Re: Another hacked Yahoo account

[Guest guest]

another way to remember long passwords is to use the first letters of the

lines of a poem...Shakespeare's sonnets (with 14 lines) are a good place to

start.

ck

In a message dated 09/01/11 12:30:48 Central Daylight Time,

bradsattler@... writes:

Let me add onto this comment: longer passwords are better (the minimum 6

or 8 characters is not as good as you might think). Security folks I know

recommend strings of words that mean something to you. Something like:

Crispycritteronthebypass

Threeamflucall

Doyouneedtogotothehospital?

Ohsureyouhad2beers

Admittedly these are tongue in cheek examples, but you get the gist. One

clever IT person I know is bilingual and uses words from both languages...

practically uncrackable outside government-level attacks.

-Brad

Sent from my iPhone

> Hacked accounts seem to be the rage right now. Not just with Yahoo, but

with Facebook as well as other accounts. The best defense seems to be with

the creation of your password. Ambulance 1, Paramedic 1, or any variation,

seem to be getting hit a lot. It is advisable, to have a strong password,

and contains an alpha numeric with one or two symbols included. IE:

crispycritter1?!

>

> This makes it much harder for a hacker using a brute force program, that

utilizes word lists, to crack. Most hacked accts are done with brute force

programs, that hit the entrance screen with a program that throws out a

list of 30-40K words and phrases per second, until it gets a " hit " . These

" word lists " are pre made, and contain hundreds of combinations of popular

passwords. Many containing common pet and children names. These " word lists "

can be D/L'd off the net and entered into programs such as Rawhide or Golden

Eye. (those are actually old programs, I am using them as an example)

>

> These programs will hit an entry screen with thousands of combinations

per second, till it gets a hit, and lets the hacker through. The hacker

then, simply changes the owner's password, locks them out, and takes over the

account.

>

> An alpha/numeric/symbol pass is unlikely to be a part of a word list.

Such as:

> bentley402099/? or bentley/?402099. Hackers usually use a " Proxy " , which

disguises the ISP which they are working through. Even when tracked, they

may appear to be at Houston Community College one second, then LSU the next

second, These " proxy " lists are used the same way as " word lists " except

they use thousands of ISP addresses and MAC numbers. and if the hacker is

mobile, and using unsecured wi fi, at different locations, it is near

impossible to pin point them.

>

> Best line of defense.....STRONG password, (something that would be

unlikely to show up on a word list) And figure out what your computer's MAC

address is, so it can be given to Law Enforcement, incase your laptop is ever

stolen. MAC address is like a serial number, for your machine, that is

included in the " header " when accessing the internet.

>

> MAC addresses CAN be changed, but only by the most knowledgeable of

computer users.

>

> No password is " unbreakable " but the stronger your password is, the more

unlikely you will be a victim of the scenarios presented supra.

>

> Coug.

>

>

>

> I'll keep my Guns, my Freedom and my MONEY,

> You can keep the " CHANGE. "

>

>

>

>

>

> Subject: Another hacked Yahoo account

> To: texasems-l

> Date: Wednesday, August 31, 2011, 5:14 PM

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> The moderators will remove these messages as soon as they hit, but

that will not stop some of you from receiving them. Be very careful about

clicking on any links.

>

>

>

> Accounts that are hacked are denied the ability to post without

moderation.

>

>

>

> A good virus protection program and some due diligence are imperative.

>

>

>

> The moderators

>

>

>

>

>

>>

>

>>

>

>>

>

>> [Non-text portions of this message have been removed]

>

>>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

[Guest guest]

My Yahoo was hijacked by calling Yahoo and having the password reset. If

you do not set up security questions to prevent this the default is no

security and anyone with your account name can call in, have the password

reset, put in their own, and then use your account. I use Outlook for

email. I rarely look at my Yahoo account. When I went to Yahoo the hacker

had stored drafts of his spam on my account. Fortunately I do not have an

address book on Yahoo so all I got was a bunch of rejected spam notices.

Randy E. , RN, LP

From: texasems-l [mailto:texasems-l ] On

Behalf Of Brad Sattler

Sent: Thursday, September 01, 2011 12:31 PM

To: texasems-l

Subject: Re: Another hacked Yahoo account

Let me add onto this comment: longer passwords are better (the minimum 6 or

8 characters is not as good as you might think). Security folks I know

recommend strings of words that mean something to you. Something like:

Crispycritteronthebypass

Threeamflucall

Doyouneedtogotothehospital?

Ohsureyouhad2beers

Admittedly these are tongue in cheek examples, but you get the gist. One

clever IT person I know is bilingual and uses words from both languages...

practically uncrackable outside government-level attacks.

-Brad

Sent from my iPhone

On Aug 31, 2011, at 10:32 PM, Cougar!! ems_cougar@...

> wrote:

> Hacked accounts seem to be the rage right now. Not just with Yahoo, but

with Facebook as well as other accounts. The best defense seems to be with

the creation of your password. Ambulance 1, Paramedic 1, or any variation,

seem to be getting hit a lot. It is advisable, to have a strong password,

and contains an alpha numeric with one or two symbols included. IE:

crispycritter1?!

>

> This makes it much harder for a hacker using a brute force program, that

utilizes word lists, to crack. Most hacked accts are done with brute force

programs, that hit the entrance screen with a program that throws out a list

of 30-40K words and phrases per second, until it gets a " hit " . These " word

lists " are pre made, and contain hundreds of combinations of popular

passwords. Many containing common pet and children names. These " word lists "

can be D/L'd off the net and entered into programs such as Rawhide or Golden

Eye. (those are actually old programs, I am using them as an example)

>

> These programs will hit an entry screen with thousands of combinations per

second, till it gets a hit, and lets the hacker through. The hacker then,

simply changes the owner's password, locks them out, and takes over the

account.

>

> An alpha/numeric/symbol pass is unlikely to be a part of a word list. Such

as:

> bentley402099/? or bentley/?402099. Hackers usually use a " Proxy " , which

disguises the ISP which they are working through. Even when tracked, they

may appear to be at Houston Community College one second, then LSU the next

second, These " proxy " lists are used the same way as " word lists " except

they use thousands of ISP addresses and MAC numbers. and if the hacker is

mobile, and using unsecured wi fi, at different locations, it is near

impossible to pin point them.

>

> Best line of defense.....STRONG password, (something that would be

unlikely to show up on a word list) And figure out what your computer's MAC

address is, so it can be given to Law Enforcement, incase your laptop is

ever stolen. MAC address is like a serial number, for your machine, that is

included in the " header " when accessing the internet.

>

> MAC addresses CAN be changed, but only by the most knowledgeable of

computer users.

>

> No password is " unbreakable " but the stronger your password is, the more

unlikely you will be a victim of the scenarios presented supra.

>

> Coug.

>

>

>

> I'll keep my Guns, my Freedom and my MONEY,

> You can keep the " CHANGE. "

>

>

>

>

> From: texasems_l texasems_l@... >

> Subject: Another hacked Yahoo account

> To: texasems-l

> Date: Wednesday, August 31, 2011, 5:14 PM

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

>

> The moderators will remove these messages as soon as they hit, but that

will not stop some of you from receiving them. Be very careful about

clicking on any links.

>

>

>

> Accounts that are hacked are denied the ability to post without

moderation.

>

>

>

> A good virus protection program and some due diligence are imperative.

>

>

>

> The moderators

>

>

>

>

>

>>

>

>>

>

>>

>

>>

[Guest guest]

My SBCGLobal email that I haven't used in 3 years was hacked. I have spent

the last two hours trying to get someone on the phone to help me take care

of it. But I have been unable. So if you get an email from

EMSLENEVEU@.... Just delete and/or block. There is nothing I

can do about it.

Thanks AT&T for taking over SBCGLOBAL and making it more dificult to do

things right.

Tom

On Thu, Sep 1, 2011 at 12:45 PM, Randy E.

r.e.powell@...>wrote:

> **

>

>

> My Yahoo was hijacked by calling Yahoo and having the password reset. If

> you do not set up security questions to prevent this the default is no

> security and anyone with your account name can call in, have the password

> reset, put in their own, and then use your account. I use Outlook for

> email. I rarely look at my Yahoo account. When I went to Yahoo the hacker

> had stored drafts of his spam on my account. Fortunately I do not have an

> address book on Yahoo so all I got was a bunch of rejected spam notices.

>

> Randy E. , RN, LP

>

> From: texasems-l [mailto:texasems-l ] On

> Behalf Of Brad Sattler

> Sent: Thursday, September 01, 2011 12:31 PM

> To: texasems-l

> Subject: Re: Another hacked Yahoo account

>

> Let me add onto this comment: longer passwords are better (the minimum 6 or

> 8 characters is not as good as you might think). Security folks I know

> recommend strings of words that mean something to you. Something like:

>

> Crispycritteronthebypass

> Threeamflucall

> Doyouneedtogotothehospital?

> Ohsureyouhad2beers

>

> Admittedly these are tongue in cheek examples, but you get the gist. One

> clever IT person I know is bilingual and uses words from both languages...

> practically uncrackable outside government-level attacks.

>

> -Brad

>

> Sent from my iPhone

>

> On Aug 31, 2011, at 10:32 PM, Cougar!! ems_cougar@...

> > wrote:

>

> > Hacked accounts seem to be the rage right now. Not just with Yahoo, but

> with Facebook as well as other accounts. The best defense seems to be with

> the creation of your password. Ambulance 1, Paramedic 1, or any variation,

> seem to be getting hit a lot. It is advisable, to have a strong password,

> and contains an alpha numeric with one or two symbols included. IE:

> crispycritter1?!

> >

> > This makes it much harder for a hacker using a brute force program, that

> utilizes word lists, to crack. Most hacked accts are done with brute force

> programs, that hit the entrance screen with a program that throws out a

> list

> of 30-40K words and phrases per second, until it gets a " hit " . These " word

> lists " are pre made, and contain hundreds of combinations of popular

> passwords. Many containing common pet and children names. These " word

> lists "

> can be D/L'd off the net and entered into programs such as Rawhide or

> Golden

> Eye. (those are actually old programs, I am using them as an example)

> >

> > These programs will hit an entry screen with thousands of combinations

> per

> second, till it gets a hit, and lets the hacker through. The hacker then,

> simply changes the owner's password, locks them out, and takes over the

> account.

> >

> > An alpha/numeric/symbol pass is unlikely to be a part of a word list.

> Such

> as:

> > bentley402099/? or bentley/?402099. Hackers usually use a " Proxy " , which

> disguises the ISP which they are working through. Even when tracked, they

> may appear to be at Houston Community College one second, then LSU the next

> second, These " proxy " lists are used the same way as " word lists " except

> they use thousands of ISP addresses and MAC numbers. and if the hacker is

> mobile, and using unsecured wi fi, at different locations, it is near

> impossible to pin point them.

> >

> > Best line of defense.....STRONG password, (something that would be

> unlikely to show up on a word list) And figure out what your computer's MAC

> address is, so it can be given to Law Enforcement, incase your laptop is

> ever stolen. MAC address is like a serial number, for your machine, that is

> included in the " header " when accessing the internet.

> >

> > MAC addresses CAN be changed, but only by the most knowledgeable of

> computer users.

> >

> > No password is " unbreakable " but the stronger your password is, the more

> unlikely you will be a victim of the scenarios presented supra.

> >

> > Coug.

> >

> >

> >

> > I'll keep my Guns, my Freedom and my MONEY,

> > You can keep the " CHANGE. "

> >

> >

> >

> >

> > From: texasems_l texasems_l@... >

> > Subject: Another hacked Yahoo account

> > To: texasems-l

> > Date: Wednesday, August 31, 2011, 5:14 PM

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> >

> > The moderators will remove these messages as soon as they hit, but that

> will not stop some of you from receiving them. Be very careful about

> clicking on any links.

> >

> >

> >

> > Accounts that are hacked are denied the ability to post without

> moderation.

> >

> >

> >

> > A good virus protection program and some due diligence are imperative.

> >

> >

> >

> > The moderators

> >

> >

> >

> >

> >

> >>

> >

> >>

> >

> >>

> >

> >>

[Guest guest]

Agreed. PART of my password is a name of a pet I had in 1964. My mother

doesn't even remember it's name. I've never told anyone it's

name and my little sister wasnt born when I had the pet.

Jim

Paramedic