Re: Passwords and bleeding hearts.
  By: BOB KLAHN to ALL on Sat Apr 19 2014 00:02:20

 >  Now this is especially true on sites where all you want to do is
 >  read something, like a magazine website. Why have to mix your
 >  capital and small letters with at least one number? It's not the
 >  NSA you know... and they have your number anyway.

	Because, my good sir, there are pre-written programs out there 
that've been around since at least 1993 (when I first got my hands on one 
called 'crackerjack') that can take a spell-checker's list of words (a 
dictionary file) and, mixing that with common numbers and varying 
capitialization, that can break passwords easily.  Provided the amount of 
security loopholes that end up being exposed on a daily basis, this means 
that common providers of services have their encrypted password files 
stolen on a regular basis (if they're smart enough to even use this level 
of sophistication).
	Given, as fact, that this happens (you can take that as a fact 
from me; I got busted for it in 1996, so there is your proof), understand 
next that although your account on that site may be just for reading 
Penthouse Forums or whatever, a _lot_ of people that don't bother to use a 
secure password don't bother to use a _unique_ password with the plethora 
of different sites that a person has to supply login credentials to these 
days.  Even the script kiddies (people like myself, when I was in my early 
teens) know this kind of stuff.  So when they crack one set of login 
credentials, they use the information in that file (your first name, last 
name, login string, password, anything else they can glean from that 
server) to check if you have accounts on any similiar, or even dissimilar, 
mainstream sites where lots of people connect to.  Poof, there's another 
handful.  What if one of those is your bank?  Follow the chains of logic 
and you'll see that they can run off to a lot of other places as well.
	Doing that kind of stuff can make you end up out on the street 
broke and homeless.  Doing that kind of stuff can let people impersonate 
you and put you away for things you never did.  When you really think 
about it, the potentials for bad scenerios are legion.  Trust me, I spent 
a few years thinking about it.


   -- guh up the effbomb down wif yr bad self

--- SBBSecho 2.26-OpenBSD
 * Origin: telnet://bismaninfo.hopto.org:8023 1:282/1057 (1:282/1057)