would land you in a hospital!

A

Statistics: Posted Author: Adrian Rea — Thu Jun 08, 2006 9:44 am

why are the hackers always one step ahead?

2006-06-07T16:36:36-07:00

"Unregistered";p="8902" wrote:
everytime someone hacks a forum, a new update or version is out! why the hackers are always one step ahead of the technology?

Why do climbers climb mountains? Why do world record holders push the limits?

Quite simply because they can and to prove they can.

Anyways lets not go wandering off topic too far

Statistics: Posted Author: Simon N — Wed Jun 07, 2006 4:36 pm

why are the hackers always one step ahead?

2006-06-07T16:33:09-07:00

everytime someone hacks a forum, a new update or version is out! why the hackers are always one step ahead of the technology?

Statistics: Posted Author: Unregistered — Wed Jun 07, 2006 4:33 pm