1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A Gentle Reminder - From Wiz

Discussion in 'BlackHat Lounge' started by WizGizmo, Mar 22, 2010.

  1. WizGizmo

    WizGizmo Super Moderator Staff Member Premium Member

    Joined:
    Mar 28, 2008
    Messages:
    3,845
    Likes Received:
    55,442
    Hey B-Hatters:

    As many of you are aware, some BHW members have recently
    had their accounts hacked and people have gained access to
    the forum and posted virus-ridden "shares" under those individuals'
    names, causing them to be banned as a result.

    The best advice I can offer is to do the following:

    1) Change your password often

    2) Make sure that your password has a good large
    mix of upper and lower case letters and mixed numbers.

    Example: A password like "sdUu1qI7bJFJ8ahS52NG" is much
    harder to crack than something shorter like "marketer2010".

    This has been a BHW Public Service Announcement.

    Thanks to rudeprincess for suggesting it :thanks:

    Cheers! - "Wiz"

    PS: And make sure your anti-virus and anti-spyware programs
    are kept up-to-date and always have them running.
     
    • Thanks Thanks x 9
    Last edited: Mar 22, 2010
  2. tbootz

    tbootz Regular Member

    Joined:
    Dec 10, 2008
    Messages:
    248
    Likes Received:
    164
    Guys I recommend you download a piece of software called "KeyScrambler" What it does is that it encrypts and alters all you keystrokes at the top level, so if someone has a keylogger installed on your pc and is trying to sniff out your info your keystrokes will appear to be a jumble of letters and numbers to them.
     
    • Thanks Thanks x 8
  3. TheCheesePolice

    TheCheesePolice Registered Member

    Joined:
    Oct 24, 2009
    Messages:
    87
    Likes Received:
    32
    A password like 'sdUu1qI7bJFJ8ahS52NG' is basically impossible to crack, as vB locks an account for 15 minutes after five incorrect logins (an average of 3 minutes per attempt). Thus, bruteforcing a password containing six numbers (such as 99999) would take 3*99999 minutes. You're pretty much safe unless you download something. Not sure if it's by account or IP though.
     
    • Thanks Thanks x 1
  4. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,242
    Likes Received:
    7,872
    If I could add to that? A lot of passwords are stolen via browser cache's, Clear your cookies don't let your browser remember your passwords.
     
    • Thanks Thanks x 1
  5. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    Easier, yes. More secure...not necessarily:

    http://en.wikipedia.org/wiki/Keystroke_logging#On-screen_keyboards

    FTA:

     
  6. tbootz

    tbootz Regular Member

    Joined:
    Dec 10, 2008
    Messages:
    248
    Likes Received:
    164
    Yeah it'd be easier and time consuming as hell....
    Not to mention hackers can still easily take a snapshot of your screen.
     
  7. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
  8. rudeprincess

    rudeprincess Junior Member

    Joined:
    Dec 5, 2009
    Messages:
    151
    Likes Received:
    92
    Thanks Wiz for the quick replay. I just thought it would be a good idea for everyone to change their passwords because it seems that the setup.exe is being uploaded by a lot of members who have been here for awhile. I am sure they are a victim but they are getting banned anyway. Hopefully , everyone who reads this today will immediately change their passwords.
     
    • Thanks Thanks x 1
  9. nothingnothing

    nothingnothing Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 20, 2008
    Messages:
    275
    Likes Received:
    236
    KeyScrambler is a must addon for firefox !

    Here is the official download link

    Code:
    https://addons.mozilla.org/en-US/firefox/addon/3383
     
  10. hotwicked

    hotwicked Regular Member

    Joined:
    Jul 28, 2008
    Messages:
    238
    Likes Received:
    51
    Vbulletin also has the feature for admins to force users to change their passwords ever so often. Perhaps that is needed.
     
    • Thanks Thanks x 1
  11. IcedCube

    IcedCube Junior Member

    Joined:
    Mar 2, 2009
    Messages:
    184
    Likes Received:
    131
  12. KBC-12

    KBC-12 Regular Member

    Joined:
    Dec 19, 2008
    Messages:
    311
    Likes Received:
    272
    Location:
    USA
    Thanks for the PSA WIZ. I think most around here tend to lax on the scrutiny of a download when it comes from a trusted member we have seen often.

    Thanks for the tip on keylogger tbootz, I'm definitely going to check that out.

    I recommend using lastpass plugin on Firefox. It has an auto generate password feature (hit alt-G).
    Check all 4 boxs one for A-Z, a-z, numbers, & one for symbols. Then change characters to 10, and then change min. numbers to 2. Gives you passwords like the ones suggested above. I really like this plugin.
    **I forgot to add, like the name suggests, you can have one password that allows you to access all your passwords. Be sure to clear cach like OXON suggested, LSO cookies as well.

    Anyone have any advice on anti-spyware/adware I can run like in a "boot time scan" fashion? Like for example I run Avast free home and it has a boot time scan feature that allows you to shut down windows and scan for viruses while your OS is not running.
    Anyone?

    Thanks again for the PSA. :D

    KBC
     
    Last edited: Mar 22, 2010
  13. ForeverNever

    ForeverNever Power Member

    Joined:
    Sep 17, 2008
    Messages:
    727
    Likes Received:
    365
    In all honesty I don't think these "hackers" are simply sitting are their computers guessing passwords all day so the actual password you have, no matter how complex it is, shouldn't really matter (unless I'm missing something). They have probably uploaded a dirty file with a keylogger, got some accounts, and continued the chain.

    So in that case, the KeyScrambler is a great idea.
     
  14. tonlilaz

    tonlilaz Executive VIP Premium Member

    Joined:
    Feb 28, 2008
    Messages:
    1,558
    Likes Received:
    1,700
    Occupation:
    Deleting crappy threads on BHW, making good use of
    Location:
    Over There
    Home Page:
    be careful what you download.....
     
  15. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,129
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    history caches can also be read without your knowledge.
    and quite easily, too.
     
  16. TheCheesePolice

    TheCheesePolice Registered Member

    Joined:
    Oct 24, 2009
    Messages:
    87
    Likes Received:
    32
    Just in case anyone's still reading this. Do NOT do this, as it will get your new pass stolen as well.
     
  17. aishahriar

    aishahriar BANNED BANNED

    Joined:
    Jan 7, 2010
    Messages:
    310
    Likes Received:
    336
    Thanks for the tip on the keyscrambler. My PC once got a keylogger... if I knew this then I would've been able to breathe easier. Looking into it right now.
     
  18. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    5,913
    Likes Received:
    7,150
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    you can download the latest version of KeyScrambler (2.6.0) from the official site here:
    Code:
    http://www.qfxsoftware.com/Download.htm
    it works with Firefox 3.6, the above linked one is a bit outdated by now
     
  19. JuicyBlack

    JuicyBlack Regular Member

    Joined:
    Nov 27, 2008
    Messages:
    395
    Likes Received:
    179
    Location:
    Dark n Wet Place
    I have RoboForm ... the thing generates 12 character random passwords on demand... that should do the trick.....
     
  20. madlind

    madlind Registered Member

    Joined:
    Apr 1, 2008
    Messages:
    79
    Likes Received:
    20
    Thanks Wiz. I guess I should mention here that last saturday I received an email update to a thread I was following on here, and my anti-virus popped up saying a 'rootkit' was detected in it. I was lucky to get rid of it before any damage done, but changing my password on here wouldn't have prevented receiving the rootkit in that email.