bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 9th May 2011, 11:25   #1
arcticstoat
Who is the Milkman?
 
arcticstoat's Avatar
 
Join Date: May 2004
Location: UK
Posts: 916
arcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysisarcticstoat can run Crysis
LastPass user panic over possible server breach

Popular password manager LastPass acts on possible security breach.

http://www.bit-tech.net/news/bits/20...le-server-br/1
__________________
Ben Hardwidge
Custom PC Editor
arcticstoat is offline   Reply With Quote
Old 9th May 2011, 11:31   #2
mclean007
Officious Bystander
 
mclean007's Avatar
 
Join Date: May 2003
Location: Nodnol
Posts: 2,008
mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.mclean007 is the Cheesecake. Relix smiles down upon them.
I use a password manager. It's called my brain and I keep all my passwords there. Of course that's not too hard when my password is "PASSWORD" for every site I use.

For anyone who missed the sarcasm above, just for the record I was kidding
__________________
mclean007 is offline   Reply With Quote
Old 9th May 2011, 11:35   #3
SlowMotionSuicide
Come Hell or High Water
 
SlowMotionSuicide's Avatar
 
Join Date: May 2009
Location: Rauma, Finland
Posts: 827
SlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for president
TBH honest all these security breaches lately has made me a bit hopeless. Only few weeks ago I received e-mail from Play.com their account security had been breached. Then the PSN episode, and now this.

What should a honest consumer do, set up a fake ID for every online purchase since no one seem to be able to keep crackers at bay? I'm kinda tired of continuous credit card reroll.
__________________
Desktop: i5-750 @ 4.0GHz |P55-GD65 | 8Gb Dominators | GTX 480 | Corsair F120 | F1 Spinpoint 1TB | Nexus RX-8500 | Corsair 800D
EK Supreme LT | EK FC-480 GTX | XSPC RX360 | Laing D5 Vario| Koolance COV-RP450 & BDY-TK200

HTPC: i3-3225 | H77-Pro4-M | 4Gb Ripjaws | GTX 660 |120 Gb Samsung 840 | Corsair CX400W | Silverstone GD-04
SlowMotionSuicide is offline   Reply With Quote
Old 9th May 2011, 11:37   #4
Kiytan
Shiny
 
Kiytan's Avatar
 
Join Date: Jul 2009
Location: Worcester, UK.
Posts: 971
Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!
seems everywhere is getting hacked recently. At least they dealt with it in a proper way though, unlike sony.
Kiytan is offline   Reply With Quote
Old 9th May 2011, 13:11   #5
Dr_Frankenstein
What's a Dremel?
 
Dr_Frankenstein's Avatar
 
Join Date: Aug 2005
Location: Brighton, UK
Posts: 8
Dr_Frankenstein has yet to learn the way of the Dremel
I wouldn't store any passwords online, keep a locally encrypted version if you cant remember them all, I use 'keepass'
Dr_Frankenstein is offline   Reply With Quote
Old 9th May 2011, 14:06   #6
Zurechial
Elitist
 
Zurechial's Avatar
 
Join Date: Mar 2007
Location: Ireland
Posts: 2,038
Zurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run CrysisZurechial can run Crysis
Quote:
Originally Posted by Dr_Frankenstein View Post
I wouldn't store any passwords online, keep a locally encrypted version if you cant remember them all, I use 'keepass'
This.

I would never trust an online password storage service. Locally-stored secure Keepass databases are a much better idea I think.
__________________
Main: CM Cosmos II <-> i7 4770k <-> EVGA GTX 780Ti SC <-> Sabertooth Z87 <-> 16GB DDR3 <-> Samsung 840 Pro <-> Crucial M4 <-> Dell U2410 <-> HP ZR24w
Laptop: Core i7 2670QM<-> GTX 570M <-> 8GB DDR3 <-> Crucial M4 <-> XMG P511
Zurechial is offline   Reply With Quote
Old 9th May 2011, 14:12   #7
Mechh69
I think we can make that fit
 
Mechh69's Avatar
 
Join Date: Sep 2009
Location: Miami Florida
Posts: 1,297
Mechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming SaiyanMechh69 is a Super Spamming Saiyan
I use a spread sheet that is secured within True Crypt. Hack that one.
__________________
Deders - What if you touch yourself with kittens?
.//TuNdRa - Short of standing on a street corner (I'd make an ugly hooker, anyhow.)

i7 920@3.8Ghz,EVGA E760 Classified, Corsair XMS3 X 6GB 1600, Kingston Hyper X 12GB 1600, 240GB OCZ Agility 4, MSI 660TI 3GB, BFG 260 GTX Core 216 for PHYSX, Thermaltake Armor+, BFG EX1200 PS, Scythe Mugen 2 Cpu cooler, Samsung Syncmaster 2233RZ, Nvidia 3D Glasses
Mechh69 is offline   Reply With Quote
Old 9th May 2011, 14:15   #8
radziecki
What's a Dremel?
 
Join Date: Mar 2006
Location: Warsaw, Poland
Posts: 17
radziecki has yet to learn the way of the Dremel
Guys, two tips:
a) Use top-up electronic-use-only cards and not your regular credit/debit card. You only fill up the account when you need to purchase something.
b) DO NOT store any card data online, if possible. Use software like PasswordSafe to keep the crucial data handy at all times.

Worked for me for last couple of years...
__________________
You wouldn't recognize irony even if it jumped out of the bushes and bit your butt
radziecki is offline   Reply With Quote
Old 9th May 2011, 14:46   #9
Lowsidex2
Multimodder
 
Join Date: Sep 2003
Location: USA
Posts: 229
Lowsidex2 has yet to learn the way of the Dremel
Pen and paper is my password storage system. I'm infinitely less worried about someone breaking into my home and happening across my cheat sheet than I am about someone hacking a distant server or even my local machine with that file labeled 'passwords'.
Lowsidex2 is offline   Reply With Quote
Old 9th May 2011, 14:51   #10
SlowMotionSuicide
Come Hell or High Water
 
SlowMotionSuicide's Avatar
 
Join Date: May 2009
Location: Rauma, Finland
Posts: 827
SlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for president
Good tips, but unfortunately not always applicable.

a)I'm not sure what you mean with "top-up electronic-use-only" card, but if I'd have to hazard a guess these mean cards like Visa Electron, right? Not too many site accept one.

Finnish banks do not offer virtual credit cards, either.

b)Again, not always possible. For example, Play.com requires you to register before making a purchase, and they insist on storing credit card data. After the hacking incident, I tried to remove my cc number bind to my account, to no avail. Can't unsubscribe from their mailing list, either. Serves me right I guess.

I'm using unique passwords for each account I have, but it really pisses me off that companies require me giving away personal info and then not bother to protect it properly. I'm not really happy with criminals in possession of my physical and email address, phone number etc.
__________________
Desktop: i5-750 @ 4.0GHz |P55-GD65 | 8Gb Dominators | GTX 480 | Corsair F120 | F1 Spinpoint 1TB | Nexus RX-8500 | Corsair 800D
EK Supreme LT | EK FC-480 GTX | XSPC RX360 | Laing D5 Vario| Koolance COV-RP450 & BDY-TK200

HTPC: i3-3225 | H77-Pro4-M | 4Gb Ripjaws | GTX 660 |120 Gb Samsung 840 | Corsair CX400W | Silverstone GD-04
SlowMotionSuicide is offline   Reply With Quote
Old 9th May 2011, 15:26   #11
tad2008
Supermodder
 
Join Date: Nov 2008
Location: East Sussex, UK
Posts: 310
tad2008 has yet to learn the way of the Dremel
Quote:
Originally Posted by SlowMotionSuicide
Good tips, but unfortunately not always applicable.

a)I'm not sure what you mean with "top-up electronic-use-only" card, but if I'd have to hazard a guess these mean cards like Visa Electron, right? Not too many site accept one.

Finnish banks do not offer virtual credit cards, either.
Can't speak for our European cousins, but here in the UK I believe both Visa and Mastercard that I know of offer a kind of pre-paid debit card where you basically put credit on the card and then can use this securely for online purchases as you would a normal debit card.

Just done a quick check for those that might benefit:

VISA
http://visa.co.uk/en/products/visa_prepaid.aspx

MASTERCARD
http://www.mastercard.com/uk/persona...new/index.html
tad2008 is offline   Reply With Quote
Old 9th May 2011, 15:32   #12
MrWillyWonka
Chocolate computers galore!
Moderator
 
MrWillyWonka's Avatar
 
Join Date: Jul 2004
Location: Southampton, Hants
Posts: 5,892
MrWillyWonka has yet to learn the way of the DremelMrWillyWonka has yet to learn the way of the DremelMrWillyWonka has yet to learn the way of the Dremel
Quote:
Originally Posted by SlowMotionSuicide View Post
Good tips, but unfortunately not always applicable.

a)I'm not sure what you mean with "top-up electronic-use-only" card, but if I'd have to hazard a guess these mean cards like Visa Electron, right? Not too many site accept one.

Finnish banks do not offer virtual credit cards, either.

b)Again, not always possible. For example, Play.com requires you to register before making a purchase, and they insist on storing credit card data. After the hacking incident, I tried to remove my cc number bind to my account, to no avail. Can't unsubscribe from their mailing list, either. Serves me right I guess.

I'm using unique passwords for each account I have, but it really pisses me off that companies require me giving away personal info and then not bother to protect it properly. I'm not really happy with criminals in possession of my physical and email address, phone number etc.
What radziecki meant was a top-up cashcard, basically it's a top up card that you can buy in the shops and top up whilst in the shop, and useable online as it is a Visa debit card. A bit of a hassle to do but it is one of the safest ways to buy stuff online.

EDIT: What ^^^ said!
MrWillyWonka is offline   Reply With Quote
Old 9th May 2011, 15:37   #13
SlowMotionSuicide
Come Hell or High Water
 
SlowMotionSuicide's Avatar
 
Join Date: May 2009
Location: Rauma, Finland
Posts: 827
SlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for presidentSlowMotionSuicide should be considered for president
No such thing available here, though.

I did a check for both my Visa and Mastercard.

Well, there propably will be option for those now that hacking service providers and e-shops have become almost everyday occurence. Even my bank felt necessary to notify me on PSN issue, though no fraud has taken place, yet.
__________________
Desktop: i5-750 @ 4.0GHz |P55-GD65 | 8Gb Dominators | GTX 480 | Corsair F120 | F1 Spinpoint 1TB | Nexus RX-8500 | Corsair 800D
EK Supreme LT | EK FC-480 GTX | XSPC RX360 | Laing D5 Vario| Koolance COV-RP450 & BDY-TK200

HTPC: i3-3225 | H77-Pro4-M | 4Gb Ripjaws | GTX 660 |120 Gb Samsung 840 | Corsair CX400W | Silverstone GD-04
SlowMotionSuicide is offline   Reply With Quote
Old 9th May 2011, 15:38   #14
l3v1ck
really joined on Dec 24th 2004.
 
l3v1ck's Avatar
 
Join Date: Apr 2009
Location: The Right Side of the Pennines
Posts: 12,895
l3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremell3v1ck has yet to learn the way of the Dremel
Quote:
Originally Posted by mclean007 View Post
I use a password manager. It's called my brain and I keep all my passwords there.
+1
__________________
Quote:
Originally Posted by Sifter3000
We swung the banhammer in his little stupid spamming face
The old Dennis Forums (CPC, PC Pro, Mac User etc) - Meeting Place lives on. You're welcome to visit it HERE
l3v1ck is offline   Reply With Quote
Old 9th May 2011, 15:47   #15
thehippoz
Banned
 
Join Date: Dec 2008
Location: Fresno, CA
Posts: 5,780
thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!thehippoz - it's over 9000!!!!!!!!1!1!1!!!
Quote:
Originally Posted by mclean007
I use a password manager. It's called my brain and I keep all my passwords there.
waterboarding
thehippoz is offline   Reply With Quote
Old 9th May 2011, 15:58   #16
PureSilver
E-tailer Tailor
 
PureSilver's Avatar
 
Join Date: Dec 2008
Location: London, UK
Posts: 3,146
PureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpitPureSilver is almost as Godly as yodasarmpit
This is not really the whole story - even if someone has hacked LastPass's databanks and grabbed files, they are of no use unless they can be cracked individually. LastPass don't store any of your data unencrypted - in fact, it's not possible for them to do so, and if you lose your LastPass password you're basically f***** because they've no way of retrieving it. So, for this to be a security issue:
  1. LastPass' servers have to have been hacked. There's no evidence this has actually occurred - there's a system anomaly and LastPass are being paranoid about it because that's what we pay them to do.
  2. LastPass users' data has to have been copied. Again, no evidence this has occurred.
  3. The users' encrypted data has to be individually cracked, by brute force. My password is >15 characters long, containing upper- and lower- case letters, numbers, and symbols, in randomly generated order. That's 96 possibilities for each of the 15+ characters = 5.20402924666473e+31 combinations - a number equivalent to 52,040,292,466,647,300,000,000,000,000,000 potential passwords, or one order of magnitude over a nonillion. Cracking it by brute force using an i7 920 or similar would take quite literally tens of thousands of years.

Me? I'm not worried in the slightest. In addition to my password, my LastPass is encrypted using their Grid Multifactor Authentication system, which adds the complexity of a unique 26x9 code grid to any computer I haven't personally approved. I haven't done the maths on that too but it is another hurdle to the theoretical hackers getting my Facebook password.

Using LastPass means I can use different 15-character alphanumerosymbolic passwords for everything I use - so compromise of any one won't affect the others. Since even I don't know them, it's very difficult for them to be compromised. As far as I can see, you're much more likely to be in trouble by entrusting your data to people that aren't LastPass, like, er, PSN...
__________________
Intel Core i7 920 @ 3Ghz, Noctua NH-U12P SE, Asus P6T Deluxe V1, Corsair 12GB (6x2GB) 1600Mhz C8 @ XMP,
EVGA GTX-680, Corsair AX750, 2x Samsung SpinPoint F3 1TB, Lian-Li V1020R with 3x Noctua NF-P12 & 3x NF-P14FLX
2.4Ghz 13" unibody MacBook, 4GB RAM & 128GB Samsung SSD

Last edited by PureSilver; 9th May 2011 at 16:15. Reason: Maths!
PureSilver is offline   Reply With Quote
Old 9th May 2011, 16:21   #17
sotu1
Ex-Modder
 
sotu1's Avatar
 
Join Date: Aug 2007
Location: Bournemouth and London
Posts: 2,858
sotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on yousotu1 - may the hammer of Bindi be bestowed on you
PEN AND PAPER. Honestly it actually works sometimes!
__________________
Gaming PC, PS3 and XBOX 360 kits all for sale!
sotu1 is offline   Reply With Quote
Old 9th May 2011, 17:10   #18
bobwya
Custom PC Migrant
 
Join Date: May 2009
Location: Cambridge, UK
Posts: 193
bobwya has yet to learn the way of the Dremel
My advice is to simply let E-Merchants store all your credit card details online. However then ensure that all your credit cards are maxed out (to their respective limits). E viola - no E-fraud!
bobwya is offline   Reply With Quote
Old 9th May 2011, 17:33   #19
shanky887614
Multimodder
 
Join Date: May 2009
Posts: 203
shanky887614 has yet to learn the way of the Dremel
guys or there is a quick cheat, create a new account with same person as main account, make sure its debit only and dosnt allow over draws or credit, then just swap money to it before buying online, thats my way of dealing with it

what can a hacker do with a bank account with £1 in it
shanky887614 is offline   Reply With Quote
Old 9th May 2011, 17:44   #20
Salty Wagyu
moo
 
Salty Wagyu's Avatar
 
Join Date: Jul 2010
Location: Sussex, UK
Posts: 449
Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!Salty Wagyu - it's over 9000!!!!!!!!1!1!1!!!
Keepass is way less convenient though, as I frequent a lot of sites that log you out automatically as the session expires (Amazon for example). Having to c+p all the time gets tedious, and I've been there.
__________________
Main System & HTPC Specs
Salty Wagyu is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 12:21.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.