Greenguy's Board - View Single Post

Southfun · 2004-05-22, 10:14 AM

1 ) Some craking tools, like AccessDiver can store a cookie and send it along when it performs a brute-force-attack.

2 ) Redirecting traffic...Well, who says that the cracked passwords are links? Many password sites have found out that the webmasters block access by checking who the referer is ( that's a damn big list ) and they post the passwords so you have to cut and paste them. No referer, no problem for the leecher.

3 ) I don't know much about ProxyPass or Strongbox. None of them offers free trials, so I guess their security lies into keeping it's internal works secret?

4 ) People focus a lot on traded/shared passwords. But even a simple Perl script can check the logs and detect multiple logins and then close the account. But thats not the main problem of a web site's security anymore. It's the fact that ANYONE can learn how to crack a members site within the hour. How do you detect then than an account is maybe used by 3 different persons? Or do you guys think that all cracked passwords are posted on password sites? My guess would be that only 10% are posted. The rest is used by the crackers or traded on 1 to 1 basis.

4 ) One time fee vs monthly fee. If it is a script that is installed localy and doesn't use a server to sync and for it's backup data, then it should be a one time fee. These scripts/programs use the harddisk to store their data ( ISP's nightmare if they allow it). The monthly fee varies from company to company. Our's start at 9.95$ per month with free installation. You can't tell me that it is expensive

Check us out : http://www.passguardian.com ( free trial anyway )
ICQ : 267932717

2004-05-22, 10:14 AM	#17
Southfun If something goes wrong at the plant, blame the guy who can't speak English Join Date: May 2004 Location: Denmark Posts: 31	1 ) Some craking tools, like AccessDiver can store a cookie and send it along when it performs a brute-force-attack. 2 ) Redirecting traffic...Well, who says that the cracked passwords are links? Many password sites have found out that the webmasters block access by checking who the referer is ( that's a damn big list ) and they post the passwords so you have to cut and paste them. No referer, no problem for the leecher. 3 ) I don't know much about ProxyPass or Strongbox. None of them offers free trials, so I guess their security lies into keeping it's internal works secret? 4 ) People focus a lot on traded/shared passwords. But even a simple Perl script can check the logs and detect multiple logins and then close the account. But thats not the main problem of a web site's security anymore. It's the fact that ANYONE can learn how to crack a members site within the hour. How do you detect then than an account is maybe used by 3 different persons? Or do you guys think that all cracked passwords are posted on password sites? My guess would be that only 10% are posted. The rest is used by the crackers or traded on 1 to 1 basis. 4 ) One time fee vs monthly fee. If it is a script that is installed localy and doesn't use a server to sync and for it's backup data, then it should be a one time fee. These scripts/programs use the harddisk to store their data ( ISP's nightmare if they allow it). The monthly fee varies from company to company. Our's start at 9.95$ per month with free installation. You can't tell me that it is expensive Check us out : http://www.passguardian.com ( free trial anyway ) ICQ : 267932717