XXX Passwords

[Southfun]

1 ) Some craking tools, like AccessDiver can store a cookie and send it along when it performs a brute-force-attack.

2 ) Redirecting traffic...Well, who says that the cracked passwords are links? Many password sites have found out that the webmasters block access by checking who the referer is ( that's a damn big list ) and they post the passwords so you have to cut and paste them. No referer, no problem for the leecher.

3 ) I don't know much about ProxyPass or Strongbox. None of them offers free trials, so I guess their security lies into keeping it's internal works secret?

4 ) People focus a lot on traded/shared passwords. But even a simple Perl script can check the logs and detect multiple logins and then close the account. But thats not the main problem of a web site's security anymore. It's the fact that ANYONE can learn how to crack a members site within the hour. How do you detect then than an account is maybe used by 3 different persons? Or do you guys think that all cracked passwords are posted on password sites? My guess would be that only 10% are posted. The rest is used by the crackers or traded on 1 to 1 basis.

4 ) One time fee vs monthly fee. If it is a script that is installed localy and doesn't use a server to sync and for it's backup data, then it should be a one time fee. These scripts/programs use the harddisk to store their data ( ISP's nightmare if they allow it). The monthly fee varies from company to company. Our's start at 9.95$ per month with free installation. You can't tell me that it is expensive

Check us out : http://www.passguardian.com ( free trial anyway )
ICQ : 267932717