CNN 'tech analyst' thinks 4chan is a person, recommends using 'pa$$word' as your password
75 replies, posted
[media]http://www.youtube.com/watch?v=qz5i171h_no[/media]
[quote=http://www.theregister.co.uk/2014/09/03/nude_celeb_leaked_photos_hack_cnn_tech_expert_thinks_4chan_is_a_person/]
"If your password is password, change the 's' to a dollar sign." That's the advice from US news network CNN's "technology analyst" Brett Larson, who also thinks that anarchic message board 4chan is some sysadmin bloke who knew how to "hack things" so he could leak saucy, private photos of Jennifer Lawrence and other female celebrities.
The confusion over 4chan starts with CNN's news presenter, who naively asks Larson:
[I]Do we even know? Who is this 4chan person or website?[/I]
Larson, attempting to mask "waaaaah, naked babes" schoolboy giggles, offers up this insight:
[I]He may - and I'm sure we're going to be able to get some more confirmation on this as the hours and minutes go on - he may have been just a system administrator who knew his way around and how to hack things.
[/I]
It seems like this was not a real big effort but was more of a "I have these usernames, I know of this loophole, this security loophole, I'm just going to run this password app and see if I can get into these people's cloud-based account."
[/quote]
old media
to be fair pa$$word is better than password
this shit is so dumb not even my grandmother could make this big of a mistake
To be fair if your password is password you're probably going to ignore that advice anyways.
pa$$w0rd 420 money shot
Well, when are we going to receive a public apology from that Facepunch person for the Subway pics incident?
Even your stupid grandma thinks you're a dipshit, Brett Larson
[QUOTE=Korova;45884697]to be fair pa$$word is better than password[/QUOTE]
it's harder to guess but if the person tries to brute force the password by using every combination of letters/numbers/symbols on a keyboard then it probably wouldn't be helpful.
On a serious note about password strength
[img]http://imgs.xkcd.com/comics/password_strength.png[/img]
dang, ill have to patch my password app with this new info
tbh it sounds more like he's trying to put it into simple terms so less tech savvy people can understand it.
[QUOTE=Korova;45884697]to be fair pa$$word is better than password[/QUOTE]
Against a bruteforce attack, somewhat. GRC actually published a theoretical tool to determine how long it would take to bruteforce a password. Here is "password":
[img]http://i.imgur.com/B6BdtYh.png[/img]
And here is "pa$$word":
[img]http://i.imgur.com/9zhd5p7.png[/img]
This doesn't account for dictionary attempts, which usually precede bruteforcing and consist of loads of the most common passwords used by many sipwickets. "password" is definitely the first password anyone with a malicious intent will attempt to use. "pa$$word" however is probably going to be added to such lists very soon because of this guy's terrible, terrible advice. [url=http://xkcd.com/936/]"correcthorsebatterystaple"[/url] might be on those lists. Hell, Dropbox has an easter egg where if you attempt to use said reference, it'll say not to take advice from a webcomic too literally.
You can try the tool for yourself here: [url]https://www.grc.com/haystack.htm[/url]
How about 12345 as a password? Worked for planet Druidia.
[video=youtube;_JNGI1dI-e8]http://www.youtube.com/watch?v=_JNGI1dI-e8[/video]
[QUOTE=Hervey;45884730]On a serious note about password strength
(xkcd)[/QUOTE]
And here's [url=http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase]some[/url] [url=http://www.reddit.com/r/techsnap/comments/18ezb6/correct_horse_battery_staple_really_a_strong/]discussion[/url] on whether this is actually a good idea.
tl;dr under most circumstances, it is, but better use less common words and mix cases to be sure, and/or add one word.
I used [url]https://howsecureismypassword.net/[/url] just for giggles
"password"
[t]http://i.imgur.com/0mfJoau.png[/t]
"pa$$word"
[t]http://i.imgur.com/u57v0Cg.png[/t]
Congrats Mr. Larson, you just made it 30 minutes longer.
Not gonna lie I've used password and it's variations a few times in the past when I couldn't think up a more secure one. Though admittedly only for MMO usage and not anything actually important.
I used to have five or so passwords with Unicode characters in them. One day, I wrote them all down in Notepad and saved them on my computer. When I opened the file again I realized my mistake: ANSI.
Hey CNN. Can I have his job? I'll do it for less and actually know things.
[QUOTE=Krinkels;45884839]I used to have five or so passwords with Unicode characters in them. One day, I wrote them all down in Notepad and saved them on my computer. When I opened the file again I realized my mistake: ANSI.[/QUOTE]
When I was 10 I used to believe putting umlauts in my passwords would make them secure against international hackers because they couldn't type the characters.
[QUOTE=Korova;45884697]to be fair pa$$word is better than password[/QUOTE]
to be fair, it is the third combination of password tried by brute force programs
[QUOTE=Steel & Iron;45884795]I used [url]https://howsecureismypassword.net/[/url] just for giggles
"password"
[t]http://i.imgur.com/0mfJoau.png[/t]
"pa$$word"
[t]http://i.imgur.com/u57v0Cg.png[/t]
Congrats Mr. Larson, you just made it 30 minutes longer.[/QUOTE]
It would take a desktop PC about
137 quadrillion years
to crack your password
lol
[QUOTE=Sableye;45884885]to be fair, it is the third combination of password tried by brute force programs[/QUOTE]
that still is better than being the first, though
[QUOTE=Hat-Wearing Man;45884805]Not gonna lie I've used password and it's variations a few times in the past when I couldn't think up a more secure one. Though admittedly only for MMO usage and not anything actually important.[/QUOTE]
@numbernumbernumberletterletterletternumbernumbernumber or vice versa etc
[QUOTE=Steel & Iron;45884795]I used [url]https://howsecureismypassword.net/[/url] just for giggles
"password"
[t]http://i.imgur.com/0mfJoau.png[/t]
"pa$$word"
[t]http://i.imgur.com/u57v0Cg.png[/t]
Congrats Mr. Larson, you just made it 30 minutes longer.[/QUOTE]
[img]http://puu.sh/bkjKd/d0318bce11.png[/img]
Password is "aaaaaaaaaaaaaaaaaaaa"
:v:
[QUOTE=Hervey;45884730]On a serious note about password strength
[img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE]
That is very flawed.
[QUOTE=wickedplayer494;45884754]Against a bruteforce attack, somewhat. GRC actually published a theoretical tool to determine how long it would take to bruteforce a password. Here is "password":
[img]http://i.imgur.com/B6BdtYh.png[/img]
And here is "pa$$word":
[img]http://i.imgur.com/9zhd5p7.png[/img]
This doesn't account for dictionary attempts, which usually precede bruteforcing and consist of loads of the most common passwords used by many sipwickets. "password" is definitely the first password anyone with a malicious intent will attempt to use. "pa$$word" however is probably going to be added to such lists very soon because of this guy's terrible, terrible advice. [url=http://xkcd.com/936/]"correcthorsebatterystaple"[/url] might be on those lists. Hell, Dropbox has an easter egg where if you attempt to use said reference, it'll say not to take advice from a webcomic too literally.
You can try the tool for yourself here: [url]https://www.grc.com/haystack.htm[/url][/QUOTE]
[img]http://i.cubeupload.com/pEGIJA.png[/img]
perfect
Generally speaking unless someone is trying to brute force your password offline (or locally on the server), it's not really an issue.
Most stolen passwords are through fake websites (and other phishing attempts) or stolen databases with unhashed passwords (which in this day and age is simply ridiculous).
[QUOTE=FlakAttack;45885342]Generally speaking unless someone is trying to brute force your password offline (or locally on the server), it's not really an issue.
Most stolen passwords are through fake websites (and other phishing attempts) or stolen databases with unhashed passwords (which in this day and age is simply ridiculous).[/QUOTE]
it's stupid easy to see, for example, fake steam links too
they always have insane names like steamcummunity and link it in ways that are just too obvious
most of the time a site steals your password, you were being oblivious
Sorry, you need to Log In to post a reply to this thread.
