If the website allowed you to try typing in a million passwords per secondNotoriousREV wrote: ↑Fri Jan 17, 2020 2:53 pm 6 characters, lower case and no special characters would be broken in seconds.
Piss poor security
Re: Piss poor security
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
Re: Piss poor security
Or an employee gets hold of the user DB. Or their piss poor security means an outside attacker gets hold of their user DB. Or, as you say, the website just accepts the brute force attack from a distributed botnet.Richard wrote: ↑Thu Jan 23, 2020 9:27 amIf the website allowed you to try typing in a million passwords per secondNotoriousREV wrote: ↑Fri Jan 17, 2020 2:53 pm 6 characters, lower case and no special characters would be broken in seconds.
It’s almost as if they should be protecting from more than just a single attack vector.
But what do I know? I’m only a mere trained and qualified security professional with 25 years experience.
Middle-aged Dirtbag
Re: Piss poor security
Come back on here when you have 125 years experience. Sheesh.NotoriousREV wrote: ↑Thu Jan 23, 2020 9:33 amOr an employee gets hold of the user DB. Or their piss poor security means an outside attacker gets hold of their user DB. Or, as you say, the website just accepts the brute force attack from a distributed botnet.Richard wrote: ↑Thu Jan 23, 2020 9:27 amIf the website allowed you to try typing in a million passwords per secondNotoriousREV wrote: ↑Fri Jan 17, 2020 2:53 pm 6 characters, lower case and no special characters would be broken in seconds.
It’s almost as if they should be protecting from more than just a single attack vector.
But what do I know? I’m only a mere trained and qualified security professional with 25 years experience.
How about not having a sig at all?
Re: Piss poor security
Isn't the correlation between Password lengths and update frequency intended to protect against brute force attack. Something like a 10 character password might take 5 months to crack to update frequency is set at 3 months or summat ???NotoriousREV wrote: ↑Thu Jan 23, 2020 9:33 am But what do I know? I’m only a mere trained and qualified security professional with 25 years experience.
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
Re: Piss poor security
10 characters without special characters would be a couple of weeks maximum. I doubt the bank is asking people to reset their passwords ever, let alone every 2 weeks.dinny_g wrote: ↑Thu Jan 23, 2020 10:44 amIsn't the correlation between Password lengths and update frequency intended to protect against brute force attack. Something like a 10 character password might take 5 months to crack to update frequency is set at 3 months or summat ???NotoriousREV wrote: ↑Thu Jan 23, 2020 9:33 am But what do I know? I’m only a mere trained and qualified security professional with 25 years experience.
Using update frequency to defend against cracking passwords is the dumbest strategy I ever heard of.
Middle-aged Dirtbag
Re: Piss poor security
and that's why you're the security expert and I'm not...
Re: Piss poor security
Honestly Rev, coming down here with your actual knowledge and experience. It's just not the done thing.
Matty, that should be a warning.
Matty, that should be a warning.
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
Re: Piss poor security
I have a 1 hour security presentation I could give you on how to protect yourself online, if you’d like?
Middle-aged Dirtbag
Re: Piss poor security
Ooo yes, please. Then I could forward it to Westpac so that they would then know about internet security.
Re: Piss poor security
I would pay 8.73 mockdiamonds for that.NotoriousREV wrote: ↑Thu Jan 23, 2020 11:52 am I have a 1 hour security presentation I could give you on how to protect yourself online, if you’d like?
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
Re: Piss poor security
I don’t get out of bed for less than 8.84 mockdiamonds.mik wrote: ↑Thu Jan 23, 2020 11:57 amI would pay 8.73 mockdiamonds for that.NotoriousREV wrote: ↑Thu Jan 23, 2020 11:52 am I have a 1 hour security presentation I could give you on how to protect yourself online, if you’d like?
Middle-aged Dirtbag
Re: Piss poor security
I accept your proposal to present from your bed.NotoriousREV wrote: ↑Thu Jan 23, 2020 12:11 pmI don’t get out of bed for less than 8.84 mockdiamonds.mik wrote: ↑Thu Jan 23, 2020 11:57 amI would pay 8.73 mockdiamonds for that.NotoriousREV wrote: ↑Thu Jan 23, 2020 11:52 am I have a 1 hour security presentation I could give you on how to protect yourself online, if you’d like?
Our contract is established.
- ShockDiamonds
- Posts: 748
- Joined: Thu Apr 12, 2018 9:23 pm
Re: Piss poor security
But you'd have to use my wallet tech to complete the contract. And that's chocker with viruses according to the internet...
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
- ShockDiamonds
- Posts: 748
- Joined: Thu Apr 12, 2018 9:23 pm
Re: Piss poor security
Having looked around, Westpac's answer to this is that after 3 unsuccessful logins they lock your account for 24 hours.
The artist formerly known as _Who_
Re: Piss poor security
I'd buy that for a dollar!
No, wait, I'd pay many multiples of a dollar to not see that.
From either of you.
Ya pervs.
- NotoriousREV
- Posts: 6437
- Joined: Wed Apr 11, 2018 4:14 pm
Re: Piss poor security
Which is great if that's the attack vector used by hackers.
Middle-aged Dirtbag