No doubt.In this case the aim was to steal money. Isn't that obvious?
No doubt.In this case the aim was to steal money. Isn't that obvious?
I do not use the same password on all my sites. I use 1password to manage passwords and my passwords are tested and reported as "extremely strong". There is no way to stop anyone hacking anything if they put their mind to it.I use Dashlane, which includes a random strong password generator. Unless I'm not understanding what you're saying, it doesn't seem like a great idea to be creating your own passwords, and certainly not to reuse them on multiple sites. Just trying to be helpful here.
Xenforo limits login tries to 4 times per 15 minutes per user by default. But nothing prevents from trying all 40000 users sequentually over and over.. would be interesting to check logs if someone is brute forcing..Not sure if ASR locks out after so many attempts.
This is completely irrelevant for brute forcing any service which will throttle failed logins. Web services also can't respond a million times per second in any case.View attachment 249681
Of course, all that goes out the window if the hacker has access to and knows how to use a quantum computer. Look up Shor's algorithm for details on that.
That's an alarming thought.Xenforo limits login tries to 4 times per 15 minutes per user by default. But nothing prevents from trying all 40000 users sequentually over and over.. would be interesting to check logs if someone is brute forcing..
If there is a working one around...View attachment 249681
Of course, all that goes out the window if the hacker has access to and knows how to use a quantum computer. Look up Shor's algorithm for details on that.
Only if users have extremely poor passwords. There's many other scenarios that could have happened here to get the password, or even not get the password and just capture the session etc. (But that's Amir's or his admins job to parse from the logs)That's an alarming thought.
Or, perhaps Sarumbear has malware. A thorough sweep of his computer might be in order.Only if users have extremely poor passwords. There's many other scenarios that could have happened here to get the password, or even not get the password and just capture the session etc. (But that's Amir's or his admins job to parse from the logs)
If they obtain access to the database, or the server it's on, they could do whatever they want (potentially offline). Weak passwords would fall in a few seconds.This is completely irrelevant for brute forcing any service which will throttle failed logins. Web services also can't respond a million times per second in any case.
Sure, it's not unheard of silly admins opening ports to the public internet and databases leaking. If they get on the server, they can do anything they want with the users directly anyway. Weak passwords and ignorant users can't be helped.If they obtain access to the database, or the server it's on, they could do whatever they want (potentially offline). Weak passwords would fall in a few seconds.
The hacking was done by someone else on a different computer than mine and on the ASR website. I was not involved.Or, perhaps Sarumbear has malware. A thorough sweep of his computer might be in order.
Right, but conceivably the information was harvested off your computer. Some malware these days is scary good.The hacking was done by someone else on a different computer than mine and on the ASR website. I was not involved.
Of course it’s possible but nobody has hacked any other account. No online stores, no banks, etc. was compromised. Then again, of course ASR is the most important of my accounts!Right, but conceivably the information was harvested off your computer. Some malware these days is scary good.
Right. We were just musing as to why hackers do their hacking. Generally I think they have an aim in mind.