Re: Passwords and bleeding hearts.   
     By: BOB KLAHN to ALL on Sat Apr 19 2014 00:02:20   
      
    >  Now this is especially true on sites where all you want to do is   
    >  read something, like a magazine website. Why have to mix your   
    >  capital and small letters with at least one number? It's not the   
    >  NSA you know... and they have your number anyway.   
      
   	Because, my good sir, there are pre-written programs out there    
   that've been around since at least 1993 (when I first got my hands on one    
   called 'crackerjack') that can take a spell-checker's list of words (a    
   dictionary file) and, mixing that with common numbers and varying    
   capitialization, that can break passwords easily.  Provided the amount of    
   security loopholes that end up being exposed on a daily basis, this means    
   that common providers of services have their encrypted password files    
   stolen on a regular basis (if they're smart enough to even use this level    
   of sophistication).   
   	Given, as fact, that this happens (you can take that as a fact    
   from me; I got busted for it in 1996, so there is your proof), understand    
   next that although your account on that site may be just for reading    
   Penthouse Forums or whatever, a _lot_ of people that don't bother to use a    
   secure password don't bother to use a _unique_ password with the plethora    
   of different sites that a person has to supply login credentials to these    
   days.  Even the script kiddies (people like myself, when I was in my early    
   teens) know this kind of stuff.  So when they crack one set of login    
   credentials, they use the information in that file (your first name, last    
   name, login string, password, anything else they can glean from that    
   server) to check if you have accounts on any similiar, or even dissimilar,    
   mainstream sites where lots of people connect to.  Poof, there's another    
   handful.  What if one of those is your bank?  Follow the chains of logic    
   and you'll see that they can run off to a lot of other places as well.   
   	Doing that kind of stuff can make you end up out on the street    
   broke and homeless.  Doing that kind of stuff can let people impersonate    
   you and put you away for things you never did.  When you really think    
   about it, the potentials for bad scenerios are legion.  Trust me, I spent    
   a few years thinking about it.   
      
      
      -- guh up the effbomb down wif yr bad self   
      
   --- SBBSecho 2.26-OpenBSD   
    * Origin: telnet://bismaninfo.hopto.org:8023 1:282/1057 (1:282/1057)