• Your account could be compromised.
    1,182 replies, posted
[QUOTE=Squad;30720622]You know I am all for justice and what not, but what did the people who OWN those accounts do? So release a bunch of information about people who had nothing to do with what you were protesting? Really? These guys are pieces of shit.[/QUOTE] Well I know LulzSec are complete assholes and I hope so much that they get caught, but at the same time I'm really pissed that Battlefield Heroes allowed all of their details to be lost. That's extremely irresponsible.
And today I just got a message saying to change my password because it was 223 days old. Coincidence? I think NOT.
cool. my old password got leaked, I'm in the clear. :D
Wait, so if your information is compromised, that means you're in the database? I'm talking about on Hexxeh's tool thingy.
[QUOTE=Meloan;30720690]Wait, so if your information is compromised, that means your in the database? I'm talking about on Hexxeh's tool thingy.[/QUOTE] Yup.
[QUOTE=Meloan;30720690]Wait, so if your information is compromised, that means your in the database? I'm talking about on Hexxeh's tool thingy.[/QUOTE] Yes. [editline]god fucking DAAAAAAAAAAAAAAMN[/editline] ninja hexxeh too good
[QUOTE=Hexxeh;30719732]Longer password just means you need bigger rainbow tables to have more chance of finding it. You're better off adding obscure symbols too, then you should be safe enough.[/QUOTE] So something like 9oP82Bkm193MI1 is no stronger than aaaaaabbbbbbcc?
[QUOTE=Hexxeh;30720699]Yup.[/QUOTE] Alrighty, thanks.
Fuck I'm on the list but I have no idea what password I used back in those days, and fucking bf:h site is down so I can't check. Time to change ALL my passwords, see you in 9 hours.
[QUOTE=SkywardD;30720541]How?[/QUOTE] I'm not sure, I've just seen people in the Event log were unbanned, that were banned recently for being compromised.
[QUOTE=Zeke129;30720720]So something like 9oP82Bkm193MI1 is no stronger than aaaaaabbbbbbcc?[/QUOTE] nope, but 1A.aabbbbbbcc would need a bigger table
Seems like my Battlefield Heroes password is compromised, I just dont remember which password I used.
[QUOTE=Zeke129;30720720]So something like 9oP82Bkm193MI1 is no stronger than aaaaaabbbbbbcc?[/QUOTE] It is, because what if the person who made the rainbow table only included in lower-case letters? If you have: 13-14+ characters A number A lower case letter An upper case letter A special character The rainbow table needed to include your password is going to be absolutely fucking massive.
[QUOTE=Miskav;30720741]Fuck I'm on the list but I have no idea what password I used back in those days, and fucking bf:h site is down so I can't check. Time to change ALL my passwords, see you in 9 hours.[/QUOTE] PM me your BFH username and I'll tell you what password you had.
[QUOTE=Zeke129;30720720]So something like 9oP82Bkm193MI1 is no stronger than aaaaaabbbbbbcc?[/QUOTE] it's stronger in the way that you need a better table to crack it. if it's obscure enough, it'll take massive rainbow tables and the kiddies most likely won't be arsed to go after your password instead of the 12312 others. of course, the original idea is that hashes are secured well enough for this shit not to happen, but hey...
[QUOTE=Jallen;30720650]Well I know LulzSec are complete assholes and I hope so much that they get caught, but at the same time I'm really pissed that Battlefield Heroes allowed all of their details to be lost. That's extremely irresponsible.[/QUOTE] Weren't they encrypted anyway? If so, that's sorta like putting the blame on yourself for having burglars in your locked home
[QUOTE=nikomo;30720764]It is, because what if the person who made the rainbow table only included in lower-case letters? If you have: 13-14+ characters A number A lower case letter An upper case letter A special character The rainbow table needed to include your password is going to be absolutely fucking massive.[/QUOTE] Rainbow tables aren't just straight mappings of hashes to plaintext, they're a rather more complex beast. They're probably not quite as large as you'd think (still pretty big though).
I guess my BFH password is the same as my old EA one? i.e. insecure and I don't use it? I'll check anyway...
Was on the list; got my password changed. Thankfully, none of my emails are compromised.
[QUOTE=Zeke129;30720720]So something like 9oP82Bkm193MI1 is no stronger than aaaaaabbbbbbcc?[/QUOTE] Well when generating a rainbow table it will go through each combo of characters for a given length password. Something like aaaaaabbbbbbcc will be found near the beginning of the generation most likely, but if they are generating a table which searches through upper case, lower case and numbers then they will eventually get the md5 of 9oP82Bkm193MI1 too. By adding obscure symbols you make it less likely for it to be found, because for every character it checks, you exponentially increase the amount of computation required to find all the combos. A gen which finds uppercase, lowercase and numbers will take much longer than one which only searches lowercase. Obscure symbols will be so infrequent in passwords that most rainbow table generations won't even take them into consideration - the payoff is way too low for the amount of extra processing and thus time required. [editline]26th June 2011[/editline] [QUOTE=deggie;30720785]Weren't they encrypted anyway? If so, that's sorta like putting the blame on yourself for having burglars in your locked home[/QUOTE] People can reverse the hash by looking them up in rainbow tables, or if they have the same hash as another person then obviously the passwords will be the same.
when will BFH site be back up?
[QUOTE=Jallen;30720650]Well I know LulzSec are complete assholes and I hope so much that they get caught, but at the same time I'm really pissed that Battlefield Heroes allowed all of their details to be lost. That's extremely irresponsible.[/QUOTE] If I can remember correctly, LulzSec disbanded today due to it being the 50th day of their 'trials', if you will. They left with a heartfelt speech on how they hope people can carry on the movement that they started. --- Thanks for the notification about the compromised accounts though, just changed my password. What I'm going to start doing here in the next couple of days, and I HIGHLY encourage to other people, -if you've had hacked accounts in the past; although I've only been hacked twice- is to randomly generate and or create your own 12-character alphanumeric password with capitals; if you're really paranoid, use symbols as well. As for storage, [b]DO NOT[/b] store them in [b]ANY[/b] location on your computer! What I usually do is get an empty Spiral Notebook, or something of the sort -with lines, of course-, and store my information in the following format~ The following account is obviously a fake... Runescape Account Information~ Website: [url]www.runescape.com[/url] Username: abc Password: V@k3HAp4ath& I usually hide it in a place where nobody would ever think to look, or keep it locked up somewhere unless I'm on my computer; in which case, I have it sitting next to me. The following are some handy password generators, I use them sometimes~ - [url="http://www.pctools.com/guides/password/"]PCTools: Password Generator[/url] - [url=http://strongpasswordgenerator.com/]Strong Password Generator[/url] I usually use the latter of the two, but both are pretty nice. Sorry if this information is already obvious, felt I should post just in case there are those select few whom don't know about the aforementioned sites.
Last time my Facepunch password was the same as the one I used for anything else was quite a while ago. Explains why I've had to change my password twice today.
[QUOTE=Hexxeh;30720791]Rainbow tables aren't just straight mappings of hashes to plaintext, they're a rather more complex beast. They're probably not quite as large as you'd think (still pretty big though).[/QUOTE] The passwords, are they just MD5 with no salt?
I actually wonder if my password was found. I mean, it wasn't a complex password, it was just a simple one I thought up years ago to make everything simple. I used it for everything then, but now, anything important uses something new.
[QUOTE=Zeddy;30721036]I actually wonder if my password was found. I mean, it wasn't a complex password, it was just a simple one I thought up years ago to make everything simple. I used it for everything then, but now, anything important uses something new.[/QUOTE] Yeah it was kinda like that with me a while back; using the same password for everything, just for the soul purpose of simplicity. Then when I got hacked they ended up finding out some of the other accounts I had, so I had to change them in a hurry.
[QUOTE=nikomo;30721014]The passwords, are they just MD5 with no salt?[/QUOTE] Yup.
Nobody got my passwords. :buddy:
Just checked Hexxeh's list. Yeah, its in there, but I only ever used that username and password on two sites, one of which was Heroes, and the other isn't important anymore, and I don't think even exists anymore. I'm not genuinely concerned. If it does become an issue, then sure, I'll fix that when the time comes. Too late now anyway.
[QUOTE=latem5;30720887] - [url=http://strongpasswordgenerator.com/]Strong Password Generator[/url] I usually use the latter of the two, but both are pretty nice.[/QUOTE] [release]Remember your new password as: lima CHARLIE 1 } 2 ' [ 5 \ - 5 / ; UNIFORM [/release] Yeah thanks I'll do that
Sorry, you need to Log In to post a reply to this thread.