Some time ago, I was one of the most prolific ... one of the most popular ... on Usenet. ... purpose was to provide ... valid, ... for websites
Some time ago, I was one of the most prolific contributors
to one of the most popular newsgroups on Usenet. The
newsgroup's purpose was to provide fraudulently-obtained,
but valid, passwords for websites.
The process there is fairly straightforward: someone posts
the web site address of a site that they want (free and
illegal) access to. Several group members with colorful
nicknames then "run" the site. If a valid username/password
is found, it is emailed to the requestor, who in turn
publicly heaps praise on the grantor, thus inflating his or
her ego. My colorful nickname was "PassBandit".
Here are some tips to ensure that your account is not the
weak account that the other "PassBandit"s of the world
compromise:
1. The password is more important than the username. Do not
assume that because you have an unusual username (including
e-mail addresses), you can choose a simple password.
2. Make your reminder question tough and unique -- something
such as "What was my first pet's name?".
3. Do not use your username as the password. Similarly, do
not use a password that "fits" with the username. The may be
cute, clever, and easy to remember, but username:password
combinations such as intel:inside, moody:blues,
hewlett:packard, or foghorn:leghorn will be compromised very
quickly.
4. Make every password AT LEAST 6 characters long.
5. Use a mix of upper- and lowercase letters, and numbers --
and, if allowed, include symbols, i.e., "Hammer*shreW" or
"booKbuicK-720". The more variety your password contains,
the less likely that it will be guessed.
6. Do not use a single word as your entire password. At
several hundred guesses per second, my software could (and
often did) go through entire unabridged dictionary files,
many megabytes in size, and in several languages in no time.
Combine two unrelated words, such as bookbuick or
hammershrew.
7. Change your password frequently if the site gives you
that
option.
8. Do not use the same username/password combination at
multiple sites.
I've grown out of "PassBandit", and it no longer holds a
thrill for me. Instead, I've hopped the fence and teach loss
prevention topics. But there are thousands of "PassBandit"s
out there looking to get your into your website stash. Don't
make it easy for them.
Simply Awful Training Tips
It's been reported that the most common human fear ... ... In the business world, the day will comewhen most of us will be called upon to give a ... The result is aWhat Are You Really Selling?
What are you selling? The answer to that ... must be deeply ... if you are ... But the answer is not as simple as it ... your answer named an item, such as "light bulbs"10 Tips to Beat Shoplifters
Studies have shown that, in the United States, as many asone in twelve ... is a ... and ... commit an average of 50 thefts before ... That's if they are caught at al