why are the hackers always one step ahead?
Moderator: Integra Moderator
7 posts
• Page 1 of 1
why are the hackers always one step ahead?
Author: Unregistered » Wed Jun 07, 2006 4:33 pm
everytime someone hacks a forum, a new update or version is out! why the hackers are always one step ahead of the technology?
Last edited by Unregistered on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
J O N H | P L A Y E R
Author: Simon N » Wed Jun 07, 2006 4:36 pm
"Unregistered";p="8902" wrote:everytime someone hacks a forum, a new update or version is out! why the hackers are always one step ahead of the technology?
Why do climbers climb mountains? Why do world record holders push the limits?
Quite simply because they can and to prove they can.
Anyways lets not go wandering off topic too far <img>
Last edited by Simon N on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
[marq=left][url=http][img=left]http://www.tau-designs.org.uk/pictures/im2_88x32.png[/img][/url] | [url=http][img=left]http://www.free-riders.co.uk/images/banners/freeriders_88_31.gif[/img][/url][/marq]
Author: Adrian Rea » Thu Jun 08, 2006 9:44 am
I thought I would split this off-topic
Hackers are sometimes one step ahead, but often security measures stop other attempts
Also it is being human that wants to test boundaries. Most people put this trait to good use, there are only a relative few who are bad apples!
It is a shame really as hackers would probably make fantastic bug fixers, as they are very good at problem solving and latteral thinking.
To add something to this, I have often used the mind of a hacker to help maintain security here. I have made several successful ventures in breaking security in order to fix the hole.
When there are situations of hackers being successful, most of the time it is not the human error of the coders, it is often the poor understanding or vigilance of individuals.
Please remember it is always best to have alphanumeric passwords, even better if upper and lower case. It is also best to have different passwords for each site and a password store like robo-form is a useful accessory but do safeguard the info on it.
Updating to the latest patches is always recommended.
Always keep a backup
And a slightly paranoid mind is a helkp but too much would land you in a hospital!
A
Hackers are sometimes one step ahead, but often security measures stop other attempts
Also it is being human that wants to test boundaries. Most people put this trait to good use, there are only a relative few who are bad apples!
It is a shame really as hackers would probably make fantastic bug fixers, as they are very good at problem solving and latteral thinking.
To add something to this, I have often used the mind of a hacker to help maintain security here. I have made several successful ventures in breaking security in order to fix the hole.
When there are situations of hackers being successful, most of the time it is not the human error of the coders, it is often the poor understanding or vigilance of individuals.
Please remember it is always best to have alphanumeric passwords, even better if upper and lower case. It is also best to have different passwords for each site and a password store like robo-form is a useful accessory but do safeguard the info on it.
Updating to the latest patches is always recommended.
Always keep a backup
And a slightly paranoid mind is a helkp but too much would land you in a hospital!
A
Last edited by Adrian Rea on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Author: Jason Sanborn » Thu Jun 08, 2006 9:58 am
But is it really paranoia when they really are out to get you? <img>
Last edited by Jason Sanborn on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
[url=http][img=left]http://images.cbreview.net/banners/cloney2.gif[/img]
Comic Book Review: Comics, Role Playing and More[/url]
Comic Book Review: Comics, Role Playing and More[/url]
Author: ZacFields » Thu Jun 08, 2006 12:30 pm
Agreed with adrian. I have had to use my "hacker mind" to get into my forums a couple times when I was upgrading and accidentally locked myself out. I had to get in via SQL and change the password for the first admin because the email address it was registered to didn't exist anymore and I had no clue what the password was.
I need to tell you guys this quick story so that you guys can check into this on your own forums:
My site was partnered with another local car club site that was slightly bigger than us. The owner of that site had created a game on his site that you had to register (seperate from phpbb) to play. Well, many of my moderators hopped over there and registered for his game using the same password that they used for my website.
The problem was that his passwords for that game were not MD5 hash they were not encrypted at all so when things got sour between the two clubs he started logging into my moderator's accounts and reading our private moderator forums. He could have done so much more though so I am grateful at least that he was upfront and honest and told me about it but the first thing I had to do was get all the moderators to change their passwords.
Lesson for the day: make sure your moderators use different passwords, especially on a competing or even a partner site. MD5 hash may not be reversible but even MD5 hash can sometimes be revealed by dictionary lookup.
Zac
I need to tell you guys this quick story so that you guys can check into this on your own forums:
My site was partnered with another local car club site that was slightly bigger than us. The owner of that site had created a game on his site that you had to register (seperate from phpbb) to play. Well, many of my moderators hopped over there and registered for his game using the same password that they used for my website.
The problem was that his passwords for that game were not MD5 hash they were not encrypted at all so when things got sour between the two clubs he started logging into my moderator's accounts and reading our private moderator forums. He could have done so much more though so I am grateful at least that he was upfront and honest and told me about it but the first thing I had to do was get all the moderators to change their passwords.
Lesson for the day: make sure your moderators use different passwords, especially on a competing or even a partner site. MD5 hash may not be reversible but even MD5 hash can sometimes be revealed by dictionary lookup.
Zac
Last edited by ZacFields on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
Author: Adrian Rea » Thu Jun 08, 2006 1:23 pm
Yes I am already aware of 2 such dictionarys that you can enter the md5 string and you may get the users password. josie1 is not a good enough password. I am actually proposing to phpbb that they make a double md5 pass. This means that the user password is encrypted and that is then encrypted again to make this type of lookup harder. However I feel it will only be a matter of ime before we have to look at further secure systems to promote true user identification.
A
A
Last edited by Adrian Rea on Wed Dec 31, 1969 5:00 pm, edited 1 time in total.
7 posts
• Page 1 of 1
Who is online
Registered users: App360MonitorBot, Bing [Bot], Google [Bot], Majestic-12 [Bot]
It is currently Mon Jun 16, 2025 2:45 am
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
IntegraMOD® is Powered by phpBB® Forum Software © phpBB Group
