[Artemisia] Arwen't e-mail hijacked!

Michael the Loud hanhebin at yahoo.com
Sat Aug 28 20:30:55 CDT 2010 

If you could do 1000 passwords a second it would take more than 3 days to crack a 6 character password but you would have to have access to the actual encrypted password. If you proper case it would take double that but if you add the range of keys you can enter from your keyboard it would take weeks. 

Going through Yahoo to attempt to break a password is impossible with the  present safeguards.  After a few failed attempts you are going to be prompted for confirmations which would require some fairly significant OCR software.  Then you are going to have to deal with how slow the web is thus if you had a machine running a 100 bots you might get a dozen passwords a second if you had the code written in C# (using something like HttpWebRequest/HttpWebResponse.)

MORE THAN LIKELY those passwords were stolen because of some other reason.  A wireless server that isn't sending encrypted packages, a virus on the machine or the person is using the same password on another email server.

I am sure that people recall back in 2003 I made the same complaint and the password for my account at the time was the same password I used for Gallowglass.org.  The person probably hacked Gallowglass.org and got my password from there.

Back in 1983 I broke the 56bit DES password encryption system on the dare of a professor (Evan Ivie) while a student at BYU.  My research back at that time is part of the reason why you see the password file on UNIX systems being protected and you see a '*' in the /etc/password file instead of the encrypted password.  

My advice is never use the same password the same system from somebody with experience breaking passwords. Chances are there is a high number of people that use the same password here as they do elsewhere.

Michael

--- On Wed, 8/25/10, Richard Samul <scascot at mac.com> wrote:

> From: Richard Samul <scascot at mac.com>
> Subject: Re: [Artemisia] Arwen't e-mail hijacked!
> To: "Kingdom of Artemisia mailing list" <artemisia at lists.gallowglass.org>
> Date: Wednesday, August 25, 2010, 9:45 PM
> This seems to be happening a lot -
> there's been a few hijacked here in  
> Arn Hold recently - and they've all been Yahoo address.
> Without  
> exception. Once hijacked, these email addresses are near
> impossible to  
> recover, since the hijackers tend to change the password to
> keep you  
> out while they pillage your outbox and address book for
> known good  
> addresses to spam.
> 
> I would suggest that anyone with a Yahoo email address
> check your  
> password, and consider changing it. A recent article I saw
> stated that  
> 6-character passwords can be cracked in a matter of hours
> with current  
> processor power, yet a 12-character password will
> (theoretically) take  
> *years*. A mix of upper and lower case, along with numbers,
> is the  
> most secure - obviously, avoiding dictionary words helps.
> 
> Just a thought.
> 
> -- 
> HL Earc Cearr
> Barony of Arn Hold
> 
> On Aug 24, 2010, at 5:22 PM, Allen Hall wrote:
> 
> >
> > Hello All,
> >
> > It appears that Arwen's e-mail address has been
> hijacked.  Don't  
> > reply, don't send money, etc, etc.
> >
> > This same thing happened to Duchess Anna and she had
> to get a  
> > completely new e-mail address.
> >
> > Beware, and good luck getting it fixed Arwen!
> _______________________________________________
> Artemisia mailing list
> Artemisia at lists.gallowglass.org
> http://lists.gallowglass.org/mailman/listinfo/artemisia
>

More information about the Artemisia mailing list